Restrict users from uploading volume to image based on glance protected properties

Registered by Tushar Patil

Image with protected properties concept was introduced in Glance in Havana release. One of the main use case of introducing this concept was for billing purpose.
i.e. owner of the image would create one or more custom protected properties for a licensed image and share it publicly to the users. When users uses this license image for creating new instances, owner will know who is using licensed images, for many hours and users will be charged accordingly. Also the meta data properties are copied when volume is created from the licensed image so that when this volume is used for booting vms, owner of the licensed image will know who is using it for billing purpose.
But presently, when you create a image from volume (volume created from licensed image), it allow user to create image as it only copies core properties leaving custom protected properties behind. This will allow user to use licensed image free of cost. Also he/she can share this image with another tenants. This will be a big blow to the owner of the licensed image. To avoid this, it is necessary to copy custom properties when you create a image from volume. If the glance deployer has allowed only administrator/owner to create custom protected properties, then normal user wouldn’t be able to create image from volume and use licensed image maliciously.

For example /etc/glance/protected-properties.conf
create = admin,owner
read = admin,Member,_member_
update = admin,owner
delete = admin,owner

Blueprint information

John Griffith
Tushar Patil
Pranali Deore
Series goal:
Accepted for juno
Milestone target:
milestone icon 2014.2
Started by
John Griffith
Completed by
John Griffith

Related branches



Gerrit topic:,topic:bp/restrict-uploading-volume-to-image,n,z

Addressed by:
    Copy custom properties to image from volume


Work Items

This blueprint contains Public information 
Everyone can see this information.