On Wed, 8 Dec 2021 13:36:17 -0500 Matthew Grinnell mgrinnell@datto.com wrote:
[...] I see the reaper report my test object is deleted, HEAD requests against the account still return the same 410 Gone. Is there a way to tell when everything for an account has been purged, ie does the 410 return change at some point when that happens?
The account server continues to return 410 until replicator reclaims the account DB.
swift/proxy/controllers/account.py: if resp.status_int == HTTP_NOT_FOUND: if resp.headers.get('X-Account-Status', '').lower() == 'deleted': resp.status = HTTP_GONE
The basic problem here is that the Swift proxy cannot possibly know if your data is not hiding somewhere on a handoff that is coincidentaly offline. However, the reclaim period is large (one week) and operators are strictly told never let anything that's been down that long back into the cluster. So after a week replicator deletes the account DB and only then you have a "guarantee" that everything is gone. It is an operational guarantee though. Cannot get you a better one in a distributed system.
If you really want to have things GONE, you have to encrypt them to begin with, then destroy keys at the decision time. The key store is centralized, so it's not a subject to the general distributed system problem as per above.
-- Pete