On 14/09/15 15:51 -0400, Doug Hellmann wrote:
Excerpts from Flavio Percoco's message of 2015-09-14 14:41:00 +0200:On 14/09/15 08:10 -0400, Doug Hellmann wrote:
[snip]
The task upload process you're referring to is the one that uses the `import` task, which allows you to download an image from an external source, asynchronously, and import it in Glance. This is the old `copy-from` behavior that was moved into a task. The "fun" thing about this - and I'm sure other folks in the Glance community will disagree - is that I don't consider tasks to be a public API. That is to say, I would expect tasks to be an internal API used by cloud admins to perform some actions (bsaed on its current implementation). Eventually, some of these tasks could be triggered from the external API but as background operations that are triggered by the well-known public ones and not through the task API.Does that mean it's more of an "admin" API?
As it is right now, yes. I don't think it's suitable for public use and the current supported features are more useful for admins than end-users. Could it be improved to be a public API? Sure. [snip]
This is definitely unfortunate. I believe a good step forward for this discussion would be to create a list of issues related to uploading images and see how those issues can be addressed. The result from that work might be that it's not recommended to make that endpoint public but again, without going through the issues, it'll be hard to understand how we can improve this situation. I expect most of this issues to have a security impact.A report like that would be good to have. Can someone on the Glance team volunteer to put it together?
Here's an attempt from someone that uses clouds but doesn't run any: - Image authenticity (we recently landed code that allows for having signed images) - Quota management: Glance's quota management is very basic and it allows for setting quota in a per-user level[1] - Bandwidth requirements to upload images - (add more here) [0] http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html [1] http://docs.openstack.org/developer/glance/configuring.html#configuring-glance-user-storage-quota [snip]
This is, indeed, an interesting interpretation of what tasks are for. I'd probably just blame us (Glance team) for not communicating properly what tasks are meant to be. I don't believe tasks are a way to extend the *public* API and I'd be curious to know if others see it that way. I fully agree that just breaks interoperability and as I've mentioned a couple of times in this reply already, I don't even think tasks should be part of the public API.Whether they are intended to be an extension mechanism, they effectively are right now, as far as I can tell.
Sorry, I probably didn't express myself correctly. What I meant to say is that I don't see them as a way to extend the *public* API but rather as a way to add functionality to glance that is useful for admins.
The mistake here could be that the library should've been refactored *before* adopting it in Glance.The fact that there is disagreement over the intent of the library makes me think the plan for creating it wasn't sufficiently circulated or detailed.
There wasn't much disagreement when it was created. Some folks think the use-cases for the library don't exist anymore and some folks that participated in this effort are not part of OpenStack anymore. [snip] Flavio -- @flaper87 Flavio Percoco
pgpVhzArbV3YP.pgp
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
