For some deployers, storing all images in a single place for all tenants and users to access is not ideal. To enable access control to specific images for cloud users, you can configure the Image service with the ability to store image data in the image owner-specific locations.
The relevant configuration options in the
glance-api.conf file are:
swift_store_multi_tenant: set toTrueto enable tenant-specific storage locations (Default value isFalse).swift_store_admin_tenants: Specify a list of tenants by ID to which to grant read and write access to all Object Storage containers created by the Image service.
Assuming you configured 'swift' as your default_store in
glance-api.conf and you enable this
feature as described above, images will be stored in an Object
Storage service (swift) endpoint pulled from the authenticated
user's service_catalog. The created image data will only be
accessible through the Image service by the tenant that owns
it and any tenants defined in swift_store_admin_tenants that
are identified as having admin-level accounts.
