Reject qcow files with data-file attributes

Change-Id: Ic3fa16f55acc38cf6c1a4ac1dce4487225e66d04
Closes-Bug: #2059809
(cherry picked from commit ec9c55cbbc91d1f31e42ced289a7c82cf79dc2a2)
(cherry picked from commit 58d933eafb3f7164419000700a305c8f75d5cb6e)
This commit is contained in:
Dan Smith 2024-04-01 07:32:11 -07:00 committed by Balazs Gibizer
parent 625a10f7d0
commit 736328f78f
3 changed files with 41 additions and 0 deletions
nova
tests/unit/virt
virt

@ -419,6 +419,7 @@ class LibvirtUtilsTestCase(test.NoDBTestCase):
FakeImgInfo.file_format = file_format FakeImgInfo.file_format = file_format
FakeImgInfo.backing_file = backing_file FakeImgInfo.backing_file = backing_file
FakeImgInfo.virtual_size = 1 FakeImgInfo.virtual_size = 1
FakeImgInfo.format_specific = None if file_format == 'raw' else {}
return FakeImgInfo() return FakeImgInfo()

@ -112,6 +112,37 @@ class QemuTestCase(test.NoDBTestCase):
images.fetch_to_raw, images.fetch_to_raw,
None, 'href123', '/no/path') None, 'href123', '/no/path')
@mock.patch.object(images, 'convert_image',
side_effect=exception.ImageUnacceptable)
@mock.patch.object(images, 'qemu_img_info')
@mock.patch.object(images, 'fetch')
def test_fetch_to_raw_data_file(self, convert_image, qemu_img_info_fn,
fetch):
# NOTE(danms): the above test needs the following line as well, as it
# is broken without it.
qemu_img_info = qemu_img_info_fn.return_value
qemu_img_info.backing_file = None
qemu_img_info.file_format = 'qcow2'
qemu_img_info.virtual_size = 20
qemu_img_info.format_specific = {'data': {'data-file': 'somefile'}}
self.assertRaisesRegex(exception.ImageUnacceptable,
'Image href123 is unacceptable.*somefile',
images.fetch_to_raw,
None, 'href123', '/no/path')
@mock.patch('os.rename')
@mock.patch.object(images, 'qemu_img_info')
@mock.patch.object(images, 'fetch')
def test_fetch_to_raw_from_raw(self, fetch, qemu_img_info_fn, mock_rename):
# Make sure we support a case where we fetch an already-raw image and
# qemu-img returns None for "format_specific".
qemu_img_info = qemu_img_info_fn.return_value
qemu_img_info.file_format = 'raw'
qemu_img_info.backing_file = None
qemu_img_info.format_specific = None
images.fetch_to_raw(None, 'href123', '/no/path')
mock_rename.assert_called_once_with('/no/path.part', '/no/path')
@mock.patch.object(compute_utils, 'disk_ops_semaphore') @mock.patch.object(compute_utils, 'disk_ops_semaphore')
@mock.patch('nova.privsep.utils.supports_direct_io', return_value=True) @mock.patch('nova.privsep.utils.supports_direct_io', return_value=True)
@mock.patch('oslo_concurrency.processutils.execute') @mock.patch('oslo_concurrency.processutils.execute')

@ -157,6 +157,15 @@ def fetch_to_raw(context, image_href, path, trusted_certs=None):
reason=(_("fmt=%(fmt)s backed by: %(backing_file)s") % reason=(_("fmt=%(fmt)s backed by: %(backing_file)s") %
{'fmt': fmt, 'backing_file': backing_file})) {'fmt': fmt, 'backing_file': backing_file}))
try:
data_file = data.format_specific['data']['data-file']
except (KeyError, TypeError, AttributeError):
data_file = None
if data_file is not None:
raise exception.ImageUnacceptable(image_id=image_href,
reason=(_("fmt=%(fmt)s has data-file: %(data_file)s") %
{'fmt': fmt, 'data_file': data_file}))
if fmt == 'vmdk': if fmt == 'vmdk':
check_vmdk_image(image_href, data) check_vmdk_image(image_href, data)