Glance

Bug #1549483
Comment #22

Comment 22 for bug 1549483

Revision history for this message

Nikhil Komawar (nikhil-komawar) wrote on 2016-04-11:

#22

Let's wait on the further action before we've come to consensus on what needs to be done.

Good catch Stuart. Thanks for stopping further action on time!

I guess, I missed updating that information in the description!

Yes, "publishing images" is generic enough term to be confused of the scope of the solution (recommended actions).

We should break this down a bit:

1. Operator defined Public images
If cloud operator disallows image sharing and publicizing images, then they need to worry about only images that are defined by admins. There are no actions needed in this case, the public images belonging to the admins are safe.

2. Publishing own images
This is case when sharing is not allowed and cloud is allowing users to publicize their own images; ie. when publicize_image is not restricted to cloud admins. There are no actions needed in this case, the public images belonging to the owners and admins are safe.

3. Shared Images
This is the most unrestricted deployment scenario, image can be potentially shared with any other user of the cloud without the notice of admins and the owner of the image.

recommended actions should be:
a) "set_image_location" and "delete_image_location" should be restricted to cloud admins and owner & project admin

For the #3 uploading images:

I think we can only communicate that users will making their own images redundant if trying to manipulate image data on active images when this config is enabled. Cloud operators should communicate the users of this issues (possibly in a FAQ section) when they decided to deploy this feature.

The policy "publicize_image" shouldn't have any effect on this bug directly (until what's been figured).

---
Error cases:

Unrestricted CR&D on image location

create: as mentioned in the bug description, users may be able to create a incorrect image behind the scene without the knowledge of the owner (if that image is shared with them and set_image_location policy is allowed) or the owner may create an incorrect one inadvertently.

read: it's safe from this bug's perspective

delete: This has the potential of data loss for the user in case they choose to delete their image location inadvertently or if the shared tenant deletes it without knowledge of the user.
---

Thoughts?

Let's wait on the further action before we've come to consensus on what needs to be done.

Good catch Stuart. Thanks for stopping further action on time!

I guess, I missed updating that information in the description!

Yes, "publishing images" is generic enough term to be confused of the scope of the solution (recommended actions).

We should break this down a bit:

2. Publishing own images
This is case when sharing is not allowed and cloud is allowing users to publicize their own images; ie. when publicize_image is not restricted to cloud admins.  There are no actions needed in this case, the public images belonging to the owners and admins are safe.

3. Shared Images
This is the most unrestricted deployment scenario, image can be potentially shared with any other user of the cloud without the notice of admins and the owner of the image.

recommended actions should be:
a) "set_image_location" and "delete_image_location" should be restricted to cloud admins and owner & project admin
 
For the #3 uploading images:

The policy "publicize_image" shouldn't have any effect on this bug directly (until what's been figured).

---
Error cases:

Unrestricted CR&D on image location

read: it's safe from this bug's perspective

delete: This  has the potential of data loss for the user in case they choose to delete their image location inadvertently or if the shared tenant deletes it without knowledge of the user.
---

Thoughts?