1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
|
.. -*- rst -*-
.. _image-sharing:
Sharing
*******
Images may be shared among projects by creating *members* on the image. Image
members have read-only privileges on the image. The following calls allow you
to create, list, update, and delete image members.
.. note::
An image member is an identifier for a consumer with whom the image is
shared. In OpenStack clouds, where the value of the ``owner`` property
of an image is a project ID, the appropriate identifier to use for the
``member_id`` is the consumer's project ID (which used to be called the
"tenant ID").
* Image sharing is project-to-project. Thus *all the individual users
in the consuming project have access to the image*. You cannot share
an image with only one specific user in the target project.
When an image is shared, the member is given immediate access to the image.
In order to prevent spamming other users' image lists, a shared image does not
appear in a member's image list until the member "accepts" the image.
Only the image owner may create members. Only an image member may modify his
or her member status.
.. TODO(rosmaita): update the following reference when the "narrative" API
docs have a final resting place
For a conceptual overview of image sharing, including a suggested workflow,
please consult `Image API v2 Sharing`_.
.. _Image API v2 Sharing:
http://specs.openstack.org/openstack/glance-specs/specs/api/v2/sharing-image-api-v2.html
.. note::
If you don't want to maintain a sharing relationship with particular
image consumers, but instead want to make an image available to *all*
users, you may update your image's ``visibility`` property to
``community``.
* In some clouds, the ability to "communitize" an image may be prohibited
or restricted to trusted users. Please consult your cloud's local
documentation for details.
Create image member
~~~~~~~~~~~~~~~~~~~
.. rest_method:: POST /v2/images/{image_id}/members
Adds a tenant ID as an image member.
*(Since Image API v2.1)*
Preconditions
- The image must exist.
- The image must have a ``visibility`` value of ``shared``.
- You must be the owner of the image.
Synchronous Postconditions
- With correct permissions, you can see the member status of the
image member as ``pending`` through API calls.
Troubleshooting
- Even if you have correct permissions, if the ``visibility``
attribute is not set to ``shared``, the request returns the HTTP
``403`` response code. Ensure that you meet the preconditions and
run the request again. If the request fails again, review your
API request.
- If the member is already a member for the image, the service
returns the ``Conflict (409)`` response code. If you meant to
specify a different member, run the request again.
Normal response codes: 200
Error response codes: 400, 401, 403, 404, 409, 413
Request
-------
.. rest_parameters:: images-parameters.yaml
- image_id: image_id-in-path
- member: member_id
Request Example
---------------
.. literalinclude:: samples/image-member-create-request.json
:language: json
Response Parameters
-------------------
.. rest_parameters:: images-parameters.yaml
- created_at: created_at
- image_id: image_id-in-body
- member_id: member_id
- schema: schema-member
- status: member_status
- updated_at: updated_at
Response Example
----------------
.. literalinclude:: samples/image-member-create-response.json
:language: json
Show image member details
~~~~~~~~~~~~~~~~~~~~~~~~~
.. rest_method:: GET /v2/images/{image_id}/members/{member_id}
Shows image member details.
*(Since Image API v2.1)*
Response body is a single image member entity.
Preconditions
- The image must exist.
- The image must have a ``visibility`` value of ``shared``.
- You must be the owner or the member of the image who's referenced in the
call.
Normal response codes: 200
Error response codes: 400, 401, 404
Request
-------
.. rest_parameters:: images-parameters.yaml
- image_id: image_id-in-path
- member_id: member_id-in-path
Response Parameters
-------------------
.. rest_parameters:: images-parameters.yaml
- created_at: created_at
- image_id: image_id-in-body
- member_id: member_id
- schema: schema-member
- status: member_status
- updated_at: updated_at
Response Example
----------------
.. literalinclude:: samples/image-member-details-response.json
:language: json
List image members
~~~~~~~~~~~~~~~~~~
.. rest_method:: GET /v2/images/{image_id}/members
Lists the tenants that share this image.
