add Image Checksum validation

nutanix-cloud-native · Jan 6, 2025 · 00e59bb · 00e59bb
1 parent db4f267
commit 00e59bb
Show file tree

Hide file tree

Showing 8 changed files with 89 additions and 26 deletions.
diff --git a/.web-docs/components/builder/nutanix/README.md b/.web-docs/components/builder/nutanix/README.md
@@ -84,6 +84,8 @@ Sample:
 - `source_image_name` (string) - Name of the image used as disk source.
 - `source_image_uuid` (string) - UUID of the image used as disk source.
 - `source_image_uri` (string) - URI of the image used as disk source (if image is not already on the cluster, it will download and store it before launching output image creation process).
+- `source_image_checksum` (string) - Checksum of the image used as disk source (work only with `source_image_uri` and if image is not already present in the library).
+- `source_image_checksum_type` (string) - Type of checksum used for `source_image_checksum` (`sha256` or `sha1` ).
 - `source_image_delete` (bool) - Delete source image once build process is completed (default is false).
 - `source_image_force` (bool) - Always download and replace source image even if already exist (default is false).
 - `disk_size_gb` (number) - size of the disk (in gigabytes).

diff --git a/builder/nutanix/config.go b/builder/nutanix/config.go
@@ -30,6 +30,12 @@ const (
 
 	// NutanixIdentifierBootPriorityCDROM is a resource identifier identifying the boot priority as cdrom for virtual machines.
 	NutanixIdentifierBootPriorityCDROM string = "cdrom"
+
+	// NutanixIdentifierChecksunTypeSHA256 is a resource identifier identifying the SHA-256 checksum type for virtual machines.
+	NutanixIdentifierChecksunTypeSHA256 string = "sha256"
+
+	// NutanixIdentifierChecksunTypeSHA1 is a resource identifier identifying the SHA-1 checksum type for virtual machines.
+	NutanixIdentifierChecksunTypeSHA1 string = "sha1"
 )
 
 type Config struct {
@@ -68,13 +74,15 @@ type ClusterConfig struct {
 }
 
 type VmDisk struct {
-	ImageType         string `mapstructure:"image_type" json:"image_type" required:"false"`
-	SourceImageName   string `mapstructure:"source_image_name" json:"source_image_name" required:"false"`
-	SourceImageUUID   string `mapstructure:"source_image_uuid" json:"source_image_uuid" required:"false"`
-	SourceImageURI    string `mapstructure:"source_image_uri" json:"source_image_uri" required:"false"`
-	SourceImageDelete bool   `mapstructure:"source_image_delete" json:"source_image_delete" required:"false"`
-	SourceImageForce  bool   `mapstructure:"source_image_force" json:"source_image_force" required:"false"`
-	DiskSizeGB        int64  `mapstructure:"disk_size_gb" json:"disk_size_gb" required:"false"`
+	ImageType               string `mapstructure:"image_type" json:"image_type" required:"false"`
+	SourceImageName         string `mapstructure:"source_image_name" json:"source_image_name" required:"false"`
+	SourceImageUUID         string `mapstructure:"source_image_uuid" json:"source_image_uuid" required:"false"`
+	SourceImageURI          string `mapstructure:"source_image_uri" json:"source_image_uri" required:"false"`
+	SourceImageChecksum     string `mapstructure:"source_image_checksum" json:"source_image_checksum" required:"false"`
+	SourceImageChecksumType string `mapstructure:"source_image_checksum_type" json:"source_image_checksum_type" required:"false"`
+	SourceImageDelete       bool   `mapstructure:"source_image_delete" json:"source_image_delete" required:"false"`
+	SourceImageForce        bool   `mapstructure:"source_image_force" json:"source_image_force" required:"false"`
+	DiskSizeGB              int64  `mapstructure:"disk_size_gb" json:"disk_size_gb" required:"false"`
 }
 
 type VmNIC struct {
@@ -237,6 +245,35 @@ func (c *Config) Prepare(raws ...interface{}) ([]string, error) {
 		}
 	}
 
+	// Validate each disk
+	for index, disk := range c.VmConfig.VmDisks {
+
+		// Validate checksum only with uri
+		if disk.SourceImageChecksum != "" && disk.SourceImageURI == "" {
+			log.Printf("disk %d: Checksum work only with Source Image URI\n", index)
+			errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("disk %d: source_image_checksum work only with source_image_uri", index))
+		}
+
+		// Validate supported checksum type
+		if disk.SourceImageChecksumType != "" && disk.SourceImageChecksumType != NutanixIdentifierChecksunTypeSHA1 && disk.SourceImageChecksumType != NutanixIdentifierChecksunTypeSHA256 {
+			log.Printf("disk %d: Checksum type %s not supported\n", index, disk.SourceImageChecksumType)
+			errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("disk %d: checksum_type %s not supported", index, disk.SourceImageChecksumType))
+		}
+
+		// Validate Checksum type always defined with checksum
+		if disk.SourceImageChecksum != "" && disk.SourceImageChecksumType == "" {
+			log.Printf("disk %d: Checksum type need to be defined\n", index)
+			errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("disk %d: source_image_checksum_type need to be defined", index))
+		}
+
+		// Validate Checksum type is never alone
+		if disk.SourceImageChecksumType != "" && disk.SourceImageChecksum == "" {
+			log.Printf("disk %d: No checksum set despite checksum type configure\n", index)
+			errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("disk %d: no source_image_checksum set despite checksum_type configured", index))
+		}
+
+	}
+
 	if c.CommConfig.SSHPort == 0 {
 		log.Println("SSHPort not set, defaulting to 22")
 		c.CommConfig.SSHPort = 22

