Using immutable datastore identifier to define & check privileges #782
Comments
|
I verified the scenario of renaming a datastore: the AdminCLI on ESX still works as expected (i.e. it lists the created volumes without any problem after renaming the datastore). However, the docker command on guest VM is broken - "docker volume ls" does not return the created volumes after renaming the datastore. I'm not familiar with the plugin code and the interaction between plugin and driver. Need to look further into related logic. @msterin if you have any insights about the possible reason, please let me know. |
|
The original issue of using datastore url instead of datastore name to define & check privileges has already been fixed as part of #828 The current issue is actually due to the datastore cache we have introduced for optimization purpose: when the cache is missed, we don't have logic to refresh the cache. This is a correctness issue that must be fixed. |
|
With recent fix (#971), this issue has already been solved. The implementation of datastore cache still has some issues - Liping is working on the fix. |
Currently we are using datastore name to define and check privileges. Datastore name can be changed after the datastore was created. Current logic will not work if this happens.
We should be using an immutable datastore identifier, such as datastore URL, to define and check privileges. However, from user experience point of view, datastore name is much easier to be used/recognized, especially in CLI. So we should probably keep using datastore name in the end user interface layer (UI and CLI), and handle the conversion between datastore name and datastore URL in the backend.
The text was updated successfully, but these errors were encountered: