[glance][ptg] Glance Xena PTG summary

Abhishek Kekane akekane at redhat.com
Tue May 4 14:26:37 UTC 2021

Hello Everyone,

Apologies for delay in sending the PTG summary and Thank you to everyone
who attended the Glance Xena PTG. We had extremely eventful discussions
around Secure RBAC and some new ideas for improvement in Glance.

Here is a short summary of the discussions. See the Etherpad [1] for full

Tuesday, April 20
# Wallaby Retrospective

On the positive note, we merged a number of useful features this cycle. We
managed to implement a project scope of secure RBAC for images API and
Distributed image import stuff.

On the other side we had usual problems of review bandwidth and we were not
able to keep our focus on reducing/managing the glance bugs backlog. We
really need more people in the community helping out with reviews, and
ideally moving to become members of the core team. We are happy to onboard
new members with appropriate help.

# Bug squashing per milestone

Unfortunately (due to lack of contributors) glance community was unable to
keep track of its bug backlog for the past couple of cycles. This cycle our
main focus is to revisit old bugs and reduce the bug backlogs for glance,
glance_store and python-glanceclient. We agreed to discuss existing bugs in
our weekly meeting after every two weeks for 15-20 minutes.

# Interop WG interlock
During this session we discussed the state of existing glance tempest
coverage and what action needs to be taken if there are any API changes or
new API is introduced.

Wednesday, April 21
# Secure RBAC - OSSN-0088

This entire day we discussed implementing Secure RBAC in glance. We also
decided to discuss with Lance/Gmann whether it is fine to add deprecation
warnings for OSSN-0088 on master branch or we should add those directly to
stable/wallaby branch where we have defaulted some metaded APIs to admin

# Glance policy - revisit, restructure
We also discussed to revisit and restructure our policy layer. At the
moment glance is injecting policies at different layers and most of the
policies are injected closed to the database layer. This approach is
causing problems in implementing the secure RBAC for location/tasks APIs.
During this cycle we are going to experiment on restructuring the policy
layer of glance (approach will be to work on restructuring modiffy_image
policy and then submit the spec on the basis of that finding before moving

# Secure RBAC - Hardening project scope, Implementing System scope/personas
During discussion on this topic we identified that to implement system
scope in glance we first need to restructure the glance policy layer. Which
means we need to keep our focus on restructuring the glance policy layer in
this cycle. Also at the moment only publicize_image policy is an
appropriate candidate for system scope. So we need to identify whether
there are any other APIs which can also use system scope.

Thursday, April 22
# Native Image Encryption
As this work has dependency on Barbican which is yet to be completed, we
decided to revisit the progress of the same around Milestone 2 and decide
whether we are ready to implement this feature in Xena cycle or postpone it
to next cycle.

# Multi-format images
We need to identify regression on Nova if we decide to implement the same.
I need to connect with dansmith to understand more about it. If there are
no side effects then we will be working on design/specification for this
feature in this cycle and implement the same in the next cycle. Erno also
suggested that we should improve the image conversion plugin based on
multiple stores support.

# Cinder - Glance cross project discussion
During this discussion Rajat (cinder driver maintainer for glance) walked
us through the current state of cinder driver of glance and how we could
add support for the new attachment API for cinder driver.

Friday, April 23
# Cache-API
We already agreed on implementation design about the same, the only reason
it is pending is we shifted our focus on RBAC in the last cycle. So it is
decided to wait for a couple of weeks in this cycle if we get any new
contributor to work on it or else implement the same during milestone 1.

# Glance Quotas
This topic was raised on the fly by belmoreira during the PTG so we
discussed the same. We decided to assess the use of keystone's unified
limits and put up a design/specification in glance to add quotas for images.

Apart from above topics during Open discussion we also discussed some of
the swift related bugs which we will be addressing during this cycle.
You will find the detailed information about the same in the PTG etherpad
[1] along with the recordings of the sessions.

I would once again like to thank everyone for joining us in the PTG.

[1] https://etherpad.opendev.org/p/xena-glance-ptg

Thanks and Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210504/ac925839/attachment-0001.html>

More information about the openstack-discuss mailing list