Previously, updating the quota value for instance on a project that
the user was not currently scoped to would validate the new quota
value by comparing with the usage of the currently scoped project.
The cause of this error was an incorrect use of the server list
parameters.
According to the comment in nova source:
d43d1d6734/nova/api/openstack/compute/servers.py (L277-L280)
and the comments in this bug:
https://bugs.launchpad.net/nova/+bug/1185290
indicate that the tenant_id or project_id flag cannot be used without
the --all-tenants flag.
The fix involves passing the --all-tenants flag when querying instance usage
for any project the user is not currently scoped to. It also removes the
passing of the tenant_id flag when querying the current project.
Tests were also updated to match the new behavior by not passing the
tenant_id to the API call to list servers where the target project is
the currently scoped project.
Change-Id: Iee06bc1c8ccd50f595f4cb274f956c13495c8494
Closes-Bug: #1713724
Ports has quota management in a project, if quota is exceeded,
will create failure and API returns
"Recoverable error: Quota exceeded for resources: ['port']".
So, it should be like creating a network and subnet to
perform quota checks on ports, and if the quota is exceeded,
add text descriptions to the create port button and disable it.
Change-Id: I31bd8f93c312179b86115544ba0fadc9a9ffec63
Closes-Bug:#1712556
Nova and cinder quotas data does not contain networks, subnets, and
routers. So, some judgments are not necessary when getting the neutron
quota.
Change-Id: Icad9fdf34199942a976def23905d586739ef25df
During executing tenant_limit_usages quotas function we get
information about cinder volumes/snapshots/gigabites usage
that we've already had after tenant_absolute_limits call.
Getting this information we make more api calls that slow down
our application.
This patch fixes this issue.
Closes-Bug: #1703584
Change-Id: Ia6d2dbb8f18ce93f71668d6ebd2689b851586ca9
This patch changes type of 'targets' input parameter in
tenant_quota_usages function from list -> tuple. It provides
possibility for @memoized decorator to cache function calls.
Change-Id: I3c32c3b65ae91e8487fda6148f259fe1931d7c9f
Closes-Bug: #1700578
tenant_quota_usage() is used to retrieve quota and usage
to determine if a resource can be created.
However, tenant_quota_usage retrieves quota and usage for
all resources and it can be a performance problem.
This commit allows to load quota and usage only for resources
which are actually required.
Closes-Bug: #1675504
Change-Id: Iab7322a337a451a1a040cc2f4b55cc319b1ffc4c
We no longer need to have SG and FIP API wrapper in api.network
as we only supports a single network back-end.
Completes blueprint drop-nova-network
Change-Id: I4e59d897508b497a3cd2ae2fda93b30b786610dc
Previously _get_tenant_(compute|network|volume)_usage are callled
regardless of resources are listed in enabled_quotas.
This commit retrives usage information only for resources listed
in eanbled_quotas.
floating_ips and security_groups were returned even when
they are included in disabled_quotas. They are not needed
and they are cleanup in this commit.
All (*_)QUOTA_FILEDS were previously a list but it is always used
after converting into a set, so this commit changes (*_)QUOTA_FIELDS
into a set in the initial definitions.
This is a preparation for fix of bug 1675504
Partial-Bug: #1675504
Change-Id: I41cdabde477d87aa8b35d1c908e18a69454286c3
When retrieving resource usage, the current code calls subnet_list
twice for shared=False/True, but 'shared' attribute of subnet is
not defined in the Networking API and actually there is no need to
use it (even though it works as expected accidentally).
What we need here is to specify tenant_id as a query parameter
with a single API to limit the scope to a given project.
The same way can be used for network_list() and router_list() calls
and it is more efficient. By doing so, we now need only one
network_list() call.
Change-Id: I40d61ed9cbae4b083e4f3cec9caa269e92daf306
Closes-Bug: #1663170
attribute-level imports are not checked by hacking module now.
most noqa is used to disable warnings on attribute-level imports.
This commit drops noqa for this purpose.
After this, there are only 3 noqa under openstack_dashboard/ :)
Change-Id: I4a449802f5dbd6e44e4b8b5c378a555d47d9a99f
There was an extra variable for the so called "missing"
quotas since 2013. This patch merges them with the
normal nova quotas, cleans up the tests, removes any
usage of that special var and as a side effect, adds
the missing keys to the project quota update page.
