def delete(self, req, id): context = req.environ['cinder.context'] authorize_delete(context) try: db.quota_destroy_by_project(context, id) except exception.AdminRequired: raise webob.exc.HTTPForbidden()
def destroy_by_project(self, context, project_id): """Destroy all limit quotas associated with a project. Leave usage and reservation quotas intact. :param context: The request context, for access checks. :param project_id: The ID of the project being deleted. """ db.quota_destroy_by_project(context, project_id)
def delete(self, req, id): """Delete Quota for a particular tenant. :param req: request :param id: target project id that needs to be deleted """ context = req.environ['cinder.context'] context.authorize(policy.DELETE_POLICY, target={'project_id': id}) db.quota_destroy_by_project(context, id)
def _delete_nested_quota(self, ctxt, proj_id): # Get the parent_id of the target project to verify whether we are # dealing with hierarchical namespace or non-hierarchical # namespace. try: project_quotas = QUOTAS.get_project_quotas( ctxt, proj_id, usages=True, defaults=False) except exception.NotAuthorized: raise webob.exc.HTTPForbidden() target_project = quota_utils.get_project_hierarchy( ctxt, proj_id) parent_id = target_project.parent_id # If the project which is being deleted has allocated part of its # quota to its subprojects, then subprojects' quotas should be # deleted first. for key, value in project_quotas.items(): if 'allocated' in project_quotas[key].keys(): if project_quotas[key]['allocated'] != 0: msg = _("About to delete child projects having " "non-zero quota. This should not be performed") raise webob.exc.HTTPBadRequest(explanation=msg) if parent_id: # Get the children of the project which the token is scoped to # in order to know if the target_project is in its hierarchy. context_project = quota_utils.get_project_hierarchy( ctxt, ctxt.project_id, subtree_as_ids=True) self._authorize_update_or_delete(context_project, target_project.id, parent_id) parent_project_quotas = QUOTAS.get_project_quotas( ctxt, parent_id) # Delete child quota first and later update parent's quota. try: db.quota_destroy_by_project(ctxt, target_project.id) except exception.AdminRequired: raise webob.exc.HTTPForbidden() # The parent "gives" quota to its child using the "allocated" value # and since the child project is getting deleted, we should restore # the child projects quota to the parent quota, but lowering it's # allocated value for key, value in project_quotas.items(): project_hard_limit = project_quotas[key]['limit'] parent_allocated = parent_project_quotas[key]['allocated'] parent_allocated -= project_hard_limit db.quota_allocated_update(ctxt, parent_id, key, parent_allocated)
def _delete_nested_quota(self, ctxt, proj_id): # Get the parent_id of the target project to verify whether we are # dealing with hierarchical namespace or non-hierarchical # namespace. try: project_quotas = QUOTAS.get_project_quotas( ctxt, proj_id, usages=True, defaults=False) project_group_quotas = GROUP_QUOTAS.get_project_quotas( ctxt, proj_id, usages=True, defaults=False) project_quotas.update(project_group_quotas) except exception.NotAuthorized: raise webob.exc.HTTPForbidden() target_project = quota_utils.get_project_hierarchy( ctxt, proj_id) parent_id = target_project.parent_id if parent_id: # Get the children of the project which the token is scoped to # in order to know if the target_project is in its hierarchy. context_project = quota_utils.get_project_hierarchy( ctxt, ctxt.project_id, subtree_as_ids=True) self._authorize_update_or_delete(context_project, target_project.id, parent_id) defaults = QUOTAS.get_defaults(ctxt, proj_id) defaults.update(GROUP_QUOTAS.get_defaults(ctxt, proj_id)) # If the project which is being deleted has allocated part of its # quota to its subprojects, then subprojects' quotas should be # deleted first. for res, value in project_quotas.items(): if 'allocated' in project_quotas[res].keys(): if project_quotas[res]['allocated'] > 0: msg = _("About to delete child projects having " "non-zero quota. This should not be performed") raise webob.exc.HTTPBadRequest(explanation=msg) # Ensure quota usage wouldn't exceed limit on a delete self._validate_existing_resource( res, defaults[res], project_quotas) try: db.quota_destroy_by_project(ctxt, target_project.id) except exception.AdminRequired: raise webob.exc.HTTPForbidden() for res, limit in project_quotas.items(): # Update child limit to 0 so the parent hierarchy gets it's # allocated values updated properly self._update_nested_quota_allocated( ctxt, target_project, project_quotas, res, 0)
