stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/features/checked/evidencelocker/s3-object-lock-for-evidence-locker.md Normal file
View File

@@ -0,0 +1,28 @@
# S3 Object Lock (WORM Retention) for Evidence Locker
## Module
EvidenceLocker
## Status
IMPLEMENTED
## Description
Object Lock configuration in EvidenceLockerOptions with mode, default retention days, legal hold; enforcement headers in S3 storage for WORM retention and legal hold behavior with startup validation.
## Implementation Details
- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Storage/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Configuration/`
- **Key Classes**:
- `S3EvidenceObjectStore` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Storage/S3EvidenceObjectStore.cs`) - S3 storage with Object Lock headers for WORM retention
- `EvidenceLockerOptions` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Configuration/EvidenceLockerOptions.cs`) - configuration including Object Lock mode, retention days, and legal hold settings
- `EvidenceObjectStore` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Storage/EvidenceObjectStore.cs`) - base object store abstraction
- `StorageKeyGenerator` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Storage/StorageKeyGenerator.cs`) - generates storage keys for evidence objects
- **Interfaces**: `IEvidenceLockerStorage`
- **Source**: SPRINT_20260112_002_EVIDENCE_evidence_locker_audit_pack_hardening.md
## E2E Test Plan
- [ ] Configure `EvidenceLockerOptions` with Object Lock mode=COMPLIANCE and retention=365 days and verify `S3EvidenceObjectStore` applies WORM headers on write
- [ ] Verify stored objects cannot be deleted before retention period expires
- [ ] Enable legal hold via `EvidenceLockerOptions` and verify objects are locked regardless of retention period
- [ ] Verify startup validation rejects invalid Object Lock configurations (e.g., retention days < 1)
- [ ] Verify `S3EvidenceObjectStore` sends correct S3 headers (x-amz-object-lock-mode, x-amz-object-lock-retain-until-date, x-amz-object-lock-legal-hold)
- [ ] Verify Object Lock mode=GOVERNANCE allows deletion with proper override permissions