Remove unused option "owner_is_tenant"

This option has been deprecated since Rocky.

Change-Id: I8edc957ad50ec28d80a06e76912f4226cea53562
This commit is contained in:
Cyril Roelandt 2021-02-09 02:40:06 +01:00
parent 2c893fbd80
commit 7839ab0925
11 changed files with 89 additions and 103 deletions

View File

@ -12,24 +12,14 @@ to create, list, update, and delete image members.
.. note:: .. note::
An image member is an identifier for a consumer with whom the image is An image member is an identifier for a consumer with whom the image is
shared. In most OpenStack clouds, where the value of the ``owner`` property shared. In OpenStack clouds, where the value of the ``owner`` property
of an image is a project ID, the appropriate identifier to use for the of an image is a project ID, the appropriate identifier to use for the
``member_id`` is the consumer's project ID (also known as the "tenant ID"). ``member_id`` is the consumer's project ID (which used to be called the
In these clouds, image sharing is project-to-project, and all the individual "tenant ID").
users in the consuming project have access to the image.
* Some deployments may choose instead to have the identifier of the user who * Image sharing is project-to-project. Thus *all the individual users
created the image as the value of the ``owner`` property. In such clouds, in the consuming project have access to the image*. You cannot share
the appropriate identifier to use for the ``member_id`` is the user ID of an image with only one specific user in the target project.
the person with whom you want to share the image. In these clouds, image
sharing is user-to-user.
* Note that you, as an image owner, do not have a choice about what value to
use for the ``member_id``. If, like most OpenStack clouds, your cloud
uses the tenant ID for the image ``owner``, sharing will not work if you
use a user ID as the ``member_id`` of an image (and vice-versa).
* Please consult your cloud's local documentation for details.
When an image is shared, the member is given immediate access to the image. When an image is shared, the member is given immediate access to the image.
In order to prevent spamming other users' image lists, a shared image does not In order to prevent spamming other users' image lists, a shared image does not

View File

@ -579,8 +579,7 @@ The list of metadata headers that Glance accepts are listed below.
This header is optional and only meaningful for admins. This header is optional and only meaningful for admins.
Glance normally sets the owner of an image to be the tenant or user Glance sets the owner of an image to be the tenant of the
(depending on the "owner_is_tenant" configuration option) of the
authenticated user issuing the request. However, if the authenticated user authenticated user issuing the request. However, if the authenticated user
has the Admin role, this default may be overridden by setting this header to has the Admin role, this default may be overridden by setting this header to
null or to a string identifying the owner of the image. null or to a string identifying the owner of the image.
@ -628,10 +627,10 @@ See more about image statuses here: :ref:`image-statuses`
List Image Memberships List Image Memberships
********************** **********************
We want to see a list of the other system tenants (or users, if We want to see a list of the other system tenants that may access a given
"owner_is_tenant" is False) that may access a given virtual machine image that virtual machine image that the Glance server knows about. We take the `uri`
the Glance server knows about. We take the `uri` field of the image data, field of the image data, append ``/members`` to it, and issue a ``GET`` request
append ``/members`` to it, and issue a ``GET`` request on the resulting URL. on the resulting URL.
Continuing from the example above, in order to get the memberships for the Continuing from the example above, in order to get the memberships for the
first image returned, we can issue a ``GET`` request to the Glance first image returned, we can issue a ``GET`` request to the Glance

View File

@ -4,35 +4,6 @@
# From glance.api # From glance.api
# #
# DEPRECATED:
# Set the image owner to tenant or the authenticated user.
#
# Assign a boolean value to determine the owner of an image. When set to
# True, the owner of the image is the tenant. When set to False, the
# owner of the image will be the authenticated user issuing the request.
# Setting it to False makes the image private to the associated user and
# sharing with other users within the same tenant (or "project")
# requires explicit image sharing via image membership.
#
# Possible values:
# * True
# * False
#
# Related options:
# * None
#
# (boolean value)
# This option is deprecated for removal since Rocky.
# Its value may be silently ignored in the future.
# Reason:
# The non-default setting for this option misaligns Glance with other
# OpenStack services with respect to resource ownership. Further, surveys
# indicate that this option is not used by operators. The option will be
# removed early in the 'S' development cycle following the standard OpenStack
# deprecation policy. As the option is not in wide use, no migration path is
# proposed.
#owner_is_tenant = true
# DEPRECATED: # DEPRECATED:
# Role used to identify an authenticated user as administrator. # Role used to identify an authenticated user as administrator.
# #

