New Upload Download Workflow for Public Glance

Registered by Iccha Sethi

This blueprint has been superseded. See the newer blueprint "New Upload Workflow ("Import")" for updated plans.

This blueprint suggests an alternative way to upload and download images when glance is exposed.
It would consist of 4 distinct operations:
1.upload (customer -> swift or other store)
2. import (swift or other store -> glance) conversion/verification happens here into our runtime format, get UUID
3. export (glance -> swift) have to request download format, get swift/store URI of converted img
4. download (swift -> customer)

Upload workflow:
user uploads image to store
registers image in glance
POST /images body: {seed-uri=<uri>}
first check that uri is in the same region as this glance
returns a handle you can use to poll the image for status

create a temporary URL (in swift) for the customer to use to download
or just obtain url from other stores to use for download.

NOTE: Incorporate multiple stores and copy-from and copy-to

Based on discussions at havana summit:

Blueprint information

Iccha Sethi
Series goal:
Not started
Milestone target:
Completed by
Mark Washenberger

Related branches



Use cases for this feature generally come about in a situation where you do not want to give end users direct access to image data. But of course you still have to enable Nova to access image data so that boot and snapshot work correctly. Since keystone authn doesn't really support this level of explicit impersonation, to make these use case work you have to have two sets of glance api endpoints. One, in the catalog, has user-oriented policies set. Another, configured directly in nova, has service-oriented policies set.

- Allow users to upload their own images to glance, subject to a verification and conversion process before the image is activated, without allowing the user to directly PUT image data into Glance.
- Allow users to export a copy of one of their images from glance, subject to a conversion / scrubbing process before the image data is made available, while not allowing the user to directly GET image data from Glance.

I think you could argue that the cart is before the horse in this proposal, since Nova simply wouldn't work today if you made policies against users downloading and uploading image data directly. But I call that just a weakness in authn that Nova is only capable of exactly impersonating a user, and that Nova cannot lend its own credentials/roles to a request. And in any case, the dual-deployment option is available to the big boys now.

After some conversation in #openstack-glance, it seems that it makes the most sense to use the terms "import" and "export" for these use cases.

separate into two BPs.

Have filed two blueprints to supercede this one:
(NOTE: The BPs are very sparse, be sure to take the "Read the full specification" link on each one!)


Work Items

This blueprint contains Public information 
Everyone can see this information.