def _delete_nested_quota(self, ctxt, proj_id): # Get the parent_id of the target project to verify whether we are # dealing with hierarchical namespace or non-hierarchical # namespace. try: project_quotas = QUOTAS.get_project_quotas( ctxt, proj_id, usages=True, defaults=False) project_group_quotas = GROUP_QUOTAS.get_project_quotas( ctxt, proj_id, usages=True, defaults=False) project_quotas.update(project_group_quotas) except exception.NotAuthorized: raise webob.exc.HTTPForbidden() target_project = quota_utils.get_project_hierarchy( ctxt, proj_id) parent_id = target_project.parent_id if parent_id: # Get the children of the project which the token is scoped to # in order to know if the target_project is in its hierarchy. context_project = quota_utils.get_project_hierarchy( ctxt, ctxt.project_id, subtree_as_ids=True) self._authorize_update_or_delete(context_project, target_project.id, parent_id) defaults = QUOTAS.get_defaults(ctxt, proj_id) defaults.update(GROUP_QUOTAS.get_defaults(ctxt, proj_id)) # If the project which is being deleted has allocated part of its # quota to its subprojects, then subprojects' quotas should be # deleted first. for res, value in project_quotas.items(): if 'allocated' in project_quotas[res].keys(): if project_quotas[res]['allocated'] > 0: msg = _("About to delete child projects having " "non-zero quota. This should not be performed") raise webob.exc.HTTPBadRequest(explanation=msg) # Ensure quota usage wouldn't exceed limit on a delete self._validate_existing_resource( res, defaults[res], project_quotas) db.quota_destroy_by_project(ctxt, target_project.id) for res, limit in project_quotas.items(): # Update child limit to 0 so the parent hierarchy gets it's # allocated values updated properly self._update_nested_quota_allocated( ctxt, target_project, project_quotas, res, 0)
def delete(self, req, id): """Delete Quota for a particular tenant. This works for hierarchical and non-hierarchical projects. For hierarchical projects only immediate parent admin or the CLOUD admin are able to perform a delete. :param req: request :param id: target project id that needs to be deleted """ context = req.environ['cinder.context'] context.authorize(policy.DELETE_POLICY, target={'project_id': id}) if QUOTAS.using_nested_quotas(): self._delete_nested_quota(context, id) else: db.quota_destroy_by_project(context, id)
def delete(self, req, id): """Delete Quota for a particular tenant. This works for hierarchical and non-hierarchical projects. For hierarchical projects only immediate parent admin or the CLOUD admin are able to perform a delete. :param req: request :param id: target project id that needs to be updated """ context = req.environ['cinder.context'] authorize_delete(context) if QUOTAS.using_nested_quotas(): self._delete_nested_quota(context, id) else: try: db.quota_destroy_by_project(context, id) except exception.AdminRequired: raise webob.exc.HTTPForbidden()
def delete(self, req, id): """Delete Quota for a particular tenant. This works for hierarchical and non-hierarchical projects. For hierarchical projects only immediate parent admin or the CLOUD admin are able to perform a delete. :param req: request :param id: target project id that needs to be deleted """ context = req.environ['cinder.context'] authorize_delete(context) if QUOTAS.using_nested_quotas(): self._delete_nested_quota(context, id) else: try: db.quota_destroy_by_project(context, id) except exception.AdminRequired: raise webob.exc.HTTPForbidden()
