Merge "Add Octavia Quota Resource for lbaas quota parameters"

This commit is contained in:
Zuul 2020-03-12 04:12:46 +00:00 committed by Gerrit Code Review
commit d8354d908e
4 changed files with 297 additions and 0 deletions

View File

@ -0,0 +1,150 @@
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from heat.common import exception
from heat.common.i18n import _
from heat.engine import constraints
from heat.engine import properties
from heat.engine import resource
from heat.engine import support
from heat.engine import translation
class OctaviaQuota(resource.Resource):
"""A resource for creating Octavia quotas.
Ocatavia Quota is used to manage operational limits for Octavia. Currently,
this resource can manage Octavia's quotas for:
- healthmonitor
- listener
- loadbalancer
- pool
- member
Note that default octavia security policy usage of this resource
is limited to being used by administrators only. Administrators should be
careful to create only one Octavia Quota resource per project, otherwise
it will be hard for them to manage the quota properly.
"""
support_status = support.SupportStatus(version='14.0.0')
default_client_name = 'octavia'
entity = 'quotas'
PROPERTIES = (
PROJECT, HEALTHMONITOR, LISTENER, LOADBALANCER,
POOL, MEMBER
) = (
'project', 'healthmonitor', 'listener', 'loadbalancer',
'pool', 'member'
)
properties_schema = {
PROJECT: properties.Schema(
properties.Schema.STRING,
_('Name or id of the project to set the quota for.'),
required=True,
constraints=[
constraints.CustomConstraint('keystone.project')
]
),
HEALTHMONITOR: properties.Schema(
properties.Schema.INTEGER,
_('Quota for the number of healthmonitors. '
'Setting the value to -1 removes the limit.'),
constraints=[
constraints.Range(min=-1),
],
update_allowed=True
),
LISTENER: properties.Schema(
properties.Schema.INTEGER,
_('Quota for the number of listeners. '
'Setting the value to -1 removes the limit.'),
constraints=[
constraints.Range(min=-1),
],
update_allowed=True
),
LOADBALANCER: properties.Schema(
properties.Schema.INTEGER,
_('Quota for the number of load balancers. '
'Setting the value to -1 removes the limit.'),
constraints=[
constraints.Range(min=-1),
],
update_allowed=True
),
POOL: properties.Schema(
properties.Schema.INTEGER,
_('Quota for the number of pools. '
'Setting the value to -1 removes the limit.'),
constraints=[
constraints.Range(min=-1),
],
update_allowed=True
),
MEMBER: properties.Schema(
properties.Schema.INTEGER,
_('Quota for the number of m. '
'Setting the value to -1 removes the limit.'),
constraints=[
constraints.Range(min=-1),
],
update_allowed=True
),
}
def translation_rules(self, props):
return [
translation.TranslationRule(
props,
translation.TranslationRule.RESOLVE,
[self.PROJECT],
client_plugin=self.client_plugin('keystone'),
finder='get_project_id')
]
def handle_create(self):
self._set_quota()
self.resource_id_set(self.physical_resource_name())
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
self._set_quota(json_snippet.properties(self.properties_schema,
self.context))
def _set_quota(self, props=None):
if props is None:
props = self.properties
kwargs = dict((k, v) for k, v in props.items()
if k != self.PROJECT and v is not None)
self.client().quotas.update(props.get(self.PROJECT), **kwargs)
def handle_delete(self):
self.client().quotas.delete(self.properties[self.PROJECT])
def validate(self):
super(OctaviaQuota, self).validate()
if sum(1 for p in self.properties.values() if p is not None) <= 1:
raise exception.PropertyUnspecifiedError(
*sorted(set(self.PROPERTIES) - {self.PROJECT}))
def resource_mapping():
return {
'OS::Octavia::Quota': OctaviaQuota
}

View File

@ -35,6 +35,9 @@ resource_types_policies = [
policy.RuleDefault(
name=POLICY_ROOT % 'OS::Nova::Quota',
check_str=base.RULE_PROJECT_ADMIN),
policy.RuleDefault(
name=POLICY_ROOT % 'OS::Octavia::Quota',
check_str=base.RULE_PROJECT_ADMIN),
policy.RuleDefault(
name=POLICY_ROOT % 'OS::Manila::ShareType',
check_str=base.RULE_PROJECT_ADMIN),

