Feature Request: Use S3 ObjectLock to enforce RecoveryWindowRetentionPolicy

[kruton]

In order to avoid ransomware attacks, it would be useful to enable ObjectLock when uploading the individual objects to S3 and set it according to the RecoveryWindowRetentionPolicy that is in use. This would allow different backup retention policies to use the same S3 bucket.

Currently you can create an S3 bucket with a default retention time that all objects inherit when Barman uploads it. This can conflict with Barman's internal expiration logic since Barman's retention time and the S3 ObjectLock expiration time can be different. Currently Barman does not handle (or at least does not explain) why an object deletion failed in this case.

This can be implemented using the object_lock_mode and object_lock_retain_until_date args when uploading.

[martinmarques]

We already have plans for adding support for WORM protection in object store, where available.

[kruton]

Is there an existing issue or should I rewrite this FR to cover AWS S3, Azure Blob, and GCS? I can also write an implementation strategy if you're accepting outside contributions.

[martinmarques]

We have some internal tickets at EDB for this, but this is the only public-facing one.

We don't have specs yet for it, but it will surely start with AWS S3 lock, and then we'll look into the others. If you would like to take a look at providing a PR for Azure or GCP, those would be very welcome, and we will review them.