Bug 2349723

Summary: [7.1z backport][IBM Support] RGW return code behavior adjustment for bucket creation nuance
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Bipin Kunal <bkunal>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Anuchaithra <anrao>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.0CC: anrao, anthony.datri, bhkaur, bkunal, cbodley, ceph-eng-bugs, cephqe-warriors, ckulal, dparkes, kbader, mbenjamin, mkasturi, racpatel, rpollack, tserlin
Target Milestone: ---   
Target Release: 7.1z4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-18.2.1-305.el9cp Doc Type: Enhancement
Doc Text:
.Sites can now configure RGW error handling for existing bucket creation Previously, RGW returned a success response when creating a bucket that already existed in the same zone, even if no new bucket was created. This caused confusion in automated workflows.  With this enhancement, sites can now configure RGW to return an error instead of success when attempting to create a bucket that already exists in the zone. If the configuration option `rgw_bucket_exist_override` is set to true, RGW returns a `409 BucketAlreadyExists` error for duplicate bucket creation requests. By default, this option is set to `false`.
 Story Points: ---
Clone Of: 2336983 Environment:
Last Closed: 2025-05-07 12:48:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2336983, 2368828, 2368829    
Bug Blocks:    

Description Bipin Kunal 2025-03-04 05:11:18 UTC 
+++ This bug was initially created as a clone of Bug #2336983 +++

Description of problem:

Customer excepts different behavior for RGW bucket creation.  Ask is an option that when enabled will cause RGW to always return 409 if a CreateBucket call is made for a bucket that already exists.  When false (default) the current 200 behavior will continue.

The behavior that is documented here: https://docs.ceph.com/en/latest/radosgw/s3/bucketops/#http-response, is what Casey mentioned if it's the same owner, you don't get any message/error if it's a different owner, you get a 409 BucketAlreadyExists . 

Version-Release number of selected component (if applicable):

7.1* currently, expected to be the same with 8.x.  Probably requires a 7.1* backport.

How reproducible:

```
[root@ceph01 ~]# aws s3 mb s3://testingb --region default
make_bucket: testingb
[root@ceph01 ~]# aws s3 mb s3://testingb --region default
make_bucket: testingb
[root@ceph01 ~]# radosgw-admin bucket list | grep protect
    "protect"
[root@ceph01 ~]# aws s3 mb s3://protect --region default
make_bucket failed: s3://protect An error occurred (BucketAlreadyExists) when calling the CreateBucket operation: Cannot modify existing access control policy
[root@ceph01 ~]# aws s3api create-bucket --bucket protect --region default
An error occurred (BucketAlreadyExists) when calling the CreateBucket operation: Cannot modify existing access control policy
```


Steps to Reproduce:
1.
2.
3.

Actual results:
409

Expected results:
200

Additional info:
Comment 9 errata-xmlrpc 2025-05-07 12:48:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:4664
Comment 11 Red Hat Bugzilla 2025-10-09 04:25:02 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days