Comment 131 for bug 2071740

Reviewed: https://review.opendev.org/c/openstack/ironic-python-agent/+/927983
Committed: https://opendev.org/openstack/ironic-python-agent/commit/be8ee50ea1b0fbccf91ea4e4180af1f0e8154cdb
Submitter: "Zuul (22348)"
Branch: bugfix/9.12

commit be8ee50ea1b0fbccf91ea4e4180af1f0e8154cdb
Author: Jay Faulkner <email address hidden>
Date: Tue Jul 30 11:18:14 2024 -0700

    Inspect non-raw images for safety

    When IPA gets a non-raw image, it performs an on-the-fly conversion
    using qemu-img convert, as well as running qemu-img frequently to get
    basic information about the image before validating it.

    Now, we ensure that before any qemu-img calls are made, that we have
    inspected the image for safety and pass through the detected format.

    If given a disk_format=raw image and image streaming is enabled
    (default), we retain the existing behavior of not inspecting it in
    any way and streaming it bit-perfect to the device. In this case, we
    never use qemu-based tools on the image at all.

    If given a disk_format=raw image and image streaming is disabled, this
    change fixes a bug where the image may have been converted if it was not
    actually raw in the first place. We now stream these bit-perfect to the
    device.

    Adds two config options:
    - [DEFAULT]/disable_deep_image_inspection, which can be set to "True" in
      order to disable all security features. Do not do this.
    - [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types
      IPA should accept.

    Both of these configuration options are wired up to be set by the lookup
    data returned by Ironic at lookup time.

    This uses a image format inspection module imported from Nova; this
    inspector will eventually live in oslo.utils, at which point we'll
    migrate our usage of the inspector to it.

    Closes-Bug: #2071740
    Change-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7