On 1/16/2019 9:22 AM, William M Edmonds wrote:
I do agree that in this case, forcing ownership transfer would probably be better than sharing. In fact, I wish we could do that for images here.
I'm pretty sure we can simply force the glance snapshot image to be owned privately by the tenant user that owns the instance by simply specifying: image['owner'] = instance.project_id The reason I didn't just do that was because it's a more drastic change in behavior than what we have today with the image being owned by the tenant that created the image. I also thought about making that configurable, but that is (1) kind of gross since it's config-driven API behavior which also makes it (2) not really interoperable, although that behavior could probably be discoverable by end users. If you go back to the proposed spec from Brin Zhang [1] the proposal there is to change the compute API to allow passing in the owner project_id so nova doesn't have to fumble with this. I could see that being reasonable for snapshots and backups, but I think the original bug about shelve is really just that - a bug, and easily fixed with what I've proposed (and is not a problem for volume-backed servers because shelve doesn't create a snapshot image for those). [1] https://review.openstack.org/#/c/616843/ -- Thanks, Matt