← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1155389] Re: Multi-tenant swift store image sharing doesn't work

 

** Changed in: swift
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1155389

Title:
  Multi-tenant swift store image sharing doesn't work

Status in OpenStack Image Registry and Delivery Service (Glance):
  Triaged
Status in OpenStack Object Storage (Swift):
  Fix Released

Bug description:
  Using the multi-tenant swift store, I can't read images shared with
  me.

  This seems to be because glance is setting the X-Container-Read header
  on the image container to be a list of tenant ids. However, a bare
  tenant id is not among the approved ACL settings, which can only be of
  the form:

  tenant_id:user_id
  tenant_name:user_id
  *:user_id

  Unfortunately there doesn't seem to be any way to really make this
  work without a change in swift. In particular, we need swift to
  support something like <tenant_id>:* to indicate that permissions are
  extended to all users that can successfully authenticate for the given
  tenant id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1155389/+subscriptions