This does two things:
1. It makes us check that the QCOW backing_file is unset on those
types of images. Nova and Cinder do this already to prevent an
arbitrary (and trivial to accomplish) host file exposure exploit.
2. It makes us restrict VMDK files to only allowed subtypes. These
files can name arbitrary files on disk as extents, providing the
same sort of attack. Default that list to just the types we believe
are actually useful for openstack, and which are monolithic.
The configuration option to specify allowed subtypes is added in
glance's config and not in the import options so that we can extend
this check later to image ingest. The format_inspector can tell us
what the type and subtype is, and we could reject those images early
and even in the case where image_conversion is not enabled.
Closes-Bug: #1996188
Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
oslo.config 4.5.1 contains change I2e1f187feaf4, which makes
the workaround introduced by change Ic40f582f83e0 unnecessary.
Change-Id: Ib7fc2f2082981b1765e901ca5b277fce08221ba8
Related-bug: #1962581
Related-bug: #1962603
The default value is being set too early. We don't want to use
the value of sys.executable at the time the config is generated,
because that's unlikely to map to an existing interpreter in an
actual deployment.
Change-Id: Ic40f582f83e04c6915a3fcb231d6d95ca071c100
Closes-bug: #1962581
When we convert an image to a specified format during import, we
update the disk_format to match. At that point, we also know the (new)
image.size, so we should set it.
This is somewhat related to setting image size on stage, in that once
it is set we will validate that it does not change in later steps.
Since this one comes between stage and the actual store upload, this
patch makes conversion set it and confirms that the later steps are
happy with that. A later patch sets it during stage, confirming that
we can change it here during conversion when we are changing the
actual image file itself.
Related to blueprint glance-unified-quotas
Change-Id: I795c52f606f85955e39efc29b75f2941be1264b4
Made provision to pass image_id, request_id and user_id information
while creating new task.
Partially-Implements: blueprint messages-api
Change-Id: I299a222eeef81431143db3ba7fc08365c924326b
This makes the image_conversion plugin use the action wrapper for
its image inspection and mutation activities.
Note that several important actions from the execute handler are not
asserted in the test, so this adds those checks to make sure they
are actually happening.
Change-Id: I575dbc45781aaed521aeb5ef085322ad2018f378
The tests for the image_conversion plugin were missing basically all
of the places where the task can fail (or NOP). This adds tests for
those things to validate behavior before moving the task to use the
import wrapper.
Note that in the process, I found a potential bug in the handling of
the metadata response from qemu-img when probing for the format. We
tolerate "format" being missing from the result, but will end up
passing None as an argument to 'qemu-img convert', which will fail.
This fixes that to raise RuntimeError in line with the existing
behavior of "raise RuntimeError if any error is reported".
Change-Id: I8f1d03275e6ec51a802cc4b4107f3ab648f535a1
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I44e7b6f76e2d12f620ec602afc77ce11ba6b9d9a
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
It is not possible to convert glance images as it fails with error,
NoSuchOptError: no such option 'conversion_plugin_options' in group
[DEFAULT] as there is no 'conversion_plugin_options' option or group
in glance-image-import.conf file.
Used correct option group 'image_conversion' to fetch the image
'output_format' option.
Change-Id: Ia7ced170bcddcd3639b7edfb644deef3018b11a8
Closes-Bug: #1805765