Unfortunately cinder doesn't have hierarchy, like the path in filesystem and
swift, so it does not work meaningfully in cinder...
We could add some scheme to use volume names as URL to name it arbitrarily,
but it also have problem since multiple volume can have the same name..
Currently, instead of the URL, cinder will store the image_id and image
owner's project id in the volume metadata named "image_owner", which can be
obtained by "cinder show" or cinderclient.volumes.get(volume_id) method.
Especially in single-shared-user mode, it must be checked to restrict
manipulation by non-authorized users.
My patch for cinder store driver attached to this bug will add the check
for image owner's project id. It gets volume data from cinder based on the URL
"cinder://<uuid>", and allows to add location only if its "image_owner" metadata
shows that same owner with the image.
# Note that the metadata can only be set or modified by the owner.
Unfortunately cinder doesn't have hierarchy, like the path in filesystem and
swift, so it does not work meaningfully in cinder...
We could add some scheme to use volume names as URL to name it arbitrarily,
but it also have problem since multiple volume can have the same name..
Currently, instead of the URL, cinder will store the image_id and image volumes. get(volume_ id) method.
owner's project id in the volume metadata named "image_owner", which can be
obtained by "cinder show" or cinderclient.
Especially in single-shared-user mode, it must be checked to restrict
manipulation by non-authorized users.
My patch for cinder store driver attached to this bug will add the check
for image owner's project id. It gets volume data from cinder based on the URL
"cinder://<uuid>", and allows to add location only if its "image_owner" metadata
shows that same owner with the image.
# Note that the metadata can only be set or modified by the owner.