openstack/neutron
Code Issues Proposed changes

Check quota limits

Browse Source 
When "check_limit" parameter is passed in a quota update request,
the Neutron server checks the current resource usage before updating
the quota limit. If the new quota limit is below the resource usage,
an exception is raised.

This parameter was added in [1][2].

[1]https://review.opendev.org/c/openstack/openstacksdk/+/806254
[2]https://review.opendev.org/c/openstack/python-openstackclient/+/806016

Closes-Bug: #1936408

Change-Id: I5a6fb65694498dd7d8f403ea04dc1fe72b8c938d
This commit is contained in:
Rodolfo Alonso Hernandez 2021-08-26 17:55:35 +00:00
parent efa12cf35c
commit 5a7a8db0d8
7 changed files with 63 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lower-constraints.txt
View File

@ -50,7 +50,7 @@ msgpack-python==0.4.0
munch==2.1.0 munch==2.1.0
netaddr==0.7.18 netaddr==0.7.18
netifaces==0.10.4 netifaces==0.10.4
neutron-lib==2.15.0 neutron-lib==2.16.0
openstacksdk==0.31.2 openstacksdk==0.31.2
os-client-config==1.28.0 os-client-config==1.28.0
os-ken==2.2.0 os-ken==2.2.0

14
neutron/db/quota/driver.py
View File

@ -224,15 +224,13 @@ class DbQuotaDriver(quota_api.QuotaDriverAPI):
requested_resources = (set(requested_resources) - requested_resources = (set(requested_resources) -
unlimited_resources) unlimited_resources)
# Gather current usage information # Gather current usage information
# TODO(salv-orlando): calling count() for every resource triggers # TODO(salv-orlando): calling get_resource_usage() for every
# multiple queries on quota usage. This should be improved, however # resource triggers multiple queries on quota usage. This should be
# this is not an urgent matter as the REST API currently only # improved, however this is not an urgent matter as the REST API
# allows allocation of a resource at a time # currently only allows allocation of a resource at a time
# NOTE: pass plugin too for compatibility with CountableResource
# instances
current_usages = dict( current_usages = dict(
(resource, resources[resource].count( (resource, self.get_resource_usage(context, project_id,
context, plugin, project_id, resync_usage=False)) for resources, resource)) for
resource in requested_resources) resource in requested_resources)
# Adjust for expired reservations. Apparently it is cheaper than # Adjust for expired reservations. Apparently it is cheaper than
# querying every time for active reservations and counting overall # querying every time for active reservations and counting overall

20
neutron/extensions/quota_check_limit.py Normal file
View File

@ -0,0 +1,20 @@
# Copyright (c) 2021 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api.definitions import quota_check_limit as apidef
from neutron_lib.api import extensions
class Quota_check_limit(extensions.APIExtensionDescriptor):
api_definition = apidef

15
neutron/extensions/quotasv2.py
View File

@ -131,6 +131,7 @@ class QuotaSetsController(wsgi.Controller):
def update(self, request, id, body=None): def update(self, request, id, body=None):
validate_policy(request.context, "update_quota") validate_policy(request.context, "update_quota")
check_limit = body[self._resource_name].pop('check_limit', False)
if self._update_extended_attributes: if self._update_extended_attributes:
self._update_attributes() self._update_attributes()
try: try:
@ -142,6 +143,20 @@ class QuotaSetsController(wsgi.Controller):
"An exception happened while processing the request " "An exception happened while processing the request "
"body. The exception message is [%s].", e) "body. The exception message is [%s].", e)
raise e raise e
if check_limit:
resources = resource_registry.get_all_resources()
for resource_name, limit in body[self._resource_name].items():
resource_usage = self._driver.get_resource_usage(
request.context, id, resources, resource_name)
if resource_usage > limit:
msg = ('Quota limit %(limit)s for %(resource)s must be '
'greater than or equal to already used '
'%(resource_usage)s' %
{'limit': limit, 'resource': resource_name,
'resource_usage': resource_usage})
raise webob.exc.HTTPBadRequest(msg)
for key, value in body[self._resource_name].items(): for key, value in body[self._resource_name].items():
self._driver.update_quota_limit(request.context, id, key, value) self._driver.update_quota_limit(request.context, id, key, value)
return {self._resource_name: self._get_quotas(request, id)} return {self._resource_name: self._get_quotas(request, id)}

