From 8528b265a9afcf971c3c396eb880d682d1c5a116 Mon Sep 17 00:00:00 2001
From: Poorna <poornas@users.noreply.github.com>
Date: Fri, 23 Dec 2022 15:44:48 -0800
Subject: [PATCH] Validate replication target update to avoid duplicate
 endpoints (#16311)

---
 cmd/admin-bucket-handlers.go | 6 ++++--
 cmd/bucket-targets.go        | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/cmd/admin-bucket-handlers.go b/cmd/admin-bucket-handlers.go
index ef06ce50b..b93bea72b 100644
--- a/cmd/admin-bucket-handlers.go
+++ b/cmd/admin-bucket-handlers.go
@@ -228,8 +228,10 @@ func (a adminAPIHandlers) SetRemoteTargetHandler(w http.ResponseWriter, r *http.
 		for _, op := range ops {
 			switch op {
 			case madmin.CredentialsUpdateType:
-				tgt.Credentials = target.Credentials
-				tgt.TargetBucket = target.TargetBucket
+				if !globalSiteReplicationSys.isEnabled() {
+					tgt.Credentials = target.Credentials
+					tgt.TargetBucket = target.TargetBucket
+				}
 				tgt.Secure = target.Secure
 				tgt.Endpoint = target.Endpoint
 			case madmin.SyncUpdateType:
diff --git a/cmd/bucket-targets.go b/cmd/bucket-targets.go
index e263fb5cc..19b44effd 100644
--- a/cmd/bucket-targets.go
+++ b/cmd/bucket-targets.go
@@ -256,6 +256,10 @@ func (sys *BucketTargetSys) SetTarget(ctx context.Context, bucket string, tgt *m
 				found = true
 				continue
 			}
+			// fail if endpoint is already present in list of targets and not a matching ARN
+			if t.Endpoint == tgt.Endpoint {
+				return BucketRemoteAlreadyExists{Bucket: t.TargetBucket}
+			}
 		}
 		newtgts[idx] = t
 	}