From 2f36728a1b04beae5fd01af9f5002c2dc02add5e Mon Sep 17 00:00:00 2001
From: Ben <belimele@redhat.com>
Date: Tue, 7 May 2024 00:56:49 +0200
Subject: [PATCH] - Hide `new_buckets_path` docs - Force all NSFS OBCs to be
 NSFS-only, and to not accept any value for `new_buckets_path`

Signed-off-by: Ben <belimele@redhat.com>
---
 doc/obc-provisioner.md          | 7 ++++---
 pkg/noobaaaccount/reconciler.go | 2 +-
 pkg/obc/obc.go                  | 6 +++---
 pkg/obc/provisioner.go          | 3 +++
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/doc/obc-provisioner.md b/doc/obc-provisioner.md
index c18d7bc28..7a82c8efe 100644
--- a/doc/obc-provisioner.md
+++ b/doc/obc-provisioner.md
@@ -114,8 +114,8 @@ uid - the user ID of the account that should be mimicked within the filesystem
 OR
 distinguished_name - the distinguished name of the account that should be mimicked within the filesystem
 
-These optional parameters can be provided by the user to further configure the NSFS account:
-new_buckets_path - the filesystem path that should be 'mounted' as the bucket's root (`path` parameter in the CLI)
+These optional additionalConfig keys can be provided by the user to further configure NSFS OBC properties:
+path - the filesystem path that should be 'mounted' as the bucket's root. Please make sure that the path was created with the appropriate ownership and permissions ahead of time.
 
 Examples:
 
@@ -133,7 +133,8 @@ spec:
   generateBucketName: my-bucket
   storageClassName: noobaa.noobaa.io
   additionalConfig:
-    nsfsAccountConfig: { "distinguished_name": "current_user", "new_buckets_path": "/mnt/nsfs" }
+    nsfsAccountConfig: { "distinguished_name": "current_user" }
+    path: "/mnt/nsfs"
 ```
 
 # Using the OBC
diff --git a/pkg/noobaaaccount/reconciler.go b/pkg/noobaaaccount/reconciler.go
index 70e1d3a34..a3320f0dc 100644
--- a/pkg/noobaaaccount/reconciler.go
+++ b/pkg/noobaaaccount/reconciler.go
@@ -401,7 +401,7 @@ func (r *Reconciler) UpdateNooBaaAccount() error {
 				UID:            r.NooBaaAccount.Spec.NsfsAccountConfig.UID,
 				GID:            r.NooBaaAccount.Spec.NsfsAccountConfig.GID,
 				NewBucketsPath: r.NooBaaAccount.Spec.NsfsAccountConfig.NewBucketsPath,
-				NsfsOnly:       true,
+				NsfsOnly:       r.NooBaaAccount.Spec.NsfsAccountConfig.NsfsOnly,
 			}
 		}
 
diff --git a/pkg/obc/obc.go b/pkg/obc/obc.go
index 346b438e0..47583958e 100644
--- a/pkg/obc/obc.go
+++ b/pkg/obc/obc.go
@@ -59,7 +59,7 @@ func CmdCreate() *cobra.Command {
 	cmd.Flags().String("distinguished-name", "",
 		"Set the distinguished name for the NSFS account config")
 	cmd.Flags().String("path", "",
-		"Set path to specify inner directory in namespace store target path - can be used only while specifing a namespace bucketclass")
+		"Set path to specify inner directory in namespace store target path, or in the case of NSFS - filesystem mount point (can be used only when specifying a namespace bucketclass)")
 	cmd.Flags().String("replication-policy", "",
 		"Set the json file path that contains replication rules")
 	cmd.Flags().String("max-objects", "",
@@ -206,7 +206,7 @@ func RunCreate(cmd *cobra.Command, args []string) {
 		var nsfsAccountConfig nbv1.AccountNsfsConfig
 		nsfsAccountConfig.GID = gid
 		nsfsAccountConfig.UID = uid
-		nsfsAccountConfig.NewBucketsPath = path
+		nsfsAccountConfig.NewBucketsPath = ""
 		nsfsAccountConfig.NsfsOnly = true
 		marshalledCfg, _ := json.Marshal(nsfsAccountConfig)
 		obc.Spec.AdditionalConfig["nsfsAccountConfig"] = string(marshalledCfg)
@@ -215,7 +215,7 @@ func RunCreate(cmd *cobra.Command, args []string) {
 	if distinguishedName != "" {
 		var nsfsAccountConfig nbv1.AccountNsfsConfig
 		nsfsAccountConfig.DistinguishedName = distinguishedName
-		nsfsAccountConfig.NewBucketsPath = path
+		nsfsAccountConfig.NewBucketsPath = ""
 		nsfsAccountConfig.NsfsOnly = true
 		marshalledCfg, _ := json.Marshal(nsfsAccountConfig)
 		obc.Spec.AdditionalConfig["nsfsAccountConfig"] = string(marshalledCfg)
diff --git a/pkg/obc/provisioner.go b/pkg/obc/provisioner.go
index 48d42ed12..c22ac29e2 100644
--- a/pkg/obc/provisioner.go
+++ b/pkg/obc/provisioner.go
@@ -575,6 +575,9 @@ func (r *BucketRequest) CreateAccount() error {
 		if err != nil {
 			return fmt.Errorf("failed to parse NSFS config %q: %w", r.OBC.Spec.AdditionalConfig["nsfsAccountConfig"], err)
 		}
+		// We prefer to make sure this account is only used for its appropriate NSFS operations
+		nsfsAccountConfig.NewBucketsPath = "";
+		nsfsAccountConfig.NsfsOnly = true;
 	}
 	
 	accountInfo, err := r.SysClient.NBClient.CreateAccountAPI(nb.CreateAccountParams{