Cloud Controller API does not validate if 2 services with the same name are shared in the same spaces

[sweinstein22]

Issue

The cloud controller does not enforce the name uniqueness for shared services in a spaces. It creates a situation where you can have multiple SI with the same name in a space.

Steps to Reproduce

Use the overview-broker service to deploy a service broker:

$ git clone git@github.com:cloudfoundry/overview-broker.git
$ cf push overview-broker
$ cf create-service-broker overview-broker admin password <app_url>
$ cf enable-service-access overview-service

Create service instances in two different spaces, then share them to a third:

$ cf enable-feature-flag service_instance_sharing
$ cf create-org source
$ cf create-space -o source space-1
$ cf create-space -o source space-2
$ cf create-org target
$ cf create-space -o target target
$ cf target -o source -s space-1
$ cf create-service overview-service small si -c '{"foo": "bar"}'
$ cf target -o source -s space-2
$ cf create-service overview-service small si -c '{"foo": "bar"}'
$ cf target -o source -s space-1
$ cf share-service si -s target -o target
$ cf target -o source -s space-2
$ cf share-service si -s target -o target

See that there are two service instances with the same name in the target org/space:

$ cf target -o target -s target
$ cf services

Output:

name   offering              plan    bound apps   last operation     broker            upgrade available 
si     overview-service   small                   create succeeded   overview-broker   no 
si     overview-service   small                   create succeeded   overview-broker   no

Expected result

The second share-service command should fail with a 422 Unprocessable Entity

Current result

Currently it succeeds, allowing users to end up with two service instances that have the same name in a single space.

This validation is already in place when trying to create a new service instance in a space:

$ cf target -o target -s target
$ cf create-service overview-broker small si -c '{"foo": "bar"}'
The service instance name is taken: si.
FAILED

Possible Fix

Validate service instance name uniqueness when sharing services

[sweinstein22]

@tstannard and I have done some preliminary exploration and determined that we are not checking for name uniqueness among service instances that have been shared into the space. We're only checking against service instances that originated in the space.

[Raj0564]

Do we have any update on this...?

[Raj0564]

@Team, @JenGoldstrich
I see this GIT Issue #2306 is closed, but still not clear if this is fix or not. If Fixed, what's the resolution? In which Release or Version this issue is fixed?

Could someone please help me to get more information on this. Apologies, if i am missing the part of the chain, which tell this is fixed.

[moleske]

It is in capi-release 1.119.0 https://github.com/cloudfoundry/capi-release/releases/tag/1.119.0

[Raj0564]

@moleske - We are currently on TAS 2.11.10 But don't find capi version what you mentioned i.e. 1.119.0
Also, i believe the latest TAS 2.12.x also doesn't have that capi version.

xxxxx@xxxxxxxxxx:~$ bosh releases | grep -i capi
capi 1.109.4* d7f18078
capi 1.109.1 86fb4f4d
capi 1.90.11 3d5381db

Could you please confirm, in what version of TAS we would get capi version what you have mentioned?

[moleske]

Hi @Raj0564, as this is the open source cloud foundry product, I can't speak to what is or isn't in the proprietary product produced by VMware. I would consider reaching out to VMware support and checking the release notes for the TAS product in question