View File

@ -0,0 +1,140 @@
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
import six
from heat.common import exception
from heat.common import template_format
from heat.engine.clients.os import keystone as k_plugin
from heat.engine import rsrc_defn
from heat.engine import stack as parser
from heat.engine import template
from heat.tests import common
from heat.tests import utils
quota_template = '''
heat_template_version: newton
description: Sample octavia quota heat template
resources:
my_quota:
type: OS::Octavia::Quota
properties:
project: demo
healthmonitor: 5
listener: 5
loadbalancer: 5
pool: 5
member: 5
'''
valid_properties = [
'healthmonitor', 'listener', 'loadbalancer', 'pool', 'member'
]
class OcataQuotaTest(common.HeatTestCase):
def setUp(self):
super(OcataQuotaTest, self).setUp()
self.ctx = utils.dummy_context()
self.patchobject(k_plugin.KeystoneClientPlugin, 'get_project_id',
return_value='some_project_id')
tpl = template_format.parse(quota_template)
self.stack = parser.Stack(
self.ctx, 'ocata_quota_test_stack',
template.Template(tpl)
)
self.my_quota = self.stack['my_quota']
ocata = mock.MagicMock()
self.ocataclient = mock.MagicMock()
self.my_quota.client = ocata
ocata.return_value = self.ocataclient
self.quotas = self.ocataclient.quotas
self.quota_set = mock.MagicMock()
self.quotas.update.return_value = self.quota_set
self.quotas.delete.return_value = self.quota_set
def _test_validate(self, resource, error_msg):
exc = self.assertRaises(exception.StackValidationFailed,
resource.validate)
self.assertIn(error_msg, six.text_type(exc))
def _test_invalid_property(self, prop_name):
my_quota = self.stack['my_quota']
props = self.stack.t.t['resources']['my_quota']['properties'].copy()
props[prop_name] = -2
my_quota.t = my_quota.t.freeze(properties=props)
my_quota.reparse()
error_msg = ('Property error: resources.my_quota.properties.%s:'
' -2 is out of range (min: -1, max: None)' % prop_name)
self._test_validate(my_quota, error_msg)
def test_invalid_properties(self):
for prop in valid_properties:
self._test_invalid_property(prop)
def test_miss_all_quotas(self):
my_quota = self.stack['my_quota']
props = self.stack.t.t['resources']['my_quota']['properties'].copy()
for key in valid_properties:
if key in props:
del props[key]
my_quota.t = my_quota.t.freeze(properties=props)
my_quota.reparse()
msg = ('At least one of the following properties must be specified: '
'healthmonitor, listener, loadbalancer, member, pool.')
self.assertRaisesRegex(exception.PropertyUnspecifiedError, msg,
my_quota.validate)
def test_quota_handle_create(self):
self.my_quota.physical_resource_name = mock.MagicMock(
return_value='some_resource_id')
self.my_quota.reparse()
self.my_quota.handle_create()
self.quotas.update.assert_called_once_with(
'some_project_id',
healthmonitor=5,
listener=5,
loadbalancer=5,
pool=5,
member=5
)
self.assertEqual('some_resource_id', self.my_quota.resource_id)
def test_quota_handle_update(self):
tmpl_diff = mock.MagicMock()
prop_diff = mock.MagicMock()
props = {'project': 'some_project_id', 'pool': 1, 'member': 2,
'listener': 3, 'loadbalancer': 4, 'healthmonitor': 2}
json_snippet = rsrc_defn.ResourceDefinition(
self.my_quota.name,
'OS::Octavia::Quota',
properties=props)
self.my_quota.reparse()
self.my_quota.handle_update(json_snippet, tmpl_diff, prop_diff)
self.quotas.update.assert_called_once_with(
'some_project_id',
pool=1,
member=2,
listener=3,
loadbalancer=4,
healthmonitor=2
)
def test_quota_handle_delete(self):
self.my_quota.reparse()
self.my_quota.handle_delete()
self.quotas.delete.assert_called_once_with('some_project_id')

View File

@ -0,0 +1,4 @@
---
features:
- New resource ``OS::Octavia::Quota`` is added to enable an admin to manage
Octavia service quotas for a specific project.