Check VMDK create-type against an allowed list

Related-Bug: #1996188 Change-Id: I5a399f1d3d702bfb76c067893e9c924904c8c360
2022-11-10 09:55:48 -08:00
parent d8b4b7bebd
commit d1d2375c47
3 changed files with 86 additions and 0 deletions
--- a/nova/conf/compute.py
+++ b/nova/conf/compute.py
@@ -1015,6 +1015,15 @@ Related options:
 * ``[scheduler]query_placement_for_image_type_support`` - enables
  filtering computes based on supported image types, which is required
  to be enabled for this to take effect.
+"""),
+    cfg.ListOpt('vmdk_allowed_types',
+                default=['streamOptimized', 'monolithicSparse'],
+                help="""
+A list of strings describing allowed VMDK "create-type" subformats
+that will be allowed. This is recommended to only include
+single-file-with-sparse-header variants to avoid potential host file
+exposure due to processing named extents. If this list is empty, then no
+form of VMDK image will be allowed.
 """),
    cfg.BoolOpt('packing_host_numa_cells_allocation_strategy',
        default=False,