openstack/glance
Code Issues Proposed changes
09312ab2c7
glance/doc/source/domain_implementation.rst
Li Wei ce3e7b33a8 Correct url in doc source 
From github to see, these links can not be opened, like
https://github.com/openstack/glance/blob/master/doc/source/architecture.rst
we should add . in front. there are four *.png in /doc/source/images/...
corresponding to the four *.rst.

Change-Id: I21af59dfd87872e02cff8dddb51d2f2b72e86082
2016-10-27 17:03:38 +08:00

155 lines
4.9 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

..
Copyright 2016 OpenStack Foundation
All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
==================================
Glance domain model implementation
==================================
Gateway and basic layers
~~~~~~~~~~~~~~~~~~~~~~~~
The domain model contains the following layers:
#. :ref:`authorization`
#. :ref:`property`
#. :ref:`notifier`
#. :ref:`policy`
#. :ref:`quota`
#. :ref:`location`
#. :ref:`database`
The schema below shows a stack that contains the Image domain layers and
their locations:
.. figure:: ./images/glance_layers.png
:figwidth: 100%
:align: center
:alt: From top to bottom, the stack consists of the Router and REST API,
which are above the domain implementation. The Auth, Property
Protection (optional), Notifier, Policy, Quota,
Location, and Database represent the domain implementation.
The Registry (optional) and Data Access sit below the domain
implementation. Further, the Client block calls the Router;
the Location block calls the Glance Store, and the Data Access
layer calls the DBMS.
Additional information conveyed in the image is the location in
the Glance code of the various components:
Router: api/v2/router.py
REST API: api/v2/*
Auth: api/authorization.py
Property Protection: api/property_protections.py
Notifier: notifier.py
Policy: api/policy.py
Quota: quota/__init__.py
Location: location.py
DB: db/__init__.py
Registry: registry/v2/*
Data Access: db/sqlalchemy/api.py
.. _authorization:
Authorization
-------------
The first layer of the domain model provides a verification of whether an
image itself or its property can be changed. An admin or image owner can
apply the changes. The information about a user is taken from the request
``context`` and is compared with the image ``owner``. If the user cannot
apply a change, a corresponding error message appears.
.. _property:
Property protection
-------------------
The second layer of the domain model is optional. It becomes available if you
set the ``property_protection_file`` parameter in the Glance configuration
file.
There are two types of image properties in Glance:
* *Core properties*, as specified in the image schema
* *Meta properties*, which are the arbitrary key/value pairs that can be added
to an image
The property protection layer manages access to the meta properties
through Glances public API calls. You can restrict the access in the
property protection configuration file.
.. _notifier:
Notifier
--------
On the third layer of the domain model, the following items are added to
the message queue:
#. Notifications about all of the image changes
#. All of the exceptions and warnings that occurred while using an image
.. _policy:
Policy
------
The fourth layer of the domain model is responsible for:
#. Defining access rules to perform actions with an image. The rules are
defined in the :file:`etc/policy.json` file.
#. Monitoring of the rules implementation.
.. _quota:
Quota
-----
On the fifth layer of the domain model, if a user has an admin-defined size
quota for all of his uploaded images, there is a check that verifies whether
this quota exceeds the limit during an image upload and save:
* If the quota does not exceed the limit, then the action to add an image
succeeds.
* If the quota exceeds the limit, then the action does not succeed and a
corresponding error message appears.
.. _location:
Location
--------
The sixth layer of the domain model is used for interaction with the store via
the ``glance_store`` library, like upload and download, and for managing an
image location. On this layer, an image is validated before the upload. If
the validation succeeds, an image is written to the ``glance_store`` library.
This sixth layer of the domain model is responsible for:
#. Checking whether a location URI is correct when a new location is added
#. Removing image data from the store when an image location is changed
#. Preventing image location duplicates
.. _database:
Database
--------
On the seventh layer of the domain model:
* The methods to interact with the database API are implemented.
* Images are converted to the corresponding format to be recorded in the
database. And the information received from the database is
converted to an Image object.
View Git Blame Copy Permalink