V10: Feature question - S3 MFA-Delete

[Ejdesgaard]

Red Hat Ceph Storage release notes state the following:

Support for S3 MFA-Delete
With this release, the Ceph Object Gateway supports S3 MFA-Delete using Time-Based One-Time Password (TOTP) one-time passwords as an authentication factor. This feature adds security against inappropriate data removal. You can configure buckets to require a TOTP one-time token in addition to standard S3 authentication to delete data.

The related RH BZ is: https://bugzilla.redhat.com/show_bug.cgi?id=1397212

I have not read anything about support for this in the v10 draft doc's for S3.

Will it be supported in V10 ?

Amazon ref's:
https://docs.aws.amazon.com/AmazonS3/la ... elete.html
https://aws.amazon.com/iam/features/mfa/?audit=2019q1

[Gostev]

No, it's not supported - nor it can be supported, because we do need the ability to delete objects in a fully automated fashion (without TOTP) for the backup retention policy to work. In other words, we need to be able to delete older backups outside of your retention policy automatically. Thanks!