isethi/gist:4703616

## gistfile1.txt
1. ADMIN user (image admin-admin-private has member fake-member-id . you can see the image in image list, you can see the members for the image and for the given member-id you can see the image)


iccha@iccha-dev:~/devstack$ source openrc admin admin
iccha@iccha-dev:~/devstack$ glance image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde | admin-admin-private             |             |                  |          | queued |
| 6e056225-9563-4a0f-895c-c2cdfe83f679 | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| c7fd417b-c88e-465b-b185-f2d331acbe94 | cirros-0.3.0-x86_64-uec-kernel  | aki         | aki              | 4731440  | active |
| b50d67a8-5b50-45ed-9530-743499952e77 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249  | active |
| 8b6dc82c-b870-4c0e-b543-b18d534a8298 | i1                              |             |                  |          | queued |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
iccha@iccha-dev:~/devstack$ glance --debug member-list --tenant fake-member-id
curl -i -X GET -H 'X-Auth-Token: 10ce24b69f0d4e22b9d3272b23ac136a' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/shared-images/fake-member-id

HTTP/1.1 200 OK
date: Sun, 03 Feb 2013 20:51:13 GMT
content-length: 93
content-type: application/json; charset=UTF-8
x-openstack-request-id: req-75b4ae8a-7a5e-453b-a9e8-8165ae5b778e

{"shared_images": [{"image_id": "5c2a93c2-d1b1-4756-8c70-b3d9358f2dde", "can_share": false}]}

+--------------------------------------+----------------+-----------+
| Image ID                             | Member ID      | Can Share |
+--------------------------------------+----------------+-----------+
| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde | fake-member-id |           |
+--------------------------------------+----------------+-----------+
iccha@iccha-dev:~/devstack$ glance --debug member-list --image 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde
curl -i -X GET -H 'X-Auth-Token: b25691ace9654f758c97d211e126c9c3' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/images/5c2a93c2-d1b1-4756-8c70-b3d9358f2dde/members

HTTP/1.1 200 OK
date: Sun, 03 Feb 2013 20:51:20 GMT
content-length: 66
content-type: application/json; charset=UTF-8
x-openstack-request-id: req-b0c7aa37-b546-4885-ae50-83f50abd63c3

{"members": [{"can_share": false, "member_id": "fake-member-id"}]}

+--------------------------------------+----------------+-----------+
| Image ID                             | Member ID      | Can Share |
+--------------------------------------+----------------+-----------+
| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde | fake-member-id |           |
+--------------------------------------+----------------+-----------+


2. DEMO user ( cannot view image admin-admin-private, cannot view the members of admin-admin-private, but when does a member-list on fake-member-id can see image admin-admin-private 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde listed as a shared image, but this image is supposed to be private and not visible to the user!)


iccha@iccha-dev:~/devstack$ source openrc demo demo
iccha@iccha-dev:~/devstack$ glance image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| 6e056225-9563-4a0f-895c-c2cdfe83f679 | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| c7fd417b-c88e-465b-b185-f2d331acbe94 | cirros-0.3.0-x86_64-uec-kernel  | aki         | aki              | 4731440  | active |
| b50d67a8-5b50-45ed-9530-743499952e77 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249  | active |
| 0429539b-1b17-4a6a-a765-974441d72793 | i1                              | ami         | ami              | 5        | active |
| 5bbd2cf8-c0e7-43a4-b6fc-525c2f007336 | test1                           |             |                  |          | queued |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
iccha@iccha-dev:~/devstack$ glance --debug member-list --image 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde
curl -i -X GET -H 'X-Auth-Token: 524e0f13f4d94baf8b30bdbf9941109f' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/images/5c2a93c2-d1b1-4756-8c70-b3d9358f2dde/members

HTTP/1.1 404 Not Found
date: Sun, 03 Feb 2013 20:53:40 GMT
content-length: 120
content-type: text/plain; charset=UTF-8
x-openstack-request-id: req-0e5ee315-310c-403c-9b29-b9d4303f82f4

404 Not Found

The resource could not be found.

 Image with identifier 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde not found

Request returned failure status.
404 Not Found
The resource could not be found.
 Image with identifier 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde not found   (HTTP 404)
iccha@iccha-dev:~/devstack$ glance --debug member-list --tenant fake-member-id
curl -i -X GET -H 'X-Auth-Token: e713a64770744794b775bf7bea266edd' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/shared-images/fake-member-id

HTTP/1.1 200 OK
date: Sun, 03 Feb 2013 20:53:48 GMT
content-length: 93
content-type: application/json; charset=UTF-8
x-openstack-request-id: req-2473dcbe-5586-4430-8662-15664914f2e5

{"shared_images": [{"image_id": "5c2a93c2-d1b1-4756-8c70-b3d9358f2dde", "can_share": false}]}