2
neutron/plugins/ml2/plugin.py
View File

@ -46,6 +46,7 @@ from neutron_lib.api.definitions import port_security as psec
from neutron_lib.api.definitions import portbindings from neutron_lib.api.definitions import portbindings
from neutron_lib.api.definitions import portbindings_extended as pbe_ext from neutron_lib.api.definitions import portbindings_extended as pbe_ext
from neutron_lib.api.definitions import provider_net from neutron_lib.api.definitions import provider_net
from neutron_lib.api.definitions import quota_check_limit
from neutron_lib.api.definitions import rbac_address_groups as rbac_ag_apidef from neutron_lib.api.definitions import rbac_address_groups as rbac_ag_apidef
from neutron_lib.api.definitions import rbac_address_scope from neutron_lib.api.definitions import rbac_address_scope
from neutron_lib.api.definitions import rbac_security_groups as rbac_sg_apidef from neutron_lib.api.definitions import rbac_security_groups as rbac_sg_apidef
@ -227,6 +228,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
addrgrp_def.ALIAS, addrgrp_def.ALIAS,
pnap_def.ALIAS, pnap_def.ALIAS,
pdp_def.ALIAS, pdp_def.ALIAS,
quota_check_limit.ALIAS,
] ]
# List of agent types for which all binding_failed ports should try to be # List of agent types for which all binding_failed ports should try to be

18
neutron/tests/unit/extensions/test_quotasv2.py
View File

@ -317,6 +317,24 @@ class QuotaExtensionDbTestCase(QuotaExtensionTestCase):
quota = self.deserialize(res) quota = self.deserialize(res)
self.assertEqual(100, quota['quota']['extra1']) self.assertEqual(100, quota['quota']['extra1'])
@mock.patch.object(driver_nolock.DbQuotaNoLockDriver, 'get_resource_usage')
def test_update_quotas_check_limit(self, mock_get_resource_usage):
tenant_id = 'tenant_id1'
env = {'neutron.context': context.Context('', tenant_id,
is_admin=True)}
quotas = {'quota': {'network': 100, 'check_limit': False}}
res = self.api.put(_get_path('quotas', id=tenant_id, fmt=self.fmt),
self.serialize(quotas), extra_environ=env,
expect_errors=False)
self.assertEqual(200, res.status_int)
quotas = {'quota': {'network': 50, 'check_limit': True}}
mock_get_resource_usage.return_value = 51
res = self.api.put(_get_path('quotas', id=tenant_id, fmt=self.fmt),
self.serialize(quotas), extra_environ=env,
expect_errors=True)
self.assertEqual(400, res.status_int)
def test_delete_quotas_with_admin(self): def test_delete_quotas_with_admin(self):
project_id = 'project_id1' project_id = 'project_id1'
env = {'neutron.context': context.Context('', project_id + '2', env = {'neutron.context': context.Context('', project_id + '2',

2
requirements.txt
View File

@ -16,7 +16,7 @@ Jinja2>=2.10 # BSD License (3 clause)
keystonemiddleware>=5.1.0 # Apache-2.0 keystonemiddleware>=5.1.0 # Apache-2.0
netaddr>=0.7.18 # BSD netaddr>=0.7.18 # BSD
netifaces>=0.10.4 # MIT netifaces>=0.10.4 # MIT
neutron-lib>=2.15.0 # Apache-2.0 neutron-lib>=2.16.0 # Apache-2.0
python-neutronclient>=6.7.0 # Apache-2.0 python-neutronclient>=6.7.0 # Apache-2.0
tenacity>=6.0.0 # Apache-2.0 tenacity>=6.0.0 # Apache-2.0
SQLAlchemy>=1.4.23 # MIT SQLAlchemy>=1.4.23 # MIT