From: Salvatore Orlando Date: Mon, 12 Oct 2015 22:47:03 +0000 (-0700) Subject: Scope get_tenant_quotas by tenant_id X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=24b482ac15b5fa99edd2c3438318a41f9af06bcf;p=openstack-build%2Fneutron-build.git Scope get_tenant_quotas by tenant_id Using model_query in the operation for retrieving tenant limits will spare the need for explicit authorization check in the quota controller. This is particularly relevant for the pecan framework where every Neutron API call undergoes authZ checks in the same pecan hook. This patch will automatically adapt by eventuals changes introducing "un-scoped" contexts. Closes-bug: #1505406 Change-Id: I6952f5c85cd7fb0263789f768d23de3fe80b8183 --- diff --git a/neutron/db/quota/driver.py b/neutron/db/quota/driver.py index f61b1ada6..832916647 100644 --- a/neutron/db/quota/driver.py +++ b/neutron/db/quota/driver.py @@ -18,6 +18,7 @@ from oslo_log import log from neutron.common import exceptions from neutron.db import api as db_api +from neutron.db import common_db_mixin as common_db from neutron.db.quota import api as quota_api from neutron.db.quota import models as quota_models @@ -34,7 +35,8 @@ class DbQuotaDriver(object): @staticmethod def get_tenant_quotas(context, resources, tenant_id): """Given a list of resources, retrieve the quotas for the given - tenant. + tenant. If no limits are found for the specified tenant, the operation + returns the default limits. :param context: The request context, for access checks. :param resources: A dictionary of the registered resource keys. @@ -47,7 +49,7 @@ class DbQuotaDriver(object): for key, resource in resources.items()) # update with tenant specific limits - q_qry = context.session.query(quota_models.Quota).filter_by( + q_qry = common_db.model_query(context, quota_models.Quota).filter_by( tenant_id=tenant_id) for item in q_qry: tenant_quota[item['resource']] = item['limit'] diff --git a/neutron/tests/unit/db/quota/test_driver.py b/neutron/tests/unit/db/quota/test_driver.py index dafee362a..c50533117 100644 --- a/neutron/tests/unit/db/quota/test_driver.py +++ b/neutron/tests/unit/db/quota/test_driver.py @@ -74,6 +74,21 @@ class TestDbQuotaDriver(testlib_api.SqlTestCase): quotas = self.plugin.get_tenant_quotas(self.context, defaults, PROJECT) self.assertEqual(4, quotas[RESOURCE]) + def test_get_tenant_quotas(self): + user_ctx = context.Context(user_id=PROJECT, tenant_id=PROJECT) + self.plugin.update_quota_limit(self.context, PROJECT, RESOURCE, 2) + quotas = self.plugin.get_tenant_quotas(user_ctx, {}, PROJECT) + self.assertEqual(2, quotas[RESOURCE]) + + def test_get_tenant_quotas_different_tenant(self): + user_ctx = context.Context(user_id=PROJECT, + tenant_id='another_project') + self.plugin.update_quota_limit(self.context, PROJECT, RESOURCE, 2) + # It is appropriate to use assertFalse here as the expected return + # value is an empty dict (the defaults passed in the statement below + # after the request context) + self.assertFalse(self.plugin.get_tenant_quotas(user_ctx, {}, PROJECT)) + def test_get_all_quotas(self): project_1 = 'prj_test_1' project_2 = 'prj_test_2'