def _defaults(self, req, id, filtered_quotas):
context = req.environ['nova.context']
context.can(qs_policies.POLICY_ROOT % 'defaults', {'project_id': id})
identity.verify_project_id(context, id)
values = QUOTAS.get_defaults(context)
return self._format_quota_set(id, values,
filtered_quotas=filtered_quotas)
def _update(self, req, id, body, filtered_quotas):
context = req.environ['nova.context']
context.can(qs_policies.POLICY_ROOT % 'update', {'project_id': id})
identity.verify_project_id(context, id)
project_id = id
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
user_id = params.get('user_id', [None])[0]
quota_set = body['quota_set']
# NOTE(alex_xu): The CONF.enable_network_quota was deprecated
# due to it is only used by nova-network, and nova-network will be
# deprecated also. So when CONF.enable_newtork_quota is removed,
# the networks quota will disappeare also.
if not CONF.enable_network_quota and 'networks' in quota_set:
raise webob.exc.HTTPBadRequest(
explanation=_('The networks quota is disabled'))
force_update = strutils.bool_from_string(quota_set.get('force',
'False'))
settable_quotas = QUOTAS.get_settable_quotas(context, project_id,
user_id=user_id)
# NOTE(dims): Pass #1 - In this loop for quota_set.items(), we validate
# min/max values and bail out if any of the items in the set is bad.
valid_quotas = {}
for key, value in body['quota_set'].items():
if key == 'force' or (not value and value != 0):
continue
# validate whether already used and reserved exceeds the new
# quota, this check will be ignored if admin want to force
# update
value = int(value)
if not force_update:
minimum = settable_quotas[key]['minimum']
maximum = settable_quotas[key]['maximum']
self._validate_quota_limit(key, value, minimum, maximum)
valid_quotas[key] = value
# NOTE(dims): Pass #2 - At this point we know that all the
# values are correct and we can iterate and update them all in one
# shot without having to worry about rolling back etc as we have done
# the validation up front in the loop above.
for key, value in valid_quotas.items():
try:
objects.Quotas.create_limit(context, project_id,
key, value, user_id=user_id)
except exception.QuotaExists:
objects.Quotas.update_limit(context, project_id,
key, value, user_id=user_id)
# Note(gmann): Removed 'id' from update's response to make it same
# as V2. If needed it can be added with microversion.
return self._format_quota_set(
None,
self._get_quotas(context, id, user_id=user_id),
filtered_quotas=filtered_quotas)
def _detail(self, req, id, filtered_quotas):
context = req.environ['nova.context']
context.can(qs_policies.POLICY_ROOT % 'detail', {'project_id': id})
identity.verify_project_id(context, id)
user_id = req.GET.get('user_id', None)
return self._format_quota_set(
id,
self._get_quotas(context, id, user_id=user_id, usages=True),
filtered_quotas=filtered_quotas)
def _show(self, req, id, filtered_quotas):
context = req.environ['nova.context']
context.can(qs_policies.POLICY_ROOT % 'show', {'project_id': id})
identity.verify_project_id(context, id)
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
user_id = params.get('user_id', [None])[0]
return self._format_quota_set(id,
self._get_quotas(context, id, user_id=user_id),
filtered_quotas=filtered_quotas)
def test_unknown_error(self, get):
get.return_value = FakeResponse(500, "Oh noes!")
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with(
'/v3/projects/foo',
endpoint_filter={'service_type': 'identity'},
raise_exc=False)
def test_unknown_error(self, get):
get.return_value = FakeResponse(500, "Oh noes!")
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with(
'/v3/projects/foo',
endpoint_filter={'service_type': 'identity'},
raise_exc=False)
def test_early_fail(self, get):
"""Test if we get a keystoneauth exception.
If we get a random keystoneauth exception, fall back and
assume the project exists.
"""
get.side_effect = kse.ConnectionError()
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
def test_early_fail(self, get):
"""Test if we get a keystoneauth exception.
If we get a random keystoneauth exception, fall back and
assume the project exists.
"""
get.side_effect = kse.ConnectionError()
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
def _remove_tenant_access(self, req, id, body):
context = req.environ['nova.context']
context.can(fa_policies.POLICY_ROOT % "remove_tenant_access")
vals = body['removeTenantAccess']
tenant = vals['tenant']
identity.verify_project_id(context, tenant)
# NOTE(gibi): We have to load a flavor from the db here as
# flavor.remove_access() will try to emit a notification and that needs
# a fully loaded flavor.
flavor = common.get_flavor(context, id)
try:
flavor.remove_access(tenant)
except (exception.FlavorAccessNotFound, exception.FlavorNotFound) as e:
raise webob.exc.HTTPNotFound(explanation=e.format_message())
return _marshall_flavor_access(flavor)
def test_unknown_id(self):
"""Test response 403.
This indicates we don't have permissions. We fail open here
and assume the project exists.
"""
self.mock_adap.get.return_value = fake_requests.FakeResponse(403)
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
self.validate_common()
def test_good_id(self):
"""Test response 200.
This indicates we have permissions, and we have definitively
found the project exists.