Change-Id: Icaac1ebb1749e13fdfc307e89dcc6bbd64bef922
Closes-Bug: 1655393
Since Horizon is going to be the first (or, one of the first)
OpenStack component using the new MongoDB driver, it won't be able to
retrieve traces made by other components using MongoDB driver (which
it should use because Ceilometer driver was too slow) for a
while. This means that Horizon itself is responsible for tracing the
rendering of its pages down to the layer where the flow of control
leaves Horizon domain. So, a lot of api wrappers in
openstack_dashboard.api are augmented with tracing decorator to
achieve this goal.
Co-Authored-By: Timur Sufiev <tsufiev@mirantis.com>
Implements-blueprint: openstack-profiler-at-developer-dashboard
Change-Id: Ib36692f0e9e68ed7fa0cd47919ba6581c9c8ab57
Currently Horizon unable to change quotas if routers extension is
disabled, fix this by adding router and floatingip quotas to
disabled_quotas when router extension is disabled.
Change-Id: I14d8a6e2e439ab48b62ce64c88ebb4643d11e49f
Closes-bug: #1457598
I don't really know what this was meant to do, but what it actually
does doesn't make any sense -- when checking a quota for project
'foo' we really don't care about how many instances are used
in the entire cloud, only in project 'foo'.
Until Liberty, the all_tenant flag was broken in the nova
api, which probably explains why this was harmless until
Liberty.
Change-Id: I9e12c10951e7518ab1c622a4daac962bad332da5
Closes-Bug: #1610693
Removing the usage of calling dynamic methods within the
quotas code. This makes it difficult to support and see
who is calling what code.
Change-Id: Ie2c6be3233dd2cff16eb2271e2ac3f4b04d6e2b5
Implements: blueprint make-quotas-great-again
When calculating the used volume storage value to compare against
"Total Size of Volumes and Snapshots", only the size of volumes
was being used while volume snapshots were ignored. This allows a
user to update the "Total Size of Volumes and Snapshots" quota to
a value that is below what was currently being used without the
expected error.
This patch updates _get_tenant_volume_usages to use both volumes
and volume snapshots. It also updates a test to reflect the correct
"used" value.
Change-Id: Ifb2586b048edbabfe9740a5c72b7abfbcf12576d
Closes-Bug: #1611027
Adds conditional block to nova quotas to exclude them if nova is not
enabled; adds 'permission' checks to the project overview and
access_and_security panels to only enable them if compute is enabled;
adds permission checks on compute and image to the admin overview
and metadef panels; disables 'modify quota' and 'view usage' project
actions; disables 'update defaults' if there are no quotas available.
The 'access and security' panel still appears (under Compute) but
tabs other than the keystone endpoint and RC download tab are hidden.
Closes-Bug: #1580116
Change-Id: I1b2ddee0395ad9f55692111604b31618c4eaf69e
Since Nova doesn't currently provide an API call to indicate whether
its quotas are disabled, we could use a parameter named
'enable_quotas' within 'OPENSTACK_HYPERVISOR_FEATURES' setting for
this purpose. This allows to avoid errors while trying to update
quotas which are disabled on service side. Also make disabled_quotas
collection to be a set instead of a list - this removes duplicate
fields that appear due to some possible quota overlaps between Nova
and Neutron.
Also, since we dropped out python2.6 support fancy set literals and
dict comprehensions can be used.
Co-Authored-By: Paul Karikh <pkarikh@mirantis.com>
Closes-Bug: #1286099
Change-Id: I10923f147e4c323aba8bbcc130d2016ad6725e86
Previously, shared subnets were ignored by collecting used
networks; the "Create subnet" button is still enabled, but
subnet creation is forbidden by neutron due to quota reached.
Change-Id: I20b3373ab86631922945285a12ca4810b707b0be
Closes-Bug: #1588764
When checking with nova for the absolute limits
we were not taking into account the reserved
quotas (i.e. instance in rebuilding will take
cpu and ram) so this could lead to wrongly
thinking that the user could launch more instances
that its quota allowed. It also made the overview
page display wrong quotas as it didnt took into
account those reserved resources.
