yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1155389] Re: Multi-tenant swift store image sharing doesn't work

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 17 Jul 2013 10:38:34 -0000
Reply-to: Bug 1155389 <1155389@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1155389

Title:
  Multi-tenant swift store image sharing doesn't work

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released
Status in OpenStack Object Storage (Swift):
  Fix Released

Bug description:
  Using the multi-tenant swift store, I can't read images shared with
  me.

  This seems to be because glance is setting the X-Container-Read header
  on the image container to be a list of tenant ids. However, a bare
  tenant id is not among the approved ACL settings, which can only be of
  the form:

  tenant_id:user_id
  tenant_name:user_id
  *:user_id

  Unfortunately there doesn't seem to be any way to really make this
  work without a change in swift. In particular, we need swift to
  support something like <tenant_id>:* to indicate that permissions are
  extended to all users that can successfully authenticate for the given
  tenant id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1155389/+subscriptions