This patch fixes the Quobyte driver unit tests that forcefully replace
the 'convert_image' method in 'image_utils' with a Mock and then doesn't
restore it afterwards, so any method that runs afterwards and expects
'convert_image' to actually run code will fail.

This patch uses the proper mocking mechanisms that restore things
afterwards.

Change-Id: Iec1cf6ade1d97900d4db6e29555ddef8d45b9534
(cherry picked from commit e92c4d0)

In yoga there are test failures with cinder-plugin-ceph-tempest job.
One type of failure is related to snapshot in use the other type is
snapshot delete timeout.

Change-Id: I19e8c6822178eec3769cd18f3c676ca7425262ec

Adds code to image_utils to check for a qcow2 external data
file, a recent feature of qemu which we do not support and
which can be used maliciously.

Advice from the qemu-img community is that it is dangerous
to call qemu-img info on untrusted files, so we copy over
the format_inspector module from Glance.  This performs basic
analysis on the image data file so we can detect problematic
images before we call qemu-img info to get all the image
attributes.  It is expected that this code will eventually be
added to oslo so it can be consumed by Glance, Cinder, and
Nova.

Because cinder itself may create qcow2 format images with a
backing file in nfs-based backends, the glance format_inspector
has been modified to optionally allow such files.  Since we are
monkeying with the format_inspector code, we also copy over
its unit tests to prevent regressions and to add tests for the
changed code.

Includes an additional fix to prevent an issue where a user
could mount a raw volume and write a qcow2 header with a larger
virtual size on it. On reattaching the volume it would have the
new larger virtual size avaialable without actually changing
the size value in cinder.  While we cannot prevent this we can
prevent the user from using this volume again, which makes this
exploit pointless.

unmaintained/yoga only: The tests
cinder.tests.unit.volume.drivers.test_quobyte.QuobyteDriverTestCase.
* test_copy_volume_from_snapshot_not_cached_overlay
* test_copy_volume_from_snapshot
* test_copy_volume_from_snapshot_not_cached
failed as convert_image mock was not called, remove this mock
from yoga and on older branches.

With older qemu installed one of the qemu-img
create commands fails, let's skip it from unmaintained/yoga and
below that in test_qcow2_safety_checks.

Co-authored-by: Dan Smith <[email protected]>
Co-authored-by: Felix Huettner <[email protected]>

Change-Id: I65857288b797cde573e7443ac6e7e6f57fedde01
Closes-bug: #2059809
(cherry picked from commit 4aa6590)
(cherry picked from commit d6a1869)
(cherry picked from commit db98dc2)
(cherry picked from commit 9e667b0)
(cherry picked from commit 5f5e86e)

Initially before the change
https://review.opendev.org/c/openstack/os-brick/+/810419 was merged
to close the bug https://bugs.launchpad.net/os-brick/+bug/1929223,
verify_cert was always set to False which can lead to security issues.
It has been decided through this change that this option can be set
to True or False based upon security requirements. This change
introduced a regression failure as the value set to the option
is not part of connection_properties.

This patch adds additional params during initialization so that it
can be carried over os-brick and get adequate REST API response.

Closes-Bug: 1990136
Change-Id: I0d266a57f68221a3b1740a7376e152bb64cac729
(cherry picked from commit 82823ac)
(cherry picked from commit 8794f84)
(cherry picked from commit be3c66e)

…rtificates" into unmaintained/yoga