diff --git a/CHANGELOG.md b/CHANGELOG.md index 98ed729a3..7d3a1c472 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ This document outlines major changes between releases. - Return error on invalid LocationConstraint (TrueCloudLab#23) - Place billing metrics to separate url path (TrueCloudLab#26) - Add generated deb builder files to .gitignore, and fix typo (TrueCloudLab#28) +- Limit number of objects to delete at one time (TrueCloudLab#37) ## [0.26.0] - 2022-12-28 diff --git a/api/handler/delete.go b/api/handler/delete.go index aee8168d6..ea6c19cf8 100644 --- a/api/handler/delete.go +++ b/api/handler/delete.go @@ -17,6 +17,9 @@ import ( "go.uber.org/zap/zapcore" ) +// limitation of AWS https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjects.html +const maxObjectsToDelete = 1000 + // DeleteObjectsRequest -- xml carrying the object key names which should be deleted. type DeleteObjectsRequest struct { // Element to enable quiet mode for the request @@ -176,6 +179,11 @@ func (h *handler) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Re return } + if len(requested.Objects) == 0 || len(requested.Objects) > maxObjectsToDelete { + h.logAndSendError(w, "number of objects to delete must be greater than 0 and less or equal to 1000", reqInfo, errors.GetAPIError(errors.ErrMalformedXML)) + return + } + removed := make(map[string]*layer.VersionedObject) toRemove := make([]*layer.VersionedObject, 0, len(requested.Objects)) for _, obj := range requested.Objects {