oci: permit an 'unknown' but valid image

One of the "fun" aspects of accessing OCI images, is we have no way to realistically gain awareness of the underlying disk format in the OCI model, at least unless it is hinted at in the data model. Where we're unable to really figure that out is when a user supplies a specific digest URL. Ironic recognizes this and "right sizes" the process and data discovery and explicitly notes the disk format it believe to be 'unknown'. In order for IPA to be able to stream, and appropriately check this data format, IPA has be "okay" with 'unknown'. Everything else appears good to get to this point. This doesn't prohibit the image safety checking, just allows for the perception mismatch when the format is 'unknown' Change-Id: Ibe38245e906c659057a3c5ea7d8a0e474599ff5c
2025-02-12 17:11:48 -08:00
parent a132e167f4
commit c4998fc584
2 changed files with 15 additions and 1 deletions
--- a/ironic_python_agent/disk_utils.py
+++ b/ironic_python_agent/disk_utils.py
@@ -444,7 +444,9 @@ def get_and_validate_image_format(filename, ironic_disk_format):
                raise errors.InvalidImage(
                    details=msg % (img_format, fmts)
                )
-            elif ironic_disk_format and ironic_disk_format != img_format:
+            elif (ironic_disk_format
+                  and ironic_disk_format != img_format
+                  and ironic_disk_format != 'unknown'):
                msg = ("Security: Expected format was %s, but image was "
                       "actually %s" % (ironic_disk_format, img_format))
                LOG.error(msg)
--- a/ironic_python_agent/tests/unit/test_disk_utils.py
+++ b/ironic_python_agent/tests/unit/test_disk_utils.py
@@ -1013,6 +1013,18 @@ class GetAndValidateImageFormat(base.IronicAgentTest):
                          disk_utils.get_and_validate_image_format,
                          '/fake/path', fmt)

+    @mock.patch.object(disk_utils, '_image_inspection', autospec=True)
+    def test_format_unknown_happy(self, mock_ii):
+        """ironic_disk_format=unknown, but we detect it as a qcow3"""
+        CONF.set_override('disable_deep_image_inspection', False)
+        fmt = 'unknown'
+        mock_ii.return_value = MockFormatInspectorCls('qcow2', 0, True)
+        self.assertEqual(
+            ('qcow2', 0),
+            disk_utils.get_and_validate_image_format('/fake/path', fmt)
+        )
+        mock_ii.assert_called_once_with('/fake/path')
+
    @mock.patch.object(disk_utils, '_image_inspection', autospec=True)
    @mock.patch.object(qemu_img, 'image_info', autospec=True)
    def test_format_mismatch_but_disabled(self, mock_info, mock_ii):