*(Since Image API v2.1)*
If the image owner makes this call, the complete member list is
returned.
If a user who is an image member makes this call, the member list
contains only information for that user.
If a user who is not an image member makes this call, the call
returns the HTTP ``404`` response code.
Preconditions
- The image must exist.
- The image must have a ``visibility`` value of ``shared``.
- You must be the owner or a member of the image.
Normal response codes: 200
Error response codes: 400, 401, 403, 404
Request
-------
.. rest_parameters:: images-parameters.yaml
- image_id: image_id-in-path
Response Parameters
-------------------
.. rest_parameters:: images-parameters.yaml
- members: members
- schema: schema-members
Response Example
----------------
.. literalinclude:: samples/image-members-list-response.json
:language: json
Update image member
~~~~~~~~~~~~~~~~~~~
.. rest_method:: PUT /v2/images/{image_id}/members/{member_id}
Sets the status for an image member.
*(Since Image API v2.1)*
This call allows an image member to change his or her *member status*.
When an image is shared with you, you have immediate access to the image. What
updating your member status on the image does for you is that it affects
whether the image will appear in your image list response.
- When an image is shared with you, your member_status is ``pending``. You
won't see the image unless you go looking for it, either by making a show
image detail request using the image's ID, or by making an image list call
specifically looking for a shared image in member status ``pending``. This
way, other users cannot "spam" your image list with images you may not want
to see.
- If you want to see a particular shared image in your image list, then you
must use this call to change your member status on the image to ``accepted``.
- The image owner can see what your member status is on an image, but the owner
*cannot* change the status. Only you (or an administrator) can do that.
- There are three member status values: ``pending``, ``accepted``, and
``rejected``. The ``pending`` and ``rejected`` statuses are functionally
identical. The difference is that ``pending`` indicates to the owner that
you haven't updated the image, so perhaps you aren't aware that it's been
shared with you. The ``rejected`` status indicates that you are aware that
the image exists and you specifically decided that you don't want to see it
in your image list response.
For a more detailed discussion of image sharing, please consult `Image API v2
Sharing`_.
Preconditions
- The image must exist.
- The image must have a ``visibility`` value of ``shared``.
- You must be the member of the image referenced in the call.
Synchronous Postconditions
- If you update the member status to ``accepted`` and have the
correct permissions, you see the image in list images responses.
- With correct permissions, you can make API calls to see the
updated member status of the image.
Normal response codes: 200
Error response codes: 400, 401, 404, 403
Request
-------
.. rest_parameters:: images-parameters.yaml
- image_id: image_id-in-path
- member_id: member_id-in-path
- status: member_status
Request Example
---------------
.. literalinclude:: samples/image-member-update-request.json
:language: json
Response Parameters
-------------------
.. rest_parameters:: images-parameters.yaml
- created_at: created_at
- image_id: image_id-in-body
- member_id: member_id
- schema: schema-member
- status: member_status
- updated_at: updated_at
Response Example
----------------
.. literalinclude:: samples/image-member-update-response.json
:language: json
Delete image member
~~~~~~~~~~~~~~~~~~~
.. rest_method:: DELETE /v2/images/{image_id}/members/{member_id}
Deletes a tenant ID from the member list of an image.
*(Since Image API v2.1)*
Preconditions
- The image must exist.
- The image must have a ``visibility`` value of ``shared``.
- You must be the owner of the image.
Synchronous Postconditions
- The API removes the member from the image members.
Troubleshooting
- Even if you have correct permissions, if you are not the owner of
the image or you specify an incorrect image ID or member ID, the
call returns the HTTP ``403`` or ``404`` response code. Ensure
that you meet the preconditions and run the request again. If the
request fails again, review your API request URI.
Normal response codes: 204
Error response codes: 400, 401, 403, 404
Request
-------
.. rest_parameters:: images-parameters.yaml
- image_id: image_id-in-path
- member_id: member_id-in-path
|
