Bug 2349723 - [7.1z backport][IBM Support] RGW return code behavior adjustment for bucket creation nuance [NEEDINFO]
Summary: [7.1z backport][IBM Support] RGW return code behavior adjustment for bucket c...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RGW
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 7.1z4
Assignee: Matt Benjamin (redhat)
QA Contact: Anuchaithra
URL:
Whiteboard:
Depends On: 2336983
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-04 05:11 UTC by Bipin Kunal
Modified: 2025-05-07 13:23 UTC (History)
15 users (show)

Fixed In Version: ceph-18.2.1-305.el9cp
Doc Type: Enhancement
Doc Text:
.Sites can now configure RGW error handling for existing bucket creation Previously, RGW returned a success response when creating a bucket that already existed in the same zone, even if no new bucket was created. This caused confusion in automated workflows.  With this enhancement, sites can now configure RGW to return an error instead of success when attempting to create a bucket that already exists in the zone. If the configuration option `rgw_bucket_exist_override` is set to true, RGW returns a `409 BucketAlreadyExists` error for duplicate bucket creation requests. By default, this option is set to `false`.
Clone Of: 2336983
Environment:
Last Closed: 2025-05-07 12:48:30 UTC
Embargoed:
anrao: needinfo? (mbenjamin)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCEPH-10709 0 None None None 2025-03-04 05:14:36 UTC
Red Hat Product Errata RHSA-2025:4664 0 None None None 2025-05-07 12:48:33 UTC

Description Bipin Kunal 2025-03-04 05:11:18 UTC 
+++ This bug was initially created as a clone of Bug #2336983 +++

Description of problem:

Customer excepts different behavior for RGW bucket creation.  Ask is an option that when enabled will cause RGW to always return 409 if a CreateBucket call is made for a bucket that already exists.  When false (default) the current 200 behavior will continue.

The behavior that is documented here: https://docs.ceph.com/en/latest/radosgw/s3/bucketops/#http-response, is what Casey mentioned if it's the same owner, you don't get any message/error if it's a different owner, you get a 409 BucketAlreadyExists . 

Version-Release number of selected component (if applicable):

7.1* currently, expected to be the same with 8.x.  Probably requires a 7.1* backport.

How reproducible:

```
[root@ceph01 ~]# aws s3 mb s3://testingb --region default
make_bucket: testingb
[root@ceph01 ~]# aws s3 mb s3://testingb --region default
make_bucket: testingb
[root@ceph01 ~]# radosgw-admin bucket list | grep protect
    "protect"
[root@ceph01 ~]# aws s3 mb s3://protect --region default
make_bucket failed: s3://protect An error occurred (BucketAlreadyExists) when calling the CreateBucket operation: Cannot modify existing access control policy
[root@ceph01 ~]# aws s3api create-bucket --bucket protect --region default
An error occurred (BucketAlreadyExists) when calling the CreateBucket operation: Cannot modify existing access control policy
```


Steps to Reproduce:
1.
2.
3.

Actual results:
409

Expected results:
200

Additional info:
Comment 9 errata-xmlrpc 2025-05-07 12:48:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:4664
Note You need to log in before you can comment on or make changes to this bug.