A new glance add-on service should periodically poll the upstream authentication and authorization service (i.e., keystone, ldap, et al.) to obtain member privileges to VM images. This service should update the glance database with a user+tenant+role -> image "map." A service that provides similar functionality is the Grid User Mapping Service (GUMS) used widely in the Open Science Grid (OSG).
Think this task may dovetail nicely into this blueprint:
https:/ /wiki.openstack .org/wiki/ Glance- api-v2- image-sharing
The proposal I would make is the following:
A new glance add-on service should periodically poll the upstream authentication and authorization service (i.e., keystone, ldap, et al.) to obtain member privileges to VM images. This service should update the glance database with a user+tenant+role -> image "map." A service that provides similar functionality is the Grid User Mapping Service (GUMS) used widely in the Open Science Grid (OSG).