Glance replicator assumes owner ids are identical on both glance servers

Bug #1030697 reported by Michael Still on 2012-07-30
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

This is true if both glance servers share a common keystone installation, but is not true if there is a separate keystone per glance server. We need some sort of user translation implementation here.

Michael Still (mikal) wrote :

Actually, maybe that's not totally true... Can admin users in glance set the owner of an image to be some arbitrary other user? Or will the owner of any images created on the slave be the replication user by definition?

Brian Waldon (bcwaldon) wrote :

Images created in a glance environment are owned by the user making the request. The one exception is if that user is an Admin. Admins can explicitly set the owner at creation to any string.

Michael Still (mikal) wrote :

Yeah, I think it wouldn't be that unusual to run the replicator as an admin user if you were a service provider, so I guess we should attempt some sort of UUID lookup. If a normal user was running the replicator for just their images, then they'd expect to see the images in the slaves be owned by them, so that behaviour looks good in that case.

Brian Waldon (bcwaldon) wrote :

So this isn't a bug, right?

summary: - Glance replicator assumes user UUIDs are identical on both glance
- servers
+ Glance replicator assumes owner ids are identical on both glance servers
Changed in glance:
status: New → Incomplete
Michael Still (mikal) wrote :

Well, I guess its a feature request. Its a bunch of code though, because the replicator would have to go off and ask keystone for the user's UUID, which means implementing a ketstone client in the replicator (or linking to one). I don't think this is going to make it into folsom at the least.

Brian Waldon (bcwaldon) wrote :

Ok, we can revisit this in Grizzly.

Changed in glance:
status: Incomplete → Triaged
Michael Still (mikal) on 2013-09-20
Changed in glance:
assignee: Michael Still (mikalstill) → nobody
Tom Fifield (fifieldt) wrote :

How did the grizzly revisit go?

Sean McGinnis (sean-mcginnis) wrote :

Is this still an issue that needs to be addressed?

Changed in glance:
status: Triaged → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers