From c4998fc58431520a5d8a7c65db749beac6184048 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Wed, 12 Feb 2025 17:11:48 -0800 Subject: [PATCH] oci: permit an 'unknown' but valid image One of the "fun" aspects of accessing OCI images, is we have no way to realistically gain awareness of the underlying disk format in the OCI model, at least unless it is hinted at in the data model. Where we're unable to really figure that out is when a user supplies a specific digest URL. Ironic recognizes this and "right sizes" the process and data discovery and explicitly notes the disk format it believe to be 'unknown'. In order for IPA to be able to stream, and appropriately check this data format, IPA has be "okay" with 'unknown'. Everything else appears good to get to this point. This doesn't prohibit the image safety checking, just allows for the perception mismatch when the format is 'unknown' Change-Id: Ibe38245e906c659057a3c5ea7d8a0e474599ff5c --- ironic_python_agent/disk_utils.py | 4 +++- ironic_python_agent/tests/unit/test_disk_utils.py | 12 ++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ironic_python_agent/disk_utils.py b/ironic_python_agent/disk_utils.py index 55fa44869..e9b2a6115 100644 --- a/ironic_python_agent/disk_utils.py +++ b/ironic_python_agent/disk_utils.py @@ -444,7 +444,9 @@ def get_and_validate_image_format(filename, ironic_disk_format): raise errors.InvalidImage( details=msg % (img_format, fmts) ) - elif ironic_disk_format and ironic_disk_format != img_format: + elif (ironic_disk_format + and ironic_disk_format != img_format + and ironic_disk_format != 'unknown'): msg = ("Security: Expected format was %s, but image was " "actually %s" % (ironic_disk_format, img_format)) LOG.error(msg) diff --git a/ironic_python_agent/tests/unit/test_disk_utils.py b/ironic_python_agent/tests/unit/test_disk_utils.py index 1d2a2a88b..6dae2c260 100644 --- a/ironic_python_agent/tests/unit/test_disk_utils.py +++ b/ironic_python_agent/tests/unit/test_disk_utils.py @@ -1013,6 +1013,18 @@ class GetAndValidateImageFormat(base.IronicAgentTest): disk_utils.get_and_validate_image_format, '/fake/path', fmt) + @mock.patch.object(disk_utils, '_image_inspection', autospec=True) + def test_format_unknown_happy(self, mock_ii): + """ironic_disk_format=unknown, but we detect it as a qcow3""" + CONF.set_override('disable_deep_image_inspection', False) + fmt = 'unknown' + mock_ii.return_value = MockFormatInspectorCls('qcow2', 0, True) + self.assertEqual( + ('qcow2', 0), + disk_utils.get_and_validate_image_format('/fake/path', fmt) + ) + mock_ii.assert_called_once_with('/fake/path') + @mock.patch.object(disk_utils, '_image_inspection', autospec=True) @mock.patch.object(qemu_img, 'image_info', autospec=True) def test_format_mismatch_but_disabled(self, mock_info, mock_ii):