Comment 95 for bug 1546507

After a brief look at the glace swift store, the image id is also stored in the uri. (swift://<SWIFT_URL>/<CONTAINER>/<FILE>) where the File is the image ID. As the store uri starts with swift, Mike's patch should catch and work for the swift store too.

There is a multi and single tenent swift store, where I see the multi tenant one being of most risk, just as it is for cinder as it seems just the token needs to be supplied.

Swift does support composite tokens (send glances service token and the users). This would help unless the malicious user is from the same tenant as the user. I don't see this option in the store, but this mode would make it most secure and kept the images away from the users eyes as well.

I haven't tested it however, I have many a Swift AIO, but nothing set up with glance etc. I could do that thing, but looking at the store and mikes patch it seems pretty obvious.

TL;DR: Swift store seems to store the id, Mike's patch should cover this tho, the composite token option should be added to glances swift store/glance (but maybe it already is?).