Obsolete:Glance-protected-properties
This is an attempt to structure some of the current thinking from the etherpad: https://etherpad.openstack.org/public-glance-protected-props It's a work in progess, feel free to comment/edit.
In order to implement Glance protected properties, we'll need to do the following:
- Figure out what "protected properties" are
- Display protected properties
- Protect protected properties
- Configure protected properties
- Do CRUD on protected properties
- Store protected properties
- Nova consumption of protected properties
Defining 'protected properties'
Stuart and Iccha have done good work on this in the etherpad. Right now, Glance has two sets of properties that can be put on an image:
- core properties (e.g., name, id, min_ram)
- user properties (arbitrary end-user-specifiable key/value pairs)
We're proposing a new category
- protected properties
These would be arbitrary key/value pairs, but would be specified by the cloud provider (Glance admin). The "protection" for these properties is that the Glance admin could configure access controls for end-users, e.g., some properties could be read only, some could be hidden (only readable/writable by an admin), some could be end-user-modifiable.
Display protected properties
The image response could look something like this:
"image" : {
"core1" : "value",
"core2" : "value"
},
"metadata" : {
"key1" : "value",
"key2" : "value"
},
"system" : {
"pp1" : "value",
"pp2" : "value"
}
}
The core* are core properties, the metadata field contains the user properties, the protected properties are in the system field. We think it makes sense to keep the protected properties separate from the others, it reflects their purpose and also will be less confusing for end-users.
