| Thread Previous • Date Previous • Date Next • Thread Next |
On 03/08/2012 06:44 PM, Vishvananda Ishaya wrote:
I reported a bug today about glance using the tenant_name as owner: https://bugs.launchpad.net/bugs/950364 The current use is incorrect and will cause breakages in the case that a tenant is renamed. It seems vital that we get this fixed before releasing essex, although I don't know if we need to provide some sort of migration script for old images. Brian Waldon is on vacation until next week, so if any of the rest of glance core has opinions or ideas (Jay?) I think we need to get something underway ASAP.
OK, so the source of this issue is actually in Keystone. The glance_auth_token middleware is creating the RequestContext that Glance uses when querying for the caller's tenant. The code uses the value of the X_TENANT header to populate the tenant supplied to the RequestContext's constructor, which is what Glance ends up storing in the registry as the image owner_id.
So... the solution, I think, is to patch the glance_auth_token middleware in Keystone to use the value of the X_TENANT_ID header, not X_TENANT, and write some sort of data migration script to address the problem of stored owner_id values being name and not ID of tenant.
Vish, Joe, do you agree with this assessment? -jay
| Thread Previous • Date Previous • Date Next • Thread Next |
