Build multi-destination replicationInfo per backend

[maeldonn]

Issue: CLDSRV-888

[bert-e]

Hello maeldonn,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[codecov]

❌ 4 Tests Failed:

Tests completed	Failed	Passed	Skipped
8984	4	8980	0

View the full list of 4 ❄️ flaky test(s)

"after each" hook for "should fail if trying to overwrite a delete marker"::MPU with x-scal-s3-version-id header With default signature "after each" hook for "should fail if trying to overwrite a delete marker"

Flake rate in main: 100.00% (Passed 0 times, Failed 11 times)

Stack Traces | 0.013s run time

We encountered an internal error. Please try again.

"after each" hook for "should fail if trying to overwrite a delete marker"::MPU with x-scal-s3-version-id header With v4 signature "after each" hook for "should fail if trying to overwrite a delete marker"

Flake rate in main: 100.00% (Passed 0 times, Failed 2 times)

Stack Traces | 0.013s run time

We encountered an internal error. Please try again.

should not accept configuration when rules contain overlapping 'Prefix' values: new prefix starts with used prefix::aws-node-sdk test putBucketReplication configuration rules should not accept configuration when rules contain overlapping 'Prefix' values: new prefix starts with used prefix

Flake rate in main: 13.81% (Passed 668 times, Failed 107 times)

Stack Traces | 0.006s run time

incorrect error response code: should be 'InvalidRequest' but got 'Error'
+ actual - expected

+ 'Error'
- 'InvalidRequest'

should not accept configuration when rules contain overlapping 'Prefix' values: used prefix starts with new prefix::aws-node-sdk test putBucketReplication configuration rules should not accept configuration when rules contain overlapping 'Prefix' values: used prefix starts with new prefix

Flake rate in main: 13.81% (Passed 668 times, Failed 107 times)

Stack Traces | 0.006s run time

incorrect error response code: should be 'InvalidRequest' but got 'Error'
+ actual - expected

+ 'Error'
- 'InvalidRequest'

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[claude]

• ReplicationConfiguration.resolveDestinationRole (line 166 of getReplicationInfo.js) does not exist in Arsenal — not in the pinned 8.4.2 tag, not on any branch, and not in any open PR across the scality org. This will crash at runtime for CRR backends and the unit tests referencing CRR destinations will also fail.
  - Add a companion Arsenal PR with this method and bump the arsenal dependency, or implement the role-resolution logic inline.
  
  Review by Claude Code

[claude]

• Arsenal dependency not bumped: ReplicationConfiguration.resolveBackends and resolveSourceRole do not exist in arsenal 8.4.2. All 110 unit test failures are TypeError: ReplicationConfiguration.resolveBackends is not a function. Bump the arsenal dependency in package.json to a version that exports these static methods.
  - Prettier check failing on all 4 changed files. Run prettier --write on them.
  
  The refactoring logic itself (service-account gate extraction, default-storageClass helper, per-backend CRR/cloud handling in ACL flow) looks correct and well-tested, pending the arsenal dependency.
  
  Review by Claude Code

[bert-e]

Conflict

There is a conflict between your branch improvement/CLDSRV-888/crr-multi and the
destination branch development/9.4.

Please resolve the conflict on the feature branch (improvement/CLDSRV-888/crr-multi).

git fetch && \
git checkout origin/improvement/CLDSRV-888/crr-multi && \
git merge origin/development/9.4

Resolve merge conflicts and commit

git push origin HEAD:improvement/CLDSRV-888/crr-multi

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[claude]

• Arsenal is pinned to a commit hash (e4860ebc) instead of a tag, and the resolved version (8.4.3) is a downgrade from the previous 8.4.5. Pin to a proper tag once the arsenal changes are released.

Review by Claude Code

[claude]

• Arsenal dependency is pinned to a raw commit hash instead of a tag, and yarn.lock shows a version downgrade from 8.4.5 to 8.4.3. Pin to a tagged release.
  
  Review by Claude Code

[claude]

• Arsenal dependency is pinned to a raw commit hash instead of a release tag. Git-based deps should pin to a tag for reproducibility and clarity.
  
  Review by Claude Code

[claude]

• Arsenal is pinned to a commit hash instead of a tag in package.json.
  - Pin to a tag (e.g. #8.x.x) per project convention for git-based deps.
  - The ft_scripts npm script was removed from package.json, but .github/workflows/tests.yaml:635 still runs yarn run ft_scripts.
  - Either remove the CI step or restore the script.
  
  Review by Claude Code

[claude]

• Arsenal dependency pinned to a commit hash instead of a tag (package.json line 40). Other git-based deps in the project use tags — pin to the tag that includes ReplicationConfiguration.resolveBackends/resolveSourceRole for consistency.
  
  Review by Claude Code

[claude]

• Arsenal dependency is pinned to a commit hash instead of a tag — should be tagged before merge
  
  The refactoring to delegate rule-matching to arsenal's ReplicationConfiguration.resolveBackends looks clean. The service-account gate extraction, default storageClass fallback, and ACL replication logic (preserving cloud backend status while resetting CRR backends) are well-structured. The removed top-level fields (destination, storageClass, storageType, dataStoreVersionId) are not read by any other code in cloudserver, so the schema change is safe within this repo. Tests are thorough and cover V1/V2 format, dedup, mixed CRR+cloud, and edge cases.
  
  Review by Claude Code

[benzekrimaha]

this still adds a newly configured cloud backend on an ACL-only update if there is also a CRR backend.
If cloud ACL replication is not supported, we should only preserve existing non-role backends, not add new ones as PENDING.
Maybe:

Suggested change

	return existing || b;
	const existing = objectMD.replicationInfo.backends.find(e => e.site === b.site);
	return existing;

[maeldonn]

Good catch, switched to dropping newly configured cloud backends instead of adding them as PENDING, and matching existing entries by site + destination + role rather than site alone.

[benzekrimaha]

can we also have a test where a new cloud backend is added after the object was already replicated, then putObjectACL is called.
If ACL replication is not supported for cloud backends, that new cloud backend should not be added as PENDING.

[maeldonn]

Added, new test asserts a cloud destination added after replication is not added as PENDING on putObjectACL.