View File

@ -25,37 +25,6 @@ from glance.i18n import _, _LW
context_opts = [ context_opts = [
cfg.BoolOpt('owner_is_tenant',
default=True,
deprecated_for_removal=True,
deprecated_since="Rocky",
deprecated_reason=_("""
The non-default setting for this option misaligns Glance with other
OpenStack services with respect to resource ownership. Further, surveys
indicate that this option is not used by operators. The option will be
removed early in the 'S' development cycle following the standard OpenStack
deprecation policy. As the option is not in wide use, no migration path is
proposed.
"""),
help=_("""
Set the image owner to tenant or the authenticated user.
Assign a boolean value to determine the owner of an image. When set to
True, the owner of the image is the tenant. When set to False, the
owner of the image will be the authenticated user issuing the request.
Setting it to False makes the image private to the associated user and
sharing with other users within the same tenant (or "project")
requires explicit image sharing via image membership.
Possible values:
* True
* False
Related options:
* None
""")),
cfg.BoolOpt('allow_anonymous_access', default=False, cfg.BoolOpt('allow_anonymous_access', default=False,
help=_(""" help=_("""
Allow limited access to unauthenticated users. Allow limited access to unauthenticated users.
@ -171,7 +140,6 @@ class ContextMiddleware(BaseContextMiddleware):
return webob.exc.HTTPRequestHeaderFieldsTooLarge(comment=msg) return webob.exc.HTTPRequestHeaderFieldsTooLarge(comment=msg)
kwargs = { kwargs = {
'owner_is_tenant': CONF.owner_is_tenant,
'service_catalog': service_catalog, 'service_catalog': service_catalog,
'policy_enforcer': self.policy_enforcer, 'policy_enforcer': self.policy_enforcer,
'request_id': request_id, 'request_id': request_id,

View File

@ -19,6 +19,7 @@ from oslo_config import cfg
from oslo_upgradecheck import common_checks from oslo_upgradecheck import common_checks
from oslo_upgradecheck import upgradecheck from oslo_upgradecheck import upgradecheck
from glance.common import removed_config
from glance.common import wsgi # noqa from glance.common import wsgi # noqa
CONF = cfg.CONF CONF = cfg.CONF
@ -30,6 +31,10 @@ FAILURE = upgradecheck.Code.FAILURE
class Checks(upgradecheck.UpgradeCommands): class Checks(upgradecheck.UpgradeCommands):
"""Programmable upgrade checks.""" """Programmable upgrade checks."""
def __init__(self, *args, **kwargs):
super(upgradecheck.UpgradeCommands).__init__(*args, **kwargs)
removed_config.register_removed_options()
def _check_sheepdog_store(self): def _check_sheepdog_store(self):
"""Check that the removed sheepdog backend store is not configured.""" """Check that the removed sheepdog backend store is not configured."""
glance_store.register_opts(CONF) glance_store.register_opts(CONF)
@ -48,12 +53,23 @@ class Checks(upgradecheck.UpgradeCommands):
return upgradecheck.Result(SUCCESS) return upgradecheck.Result(SUCCESS)
def _check_owner_is_tenant(self):
if CONF.owner_is_tenant is False:
return upgradecheck.Result(
FAILURE,
'The "owner_is_tenant" option has been removed and there is '
'no upgrade path for installations that had this option set '
'to False.')
return upgradecheck.Result(SUCCESS)
_upgrade_checks = ( _upgrade_checks = (
# Added in Ussuri # Added in Ussuri
('Sheepdog Driver Removal', _check_sheepdog_store), ('Sheepdog Driver Removal', _check_sheepdog_store),
# Added in Wallaby # Added in Wallaby
('Policy File JSON to YAML Migration', ('Policy File JSON to YAML Migration',
(common_checks.check_policy_json, {'conf': CONF})), (common_checks.check_policy_json, {'conf': CONF})),
# Removed in Wallaby
('Config option owner_is_tenant removal', _check_owner_is_tenant),
) )

