Administrative API for Glance

Registered by Hemanth Makkapati on 2014-02-07

With new Glance features like image-sharing and import/export, we may need to provide a way to administer these features.
A couple of use-cases:
1. Being able to stop a malicious/bad image to proliferate further through image-sharing
2. Being able to blacklist an image and prohibit further operations on it
2. Being able to ban/prohibit a user/tenant from further making any tasks requests if found importing malicious images
etc

With Glance now as public API, impending features like community sharing and Glance being envisoned as a 'starting point' for other Openstack projects, this may be all the more relevant.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Hemanth Makkapati
Direction:
Needs approval
Assignee:
Hemanth Makkapati
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

flwang:
Will it be a separate API or most like a middleware? I'm thinking to place the image-recover as an admin API. So I'd like to know more details about this and I'm glad to help if it's necessary. Thanks.

nikhil:
Definitely see some of the enhancements described being helpful to the new features exposed through the public glance api. Would recommend some discussion around this with the community and sort out any possible concerns.

hemanth:
@flwang: Initially I thought of it as a separate API. But, I think it need not necessarily be a separate API. We can introduce operations that are not there in glance right now (like suspending/blacklisting an image) and make them available only to admin roles. Both the approaches may be painful/useful. If it's a separate API, it may not make a lot of sense and would it even be RESTful? On the other hand, if we add more operations on /images and restrict them to only admin roles, is it going to get too hard for users to understand what they can or cannot do with images? We maybe increasing the complexity here.

These are my initial thoughts. I would like to hear your thoughts as well. Also, I am collecting usecases right now, so, if you have any usecases towards this BP, please do share them. Thanks!

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.