Comment 6 for bug 1354512

Feodor Tersin (ftersin) wrote :

Cloud service users are not known to keystone. They are regular users of web sites and other services which are launched in instances. So they don't have any cloud authorization property.

One should explicity request an image from Swift to get it. Moreover, there is no legal way to get the image url for cloud service users. But if he knows it, he can download the image.

I don't see any special comments in https://github.com/openstack/glance/commit/1f68b21de8b8a3366eb08fe1fa74ae7db2ac72b4 which added .r:*.

Of course, any cloud user can download a public image, and share it to all of the world. But it will be obvious action of a particular cloud user. Now the problem exists without any cloud user action (except compromising the image url).