yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2115414] [NEW] Glance policy doesnt support domain_id

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rajiv Mucheli <2115414@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Jun 2025 11:30:45 -0000
Reply-to: Bug 2115414 <2115414@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Hi,

Like other openstack services, support for domain_id exists but not for
glance. Looking into the latest glance policy.yaml
https://docs.openstack.org/glance/latest/configuration/glance_policy.html
i see only project_id is supported. I would like to report domain_name,
domain_id, project_name, etc is not supported. Is this restricted by
default ?

Is it due to this spec :

https://opendev.org/openstack/glance/src/branch/stable/2024.2/glance/api/policy.py#L184

Would adding the below help support the above ?


    def __iter__(self):
        for key in self._target_keys:
            yield key
        for key in getattr(self.target, 'extra_properties', {}).keys():
            yield key
        for alias in ['project_id', 'domain_name', 'domain_id', 'project_name']:
            yield alias

    def key_transforms(self, key):
        transforms = {
            'id': 'image_id',
            'project_id': 'owner',
            'member_id': 'member',
            'domain_name': 'domain_name',
            'domain_id': 'domain_id',
            'project_name': 'project_name',
        }

        return transforms.get(key, key)

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/2115414

Title:
  Glance policy doesnt support domain_id

Status in Glance:
  New

Bug description:
  Hi,

  Like other openstack services, support for domain_id exists but not
  for glance. Looking into the latest glance policy.yaml
  https://docs.openstack.org/glance/latest/configuration/glance_policy.html
  i see only project_id is supported. I would like to report
  domain_name, domain_id, project_name, etc is not supported. Is this
  restricted by default ?

  Is it due to this spec :

  https://opendev.org/openstack/glance/src/branch/stable/2024.2/glance/api/policy.py#L184

  Would adding the below help support the above ?

  
      def __iter__(self):
          for key in self._target_keys:
              yield key
          for key in getattr(self.target, 'extra_properties', {}).keys():
              yield key
          for alias in ['project_id', 'domain_name', 'domain_id', 'project_name']:
              yield alias

      def key_transforms(self, key):
          transforms = {
              'id': 'image_id',
              'project_id': 'owner',
              'member_id': 'member',
              'domain_name': 'domain_name',
              'domain_id': 'domain_id',
              'project_name': 'project_name',
          }

          return transforms.get(key, key)

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/2115414/+subscriptions

Follow ups

[Bug 2115414] Re: Glance policy doesnt support domain_id
From: Abhishek Kekane, 2025-06-26