View File

@ -0,0 +1,34 @@
# Copyright 2020 Red Hat, Inc
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from glance.i18n import _
from oslo_config import cfg
removed_opts = [
cfg.BoolOpt('owner_is_tenant',
default=True,
help=_("""
This option has been removed in Wallaby. Because there is no migration path
for installations that had owner_is_tenant==False, we have defined this option
so that the code can probe the config file and refuse to start the api service
if the deployment has been using that setting.
""")),
]
def register_removed_options():
# NOTE(cyril): This should only be called when we need to use options that
# have been removed and are therefore no longer relevant. This is the case
# of upgrade checks, for instance.
cfg.CONF.register_opts(removed_opts)

View File

@ -28,8 +28,7 @@ class RequestContext(context.RequestContext):
""" """
def __init__(self, owner_is_tenant=True, service_catalog=None, def __init__(self, service_catalog=None, policy_enforcer=None, **kwargs):
policy_enforcer=None, **kwargs):
# TODO(mriedem): Remove usage of user and tenant from old tests. # TODO(mriedem): Remove usage of user and tenant from old tests.
if 'tenant' in kwargs: if 'tenant' in kwargs:
# Prefer project_id if passed, otherwise alias tenant as project_id # Prefer project_id if passed, otherwise alias tenant as project_id
@ -40,7 +39,6 @@ class RequestContext(context.RequestContext):
user = kwargs.pop('user') user = kwargs.pop('user')
kwargs['user_id'] = kwargs.get('user_id', user) kwargs['user_id'] = kwargs.get('user_id', user)
super(RequestContext, self).__init__(**kwargs) super(RequestContext, self).__init__(**kwargs)
self.owner_is_tenant = owner_is_tenant
self.service_catalog = service_catalog self.service_catalog = service_catalog
self.policy_enforcer = policy_enforcer or policy.Enforcer() self.policy_enforcer = policy_enforcer or policy.Enforcer()
if not self.is_admin: if not self.is_admin:
@ -67,7 +65,7 @@ class RequestContext(context.RequestContext):
@property @property
def owner(self): def owner(self):
"""Return the owner to correlate with an image.""" """Return the owner to correlate with an image."""
return self.project_id if self.owner_is_tenant else self.user_id return self.project_id
@property @property
def can_see_deleted(self): def can_see_deleted(self):

View File

@ -398,7 +398,6 @@ class ApiServer(Server):
self.log_file = os.path.join(self.test_dir, "api.log") self.log_file = os.path.join(self.test_dir, "api.log")
self.image_size_cap = 1099511627776 self.image_size_cap = 1099511627776
self.delayed_delete = delayed_delete self.delayed_delete = delayed_delete
self.owner_is_tenant = True
self.workers = 0 self.workers = 0
self.scrub_time = 5 self.scrub_time = 5
self.image_cache_dir = os.path.join(self.test_dir, self.image_cache_dir = os.path.join(self.test_dir,
@ -435,7 +434,6 @@ send_identity_credentials = %(send_identity_credentials)s
log_file = %(log_file)s log_file = %(log_file)s
image_size_cap = %(image_size_cap)d image_size_cap = %(image_size_cap)d
delayed_delete = %(delayed_delete)s delayed_delete = %(delayed_delete)s
owner_is_tenant = %(owner_is_tenant)s
workers = %(workers)s workers = %(workers)s
scrub_time = %(scrub_time)s scrub_time = %(scrub_time)s
send_identity_headers = %(send_identity_headers)s send_identity_headers = %(send_identity_headers)s
@ -567,7 +565,6 @@ class ApiServerForMultipleBackend(Server):
self.log_file = os.path.join(self.test_dir, "multiple_backend_api.log") self.log_file = os.path.join(self.test_dir, "multiple_backend_api.log")
self.image_size_cap = 1099511627776 self.image_size_cap = 1099511627776
self.delayed_delete = delayed_delete self.delayed_delete = delayed_delete
self.owner_is_tenant = True
self.workers = 0 self.workers = 0
self.scrub_time = 5 self.scrub_time = 5
self.image_cache_dir = os.path.join(self.test_dir, self.image_cache_dir = os.path.join(self.test_dir,
@ -604,7 +601,6 @@ send_identity_credentials = %(send_identity_credentials)s
log_file = %(log_file)s log_file = %(log_file)s
image_size_cap = %(image_size_cap)d image_size_cap = %(image_size_cap)d
delayed_delete = %(delayed_delete)s delayed_delete = %(delayed_delete)s
owner_is_tenant = %(owner_is_tenant)s
workers = %(workers)s workers = %(workers)s
scrub_time = %(scrub_time)s scrub_time = %(scrub_time)s
send_identity_headers = %(send_identity_headers)s send_identity_headers = %(send_identity_headers)s

