openstack team mailing list archive
Mailing list archive
Re: [GLANCE] owner: name vs id
On 03/08/2012 06:44 PM, Vishvananda Ishaya wrote:
I reported a bug today about glance using the tenant_name as owner:
The current use is incorrect and will cause breakages in the case that a
tenant is renamed. It seems vital that we get this fixed before
releasing essex, although I don't know if we need to provide some sort
of migration script for old images. Brian Waldon is on vacation until
next week, so if any of the rest of glance core has opinions or ideas
(Jay?) I think we need to get something underway ASAP.
OK, so the source of this issue is actually in Keystone. The
glance_auth_token middleware is creating the RequestContext that Glance
uses when querying for the caller's tenant. The code uses the value of
the X_TENANT header to populate the tenant supplied to the
RequestContext's constructor, which is what Glance ends up storing in
the registry as the image owner_id.
So... the solution, I think, is to patch the glance_auth_token
middleware in Keystone to use the value of the X_TENANT_ID header, not
X_TENANT, and write some sort of data migration script to address the
problem of stored owner_id values being name and not ID of tenant.
Vish, Joe, do you agree with this assessment?