Comment 1 for bug 2056179

Reviewed: https://review.opendev.org/c/openstack/glance_store/+/911005
Committed: https://opendev.org/openstack/glance_store/commit/c2b7b78d4ff55ea079ea6172241011edc68f5b23
Submitter: "Zuul (22348)"
Branch: master

commit c2b7b78d4ff55ea079ea6172241011edc68f5b23
Author: Rajat Dhasmana <email address hidden>
Date: Tue Mar 5 03:26:55 2024 +0530

    Use normal credentials for legacy image update

    When updating legacy images, currenly we use the user's
    context and elevate priviledges. However, we do not
    require admin priviledges for the cinder API calls.

    This patch removes the special case where we elevate
    priviledges as it wasn't doing anything rather avoiding
    us to use right credentials and failing to fetch volume
    in the right location because of wrong credentials.

    The correct credentials are either the service ones
    set in glance-api.conf file or the user context
    credentials, using which the Image-Volume was created.

    NOTE: When using cinder as glance backend and we want
    to perform optimized volume upload to image, one thing
    we should make sure is either using the context or the
    cinder credentials set in glance-api.conf file, it should
    match the following details on the cinder side (if we are
    using internal context to create clone of image-volumes):

    cinder_store_user_name = context.user_id/cinder_internal_tenant_user_id
    cinder_store_project_name = context.project_id/cinder_internal_tenant_project_id

    The cinder_internal_tenant_user_id and
    cinder_internal_tenant_project_id are set in the
    [DEFAULT] section of cinder.conf.

    This issue was first discovered when testing the new
    location APIs[1] where tempest creates a volume with
    cinder's internal context and glance uses wrong (user context)
    credentials to access it and failing with 404 not found.

    [1] https://review.opendev.org/c/openstack/cinder/+/909847

    Closes-Bug: #2056179
    Change-Id: I4f27a9800f239da8dbf29f4c028678df1f867664