View File

@ -1096,11 +1096,9 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4()) TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4()) TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1, ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_token='user:%s:user' % TENANT1, auth_token='user:%s:user' % TENANT1)
owner_is_tenant=True) ctxt2 = context.RequestContext(is_admin=False, tenant=TENANT2,
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2, auth_token='user:%s:user' % TENANT2)
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4()) UUIDX = str(uuid.uuid4())
# We need a shared image and context.owner should not match image # We need a shared image and context.owner should not match image
# owner # owner
@ -1149,11 +1147,9 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4()) TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4()) TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1, ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_token='user:%s:user' % TENANT1, auth_token='user:%s:user' % TENANT1)
owner_is_tenant=True) ctxt2 = context.RequestContext(is_admin=False, tenant=TENANT2,
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2, auth_token='user:%s:user' % TENANT2)
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4()) UUIDX = str(uuid.uuid4())
# We need a shared image and context.owner should not match image # We need a shared image and context.owner should not match image
# owner # owner
@ -1180,10 +1176,10 @@ class DriverTests(object):
TENANT2 = str(uuid.uuid4()) TENANT2 = str(uuid.uuid4())
owners_ctxt = context.RequestContext(is_admin=False, tenant=TENANT1, owners_ctxt = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_token='user:%s:user' auth_token='user:%s:user'
% TENANT1, owner_is_tenant=True) % TENANT1)
viewing_ctxt = context.RequestContext(is_admin=False, user=TENANT2, viewing_ctxt = context.RequestContext(is_admin=False, user=TENANT2,
auth_token='user:%s:user' auth_token='user:%s:user'
% TENANT2, owner_is_tenant=False) % TENANT2)
UUIDX = str(uuid.uuid4()) UUIDX = str(uuid.uuid4())
# We need a community image and context.owner should not match image # We need a community image and context.owner should not match image
# owner # owner

View File

@ -65,3 +65,12 @@ class TestUpgradeChecks(test_utils.BaseTestCase):
self.config(stores='sheepdog', group='glance_store') self.config(stores='sheepdog', group='glance_store')
self.assertEqual(self.checker._check_sheepdog_store().code, self.assertEqual(self.checker._check_sheepdog_store().code,
upgradecheck.Code.FAILURE) upgradecheck.Code.FAILURE)
def test_owner_is_tenant_removal(self):
self.config(owner_is_tenant=True)
self.assertEqual(self.checker._check_owner_is_tenant().code,
upgradecheck.Code.SUCCESS)
self.config(owner_is_tenant=False)
self.assertEqual(self.checker._check_owner_is_tenant().code,
upgradecheck.Code.FAILURE)

View File

@ -0,0 +1,9 @@
---
upgrade:
- The ``owner_is_tenant`` configuration option, which was deprecated in
Rocky, has been removed in this release. As announced in the spec
`Deprecate owner_is_tenant
<https://specs.openstack.org/openstack/glance-specs/specs/rocky/implemented/glance/spec-lite-deprecate-owner_is_tenant.html>`_,
given that an operator survey indicated that this option was only
used in its default value of ``True``, no database migration is
included in this release.