Use normal credentials for legacy image update
When updating legacy images, we use the user's context and elevate priviledges. However, neither do we require admin priviledges for the cinder API calls (in this case) nor the user's context credentials. This patch removes the special case where we elevate priviledges as it wasn't doing anything rather avoiding us to use right credentials and failing to fetch volume in the right location because of wrong credentials. NOTE: When using cinder as glance backend and we want to perform optimized volume upload to image, one thing we should make sure is either using the context or the cinder credentials set in glance-api.conf file, it should match the following details on the cinder side (if we are using internal context to create clone of image-volumes): cinder_store_user_name = context.user_id = cinder_internal_tenant_user_id cinder_store_project_name = context.project_id = cinder_internal_tenant_project_id The cinder_internal_tenant_user_id and cinder_internal_tenant_project_id are set in the [DEFAULT] section of cinder.conf. This issue was first discovered when testing the new location APIs[1] where tempest creates a volume with cinder's internal context and glance uses wrong credentials to access it and failing with 404 not found. [1] https://review.opendev.org/c/openstack/cinder/+/909847 Change-Id: I4f27a9800f239da8dbf29f4c028678df1f867664
This commit is contained in:
parent
e9217809e7
commit
5200760193
|
@ -555,8 +555,7 @@ class Store(glance_store.driver.Store):
|
|||
If above both conditions doesn't meet, it returns false.
|
||||
"""
|
||||
try:
|
||||
cinder_client = self.get_cinderclient(context=context,
|
||||
legacy_update=True)
|
||||
cinder_client = self.get_cinderclient(context=context)
|
||||
cinder_volume_type = self.store_conf.cinder_volume_type
|
||||
volume = cinder_client.volumes.get(volume_id)
|
||||
if cinder_volume_type and volume.volume_type == cinder_volume_type:
|
||||
|
@ -584,17 +583,8 @@ class Store(glance_store.driver.Store):
|
|||
for key in ['user_name', 'password',
|
||||
'project_name', 'auth_address']])
|
||||
|
||||
def get_cinderclient(self, context=None, legacy_update=False,
|
||||
version='3.0'):
|
||||
# NOTE: For legacy image update from single store to multiple
|
||||
# stores we need to use admin context rather than user provided
|
||||
# credentials
|
||||
if legacy_update:
|
||||
user_overriden = False
|
||||
context = context.elevated()
|
||||
else:
|
||||
user_overriden = self.is_user_overriden()
|
||||
|
||||
def get_cinderclient(self, context=None, version='3.0'):
|
||||
user_overriden = self.is_user_overriden()
|
||||
session = get_cinder_session(self.store_conf)
|
||||
|
||||
if user_overriden:
|
||||
|
|
Loading…
Reference in New Issue