Merge "Add Octavia Quota Resource for lbaas quota parameters"

2020-03-12 04:12:46 +00:00 · 2020-03-12 04:12:46 +00:00 · d8354d908e
commit d8354d908e
parent dd29c9508c bbb899a4f5
4 changed files with 297 additions and 0 deletions
--- a/heat/engine/resources/openstack/octavia/quota.py
+++ b/heat/engine/resources/openstack/octavia/quota.py
@ -0,0 +1,150 @@
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from heat.common import exception
+from heat.common.i18n import _
+from heat.engine import constraints
+from heat.engine import properties
+from heat.engine import resource
+from heat.engine import support
+from heat.engine import translation
+
+
+class OctaviaQuota(resource.Resource):
+    """A resource for creating Octavia quotas.
+
+    Ocatavia Quota is used to manage operational limits for Octavia. Currently,
+    this resource can manage Octavia's quotas for:
+
+        - healthmonitor
+        - listener
+        - loadbalancer
+        - pool
+        - member
+
+    Note that default octavia security policy usage of this resource
+    is limited to being used by administrators only. Administrators should be
+    careful to create only one Octavia Quota resource per project, otherwise
+    it will be hard for them to manage the quota properly.
+    """
+
+    support_status = support.SupportStatus(version='14.0.0')
+
+    default_client_name = 'octavia'
+
+    entity = 'quotas'
+
+    PROPERTIES = (
+        PROJECT, HEALTHMONITOR, LISTENER, LOADBALANCER,
+        POOL, MEMBER
+    ) = (
+        'project', 'healthmonitor', 'listener', 'loadbalancer',
+        'pool', 'member'
+    )
+
+    properties_schema = {
+        PROJECT: properties.Schema(
+            properties.Schema.STRING,
+            _('Name or id of the project to set the quota for.'),
+            required=True,
+            constraints=[
+                constraints.CustomConstraint('keystone.project')
+            ]
+        ),
+        HEALTHMONITOR: properties.Schema(
+            properties.Schema.INTEGER,
+            _('Quota for the number of healthmonitors. '
+              'Setting the value to -1 removes the limit.'),
+            constraints=[
+                constraints.Range(min=-1),
+            ],
+            update_allowed=True
+        ),
+        LISTENER: properties.Schema(
+            properties.Schema.INTEGER,
+            _('Quota for the number of listeners. '
+              'Setting the value to -1 removes the limit.'),
+            constraints=[
+                constraints.Range(min=-1),
+            ],
+            update_allowed=True
+        ),
+        LOADBALANCER: properties.Schema(
+            properties.Schema.INTEGER,
+            _('Quota for the number of load balancers. '
+              'Setting the value to -1 removes the limit.'),
+            constraints=[
+                constraints.Range(min=-1),
+            ],
+            update_allowed=True
+        ),
+        POOL: properties.Schema(
+            properties.Schema.INTEGER,
+            _('Quota for the number of pools. '
+              'Setting the value to -1 removes the limit.'),
+            constraints=[
+                constraints.Range(min=-1),
+            ],
+            update_allowed=True
+        ),
+        MEMBER: properties.Schema(
+            properties.Schema.INTEGER,
+            _('Quota for the number of m. '
+              'Setting the value to -1 removes the limit.'),
+            constraints=[
+                constraints.Range(min=-1),
+            ],
+            update_allowed=True
+        ),
+    }
+
+    def translation_rules(self, props):
+        return [
+            translation.TranslationRule(
+                props,
+                translation.TranslationRule.RESOLVE,
+                [self.PROJECT],
+                client_plugin=self.client_plugin('keystone'),
+                finder='get_project_id')
+        ]
+
+    def handle_create(self):
+        self._set_quota()
+        self.resource_id_set(self.physical_resource_name())
+
+    def handle_update(self, json_snippet, tmpl_diff, prop_diff):
+        self._set_quota(json_snippet.properties(self.properties_schema,
+                                                self.context))
+
+    def _set_quota(self, props=None):
+        if props is None:
+            props = self.properties
+
+        kwargs = dict((k, v) for k, v in props.items()
+                      if k != self.PROJECT and v is not None)
+        self.client().quotas.update(props.get(self.PROJECT), **kwargs)
+
+    def handle_delete(self):
+        self.client().quotas.delete(self.properties[self.PROJECT])
+
+    def validate(self):
+        super(OctaviaQuota, self).validate()
+        if sum(1 for p in self.properties.values() if p is not None) <= 1:
+            raise exception.PropertyUnspecifiedError(
+                *sorted(set(self.PROPERTIES) - {self.PROJECT}))
+
+
+def resource_mapping():
+    return {
+        'OS::Octavia::Quota': OctaviaQuota
+    }
--- a/heat/policies/resource_types.py
+++ b/heat/policies/resource_types.py
@ -35,6 +35,9 @@ resource_types_policies = [
    policy.RuleDefault(
        name=POLICY_ROOT % 'OS::Nova::Quota',
        check_str=base.RULE_PROJECT_ADMIN),
+    policy.RuleDefault(
