Build multi-destination replicationInfo per backend

[maeldonn]

Issue: CLDSRV-888

[bert-e]

Hello maeldonn,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.45%. Comparing base (e0da410) to head (68d7282).
✅ All tests successful. No failed tests found.

Additional details and impacted files

Files with missing lines	Coverage Δ
lib/api/apiUtils/object/getReplicationInfo.js	100.00% <100.00%> (ø)
lib/metadata/acl.js	98.75% <100.00%> (+0.06%)	⬆️

@@                 Coverage Diff                 @@
##           development/9.4    #6172      +/-   ##
===================================================
- Coverage            85.46%   85.45%   -0.01%     
===================================================
  Files                  208      208              
  Lines                14077    14071       -6     
===================================================
- Hits                 12031    12025       -6     
  Misses                2046     2046              

Flag	Coverage Δ
file-ft-tests	69.28% <77.96%> (-0.02%)	⬇️
kmip-ft-tests	27.94% <25.42%> (+0.01%)	⬆️
mongo-v0-ft-tests	70.44% <77.96%> (-0.09%)	⬇️
mongo-v1-ft-tests	70.47% <77.96%> (+0.02%)	⬆️
multiple-backend	36.33% <25.42%> (+0.02%)	⬆️
sur-tests	35.19% <25.42%> (-0.89%)	⬇️
sur-tests-inflights	38.01% <25.42%> (+0.02%)	⬆️
unit	72.31% <98.30%> (-0.02%)	⬇️
utapi-v2-tests	35.27% <25.42%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[claude]

• ReplicationConfiguration.resolveDestinationRole (line 166 of getReplicationInfo.js) does not exist in Arsenal — not in the pinned 8.4.2 tag, not on any branch, and not in any open PR across the scality org. This will crash at runtime for CRR backends and the unit tests referencing CRR destinations will also fail.
  - Add a companion Arsenal PR with this method and bump the arsenal dependency, or implement the role-resolution logic inline.
  
  Review by Claude Code

[claude]

• Arsenal dependency not bumped: ReplicationConfiguration.resolveBackends and resolveSourceRole do not exist in arsenal 8.4.2. All 110 unit test failures are TypeError: ReplicationConfiguration.resolveBackends is not a function. Bump the arsenal dependency in package.json to a version that exports these static methods.
  - Prettier check failing on all 4 changed files. Run prettier --write on them.
  
  The refactoring logic itself (service-account gate extraction, default-storageClass helper, per-backend CRR/cloud handling in ACL flow) looks correct and well-tested, pending the arsenal dependency.
  
  Review by Claude Code

[bert-e]

Conflict

There is a conflict between your branch improvement/CLDSRV-888/crr-multi and the
destination branch development/9.4.

Please resolve the conflict on the feature branch (improvement/CLDSRV-888/crr-multi).

git fetch && \
git checkout origin/improvement/CLDSRV-888/crr-multi && \
git merge origin/development/9.4

Resolve merge conflicts and commit

git push origin HEAD:improvement/CLDSRV-888/crr-multi

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[claude]

• Arsenal is pinned to a commit hash (e4860ebc) instead of a tag, and the resolved version (8.4.3) is a downgrade from the previous 8.4.5. Pin to a proper tag once the arsenal changes are released.

Review by Claude Code

[claude]

• Arsenal dependency is pinned to a raw commit hash instead of a tag, and yarn.lock shows a version downgrade from 8.4.5 to 8.4.3. Pin to a tagged release.
  
  Review by Claude Code

[claude]

• Arsenal dependency is pinned to a raw commit hash instead of a release tag. Git-based deps should pin to a tag for reproducibility and clarity.
  
  Review by Claude Code

[claude]

• Arsenal is pinned to a commit hash instead of a tag in package.json.
  - Pin to a tag (e.g. #8.x.x) per project convention for git-based deps.
  - The ft_scripts npm script was removed from package.json, but .github/workflows/tests.yaml:635 still runs yarn run ft_scripts.
  - Either remove the CI step or restore the script.
  
  Review by Claude Code

[claude]

• Arsenal dependency pinned to a commit hash instead of a tag (package.json line 40). Other git-based deps in the project use tags — pin to the tag that includes ReplicationConfiguration.resolveBackends/resolveSourceRole for consistency.
  
  Review by Claude Code

[claude]

• Arsenal dependency is pinned to a commit hash instead of a tag — should be tagged before merge
  
  The refactoring to delegate rule-matching to arsenal's ReplicationConfiguration.resolveBackends looks clean. The service-account gate extraction, default storageClass fallback, and ACL replication logic (preserving cloud backend status while resetting CRR backends) are well-structured. The removed top-level fields (destination, storageClass, storageType, dataStoreVersionId) are not read by any other code in cloudserver, so the schema change is safe within this repo. Tests are thorough and cover V1/V2 format, dedup, mixed CRR+cloud, and edge cases.
  
  Review by Claude Code

[benzekrimaha]

this still adds a newly configured cloud backend on an ACL-only update if there is also a CRR backend.
If cloud ACL replication is not supported, we should only preserve existing non-role backends, not add new ones as PENDING.
Maybe:

Suggested change

	return existing || b;
	const existing = objectMD.replicationInfo.backends.find(e => e.site === b.site);
	return existing;

[maeldonn]

Good catch, switched to dropping newly configured cloud backends instead of adding them as PENDING, and matching existing entries by site + destination + role rather than site alone.

[benzekrimaha]

can we also have a test where a new cloud backend is added after the object was already replicated, then putObjectACL is called.
If ACL replication is not supported for cloud backends, that new cloud backend should not be added as PENDING.

[maeldonn]

Added, new test asserts a cloud destination added after replication is not added as PENDING on putObjectACL.

[claude]

• Arsenal is pinned to a commit hash (724d062...) instead of a tag. Git-based deps must pin to a tag per project conventions.
  - Pin to a released Arsenal tag (e.g. 8.4.6) once the required ReplicationConfiguration.resolveBackends and resolveSourceRole methods are included in a tagged release.
  
  Review by Claude Code

[claude]

• Arsenal dependency pinned to a raw commit hash instead of a tag (package.json:40). Previous value was #8.4.5; the new commit should be tagged before merging. - Pin to a proper tag for readability and consistency with the other git-based deps.
  
  Review by Claude Code

[benzekrimaha]

LGTM on the replication logic now, arsenal is still pinned to a raw commit hash; this should wait for the Arsenal tag and pin to that tag before merge. Will we need a package version bump?

[delthas]

LGTM on the surface but need a 2nd pair of eyes from someone having worked on replication.

[delthas]

Hmmm feels like many changes on this file belong to the prettier commit. Could you run prettier on those files in the 1st commit then rebase? s.t. we can isolate actual changes more easily.