)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"c76eb590_104983a0","updated":"2025-12-11 21:02:48.000000000","message":"Thanks for proposing the spec.  A few questions noted inline.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"}],"specs/2026.1/approved/glance/temp-url-generation.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Temp URL generation in Glance"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ce8de95c_b967c873","line":7,"range":{"start_line":7,"start_character":29,"end_line":7,"end_character":42},"updated":"2025-12-11 21:02:48.000000000","message":"surprised that doc8 didn\u0027t flag this, but the heading indicator should be the same length as the text (top and bottom)","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":38379,"name":"Antonin Ruan","display_name":"Antonin Ruan","email":"antonin.ar.ruan@gmail.com","username":"womax"},"change_message_id":"1cbc4daf0b081bab6eae6b6165bc2c6983a8f7e4","unresolved":false,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Temp URL generation in Glance"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"f5e7efa4_d29cdc89","line":7,"range":{"start_line":7,"start_character":29,"end_line":7,"end_character":42},"in_reply_to":"ce8de95c_b967c873","updated":"2025-12-17 14:55:35.000000000","message":"Acknowledged","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":21,"context_line":"ecosystem, Swift provides such a feature [1] which other components like Ironic"},{"line_number":22,"context_line":"are relying on - see [2]."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"As of today, Ironic already take advantage of this Swift feature. However,"},{"line_number":25,"context_line":"making use of it is directly tied to Swift and its own appropriate functions"},{"line_number":26,"context_line":"library moreover scope is restricted to Ironic use-case."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1b4414c3_e3abad7c","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":65},"updated":"2025-12-11 21:02:48.000000000","message":"Do you know why they use this?  What I mean is, if you have glance caching enabled, the download by glance itself is tee\u0027d into the cache on the first download, so it shouldn\u0027t be much slower than direct download from swift, and then subsequent requests for that image should be served from the cache, which should be faster than getting it out of swift.  It would be helpful to know whether the tempurls address a real problem or are left over from the early days of the Rackspace nextgen cloud.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":38379,"name":"Antonin Ruan","display_name":"Antonin Ruan","email":"antonin.ar.ruan@gmail.com","username":"womax"},"change_message_id":"1cbc4daf0b081bab6eae6b6165bc2c6983a8f7e4","unresolved":true,"context_lines":[{"line_number":21,"context_line":"ecosystem, Swift provides such a feature [1] which other components like Ironic"},{"line_number":22,"context_line":"are relying on - see [2]."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"As of today, Ironic already take advantage of this Swift feature. However,"},{"line_number":25,"context_line":"making use of it is directly tied to Swift and its own appropriate functions"},{"line_number":26,"context_line":"library moreover scope is restricted to Ironic use-case."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"2ebbbae4_fc312358","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":65},"in_reply_to":"1b4414c3_e3abad7c","updated":"2025-12-17 14:55:35.000000000","message":"Context: current process boot of an ironic server is: nova send a request to ironic API to boot server. API then communicates to ironic conductor that prepares everything needed to boot server, it is finally sent to ironic-python-agent (only part of the code that run on baremetal managed server) that can finally install server.\n\n\nSo it is ironic-python-agent that needs to download the image, but as it is on a small ramdisk only designed to control the hardware, it does not have any access to any credentials. Most if not all of ironic config is only consumed by ironic API and ironic-conductor. So in the boot process ironic-conductor generates a temp URL that it then gives to ironic-python-agent that can successfully acces it without any credentials required","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"As far as we see, this would bring advantages like:"},{"line_number":32,"context_line":"- allow Cloud admins to target either Swift, S3 or any other object storage"},{"line_number":33,"context_line":"  backend in the exact same way"},{"line_number":34,"context_line":"- support tempURL in a multi-store environment"},{"line_number":35,"context_line":"- avoid spreading broadly backend credentials, by generating tempURLs on a"},{"line_number":36,"context_line":"  central Control Plane node like Glance"}],"source_content_type":"text/x-rst","patch_set":2,"id":"fc06a900_94ddc65e","line":33,"updated":"2025-12-11 21:02:48.000000000","message":"line 33 is being flagged as an unexpected indentation; i think maybe you need a blank line before the start of the bulleted list at line 32","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":38379,"name":"Antonin Ruan","display_name":"Antonin Ruan","email":"antonin.ar.ruan@gmail.com","username":"womax"},"change_message_id":"1cbc4daf0b081bab6eae6b6165bc2c6983a8f7e4","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"As far as we see, this would bring advantages like:"},{"line_number":32,"context_line":"- allow