Bug 1041788

Summary: [RFE][glance]: Glance for Public Clouds
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/glance/+spec/exposing-glance-for-public-clouds
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_new
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:39:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 19:19:44 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/glance/+spec/exposing-glance-for-public-clouds.

Description:

Currently Glance is exposed to users through Nova; this is becoming a problem because new Glance features require a Nova extension.  It would be better to have Glance as a first-class member of the OpenStack ecosystem.  But in order for this to happen, we (as in OpenStack cloud providers) would need at least:
- more robust user roles to allow per-user:
 - quotas
 - (anything else?)
- protected image properties
- image-related restrictions
 - e.g., there may be contractual reasons why you wouldn't want to allow download of specific images based not on the user, but on the image itself; might be the case for other actions)
- other API changes from increased load
Protected properties is scheduled for Havana; blueprint but no details yet.
There are currently blueprints for rate limits, but an alternative approach would be to think that rate limiting should be done in front of Glance by Repose or a similar system that understands Keystone.  

Specification URL (additional information):

None