Glance stores library
Go to file
Rajat Dhasmana c2b7b78d4f Use normal credentials for legacy image update
When updating legacy images, currenly we use the user's
context and elevate priviledges. However, we do not
require admin priviledges for the cinder API calls.

This patch removes the special case where we elevate
priviledges as it wasn't doing anything rather avoiding
us to use right credentials and failing to fetch volume
in the right location because of wrong credentials.

The correct credentials are either the service ones
set in glance-api.conf file or the user context
credentials, using which the Image-Volume was created.

NOTE: When using cinder as glance backend and we want
to perform optimized volume upload to image, one thing
we should make sure is either using the context or the
cinder credentials set in glance-api.conf file, it should
match the following details on the cinder side (if we are
using internal context to create clone of image-volumes):

cinder_store_user_name = context.user_id/cinder_internal_tenant_user_id
cinder_store_project_name = context.project_id/cinder_internal_tenant_project_id

The cinder_internal_tenant_user_id and
cinder_internal_tenant_project_id are set in the
[DEFAULT] section of cinder.conf.

This issue was first discovered when testing the new
location APIs[1] where tempest creates a volume with
cinder's internal context and glance uses wrong (user context)
credentials to access it and failing with 404 not found.

[1] https://review.opendev.org/c/openstack/cinder/+/909847

Closes-Bug: #2056179
Change-Id: I4f27a9800f239da8dbf29f4c028678df1f867664
2024-04-08 23:53:24 +05:30
doc Remove Python 2 support 2022-05-25 04:42:06 +02:00
etc/glance Add lock per share for cinder nfs mount/umount 2020-05-01 11:35:01 +00:00
glance_store Use normal credentials for legacy image update 2024-04-08 23:53:24 +05:30
releasenotes Use normal credentials for legacy image update 2024-04-08 23:53:24 +05:30
tools Remove unused test tools 2023-11-16 01:09:09 +09:00
.gitignore Add .stestr to gitignore 2018-01-29 06:26:30 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:42:31 +00:00
.stestr.conf Update tox.ini to conform to the PTI 2018-07-16 04:52:57 +00:00
.zuul.yaml Merge "Increase timeout of glance_store-src-ceph-tempest" 2024-01-19 06:20:25 +00:00
LICENSE Copying from glance 2014-01-24 18:30:46 +01:00
README.rst Add release notes link in readme 2019-10-06 14:37:10 +08:00
requirements.txt Bump hacking 2024-01-28 00:00:08 +09:00
setup.cfg Update python classifier in setup.cfg 2024-01-08 20:21:24 -08:00
setup.py Cleanup py27 support 2020-04-05 08:20:21 +02:00
test-requirements.txt Bump hacking 2024-01-28 00:00:08 +09:00
tox.ini Replace deprecated UPPER_CONSTRAINTS_FILE variable 2023-02-07 02:48:42 +01:00

Team and repository tags

The following tags have been asserted for the Glance Store
Library:
"project:official",
"stable:follows-policy",
"vulnerability:managed".
Follow the link for an explanation of these tags.

Glance Store Library

Glance's stores library

This library has been extracted from the Glance source code for the specific use of the Glance and Glare projects.

The API it exposes is not stable, has some shortcomings, and is not a general purpose interface. We would eventually like to change this, but for now using this library outside of Glance or Glare will not be supported by the core team.