Cloud admins to target either Swift, S3 or any other object storage"},{"line_number":33,"context_line":"  backend in the exact same way"},{"line_number":34,"context_line":"- support tempURL in a multi-store environment"},{"line_number":35,"context_line":"- avoid spreading broadly backend credentials, by generating tempURLs on a"},{"line_number":36,"context_line":"  central Control Plane node like Glance"}],"source_content_type":"text/x-rst","patch_set":2,"id":"ffdb9d46_77ca8e55","line":33,"in_reply_to":"fc06a900_94ddc65e","updated":"2025-12-17 14:55:35.000000000","message":"Acknowledged","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"Lastly, in the mid or long-term, this feature could be used by Nova to directly"},{"line_number":40,"context_line":"download image stored in backends supporting temp URL generation (Swift, S3),"},{"line_number":41,"context_line":"without Glance acting as a proxy for the download."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":2,"id":"63614236_9b46fd7c","line":41,"updated":"2025-12-11 21:02:48.000000000","message":"So what you\u0027re proposing is to break the abstraction layer and give consumers direct access to the backend.  This seems to be a particularly bad idea for something like S3, where the operator has to pay for data egress.  If glance cache is enabled, you have one download you have to pay for and then other requests for that image are served out of the cache.  If everyone uses tempurls, you are paying multiple times.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":36805,"name":"Mateusz Klejn","display_name":"Mateusz Klejn","email":"mateusz.klejn@ovhcloud.com","username":"mateusz.klejn","status":"Employee @ OVH"},"change_message_id":"45d58c0e9a7adcb39fa1fa846e0ff31ef8113d99","unresolved":true,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"Lastly, in the mid or long-term, this feature could be used by Nova to directly"},{"line_number":40,"context_line":"download image stored in backends supporting temp URL generation (Swift, S3),"},{"line_number":41,"context_line":"without Glance acting as a proxy for the download."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":2,"id":"29df44d3_baaf2561","line":41,"in_reply_to":"63614236_9b46fd7c","updated":"2025-12-17 14:43:03.000000000","message":"I\u0027ll spark some discussion.\nI think we have vastly different deployment sizes in mind.\nLet\u0027s switch gears to deployment at scale, with, say, 1k hosts and 15-20k VMs.\nFor this kind of deployment current abstraction layer is deficient, and forces continuous scaling for glances with deployment\u0027s lifetime, especially as it grows.\nGlance cache is amazing for public images(say, up to 5G), but starts to saturate TX when you have images above this size. It doesn\u0027t work at all for instance backups or images from volumes, because in most cases cache is filled too quickly to hold that data.\n\nActual S3 is not the only S3 flavour in existence, there are also s3api-compatible object stores that could benefit from this possibility.\n\nSpec also clearly states that operators would be able to disable tmpurl generation – in such case there is no possibility to incur increased egress costs.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":67,"context_line":"None"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"REST API impact"},{"line_number":70,"context_line":"---------------"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"The spec proposes the following API change:"},{"line_number":73,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"34423b87_73cf324d","line":70,"updated":"2025-12-11 21:02:48.000000000","message":"In addition to the new API, I think you\u0027ll need to change the stores discovery API responses.  The /v2/info/stores/detail (admin-only) should definitely indicate whether tempurl is enabled or not on each store.  As far as \"regular\" end users, we could add something to the store object for each store that has it enabled (like we do for read-only), or do nothing and let the end user figure it out by always receiving 501s (which doesn\u0027t sound nice).","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":38379,"name":"Antonin Ruan","display_name":"Antonin Ruan","email":"antonin.ar.ruan@gmail.com","username":"womax"},"change_message_id":"1cbc4daf0b081bab6eae6b6165bc2c6983a8f7e4","unresolved":true,"context_lines":[{"line_number":67,"context_line":"None"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"REST API impact"},{"line_number":70,"context_line":"---------------"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"The spec proposes the following API change:"},{"line_number":73,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"bb5a9a8f_ef9aacf7","line":70,"in_reply_to":"34423b87_73cf324d","updated":"2025-12-17 14:55:35.000000000","message":"Wasn\u0027t aware of the existence of this route. Would totally make sense to expose it there rather than an error code.\n\nSo to sum up:\n  - A change to /v2/info/stores/detail API route\n  - A change to store object to add temp URL enable status (no change required to api ?)","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"       {"},{"line_number":86,"context_line":"           \"temp_url\": \u003ctemp-url\u003e,"},{"line_number":87,"context_line":"           \"valid_for\": \u003cduration\u003e"},{"line_number":88,"context_line":"       }"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Response codes:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"108c3975_f44aa5c1","line":87,"range":{"start_line":87,"start_character":11,"end_line":87,"end_character":34},"updated":"2025-12-11 21:02:48.000000000","message":"Instead of the duration, I think it would be better to give the expiration timestamp in iso 8601 UTC format, and change the name of the field to \u0027expires\u0027.