Check against sucurity group rules in all groups while checking for q…

…uota Change-Id: If654d928dfecdbc4ab3464777cb9e4cba17b7333 Closes-Bug: 1365463
Juniper · Sep 22, 2014 · 0b0f714 · 0b0f714
1 parent 7be07b2
commit 0b0f714
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/src/config/api-server/vnc_cfg_types.py b/src/config/api-server/vnc_cfg_types.py
@@ -889,12 +889,21 @@ def http_put(cls, id, fq_name, obj_dict, db_conn):
         if not ok:
             return (False, (500, 'Bad Project error : ' + pformat(proj_dict)))
 
-        obj_type = 'security-group-rule'
         if 'security_group_entries' in obj_dict:
-            quota_count = len(obj_dict['security_group_entries']['policy_rule'])
+            rule_count = len(obj_dict['security_group_entries']['policy_rule'])
+            obj_type = 'security-group-rule'
+            for sg in proj_dict.get('security_groups', []):
+                if sg['uuid'] == sec_dict['uuid']:
+                    continue
+                ok, sg_dict = db_conn.dbe_read('security-group', sg)
+                if not ok:
+                    continue
+                sge = sg_dict.get('security_group_entries', {})
+                rule_count += len(sge.get('policy_rule', []))
+
             if sec_dict['id_perms'].get('user_visible', True) is not False:
                 (ok, quota_limit) = QuotaHelper.check_quota_limit(proj_dict, obj_type,
-                                                                  quota_count)
+                                                                  rule_count-1)
                 if not ok:
                     return (False, (403, pformat(fq_name) + ' : ' + quota_limit))