[Openstack-operators] need feedback about Glance image 'visibility' migration in Ocata

Brian Rosmaita brian.rosmaita at RACKSPACE.COM
Thu Nov 17 13:27:39 UTC 2016


On 11/17/16, 1:39 AM, "Sam Morrison" <sorrison at gmail.com<mailto:sorrison at gmail.com>> wrote:

On 17 Nov. 2016, at 3:49 pm, Brian Rosmaita <brian.rosmaita at RACKSPACE.COM<mailto:brian.rosmaita at RACKSPACE.COM>> wrote:

Ocata workflow:  (1) create an image with default visibility, (2) change
its visibility to 'shared', (3) add image members

Unsure why this can't be done in 2 steps, when someone adds an image member to a 'private' image the visibility changes to 'shared' automatically.
Just seems an extra step for no reason?

Thanks for asking, Sam, I'm sure others have the same question.

Here's what we're thinking.  We want to avoid "magic" visibility transitions as a side effect of another action, and we want all means of changing visibility to be consistent going forward.  The two-step 1-1 sharing that automatically takes you from 'private' -> 'shared' is dangerous, as it can expose data and doesn't give an end user a way to make an image "really" private.  It's true that all an end user has to do under the new scheme is make one extra API call and then still shoot him/herself in the foot, but at least the end user has to remove the safety first by explicitly changing the visibility of the image from 'private' to 'shared' before the member-list has any effect.

So basically, the reasons for the extra step are consistency and clarity.


Sam

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20161117/d854f745/attachment.html>


More information about the OpenStack-operators mailing list