Glance

  1. Bug #1308413
  2. Comment #8

Comment 8 for bug 1308413

Revision history for this message
Flavio Percoco (flaper87) wrote : Re: TENANT2 can list the image belonging to TENANT1 while using v2 api with registry

We used to send all identity headers in the version 1 of the registry client[0][1], but we don't seem to be doing that anymore[2]. This seems to be the cause of this issue and it kinda sounds bad. The RegistryService (like the API service) creates a context based on the headers passed to it and then passes that to the database[3][4] function. I'll work on a fix for it.

[0] https://github.com/openstack/glance/blob/master/glance/registry/client/v1/api.py#L130-L138
[1] https://github.com/openstack/glance/blob/master/glance/registry/client/v1/client.py#L105
[2] https://github.com/openstack/glance/blob/master/glance/registry/client/v2/api.py

[3] https://github.com/openstack/glance/blob/master/glance/context.py#L97
[4] https://github.com/openstack/glance/blob/master/glance/db/sqlalchemy/api.py#L230