+        name=POLICY_ROOT % 'OS::Octavia::Quota',
+        check_str=base.RULE_PROJECT_ADMIN),
    policy.RuleDefault(
        name=POLICY_ROOT % 'OS::Manila::ShareType',
        check_str=base.RULE_PROJECT_ADMIN),
--- a/heat/tests/openstack/octavia/test_quota.py
+++ b/heat/tests/openstack/octavia/test_quota.py
@ -0,0 +1,140 @@
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+import mock
+import six
+
+from heat.common import exception
+from heat.common import template_format
+from heat.engine.clients.os import keystone as k_plugin
+from heat.engine import rsrc_defn
+from heat.engine import stack as parser
+from heat.engine import template
+from heat.tests import common
+from heat.tests import utils
+
+quota_template = '''
+heat_template_version: newton
+
+description: Sample octavia quota heat template
+
+resources:
+  my_quota:
+    type: OS::Octavia::Quota
+    properties:
+      project: demo
+      healthmonitor: 5
+      listener: 5
+      loadbalancer: 5
+      pool: 5
+      member: 5
+'''
+
+valid_properties = [
+    'healthmonitor', 'listener', 'loadbalancer', 'pool', 'member'
+]
+
+
+class OcataQuotaTest(common.HeatTestCase):
+    def setUp(self):
+        super(OcataQuotaTest, self).setUp()
+
+        self.ctx = utils.dummy_context()
+        self.patchobject(k_plugin.KeystoneClientPlugin, 'get_project_id',
+                         return_value='some_project_id')
+        tpl = template_format.parse(quota_template)
+        self.stack = parser.Stack(
+            self.ctx, 'ocata_quota_test_stack',
+            template.Template(tpl)
+        )
+
+        self.my_quota = self.stack['my_quota']
+        ocata = mock.MagicMock()
+        self.ocataclient = mock.MagicMock()
+        self.my_quota.client = ocata
+        ocata.return_value = self.ocataclient
+        self.quotas = self.ocataclient.quotas
+        self.quota_set = mock.MagicMock()
+        self.quotas.update.return_value = self.quota_set
+        self.quotas.delete.return_value = self.quota_set
+
+    def _test_validate(self, resource, error_msg):
+        exc = self.assertRaises(exception.StackValidationFailed,
+                                resource.validate)
+        self.assertIn(error_msg, six.text_type(exc))
+
+    def _test_invalid_property(self, prop_name):
+        my_quota = self.stack['my_quota']
+        props = self.stack.t.t['resources']['my_quota']['properties'].copy()
+        props[prop_name] = -2
+        my_quota.t = my_quota.t.freeze(properties=props)
+        my_quota.reparse()
+        error_msg = ('Property error: resources.my_quota.properties.%s:'
+                     ' -2 is out of range (min: -1, max: None)' % prop_name)
+        self._test_validate(my_quota, error_msg)
+
+    def test_invalid_properties(self):
+        for prop in valid_properties:
+            self._test_invalid_property(prop)
+
+    def test_miss_all_quotas(self):
+        my_quota = self.stack['my_quota']
+        props = self.stack.t.t['resources']['my_quota']['properties'].copy()
+        for key in valid_properties:
+            if key in props:
+                del props[key]
+        my_quota.t = my_quota.t.freeze(properties=props)
+        my_quota.reparse()
+        msg = ('At least one of the following properties must be specified: '
+               'healthmonitor, listener, loadbalancer, member, pool.')
+        self.assertRaisesRegex(exception.PropertyUnspecifiedError, msg,
+                               my_quota.validate)
+
+    def test_quota_handle_create(self):
+        self.my_quota.physical_resource_name = mock.MagicMock(
+            return_value='some_resource_id')
+        self.my_quota.reparse()
+        self.my_quota.handle_create()
+        self.quotas.update.assert_called_once_with(
+            'some_project_id',
+            healthmonitor=5,
+            listener=5,
+            loadbalancer=5,
+            pool=5,
+            member=5
+        )
+        self.assertEqual('some_resource_id', self.my_quota.resource_id)
+
+    def test_quota_handle_update(self):
+        tmpl_diff = mock.MagicMock()
+        prop_diff = mock.MagicMock()
+        props = {'project': 'some_project_id', 'pool': 1, 'member': 2,
+                 'listener': 3, 'loadbalancer': 4, 'healthmonitor': 2}
+        json_snippet = rsrc_defn.ResourceDefinition(
+            self.my_quota.name,
+            'OS::Octavia::Quota',
+            properties=props)
+        self.my_quota.reparse()
+        self.my_quota.handle_update(json_snippet, tmpl_diff, prop_diff)
+        self.quotas.update.assert_called_once_with(
+            'some_project_id',
+            pool=1,
+            member=2,
+            listener=3,
+            loadbalancer=4,
+            healthmonitor=2
+        )
+
+    def test_quota_handle_delete(self):
+        self.my_quota.reparse()
+        self.my_quota.handle_delete()
+        self.quotas.delete.assert_called_once_with('some_project_id')
--- a/releasenotes/notes/octavia-quota-resource-52c1ea86f16d9513.yaml
+++ b/releasenotes/notes/octavia-quota-resource-52c1ea86f16d9513.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - New resource ``OS::Octavia::Quota`` is added to enable an admin to manage
+    Octavia service quotas for a specific project.