+--------------------------------------+----------------+-----------+
| Image ID                             | Member ID      | Can Share |
+--------------------------------------+----------------+-----------+
| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde | fake-member-id |           |
+--------------------------------------+----------------+-----------+
iccha@iccha-dev:~/devstack$
	1. ADMIN user (image admin-admin-private has member fake-member-id . you can see the image in image list, you can see the members for the image and for the given member-id you can see the image)


	iccha@iccha-dev:~/devstack$ source openrc admin admin
	iccha@iccha-dev:~/devstack$ glance image-list
	+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
	\| ID \| Name \| Disk Format \| Container Format \| Size \| Status \|
	+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
	\| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde \| admin-admin-private \| \| \| \| queued \|
	\| 6e056225-9563-4a0f-895c-c2cdfe83f679 \| cirros-0.3.0-x86_64-uec \| ami \| ami \| 25165824 \| active \|
	\| c7fd417b-c88e-465b-b185-f2d331acbe94 \| cirros-0.3.0-x86_64-uec-kernel \| aki \| aki \| 4731440 \| active \|
	\| b50d67a8-5b50-45ed-9530-743499952e77 \| cirros-0.3.0-x86_64-uec-ramdisk \| ari \| ari \| 2254249 \| active \|
	\| 8b6dc82c-b870-4c0e-b543-b18d534a8298 \| i1 \| \| \| \| queued \|
	+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
	iccha@iccha-dev:~/devstack$ glance --debug member-list --tenant fake-member-id
	curl -i -X GET -H 'X-Auth-Token: 10ce24b69f0d4e22b9d3272b23ac136a' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/shared-images/fake-member-id

	HTTP/1.1 200 OK
	date: Sun, 03 Feb 2013 20:51:13 GMT
	content-length: 93
	content-type: application/json; charset=UTF-8
	x-openstack-request-id: req-75b4ae8a-7a5e-453b-a9e8-8165ae5b778e

	{"shared_images": [{"image_id": "5c2a93c2-d1b1-4756-8c70-b3d9358f2dde", "can_share": false}]}

	+--------------------------------------+----------------+-----------+
	\| Image ID \| Member ID \| Can Share \|
	+--------------------------------------+----------------+-----------+
	\| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde \| fake-member-id \| \|
	+--------------------------------------+----------------+-----------+
	iccha@iccha-dev:~/devstack$ glance --debug member-list --image 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde
	curl -i -X GET -H 'X-Auth-Token: b25691ace9654f758c97d211e126c9c3' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/images/5c2a93c2-d1b1-4756-8c70-b3d9358f2dde/members

	HTTP/1.1 200 OK
	date: Sun, 03 Feb 2013 20:51:20 GMT
	content-length: 66
	content-type: application/json; charset=UTF-8
	x-openstack-request-id: req-b0c7aa37-b546-4885-ae50-83f50abd63c3

	{"members": [{"can_share": false, "member_id": "fake-member-id"}]}

	+--------------------------------------+----------------+-----------+
	\| Image ID \| Member ID \| Can Share \|
	+--------------------------------------+----------------+-----------+
	\| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde \| fake-member-id \| \|
	+--------------------------------------+----------------+-----------+


	2. DEMO user ( cannot view image admin-admin-private, cannot view the members of admin-admin-private, but when does a member-list on fake-member-id can see image admin-admin-private 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde listed as a shared image, but this image is supposed to be private and not visible to the user!)


	iccha@iccha-dev:~/devstack$ source openrc demo demo
	iccha@iccha-dev:~/devstack$ glance image-list
	+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
	\| ID \| Name \| Disk Format \| Container Format \| Size \| Status \|
	+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
	\| 6e056225-9563-4a0f-895c-c2cdfe83f679 \| cirros-0.3.0-x86_64-uec \| ami \| ami \| 25165824 \| active \|
	\| c7fd417b-c88e-465b-b185-f2d331acbe94 \| cirros-0.3.0-x86_64-uec-kernel \| aki \| aki \| 4731440 \| active \|
	\| b50d67a8-5b50-45ed-9530-743499952e77 \| cirros-0.3.0-x86_64-uec-ramdisk \| ari \| ari \| 2254249 \| active \|
	\| 0429539b-1b17-4a6a-a765-974441d72793 \| i1 \| ami \| ami \| 5 \| active \|
	\| 5bbd2cf8-c0e7-43a4-b6fc-525c2f007336 \| test1 \| \| \| \| queued \|
	+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
	iccha@iccha-dev:~/devstack$ glance --debug member-list --image 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde
	curl -i -X GET -H 'X-Auth-Token: 524e0f13f4d94baf8b30bdbf9941109f' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/images/5c2a93c2-d1b1-4756-8c70-b3d9358f2dde/members

	HTTP/1.1 404 Not Found
	date: Sun, 03 Feb 2013 20:53:40 GMT
	content-length: 120
	content-type: text/plain; charset=UTF-8
	x-openstack-request-id: req-0e5ee315-310c-403c-9b29-b9d4303f82f4

	404 Not Found

	The resource could not be found.

	Image with identifier 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde not found

	Request returned failure status.
	404 Not Found
	The resource could not be found.
	Image with identifier 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde not found (HTTP 404)
	iccha@iccha-dev:~/devstack$ glance --debug member-list --tenant fake-member-id
	curl -i -X GET -H 'X-Auth-Token: e713a64770744794b775bf7bea266edd' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://184.106.106.164:9292/v1/shared-images/fake-member-id

	HTTP/1.1 200 OK
	date: Sun, 03 Feb 2013 20:53:48 GMT
	content-length: 93
	content-type: application/json; charset=UTF-8
	x-openstack-request-id: req-2473dcbe-5586-4430-8662-15664914f2e5

	{"shared_images": [{"image_id": "5c2a93c2-d1b1-4756-8c70-b3d9358f2dde", "can_share": false}]}

	+--------------------------------------+----------------+-----------+
	\| Image ID \| Member ID \| Can Share \|
	+--------------------------------------+----------------+-----------+
	\| 5c2a93c2-d1b1-4756-8c70-b3d9358f2dde \| fake-member-id \| \|
	+--------------------------------------+----------------+-----------+
	iccha@iccha-dev:~/devstack$