From 9229b967af65f88025c06e8f895f5ac964e50dac Mon Sep 17 00:00:00 2001
From: Jiffin Tony Thottan <thottanjiffin@gmail.com>
Date: Mon, 28 Aug 2023 18:19:24 +0530
Subject: [PATCH] Bug 2228785: object: avoid creating same bucket for two
 different OBC

If bucket exists for Provision(), then check whether user in the OBC and
owner of bucket are same.

Signed-off-by: Jiffin Tony Thottan <thottanjiffin@gmail.com>
(cherry picked from commit b39e813290ab6ed79c27aa14e80f31b4e8730ae9)
---
 pkg/operator/ceph/object/bucket/provisioner.go  |  7 +++++--
 pkg/operator/ceph/object/bucket/rgw-handlers.go | 10 +++++-----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/pkg/operator/ceph/object/bucket/provisioner.go b/pkg/operator/ceph/object/bucket/provisioner.go
index 2fef4843bd11..53ff585c34cc 100644
--- a/pkg/operator/ceph/object/bucket/provisioner.go
+++ b/pkg/operator/ceph/object/bucket/provisioner.go
@@ -104,7 +104,8 @@ func (p Provisioner) Provision(options *apibkt.BucketOptions) (*bktv1alpha1.Obje
 
 	// create the bucket
 	var bucketExists bool
-	bucketExists, err = p.bucketExists(p.bucketName)
+	var owner string
+	bucketExists, owner, err = p.bucketExists(p.bucketName)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error creating bucket %q. failed to check if bucket already exists", p.bucketName)
 	}
@@ -116,6 +117,8 @@ func (p Provisioner) Provision(options *apibkt.BucketOptions) (*bktv1alpha1.Obje
 		if err != nil {
 			return nil, errors.Wrapf(err, "error creating bucket %q", p.bucketName)
 		}
+	} else if owner != options.UserID {
+		return nil, errors.Errorf("bucket %q already exists and is owned by %q for different OBC", p.bucketName, owner)
 	} else {
 		logger.Debugf("bucket %q already exists", p.bucketName)
 	}
@@ -149,7 +152,7 @@ func (p Provisioner) Grant(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBu
 
 	// check and make sure the bucket exists
 	logger.Infof("Checking for existing bucket %q", p.bucketName)
-	if exists, err := p.bucketExists(p.bucketName); !exists {
+	if exists, _, err := p.bucketExists(p.bucketName); !exists {
 		return nil, errors.Wrapf(err, "bucket %s does not exist", p.bucketName)
 	}
 
diff --git a/pkg/operator/ceph/object/bucket/rgw-handlers.go b/pkg/operator/ceph/object/bucket/rgw-handlers.go
index c1f72bcc515b..435e1b9ae33f 100644
--- a/pkg/operator/ceph/object/bucket/rgw-handlers.go
+++ b/pkg/operator/ceph/object/bucket/rgw-handlers.go
@@ -5,15 +5,15 @@ import (
 	"github.com/pkg/errors"
 )
 
-func (p *Provisioner) bucketExists(name string) (bool, error) {
-	_, err := p.adminOpsClient.GetBucketInfo(p.clusterInfo.Context, admin.Bucket{Bucket: name})
+func (p *Provisioner) bucketExists(name string) (bool, string, error) {
+	bucket, err := p.adminOpsClient.GetBucketInfo(p.clusterInfo.Context, admin.Bucket{Bucket: name})
 	if err != nil {
 		if errors.Is(err, admin.ErrNoSuchBucket) {
-			return false, nil
+			return false, "", nil
 		}
-		return false, errors.Wrapf(err, "failed to get ceph bucket %q", name)
+		return false, "", errors.Wrapf(err, "failed to get ceph bucket %q", name)
 	}
-	return true, nil
+	return true, bucket.Owner, nil
 }
 
 // Create a Ceph user based on the passed-in name or a generated name. Return the