[nova][glance] Granting image member access for snapshots (bug 1675791)
mriedemos at gmail.com
Wed Jan 16 18:53:48 UTC 2019
On 1/16/2019 9:22 AM, William M Edmonds wrote:
> I do agree that in this case, forcing ownership transfer would probably
> be better than sharing. In fact, I wish we could do that for images here.
I'm pretty sure we can simply force the glance snapshot image to be
owned privately by the tenant user that owns the instance by simply
image['owner'] = instance.project_id
The reason I didn't just do that was because it's a more drastic change
in behavior than what we have today with the image being owned by the
tenant that created the image. I also thought about making that
configurable, but that is (1) kind of gross since it's config-driven API
behavior which also makes it (2) not really interoperable, although that
behavior could probably be discoverable by end users.
If you go back to the proposed spec from Brin Zhang  the proposal
there is to change the compute API to allow passing in the owner
project_id so nova doesn't have to fumble with this. I could see that
being reasonable for snapshots and backups, but I think the original bug
about shelve is really just that - a bug, and easily fixed with what
I've proposed (and is not a problem for volume-backed servers because
shelve doesn't create a snapshot image for those).
More information about the openstack-discuss