Hi Pete! Answers inline :) On Thu, Jan 19, 2012 at 2:26 PM, Pete Zaitcev <[email protected]> wrote: > Hello: > > This clearly seems like I am missing something obvious, but is it > possible to list non-public images in Glance?
No. But if you no the ID, you can issue a call to HEAD|GET /images/<ID> and it will show you the image information. This was done this way for legacy reasons IIRC. Nowadays, with authentication enabled, you have much better, finer-grained, and logical access permissions to images (see below) > It came up because I have a Glance setup without Keystone or other > authentication for now, like this: > > [pipeline:glance-api] > pipeline = versionnegotiation context apiv1app > > Images that have "X-Image-Meta-Is_public: False" do not get listed > with "glance index". I am not saying that it is wrong per se, all the > documentation implies that a GET to /v1/images only produces a listing > of public images, and it looks like all functional and unit tests > in ./glance/tests set the public flag as necessary. Correct. > But I'm wondering: > > a) If authentication is in effect, can users list their own images? Yes. If authentication is enabled and a user calls GET /images, they see a list of non-deleted, non-killed-status *public* images (is_public=True) AND any images where the owner_id is the user's Tenant or User ID AND any images that have manually been shared with the Tenant or User ID via the image-memberships functionality. Note that I say "Tenant or User" above. There is a configuration value (owner_is_tenant, default is True) that controls whether the authentication layer considers the X-Auth-Tenant or the X-Auth-User value as being the owner... > It is easy to forget what you have. The Image Warehouse service > in Aeolus permits to list images regardless, as long as bucket > is accessible. > > b) If authentication is not in effect, should we chage to listing > everything, public and not? I can file a bug and see it implemented. Interesting proposal, and one we debated over when Kevin Mitchell originally added support for authentication (and thus image ownership). We decided to keep it the way it is because we did not want to change existing behaviour of servers that did not have authentication enabled... Cheers! -jay > -- Pete > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
