Glance

glance image-create with --owner only work on tenant ID

Bug #1220610 reported by Dafna Ron
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Invalid
Undecided
Unassigned

Bug Description

running:
glance image-create --name tenant --disk-format qcow2 --container-format bare --location http://XXXXXXXX --owner dafna
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2013-09-04T08:55:45 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 52357c0a-7d9e-4c22-85ab-84a71bb0cfdc |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | tenant |
| owner | dafna |
| protected | False |
| size | 1974140928 |
| status | active |
| updated_at | 2013-09-04T08:55:45 |
+------------------+--------------------------------------+

will give no errors but the image is not created.

only if I give the ID of the image, the image is created

[root@opens-vdsb ~(keystone_admin)]# glance image-create --name tenant --disk-format qcow2 --container-format bare --location http://XXXXXXXX --owner e91123ca35724285a783f33103875dcb
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2013-09-04T08:56:26 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 68df9bcc-492e-470d-bbce-bb40f94ec27b |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | tenant |
| owner | e91123ca35724285a783f33103875dcb |
| protected | False |
| size | 1974140928 |
| status | active |
| updated_at | 2013-09-04T08:56:27 |
+------------------+--------------------------------------+

[dron@opens-vdsb /(keystone_admin)]$ glance image-list
+--------------------------------------+--------+-------------+------------------+------------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------+-------------+------------------+------------+--------+
| cf34a754-5dec-4537-b2d3-0446cd5a3a18 | dron | qcow2 | bare | 699592704 | active |
| 68df9bcc-492e-470d-bbce-bb40f94ec27b | tenant | qcow2 | bare | 1974140928 | active |
+--------------------------------------+--------+-------------+------------------+------------+--------+

I think we need at least one of the blow fixes to improve glance api:

1. we should be able to create an owned image using tenant name
2. if this will be blocked we should block commnad from running for wrong param supplied.

Flavio Percoco (flaper87)
affects: glance → python-glanceclient
affects: python-glanceclient → glance
Revision history for this message
Flavio Percoco (flaper87) wrote :

Te client explicitly asks for it to be the tenant ID[0].

What I think it's happening here is that the image is being created correctly but not listed since you created under a tenant w/ id 'tenant' while in the context Glance has a tenant_id.

As a reminder, glance does not check for tenant existence, it assumes the tenant exists and it is an ID.

[0] https://github.com/openstack/python-glanceclient/blob/master/glanceclient/v1/shell.py#L190

Revision history for this message
Dafna Ron (dron-3) wrote :

so we could be dealing with a case of a typo in a script which will result in storage resources being taken and no way for the client to have any id that there was a problem?
and even then, they would have to manually delete the images without actually being able to list them properly?

personally I cannot understand the logic in not allowing tenant names.
but even if we decide that there is a logic behind it, we should perform some sort of a check or add an option to the api allowing the admin user to do the following:
1. be able to list images by tenant
2. check that the tenant exists during the create (default false).

Revision history for this message
Dafna Ron (dron-3) wrote :

Flavio, I check the db and you're right about the image being created:

+--------------------------------------+-------+
| id | owner |
 +--------------------------------------+-------+
| 52357c0a-7d9e-4c22-85ab-84a71bb0cfdc | dafna |
 +--------------------------------------+-------+

Revision history for this message
Dafna Ron (dron-3) wrote :

I'm seeing the same issue when we add a member to an image
I can run glance memeber-create <image_id> <tenant_display_name>
we would see something like this:
+--------------------------------------+----------------------------------+-----------+
| Image ID | Member ID | Can Share |
 +--------------------------------------+----------------------------------+-----------+
| 208bf4d0-f760-4212-8cf5-dd3ab0015a7d | e91123ca35724285a783f33103875dcb | |
| 208bf4d0-f760-4212-8cf5-dd3ab0015a7d | new_project | |
 +--------------------------------------+----------------------------------+-----------+

the users under this tenant will not see the image because it was actually added to the tenant.

image is of course checked for the command and will get a 404 error but tenant is not checked.

Revision history for this message
Yang Yu (yuyangbj) wrote : I will be on vacation from 9/5 to 9/15, urgent call: 13811509950

I will be out of the office starting 2013-09-05 and will not return until
2013-09-15.

I will be on my marriage leave from 9/5 to 9/15, for any urgent issue
please call me before 9/7.

For daily work, please ask my scrum master Zhu Zhu for help.
For glance issue, please ask glance SME Feilong Wang for help.
For defect report, there will be no report next week.

Revision history for this message
Flavio Percoco (flaper87) wrote :

Dafna,

Yup, I think there's no bug here then.

As for not checking the tenant / allowing tenant names. This has been discussed several times and it currently doesn't fit w/ the project. Perhaps, it could be revisited as part of Icehouse development.

Thanks for reporting this, I'll give it a couple of more days and then mark it as Invalid.

Revision history for this message
Matt Fischer (mfisch) wrote :

Flavio,

Can we close this one?

Flavio Percoco (flaper87)
Changed in glance:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.