def delete(self, req, id): """Delete Quota for a particular tenant. This works for hierarchical and non-hierarchical projects. For hierarchical projects only immediate parent admin or the CLOUD admin are able to perform a delete. :param req: request :param id: target project id that needs to be updated """ context = req.environ['cinder.context'] authorize_delete(context) # Get the parent_id of the target project to verify whether we are # dealing with hierarchical namespace or non-hierarchical namespace. target_project = self._get_project(context, id) parent_id = target_project.parent_id try: project_quotas = QUOTAS.get_project_quotas( context, target_project.id, usages=True, parent_project_id=parent_id, defaults=False) except exception.NotAuthorized: raise webob.exc.HTTPForbidden() # If the project which is being deleted has allocated part of its quota # to its subprojects, then subprojects' quotas should be deleted first. for key, value in project_quotas.items(): if 'allocated' in project_quotas[key].keys(): if project_quotas[key]['allocated'] != 0: msg = _("About to delete child projects having " "non-zero quota. This should not be performed") raise webob.exc.HTTPBadRequest(explanation=msg) if parent_id: # Get the children of the project which the token is scoped to in # order to know if the target_project is in its hierarchy. context_project = self._get_project(context, context.project_id, subtree_as_ids=True) self._authorize_update_or_delete(context_project, target_project.id, parent_id) parent_project_quotas = QUOTAS.get_project_quotas( context, parent_id, parent_project_id=parent_id) # Delete child quota first and later update parent's quota. try: db.quota_destroy_by_project(context, target_project.id) except exception.AdminRequired: raise webob.exc.HTTPForbidden() # Update the allocated of the parent for key, value in project_quotas.items(): project_hard_limit = project_quotas[key]['limit'] parent_allocated = parent_project_quotas[key]['allocated'] parent_allocated -= project_hard_limit db.quota_allocated_update(context, parent_id, key, parent_allocated) else: try: db.quota_destroy_by_project(context, target_project.id) except exception.AdminRequired: raise webob.exc.HTTPForbidden()
def delete(self, req, id): """Delete Quota for a particular tenant. This works for hierarchical and non-hierarchical projects. For hierarchical projects only immediate parent admin or the CLOUD admin are able to perform a delete. :param req: request :param id: target project id that needs to be updated """ context = req.environ['cinder.context'] authorize_delete(context) # Get the parent_id of the target project to verify whether we are # dealing with hierarchical namespace or non-hierarchical namespace. target_project = self._get_project(context, id) parent_id = target_project.parent_id try: project_quotas = QUOTAS.get_project_quotas( context, target_project.id, usages=True, parent_project_id=parent_id) except exception.NotAuthorized: raise webob.exc.HTTPForbidden() # If the project which is being deleted has allocated part of its quota # to its subprojects, then subprojects' quotas should be deleted first. for key, value in project_quotas.items(): if 'allocated' in project_quotas[key].keys(): if project_quotas[key]['allocated'] != 0: msg = _("About to delete child projects having " "non-zero quota. This should not be performed") raise webob.exc.HTTPBadRequest(explanation=msg) if parent_id: # Get the children of the project which the token is scoped to in # order to know if the target_project is in its hierarchy. context_project = self._get_project(context, context.project_id, subtree_as_ids=True) self._authorize_update_or_delete(context_project, target_project.id, parent_id) parent_project_quotas = QUOTAS.get_project_quotas( context, parent_id, parent_project_id=parent_id) # Delete child quota first and later update parent's quota. try: db.quota_destroy_by_project(context, target_project.id) except exception.AdminRequired: raise webob.exc.HTTPForbidden() # Update the allocated of the parent for key, value in project_quotas.items(): project_hard_limit = project_quotas[key]['limit'] parent_allocated = parent_project_quotas[key]['allocated'] parent_allocated -= project_hard_limit db.quota_allocated_update(context, parent_id, key, parent_allocated) else: try: db.quota_destroy_by_project(context, target_project.id) except exception.AdminRequired: raise webob.exc.HTTPForbidden()