Comment 4 for bug 1546507
Revision history for this message
| Stuart McLaren (stuart-mclaren) wrote Re: Regular user can delete any image file | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
My understanding (which may not be 100%) is that the rbd location is used by Cinder.
If a user wants to create a new volume from an existing image this can be done in two ways:
1) the image can be streamed as usual
2) if the image backend is rbd, and the location is known, a short cut can be taken: the image bytes don't need to be streamed. Instead a quick clone of the backing volume can be performed.
If the consumer of the location field is typically another OpenStack service (Cinder/whatever) it may be worth considering using Service Tokens here.
We could only expose the location if the request contained a particular role granted by a Service Token. In that way the end user wouldn't see the locations but other OpenStack services could.