Comment 93 for bug 2059809

Testing with the glance patches show that import rejects all the bad image examples I have and accepts the good ones. So, this is the updated nova patch with the changes to format_inspector incorporated.

I noticed that nova actually probes the image format for the first time _without_ using the disk_format from glance passed to the format argument, which is bad. So, this (unfortunately) introduces a new call to glance to get the image details and, like the glance patch, ensures that the claimed format in the image details matches the file content. I does this by always instantiating a format inspector according to the detailed disk_format and failing if the inspector fails to parse it. Note that this (like the glance change) introduces a requirement that an image be parse-able by the format inspector, which could cause some problems. However, I don't see any way around it if we're going to plug this.

We could add a config knob to either of these patches to allow disabling these new behaviors in case they cause problems. That's rather unfortunate and deserves some discussion, but may be the safest thing to do.