Revert per-user-quotas

See bug 1034384, bug 1037590. This reverts commit 391f345d, but leaves the DB migration in place while adding a further migration to reverse it. The motivation for reversion is that the per-user quota logic would totally undermine the per-project quotas set for a pre-existing openstack install. The per-user quota logic could be re-introduced in a fixed state after Folsom-3. Change-Id: Idd4b55a2404a25f43f6737b661f828c28501066f
openstack · Aug 17, 2012 · 1cf475d · 1cf475d
1 parent 06d1f0d
commit 1cf475d
Show file tree

Hide file tree

Showing 12 changed files with 255 additions and 1,195 deletions.
diff --git a/bin/nova-manage b/bin/nova-manage
@@ -224,10 +224,6 @@ def _db_error(caught_exception):
 class ProjectCommands(object):
     """Class for managing projects."""
 
-    @args('--project', dest="project_id", metavar='<Project name>',
-            help='Project name')
-    @args('--key', dest="key", metavar='<key>', help='Key')
-    @args('--value', dest="value", metavar='<value>', help='Value')
     def quota(self, project_id, key=None, value=None):
         """Set or display quotas for project"""
         ctxt = context.get_admin_context()
@@ -260,52 +256,6 @@ class ProjectCommands(object):
 AccountCommands = ProjectCommands
 
 
-class QuotaCommands(object):
-    """Class for managing quotas."""
-
-    @args('--project', dest="project_id", metavar='<Project name>',
-            help='Project name')
-    @args('--key', dest="key", metavar='<key>', help='Key')
-    @args('--value', dest="value", metavar='<value>', help='Value')
-    def project(self, project_id, key=None, value=None):
-        """Set or display quotas for project"""
-        ctxt = context.get_admin_context()
-        if key:
-            if value.lower() == 'unlimited':
-                value = None
-            try:
-                db.quota_update(ctxt, project_id, key, value)
-            except exception.ProjectQuotaNotFound:
-                db.quota_create(ctxt, project_id, key, value)
-        project_quota = QUOTAS.get_project_quotas(ctxt, project_id)
-        for key, value in project_quota.iteritems():
-            if value['limit'] < 0 or value['limit'] is None:
-                value['limit'] = 'unlimited'
-            print '%s: %s' % (key, value['limit'])
-
-    @args('--user', dest="user_id", metavar='<User name>',
-            help='User name')
-    @args('--project', dest="project_id", metavar='<Project name>',
-            help='Project name')
-    @args('--key', dest="key", metavar='<key>', help='Key')
-    @args('--value', dest="value", metavar='<value>', help='Value')
-    def user(self, user_id, project_id, key=None, value=None):
-        """Set or display quotas for user"""
-        ctxt = context.get_admin_context()
-        if key:
-            if value.lower() == 'unlimited':
-                value = None
-            try:
-                db.quota_update_for_user(ctxt, user_id, project_id, key, value)
-            except exception.UserQuotaNotFound:
-                db.quota_create_for_user(ctxt, user_id, project_id, key, value)
-        user_quota = QUOTAS.get_user_quotas(ctxt, user_id, project_id)
-        for key, value in user_quota.iteritems():
-            if value['limit'] < 0 or value['limit'] is None:
-                value['limit'] = 'unlimited'
-            print '%s: %s' % (key, value['limit'])
-
-
 class FixedIpCommands(object):
     """Class for managing fixed ip."""
 
@@ -1364,7 +1314,6 @@ CATEGORIES = [
     ('logs', GetLogCommands),
     ('network', NetworkCommands),
     ('project', ProjectCommands),
-    ('quota', QuotaCommands),
     ('service', ServiceCommands),
     ('shell', ShellCommands),
     ('sm', StorageManagerCommands),

diff --git a/etc/nova/policy.json b/etc/nova/policy.json
@@ -1,6 +1,5 @@
 {
     "admin_or_owner":  [["role:admin"], ["project_id:%(project_id)s"]],
-    "admin_or_projectadmin": [["role:projectadmin"], ["role:admin"]],
     "default": [["rule:admin_or_owner"]],
 
 
@@ -49,8 +48,7 @@
     "compute_extension:networks": [["rule:admin_api"]],
     "compute_extension:networks:view": [],
     "compute_extension:quotas:show": [],
-    "compute_extension:quotas:update_for_project": [["rule:admin_api"]],
-    "compute_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]],
+    "compute_extension:quotas:update": [["rule:admin_api"]],
     "compute_extension:quota_classes": [],
     "compute_extension:rescue": [],
     "compute_extension:security_groups": [],

diff --git a/nova/api/openstack/compute/contrib/quotas.py b/nova/api/openstack/compute/contrib/quotas.py
@@ -15,7 +15,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import urlparse
 import webob
 
 from nova.api.openstack import extensions
@@ -25,15 +24,13 @@
 from nova.db.sqlalchemy import api as sqlalchemy_api
 from nova import exception
 from nova import quota
-from nova import utils
 
 
 QUOTAS = quota.QUOTAS
 
 
-def authorize_action(context, action_name):
-    action = 'quotas:%s' % action_name
-    extensions.extension_authorizer('compute', action)(context)
+authorize_update = extensions.extension_authorizer('compute', 'quotas:update')
+authorize_show = extensions.extension_authorizer('compute', 'quotas:show')
 
 
 class QuotaTemplate(xmlutil.TemplateBuilder):
@@ -60,102 +57,51 @@ def _format_quota_set(self, project_id, quota_set):
 
         return dict(quota_set=result)
 
