def check_security_group_rule_quota(
cls, proj_dict, db_conn, rule_count):
quota_counter = cls.server.quota_counter
obj_type = 'security_group_rule'
quota_limit = QuotaHelper.get_quota_limit(proj_dict, obj_type)
if (rule_count and quota_limit >= 0):
path_prefix = _DEFAULT_ZK_COUNTER_PATH_PREFIX + proj_dict['uuid']
path = path_prefix + "/" + obj_type
if not quota_counter.get(path):
# Init quota counter for security group rule
QuotaHelper._zk_quota_counter_init(
path_prefix,
{obj_type: quota_limit},
proj_dict['uuid'],
db_conn,
quota_counter)
ok, result = QuotaHelper.verify_quota(
obj_type, quota_limit, quota_counter[path],
count=rule_count)
if not ok:
msg = "security_group_entries: %d" % quota_limit
return False, (QUOTA_OVER_ERROR_CODE, msg)
def undo():
# Revert back quota count
quota_counter[path] -= rule_count
get_context().push_undo(undo)
return True, ""
def pre_dbe_delete(cls, id, obj_dict, db_conn):
ok, result = cls.dbe_read(db_conn, 'security_group', id)
if not ok:
return ok, result, None
sg_dict = result
if sg_dict['id_perms'].get('user_visible', True) is not False:
ok, result = QuotaHelper.get_project_dict_for_quota(
sg_dict['parent_uuid'], db_conn)
if not ok:
return False, result, None
proj_dict = result
obj_type = 'security_group_rule'
quota_limit = QuotaHelper.get_quota_limit(proj_dict, obj_type)
if 'security_group_entries' in obj_dict and quota_limit >= 0:
rule_count = len(
obj_dict['security_group_entries']['policy_rule'])
path_prefix = (_DEFAULT_ZK_COUNTER_PATH_PREFIX +
proj_dict['uuid'])
path = path_prefix + "/" + obj_type
quota_counter = cls.server.quota_counter
# If the SG has been created before R3, there is no
# path in ZK. It is created on next update and we
# can ignore it for now
if quota_counter.get(path):
quota_counter[path] -= rule_count
def undo():
# Revert back quota count
quota_counter[path] += rule_count
get_context().push_undo(undo)
return True, "", None
def check_security_group_rule_quota(cls, proj_dict, db_conn, rule_count):
quota_counter = cls.server.quota_counter
obj_type = 'security_group_rule'
quota_limit = QuotaHelper.get_quota_limit(proj_dict, obj_type)
if (rule_count and quota_limit >= 0):
path_prefix = _DEFAULT_ZK_COUNTER_PATH_PREFIX + proj_dict['uuid']
path = path_prefix + "/" + obj_type
if not quota_counter.get(path):
# Init quota counter for security group rule
QuotaHelper._zk_quota_counter_init(path_prefix,
{obj_type: quota_limit},
proj_dict['uuid'], db_conn,
quota_counter)
ok, result = QuotaHelper.verify_quota(obj_type,
quota_limit,
quota_counter[path],
count=rule_count)
if not ok:
msg = "security_group_entries: %d" % quota_limit
return False, (QUOTA_OVER_ERROR_CODE, msg)
def undo():
# Revert back quota count
quota_counter[path] -= rule_count
get_context().push_undo(undo)
return True, ""
def pre_dbe_delete(cls, id, obj_dict, db_conn):
ok, result = cls.dbe_read(db_conn, 'security_group', id)
if not ok:
return ok, result, None
sg_dict = result
if sg_dict['id_perms'].get('user_visible', True) is not False:
ok, result = QuotaHelper.get_project_dict_for_quota(
sg_dict['parent_uuid'], db_conn)
if not ok:
return False, result, None
proj_dict = result
obj_type = 'security_group_rule'
quota_limit = QuotaHelper.get_quota_limit(proj_dict, obj_type)
if 'security_group_entries' in obj_dict and quota_limit >= 0:
rule_count = len(
obj_dict['security_group_entries']['policy_rule'])
path_prefix = (_DEFAULT_ZK_COUNTER_PATH_PREFIX +
proj_dict['uuid'])
path = path_prefix + "/" + obj_type
quota_counter = cls.server.quota_counter
# If the SG has been created before R3, there is no
# path in ZK. It is created on next update and we
# can ignore it for now
if quota_counter.get(path):
quota_counter[path] -= rule_count
def undo():
# Revert back quota count
quota_counter[path] += rule_count
get_context().push_undo(undo)
return True, "", None
def get_quota_for_resource(cls, obj_type, obj_dict, db_conn):
user_visible = obj_dict['id_perms'].get('user_visible', True)
if not user_visible or obj_type not in QuotaType.attr_fields:
return True, -1, None
proj_uuid = cls.get_project_id_for_resource(obj_dict, obj_type,
db_conn)
if proj_uuid is None:
return True, -1, None
ok, result = QuotaHelper.get_project_dict_for_quota(proj_uuid, db_conn)
if not ok:
return False, result
proj_dict = result
quota_limit = QuotaHelper.get_quota_limit(proj_dict, obj_type)
return True, quota_limit, proj_uuid
def check_openstack_firewall_group_quota(cls, obj_dict, deleted=False):
obj_type = 'firewall_group'
if (not obj_dict['id_perms'].get('user_visible', True) or
obj_dict.get('parent_type') != Project.object_type):
return True, ''
ok, result = QuotaHelper.get_project_dict_for_quota(
obj_dict['parent_uuid'], cls.db_conn)
if not ok:
return False, result
project = result
quota_limit = QuotaHelper.get_quota_limit(project, obj_type)
if quota_limit < 0:
return True, ''
quota_count = 1
if deleted:
quota_count = -1
path_prefix = _DEFAULT_ZK_COUNTER_PATH_PREFIX + project['uuid']
path = path_prefix + "/" + obj_type
if not cls.server.quota_counter.get(path):
QuotaHelper._zk_quota_counter_init(
path_prefix,
{obj_type: quota_limit},
project['uuid'],
cls.db_conn,
cls.server.quota_counter)
return QuotaHelper.verify_quota(
obj_type, quota_limit, cls.server.quota_counter[path], quota_count)
def undo():
# revert back counter in case of any failure during creation
if not deleted:
cls.server.quota_counter[path] -= 1
else:
cls.server.quota_counter[path] += 1
get_context().push_undo(undo)
return True, ''