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":38379,"name":"Antonin Ruan","display_name":"Antonin Ruan","email":"antonin.ar.ruan@gmail.com","username":"womax"},"change_message_id":"1cbc4daf0b081bab6eae6b6165bc2c6983a8f7e4","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"       {"},{"line_number":86,"context_line":"           \"temp_url\": \u003ctemp-url\u003e,"},{"line_number":87,"context_line":"           \"valid_for\": \u003cduration\u003e"},{"line_number":88,"context_line":"       }"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Response codes:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"5af13496_53fb467c","line":87,"range":{"start_line":87,"start_character":11,"end_line":87,"end_character":34},"in_reply_to":"108c3975_f44aa5c1","updated":"2025-12-17 14:55:35.000000000","message":"Acknowledged","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":91,"context_line":"* 200 -- Upon authorization and successful request."},{"line_number":92,"context_line":"* 403 -- Permission denied"},{"line_number":93,"context_line":"* 500 -- Temp URL generation failed"},{"line_number":94,"context_line":"* 501 -- No store the image is in supports temp url generation"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"Security impact"},{"line_number":97,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"b8260341_8b4f71d2","line":94,"range":{"start_line":94,"start_character":9,"end_line":94,"end_character":62},"updated":"2025-12-11 21:02:48.000000000","message":"This brings up an interesting point.  What happens when the image is in multiple stores that support tempurls?","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":38379,"name":"Antonin Ruan","display_name":"Antonin Ruan","email":"antonin.ar.ruan@gmail.com","username":"womax"},"change_message_id":"1cbc4daf0b081bab6eae6b6165bc2c6983a8f7e4","unresolved":true,"context_lines":[{"line_number":91,"context_line":"* 200 -- Upon authorization and successful request."},{"line_number":92,"context_line":"* 403 -- Permission denied"},{"line_number":93,"context_line":"* 500 -- Temp URL generation failed"},{"line_number":94,"context_line":"* 501 -- No store the image is in supports temp url generation"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"Security impact"},{"line_number":97,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"d9149d34_07e71555","line":94,"range":{"start_line":94,"start_character":9,"end_line":94,"end_character":62},"in_reply_to":"b8260341_8b4f71d2","updated":"2025-12-17 14:55:35.000000000","message":"Good question, didn\u0027t really think of that. \n\nMy first idea would be to:\n 1) use the same strategy to choose store as when trying to download an image just without taking into account store that do not support tempURL.\n\nBut it may not be a wanted behavior, especially considering your previous comment on egress cost for storage backend. So maybe we could:\n 2) have more config options to weight store specifically for tempURL\n 3) force tempURL generation from a given store (maybe moving the route to something like /v2/stores/{store_id}/{image_id}/tempURL)\n 4) Add a config option to specify store preference order for tempURL. Could also be used to enable/disable tempURL usage for each store","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Temp URL are sensitive resources that allow no-auth access to otherwise"},{"line_number":100,"context_line":"protected data. However this data is already accessible via the"},{"line_number":101,"context_line":"``/v2/images/{image_id}/file`` API routes. Users would only be allowed to"},{"line_number":102,"context_line":"generate temp URL for image they already have access to. Policy would also be"},{"line_number":103,"context_line":"used to control who can generate temp URL as most likely only service user"},{"line_number":104,"context_line":"would need to generate them."},{"line_number":105,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"89af4d1a_8a11a9f8","line":102,"range":{"start_line":101,"start_character":43,"end_line":102,"end_character":56},"updated":"2025-12-11 21:02:48.000000000","message":"Yes, but once they have the tempurl, they can pass it around to all their friends, who now have access to the image data whether they have access to the original image or not.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"3f0bc560a866c4b35ce75f5a6d93183e0baa3d78","unresolved":true,"context_lines":[{"line_number":101,"context_line":"``/v2/images/{image_id}/file`` API routes. Users would only be allowed to"},{"line_number":102,"context_line":"generate temp URL for image they already have access to. Policy would also be"},{"line_number":103,"context_line":"used to control who can generate temp URL as most likely only service user"},{"line_number":104,"context_line":"would need to generate them."},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"Notifications impact"},{"line_number":107,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"77959189_970b7dae","line":104,"updated":"2025-12-11 21:02:48.000000000","message":"OK, that would limit the circle of friends who would get free urls, but I\u0027m still not sure I like this idea.","commit_id":"3ad75334fa0f6367d4de1b5588cac3ef2de77e71"}]}