-    def _validate_quota_limit(self, limit, remain, quota):
+    def _validate_quota_limit(self, limit):
         # NOTE: -1 is a flag value for unlimited
         if limit < -1:
             msg = _("Quota limit must be -1 or greater.")
             raise webob.exc.HTTPBadRequest(explanation=msg)
 
-        # Quota limit must be less than the remains of the project.
-        if remain != -1 and remain < limit - quota:
-            msg = _("Quota limit exceed the remains of the project.")
-            raise webob.exc.HTTPBadRequest(explanation=msg)
-
-    def _get_quotas(self, context, id, user_id=None, remaining=False,
-                    usages=False):
-        # Get the remaining quotas for a project.
-        if remaining:
-            values = QUOTAS.get_remaining_quotas(context, id)
-            return values
-
-        if user_id:
-            # If user_id, return quotas for the given user.
-            values = QUOTAS.get_user_quotas(context, user_id, id,
-                                            usages=usages)
-        else:
-            values = QUOTAS.get_project_quotas(context, id, usages=usages)
+    def _get_quotas(self, context, id, usages=False):
+        values = QUOTAS.get_project_quotas(context, id, usages=usages)
 
         if usages:
             return values
         else:
             return dict((k, v['limit']) for k, v in values.items())
 
-    def _request_params(self, req):
-        qs = req.environ.get('QUERY_STRING', '')
-        return urlparse.parse_qs(qs)
-
     @wsgi.serializers(xml=QuotaTemplate)
     def show(self, req, id):
         context = req.environ['nova.context']
-        authorize_action(context, 'show')
-        params = self._request_params(req)
-        remaining = False
-        if 'remaining' in params:
-            remaining = utils.bool_from_str(params["remaining"][0])
-        user_id = None
-        if 'user_id' in params:
-            user_id = params["user_id"][0]
+        authorize_show(context)
         try:
             sqlalchemy_api.authorize_project_context(context, id)
-            return self._format_quota_set(id,
-                        self._get_quotas(context, id, user_id, remaining))
+            return self._format_quota_set(id, self._get_quotas(context, id))
         except exception.NotAuthorized:
             raise webob.exc.HTTPForbidden()
 
     @wsgi.serializers(xml=QuotaTemplate)
     def update(self, req, id, body):
         context = req.environ['nova.context']
-        params = self._request_params(req)
+        authorize_update(context)
         project_id = id
-        user_id = None
-        remains = {}
-        quotas = {}
-        if 'user_id' in params:
-            # Project admins are able to modify per-user quotas.
-            authorize_action(context, 'update_for_user')
-            user_id = params["user_id"][0]
-            remains = self._get_quotas(context, project_id, remaining=True)
-            quotas = db.quota_get_all_by_user(context, user_id, project_id)
-        else:
-            # Only admins are able to modify per-project quotas.
-            authorize_action(context, 'update_for_project')
-
         for key in body['quota_set'].keys():
             if key in QUOTAS:
                 value = int(body['quota_set'][key])
+                self._validate_quota_limit(value)
                 try:
-                    if user_id:
-                        self._validate_quota_limit(value, remains.get(key, 0),
-                                                   quotas.get(key, 0))
-                        db.quota_update_for_user(context, user_id,
-                                                 project_id, key, value)
-                    else:
-                        self._validate_quota_limit(value, remains.get(key, -1),
-                                                   quotas.get(key, 0))
-                        db.quota_update(context, project_id, key, value)
+                    db.quota_update(context, project_id, key, value)
                 except exception.ProjectQuotaNotFound:
                     db.quota_create(context, project_id, key, value)
-                except exception.UserQuotaNotFound:
-                    db.quota_create_for_user(context, user_id,
-                                             project_id, key, value)
                 except exception.AdminRequired:
                     raise webob.exc.HTTPForbidden()
-        return {'quota_set': self._get_quotas(context, id, user_id)}
+        return {'quota_set': self._get_quotas(context, id)}
 
     @wsgi.serializers(xml=QuotaTemplate)
     def defaults(self, req, id):
         context = req.environ['nova.context']
-        authorize_action(context, 'show')
+        authorize_show(context)
         return self._format_quota_set(id, QUOTAS.get_defaults(context))
 
 

diff --git a/nova/api/openstack/compute/limits.py b/nova/api/openstack/compute/limits.py
@@ -23,7 +23,6 @@
 import math
 import re
 import time
-import urlparse
 
 import webob.dec
 import webob.exc
@@ -86,18 +85,8 @@ def index(self, req):
         Return all global and rate limit information.
         """
         context = req.environ['nova.context']
-        qs = req.environ.get('QUERY_STRING', '')
-        params = urlparse.parse_qs(qs)
-        if 'user_id' in params:
-            user_id = params["user_id"][0]
-            quotas = QUOTAS.get_user_quotas(context, user_id,
-                                            context.project_id,
-                                            usages=False)
-        else:
-            quotas = QUOTAS.get_project_quotas(context,
-                                               context.project_id,
-                                               usages=False)
-
+        quotas = QUOTAS.get_project_quotas(context, context.project_id,
+                                           usages=False)
         abs_limits = dict((k, v['limit']) for k, v in quotas.items())
         rate_limits = req.environ.get("nova.limits", [])