Change in vdsm[master]: hsm: add uploaded image verification

Wed, 06 Apr 2016 05:34:30 -0700 

Amit Aviram has uploaded a new change for review.

Change subject: hsm: add uploaded image verification
......................................................................

hsm: add uploaded image verification

In the new image upload flow, a VDSM's image is being generated and data
is being sent into the created volume inside. As this flow is risky in
cases where the data is a QCOW file with an invalid backing file, or
wrong disk format is sent, VDSM should verify the image in the upload
process.

This patch adds a verb for upload verification, which verifies that
there is no backing file for a QCOW image, and that the format of the
uploaded image fits to what the user has specified.

Change-Id: Ibf85061536eb4ddff021539c742a674f183a8984
Signed-off-by: Amit Aviram <aavi...@redhat.com>
---
M lib/api/vdsmapi-schema.json
M lib/vdsm/storage/exception.py
M vdsm/API.py
M vdsm/storage/hsm.py
4 files changed, 50 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/46/55746/1

diff --git a/lib/api/vdsmapi-schema.json b/lib/api/vdsmapi-schema.json
index 1016993..d0c246d 100644
--- a/lib/api/vdsmapi-schema.json
+++ b/lib/api/vdsmapi-schema.json
@@ -8505,6 +8505,29 @@
  'returns': 'UUID'}
 
 ##
+# @Volume.verify_upload:
+#
+# Verify an uploaded image's volume. The verification includes comparing
+# the uploaded image's format with the format that is specified in the
+# image's volume's metadata, and if the format is QCOW, verifying that
+# it has no backingfile. if one of the verifications above fails, an
+# error will be raised.
+#
+# @volumeID:         The UUID of the Volume
+#
+# @storagepoolID:    The Storage Pool associated with the Volume
+#
+# @storagedomainID:  The Storage Domain associated with the Volume
+#
+# @imageID:          The Image associated with the Volume
+#
+# Since: 4.18.0
+##
+{'command': {'class': 'Volume', 'name': 'verify_upload'},
+ 'data': {'volumeID': 'UUID', 'storagepoolID': 'UUID',
+          'storagedomainID': 'UUID', 'imageID': 'UUID'}}
+
+##
 # @Volume.extendSize:
 #
 # Extends the virtual size of a volume.
diff --git a/lib/vdsm/storage/exception.py b/lib/vdsm/storage/exception.py
index 5194a87..677d736 100644
--- a/lib/vdsm/storage/exception.py
+++ b/lib/vdsm/storage/exception.py
@@ -1224,6 +1224,14 @@
     message = "Image daemon is unsupported"
 
 
+class ImageVerificationError(StorageException):
+    code = 484
+    message = "Image verification failed"
+
+    def __init__(self, reason):
+        self.value = "reason=%s" % reason
+
+
 #################################################
 #  LVM related Exceptions
 #################################################
diff --git a/vdsm/API.py b/vdsm/API.py
index 60bf9ed..0ad1a06 100644
--- a/vdsm/API.py
+++ b/vdsm/API.py
@@ -827,6 +827,10 @@
                                       self._imgUUID, [self._UUID], postZero,
                                       force)
 
+    def verify_upload(self):
+        return self._irs.verifyUpload(self._sdUUID, self._spUUID,
+                                      self._imgUUID, self._UUID)
+
     def extendSize(self, newSize):
         return self._irs.extendVolumeSize(
             self._spUUID, self._sdUUID, self._imgUUID, self._UUID, newSize)
diff --git a/vdsm/storage/hsm.py b/vdsm/storage/hsm.py
index 117023d..940d80e 100644
--- a/vdsm/storage/hsm.py
+++ b/vdsm/storage/hsm.py
@@ -1551,6 +1551,21 @@
             self._spmSchedule(spUUID, "purgeImage_%s" % imgUUID,
                               pool.purgeImage, sdUUID, imgUUID, volsByImg)
 
+    @public
+    def verifyUpload(self, sdUUID, spUUID, imgUUID, volUUID):
+        dom = sdCache.produce(sdUUID=sdUUID)
+        vol = dom.produceVolume(imgUUID, volUUID)
+        vol_metadata = vol.getInfo()
+        vol_qemu_info = qemuimg.info(vol.getVolumePath())
+
+        if vol_metadata["format"].lower() != vol_qemu_info["format"].lower():
+            raise se.ImageVerificationError(
+                "Image format is different than the "
+                "format specified by the user")
+        if "backingfile" in vol_metadata and vol_metadata["backingfile"]:
+            raise se.ImageVerificationError(
+                "Backingfile is not allowed for an uploaded image")
+
     def validateImageMove(self, srcDom, dstDom, imgUUID):
         """
         Determines if the image move is legal.


-- 
To view, visit https://gerrit.ovirt.org/55746
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibf85061536eb4ddff021539c742a674f183a8984
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Amit Aviram <aavi...@redhat.com>
_______________________________________________
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to