"""
self.mock_adap.get.return_value = fake_requests.FakeResponse(200)
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
self.validate_common()
def test_unknown_error(self):
"""Test some other return from keystone.
If we got anything else, something is wrong on the keystone
side. We don't want to fail on our side.
"""
self.mock_adap.get.return_value = FakeResponse(500, "Oh noes!")
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
self.validate_common()
def _remove_tenant_access(self, req, id, body):
context = req.environ['nova.context']
context.can(
fa_policies.POLICY_ROOT % "remove_tenant_access")
vals = body['removeTenantAccess']
tenant = vals['tenant']
identity.verify_project_id(context, tenant)
# NOTE(gibi): We have to load a flavor from the db here as
# flavor.remove_access() will try to emit a notification and that needs
# a fully loaded flavor.
flavor = common.get_flavor(context, id)
try:
flavor.remove_access(tenant)
except (exception.FlavorAccessNotFound,
exception.FlavorNotFound) as e:
raise webob.exc.HTTPNotFound(explanation=e.format_message())
return _marshall_flavor_access(flavor)
def test_unknown_error(self):
"""Test some other return from keystone.
If we got anything else, something is wrong on the keystone
side. We don't want to fail on our side.
"""
self.mock_adap.get.return_value = fake_requests.FakeResponse(
500, content="Oh noes!")
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
self.validate_common()
def test_early_fail(self, mock_load):
"""Test if we get a keystoneauth exception.
If we get a random keystoneauth exception, fall back and
assume the project exists.
"""
session = mock.create_autospec(Session)
session.get.side_effect = kse.ConnectionError()
mock_load.return_value = session
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
def _add_tenant_access(self, req, id, body):
context = req.environ['nova.context']
context.can(fa_policies.POLICY_ROOT % "add_tenant_access")
vals = body['addTenantAccess']
tenant = vals['tenant']
identity.verify_project_id(context, tenant)
flavor = common.get_flavor(context, id)
try:
if api_version_request.is_supported(req, min_version='2.7'):
if flavor.is_public:
exp = _("Can not add access to a public flavor.")
raise webob.exc.HTTPConflict(explanation=exp)
flavor.add_access(tenant)
except exception.FlavorNotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.format_message())
except exception.FlavorAccessExists as err:
raise webob.exc.HTTPConflict(explanation=err.format_message())
return _marshall_flavor_access(flavor)
def _add_tenant_access(self, req, id, body):
context = req.environ['nova.context']
context.can(fa_policies.POLICY_ROOT % "add_tenant_access")
vals = body['addTenantAccess']
tenant = vals['tenant']
identity.verify_project_id(context, tenant)
flavor = common.get_flavor(context, id)
try:
if api_version_request.is_supported(req, min_version='2.7'):
if flavor.is_public:
exp = _("Can not add access to a public flavor.")
raise webob.exc.HTTPConflict(explanation=exp)
flavor.add_access(tenant)
except exception.FlavorNotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.format_message())
except exception.FlavorAccessExists as err:
raise webob.exc.HTTPConflict(explanation=err.format_message())
return _marshall_flavor_access(flavor)
def test_unknown_id(self, get):
"""Test response 403.
This indicates we don't have permissions. We fail open here
and assume the project exists.
"""
get.return_value = FakeResponse(403)
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with(
'/projects/foo',
endpoint_filter={'service_type': 'identity', 'version': (3, 0)},
raise_exc=False)
def test_unknown_error(self, get):
"""Test some other return from keystone.
If we got anything else, something is wrong on the keystone
side. We don't want to fail on our side.
"""
get.return_value = FakeResponse(500, "Oh noes!")
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with(
'/projects/foo',
endpoint_filter={'service_type': 'identity', 'version': (3, 0)},
raise_exc=False)
def test_good_id(self, get):
"""Test response 200.
This indicates we have permissions, and we have definitively
found the project exists.
"""
get.return_value = FakeResponse(200)
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with(
'/projects/foo',
endpoint_filter={'service_type': 'identity', 'version': (3, 0)},
raise_exc=False)
def test_unknown_id(self, get):
"""Test response 403.
This indicates we don't have permissions. We fail open here
and assume the project exists.
"""
get.return_value = FakeResponse(403)
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with('/projects/foo',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0)
},
raise_exc=False)
def test_unknown_error(self, get):
"""Test some other return from keystone.
If we got anything else, something is wrong on the keystone
side. We don't want to fail on our side.
"""
get.return_value = FakeResponse(500, "Oh noes!")
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with('/projects/foo',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0)
},
raise_exc=False)
def test_good_id(self, get):
"""Test response 200.
This indicates we have permissions, and we have definitively
found the project exists.
"""
get.return_value = FakeResponse(200)
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
get.assert_called_once_with('/projects/foo',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0)
},
raise_exc=False)
def test_early_fail(self, get):
get.side_effect = kse.EndpointNotFound()
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))
def test_early_fail(self, get):
get.side_effect = kse.EndpointNotFound()
self.assertTrue(identity.verify_project_id(mock.MagicMock(), "foo"))