Skip to content

bug: DeleteObjectTagging fails on versioned object w/o version-id arg #13162

New issue
New issue
Closed
#13174
Closed
bug: DeleteObjectTagging fails on versioned object w/o version-id arg#13162
#13174
Assignees
bentsku
Labels
aws:s3Amazon Simple Storage Servicestatus: in progressCurrently being worked ontype: bugBug report
@steven-halaka

Description

@steven-halaka
steven-halaka
opened on Sep 18, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When calling DeleteObjectTagging on an object in a versioned bucket without specifying the version id, the object's tags are not removed. However, this behavior works on a real AWS bucket with versioning enabled.

Expected Behavior

When calling aws s3api delete-object-tagging --bucket ${BUCKET} --key README.md against a bucket with versioning enabled, I expect a subsequent GetObjectTagging to return an empty TagSet.

How are you starting LocalStack?

With a docker run command

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

docker run --rm -d -p "4566:4566" -e SERVICES=s3 localstack/localstack:stable

Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)

export AWS_ENDPOINT_URL=http://localhost:4566
export BUCKET=test
# create bucket
aws s3api create-bucket --bucket ${BUCKET}

# Without versioning
aws s3 cp ./README.md s3://${BUCKET}/README.md
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md
aws s3api put-object-tagging --bucket ${BUCKET} --key README.md --tagging '{"TagSet": [{ "Key": "designation", "Value": "confidential" }]}'
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md
# DeleteObjectTagging works without specifying a version id
aws s3api delete-object-tagging --bucket ${BUCKET} --key README.md
# Returns empty TagSet
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md

# With versioning
aws s3api put-bucket-versioning --bucket ${BUCKET} --versioning-configuration Status=Enabled
aws s3 cp ./README.md s3://${BUCKET}/README.md
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md
aws s3api put-object-tagging --bucket ${BUCKET} --key README.md --tagging '{"TagSet": [{ "Key": "designation", "Value": "confidential" }]}'
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md
# DeleteObjectTagging doesn't work when not specifying a version id
# This works against an actual AWS bucket with versioning enabled
aws s3api delete-object-tagging --bucket ${BUCKET} --key README.md
# Returns the TagSet with designation=confidential
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md

# DeleteObjectTagging **does** work when not specifying a version id
versionId="$(aws s3api delete-object-tagging --bucket ${BUCKET} --key README.md | jq -r .VersionId)"
aws s3api delete-object-tagging --bucket ${BUCKET} --key README.md --version-id ${versionId}
aws s3api get-object-tagging --bucket ${BUCKET} --key README.md

Environment

- OS:
  Container: Debian GNU/Linux 12
  Host: Ubuntu 24.04.3 LTS
- LocalStack version: 4.8.1
  LocalStack build date: 2025-09-16
  LocalStack build git hash: 150143944

Anything else?

Unlike in put_object_tagging, which performs a get_object and then uses that response's version_id in get_unique_key_id, delete_object_tagging uses the caller's version_id in get_unique_key_id.

Metadata

Metadata

Assignees

Labels

aws:s3Amazon Simple Storage Servicestatus: in progressCurrently being worked ontype: bugBug report

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions