def limit_check(self, context, tenant_id, **values):
"""Check simple quota limits.
For limits--those quotas for which there is no usage
synchronization function--this method checks that a set of
proposed values are permitted by the limit restriction. The
values to check are given as keyword arguments, where the key
identifies the specific quota limit to check, and the value is
the proposed value.
This method will raise a QuotaResourceUnknown exception if a
given resource is unknown or if it is not a countable resource.
If any of the proposed values exceeds the respective quota defined
for the tenant, an OverQuota exception will be raised.
The exception will include a sorted list with the resources
which exceed the quota limit. Otherwise, the method returns nothing.
:param context: Request context
:param tenant_id: Tenant for which the quota limit is being checked
:param values: Dict specifying requested deltas for each resource
"""
# TODO(salv-orlando): Deprecate calls to this API
# Verify that resources are managed by the quota engine
requested_resources = set(values.keys())
managed_resources = set([res for res in resource_registry.get_all_resources() if res in requested_resources])
# Make sure we accounted for all of them...
unknown_resources = requested_resources - managed_resources
if unknown_resources:
raise exceptions.QuotaResourceUnknown(unknown=sorted(unknown_resources))
return self.get_driver().limit_check(context, tenant_id, resource_registry.get_all_resources(), values)
def patched_set_resources_dirty(context):
if not cfg.CONF.QUOTAS.track_quota_usage:
return
with context.session.begin(subtransactions=True):
for res in res_reg.get_all_resources().values():
if res_reg.is_tracked(res.name) and res.dirty:
dirty_tenants_snap = res._dirty_tenants.copy()
for tenant_id in dirty_tenants_snap:
query = common_db_api.model_query(
context, quota_models.QuotaUsage)
query = query.filter_by(resource=res.name).filter_by(
tenant_id=tenant_id)
usage_data = query.first()
# Set dirty if not set already. This effectively
# patches the inner notify method:
# https://github.com/openstack/neutron/blob/newton-eol/
# neutron/api/v2/base.py#L481
# to avoid updating the QuotaUsages table outside
# from that method (which starts a new transaction).
# The dirty marking would have been already done
# in the ml2plus manager at the end of the pre_commit
# stage (and prior to the plugin initiated transaction
# completing).
if usage_data and not usage_data.dirty:
res.mark_dirty(context)
def make_reservation(self, context, tenant_id, deltas, plugin):
# Verify that resources are managed by the quota engine
# Ensure no value is less than zero
unders = [key for key, val in deltas.items() if val < 0]
if unders:
raise exceptions.InvalidQuotaValue(unders=sorted(unders))
requested_resources = set(deltas.keys())
all_resources = resource_registry.get_all_resources()
managed_resources = set([res for res in all_resources.keys()
if res in requested_resources])
# Make sure we accounted for all of them...
unknown_resources = requested_resources - managed_resources
if unknown_resources:
raise exceptions.QuotaResourceUnknown(
unknown=sorted(unknown_resources))
# FIXME(salv-orlando): There should be no reason for sending all the
# resource in the registry to the quota driver, but as other driver
# APIs request them, this will be sorted out with a different patch.
return self.get_driver().make_reservation(
context,
tenant_id,
all_resources,
deltas,
plugin)
def default(self, request, id):
if id != request.context.tenant_id:
self._check_admin(request.context,
reason=_("Only admin is authorized "
"to access quotas for another tenant"))
return {self._resource_name: self._driver.get_default_quotas(
context=request.context,
resources=resource_registry.get_all_resources(),
tenant_id=id)}
def _update_attributes(self):
for quota_resource in resource_registry.get_all_resources().keys():
attr_dict = EXTENDED_ATTRIBUTES_2_0[RESOURCE_COLLECTION]
attr_dict[quota_resource] = {
'allow_post': False,
'allow_put': True,
'convert_to': attributes.convert_to_int,
'validate': {'type:range': [-1, const.DB_INTEGER_MAX_VALUE]},
'is_visible': True}
self._update_extended_attributes = False
def index(self):
neutron_context = request.context.get('neutron_context')
# FIXME(salv-orlando): There shouldn't be any need to to this eplicit
# check. However some behaviours from the "old" extension have
# been temporarily carried over here
self._check_admin(neutron_context)
# TODO(salv-orlando): proper plurals management
return {self.collection:
self._driver.get_all_quotas(
neutron_context,
resource_registry.get_all_resources())}
def make_reservation(self, context, tenant_id, resources, deltas, plugin):
"""This driver does not support reservations.
This routine is provided for backward compatibility purposes with
the API controllers which have now been adapted to make reservations
rather than counting resources and checking limits - as this
routine ultimately does.
"""
for resource in deltas.keys():
count = QUOTAS.count(context, resource, plugin, tenant_id)
total_use = deltas.get(resource, 0) + count
deltas[resource] = total_use
self.limit_check(context, tenant_id, resource_registry.get_all_resources(), deltas)
# return a fake reservation - the REST controller expects it
return quota_api.ReservationInfo("fake", None, None, None)
def __init__(self, _driver, tenant_id):
self._driver = _driver
self._tenant_id = tenant_id
super(QuotaController, self).__init__(
"%ss" % RESOURCE_NAME, RESOURCE_NAME)
# Ensure limits for all registered resources are returned
attr_dict = attributes.RESOURCE_ATTRIBUTE_MAP[self.collection]
for quota_resource in resource_registry.get_all_resources().keys():
attr_dict[quota_resource] = {
'allow_post': False,
'allow_put': True,
'convert_to': attributes.convert_to_int,
'validate': {
'type:range': [-1, constants.DB_INTEGER_MAX_VALUE]},
'is_visible': True}
def make_reservation(self, context, tenant_id, resources, deltas, plugin):
"""This driver does not support reservations.
This routine is provided for backward compatibility purposes with
the API controllers which have now been adapted to make reservations
rather than counting resources and checking limits - as this
routine ultimately does.
"""
for resource in deltas.keys():
count = QUOTAS.count(context, resource, plugin, tenant_id)
total_use = deltas.get(resource, 0) + count
deltas[resource] = total_use
self.limit_check(
context,
tenant_id,
resource_registry.get_all_resources(),
deltas)
# return a fake reservation - the REST controller expects it
return quota_api.ReservationInfo('fake', None, None, None)
def get_tenant_quotas(tenant_id, driver=None):
if not driver:
driver = importutils.import_class(cfg.CONF.QUOTAS.quota_driver)
neutron_context = request.context.get('neutron_context')
if tenant_id == 'tenant':
# NOTE(salv-orlando): Read the following before the code in order
# to avoid puking.
# There is a weird undocumented behaviour of the Neutron quota API
# as 'tenant' is used as an API action to return the identifier
# of the tenant in the request context. This is used exclusively
# for interaction with python-neutronclient and is a possibly
# unnecessary 'whoami' API endpoint. Pending resolution of this
# API issue, this controller will just treat the magic string
# 'tenant' (and only that string) and return the response expected
# by python-neutronclient
return {'tenant': {'tenant_id': neutron_context.tenant_id}}
tenant_quotas = driver.get_tenant_quotas(
neutron_context, resource_registry.get_all_resources(), tenant_id)
tenant_quotas['tenant_id'] = tenant_id
return {RESOURCE_NAME: tenant_quotas}
def __init__(self, _driver, tenant_id):
self._driver = _driver
self._tenant_id = tenant_id
super(QuotaController, self).__init__(
"%ss" % RESOURCE_NAME, RESOURCE_NAME)
# Ensure limits for all registered resources are returned
attr_dict = attributes.RESOURCES[self.collection]
for quota_resource in resource_registry.get_all_resources().keys():
attr_dict[quota_resource] = {
'allow_post': False,
'allow_put': True,
'convert_to': converters.convert_to_int,
'validate': {
'type:range': [-1, db_const.DB_INTEGER_MAX_VALUE]},
'is_visible': True}
# The quota resource must always declare a tenant_id attribute,
# otherwise the attribute will be stripped off when generating the
# response
attr_dict.update(TENANT_ID_ATTR)
def __init__(self, _driver, tenant_id):
self._driver = _driver
self._tenant_id = tenant_id
super(QuotaController, self).__init__(
"%ss" % RESOURCE_NAME, RESOURCE_NAME)
# Ensure limits for all registered resources are returned
attr_dict = attributes.RESOURCE_ATTRIBUTE_MAP[self.collection]
for quota_resource in resource_registry.get_all_resources().keys():
attr_dict[quota_resource] = {
'allow_post': False,
'allow_put': True,
'convert_to': attributes.convert_to_int,
'validate': {
'type:range': [-1, constants.DB_INTEGER_MAX_VALUE]},
'is_visible': True}
# The quota resource must always declare a tenant_id attribute,
# otherwise the attribute will be stripped off when generating the
# response
attr_dict.update(TENANT_ID_ATTR)
def get_tenant_quotas(tenant_id, driver=None):
if not driver:
driver = importutils.import_class(cfg.CONF.QUOTAS.quota_driver)
neutron_context = request.context.get('neutron_context')
if tenant_id == 'tenant':
# NOTE(salv-orlando): Read the following before the code in order
# to avoid puking.
# There is a weird undocumented behaviour of the Neutron quota API
# as 'tenant' is used as an API action to return the identifier
# of the tenant in the request context. This is used exclusively
# for interaction with python-neutronclient and is a possibly
# unnecessary 'whoami' API endpoint. Pending resolution of this
# API issue, this controller will just treat the magic string
# 'tenant' (and only that string) and return the response expected
# by python-neutronclient
return {'tenant': {'tenant_id': neutron_context.tenant_id}}
tenant_quotas = driver.get_tenant_quotas(
neutron_context,
resource_registry.get_all_resources(),
tenant_id)
tenant_quotas['tenant_id'] = tenant_id
return {RESOURCE_NAME: tenant_quotas}
def make_reservation(self, context, tenant_id, deltas, plugin):
# Verify that resources are managed by the quota engine
# Ensure no value is less than zero
unders = [key for key, val in deltas.items() if val < 0]
if unders:
raise exceptions.InvalidQuotaValue(unders=sorted(unders))
requested_resources = set(deltas.keys())
all_resources = resource_registry.get_all_resources()
managed_resources = set([
res for res in all_resources.keys() if res in requested_resources
])
# Make sure we accounted for all of them...
unknown_resources = requested_resources - managed_resources
if unknown_resources:
raise exceptions.QuotaResourceUnknown(
unknown=sorted(unknown_resources))
# FIXME(salv-orlando): There should be no reason for sending all the
# resource in the registry to the quota driver, but as other driver
# APIs request them, this will be sorted out with a different patch.
return self.get_driver().make_reservation(context, tenant_id,
all_resources, deltas,
plugin)
def quota_limit_check(self, context, project_id, **deltas):
return self.get_driver().quota_limit_check(
context, project_id, resource_registry.get_all_resources(), deltas)
def _get_quotas(self, request, tenant_id):
return self._driver.get_tenant_quotas(
request.context, resource_registry.get_all_resources(), tenant_id)
def index(self, request):
context = request.context
validate_policy(context, "get_quota")
return {self._resource_name + "s":
self._driver.get_all_quotas(
context, resource_registry.get_all_resources())}
def _get_quotas(self, request, tenant_id):
return self._driver.get_tenant_quotas(
request.context,
resource_registry.get_all_resources(),
tenant_id)
def index(self, request):
context = request.context
self._check_admin(context)
return {self._resource_name + "s":
self._driver.get_all_quotas(
context, resource_registry.get_all_resources())}
def _get_detailed_quotas(self, request, project_id):
return self._driver.get_detailed_project_quotas(
request.context, resource_registry.get_all_resources(), project_id)