diff --git a/builder/nutanix/config.hcl2spec.go b/builder/nutanix/config.hcl2spec.go
diff --git a/builder/nutanix/driver.go b/builder/nutanix/driver.go
@@ -731,6 +731,20 @@ func (d *NutanixDriver) CreateImageURL(ctx context.Context, disk VmDisk, vm VmCo
 	}
 	req.Spec.Resources.SourceURI = &disk.SourceImageURI
 
+	if disk.SourceImageChecksum != "" {
+
+		req.Spec.Resources.Checksum = &v3.Checksum{
+			ChecksumValue: &disk.SourceImageChecksum,
+		}
+
+		if disk.SourceImageChecksumType == NutanixIdentifierChecksunTypeSHA256 {
+			req.Spec.Resources.Checksum.ChecksumAlgorithm = StringPtr("SHA_256")
+		} else if disk.SourceImageChecksumType == NutanixIdentifierChecksunTypeSHA1 {
+			req.Spec.Resources.Checksum.ChecksumAlgorithm = StringPtr("SHA_1")
+		}
+
+	}
+
 	image, err := conn.V3.CreateImage(ctx, req)
 	if err != nil {
 		return nil, fmt.Errorf("error while creating image: %s", err.Error())

diff --git a/docs/builders/nutanix.mdx b/docs/builders/nutanix.mdx
@@ -93,6 +93,8 @@ Sample:
 - `source_image_name` (string) - Name of the image used as disk source.
 - `source_image_uuid` (string) - UUID of the image used as disk source.
 - `source_image_uri` (string) - URI of the image used as disk source (if image is not already on the cluster, it will download and store it before launching output image creation process).
+- `source_image_checksum` (string) - Checksum of the image used as disk source (work only with `source_image_uri` and if image is not already present in the library).
+- `source_image_checksum_type` (string) - Type of checksum used for `source_image_checksum` (`sha256` or `sha1` ).
 - `source_image_delete` (bool) - Delete source image once build process is completed (default is false).
 - `source_image_force` (bool) - Always download and replace source image even if already exist (default is false).
 - `disk_size_gb` (number) - size of the disk (in gigabytes).

diff --git a/example/README.md b/example/README.md
@@ -1,16 +1,16 @@
 ## Examples
 Validate Manifests:
-packer validate .
+`packer validate .`
 
 Creating CentOS from local Image and running Provisioner:
-packer build -only nutanix.centos .
+`packer build -only nutanix.centos .`
 
 Creating Ubuntu from Upstream Image and running Provisioner:
-packer build -only nutanix.ubuntu .
+`packer build -only nutanix.ubuntu .`
 
 Creating from ISO with Kickstart-File:
-packer build -only nutanix.centos-kickstart .
+`packer build -only nutanix.centos-kickstart .`
 
 Windows Image (ISO Boot, VirtIO Drivers, cd_files)
-packer build -only nutanix.windows .
+`packer build -only nutanix.windows .`
 
diff --git a/test/e2e/centos-img/source.pkr.hcl b/test/e2e/centos-img/source.pkr.hcl
@@ -10,6 +10,8 @@ source "nutanix" "centos" {
   vm_disks {
       image_type = "DISK_IMAGE"
       source_image_uri = "https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2111.qcow2"
+      source_image_checksum = "4c34278cd7ba51e47d864a5cb34301a2ec7853786cb73877f3fe61bb1040edd4"
+      source_image_checksum_type = "sha256"
       disk_size_gb = 20
   }
 

diff --git a/test/e2e/centos-iso/source.pkr.hcl b/test/e2e/centos-iso/source.pkr.hcl
@@ -10,6 +10,8 @@ source "nutanix" "centos" {
  vm_disks {
       image_type = "ISO_IMAGE"
       source_image_uri = "https://vault.centos.org/7.9.2009/isos/x86_64/CentOS-7-x86_64-Minimal-2009.iso"
+      source_image_checksum = "07b94e6b1a0b0260b94c83d6bb76b26bf7a310dc78d7a9c7432809fb9bc6194a"
+      source_image_checksum_type = "sha256"
   }
 
   vm_disks {