Open Stack

On 03/08/2012 06:44 PM, Vishvananda Ishaya wrote:
> I reported a bug today about glance using the tenant_name as owner:
>
> https://bugs.launchpad.net/bugs/950364
>
> The current use is incorrect and will cause breakages in the case that a
> tenant is renamed. It seems vital that we get this fixed before
> releasing essex, although I don't know if we need to provide some sort
> of migration script for old images. Brian Waldon is on vacation until
> next week, so if any of the rest of glance core has opinions or ideas
> (Jay?) I think we need to get something underway ASAP.

OK, so the source of this issue is actually in Keystone. The 
glance_auth_token middleware is creating the RequestContext that Glance 
uses when querying for the caller's tenant. The code uses the value of 
the X_TENANT header to populate the tenant supplied to the 
RequestContext's constructor, which is what Glance ends up storing in 
the registry as the image owner_id.

So... the solution, I think, is to patch the glance_auth_token 
middleware in Keystone to use the value of the X_TENANT_ID header, not 
X_TENANT, and write some sort of data migration script to address the 
problem of stored owner_id values being name and not ID of tenant.

Vish, Joe, do you agree with this assessment?

-jay