[Openstack] [GLANCE] owner: name vs id
Jay Pipes
jaypipes at gmail.com
Fri Mar 9 05:40:04 UTC 2012
On 03/08/2012 06:44 PM, Vishvananda Ishaya wrote:
> I reported a bug today about glance using the tenant_name as owner:
>
> https://bugs.launchpad.net/bugs/950364
>
> The current use is incorrect and will cause breakages in the case that a
> tenant is renamed. It seems vital that we get this fixed before
> releasing essex, although I don't know if we need to provide some sort
> of migration script for old images. Brian Waldon is on vacation until
> next week, so if any of the rest of glance core has opinions or ideas
> (Jay?) I think we need to get something underway ASAP.
OK, so the source of this issue is actually in Keystone. The
glance_auth_token middleware is creating the RequestContext that Glance
uses when querying for the caller's tenant. The code uses the value of
the X_TENANT header to populate the tenant supplied to the
RequestContext's constructor, which is what Glance ends up storing in
the registry as the image owner_id.
So... the solution, I think, is to patch the glance_auth_token
middleware in Keystone to use the value of the X_TENANT_ID header, not
X_TENANT, and write some sort of data migration script to address the
problem of stored owner_id values being name and not ID of tenant.
Vish, Joe, do you agree with this assessment?
-jay
More information about the Openstack
mailing list