Change-Id: If51470d185ddc122acbdf4cf0d0fd952f3f791a0
Closes-bug: 1561310
Volumes tabs should be enabled when volumev2 endpoint is registered.
Currently, Horizon considers no volume service is running if there
is no V1 endpoint, which doesn't make sense as Horizon no longer
supports the cinder V1 protocol.
Co-Authored-By: itxaka <itxaka@redhat.com>
Change-Id: I35d821eedb75f73f9330ed11f921694104eed0c6
Closes-Bug: 1415712
We were calling cinder.ClientException even when the import
had changed to be cinder.cinder_exception.ClientException
Adds 3 tests for the methods calling that exception so
failures will be tested as well.
Co-Authored-By: zhurong <aaronzhu1121@gmail.com>
Change-Id: I8c415eb8ef847f6dc34fa56fca3181560ead366b
Closes-Bug: #1537713
Closes-Bug: #1535215
* Fix division: replace a/b with a//b to get integers
* test_clean_file_upload_form_invalid_data(): use a byte string, not
an unicode string for the test. The test ensures that decoding from
UTF-8 fails.
* quotas: replace filter() with a list-comprehesion to get a list on
Python 3.
* tox.ini: add the following tests to Python 3.4
- openstack_dashboard.dashboards.project.instances.tests
- openstack_dashboard.test.tests.quotas
* tox.ini: add also
--exclude-dir=openstack_dashboard/test/integration_tests to
openstack_dashboard tests on Python 3.4
Partial-Implements: blueprint porting-python3
Change-Id: I7caed713222b50ffec431155e6f91b543f7df466
Previously, shared networks were ignored by collecting used
networks; the "Create network" button is still enabled, but
network creation is forbidden by neutron due to quota reached.
Change-Id: I97360e354ccb7c2aa58012f737a7e9c67f8d3ad6
Closes-Bug: #1513795
The cinder quota on gigabytes is the sum of both volumes and snapshots,
therefore in the horizon view we should be representing usage as the
combination of volumes and snapshots, otherwise users will be confused
when getting quota errors on volume or snapshot creation.
Closes-Bug: 1513179
Change-Id: Id23e0dd3a3f810e75f9013cecbf8a826c97e34c6
While browsing through the Horizon repository, I came across a
few spelling errors that need correction.
Change-Id: I593e9f04ea5d9f3985a14fb994b745243468387a
Closes-Bug: #1511532
Replace filter() with list-comprehension when a list is expected. On
Python 3, filter() returns an iterator, not a list.
tox.ini: add openstack admin volume tests to Python 3.4.
Partial-Implements: blueprint porting-python3
Change-Id: Id99124bf0ef5549c596d94f5d10ab5f88a4e200a
The search opts for volume/snapshot list should be 'all_tenants' and
'project_id' instead of 'alltenants' and 'tenant_id'.
Change-Id: I9ab71421447b3f8fb402247df3290fa3066bf8c5
Closes-bug: #1469589
The default policy for server_list API in nova has changed. This
exposed a problem in the way Horizon was calling server_list when
reading quota values. The call was always made with
all_tenants=True, which is only something admin should be able to
do. Instead of ignoring the privilege problem in the API as in the
past, there is a pre-emptive policy check that makes the call fail.
The fix in Horizon is to only pass in all_tenants=True when the
user has the appropriate privilege level. nova_policy.json has been
updated with the appropriate default and the permission check has
been added.
Removing passing in all_tenants=True at all was contemplated, but
when setting quota values on projects in the identity dashboard,
the administrator level user needs to read quota values from a
project that they are not currently scoped to.
This fixes the error on the network topology screen that was the
motivation for the original bug report.
Closes-Bug: #1468551
Change-Id: I4255c57f81a13cac121596c99eea4ac629ed9ca7
The quotas code does not isloate counts to resources within the
current tenant/project. So if a user with the admin role makes
calls for quota items, the admin role will have counts of a global
list of resources. This changes that for the tenant quota call
to fallback to the request.user.project_id if no project was
otherwise specified for the tenant quota api call.
Change-Id: Ib0e6ce7774c4c03686a044f233dbb9aa36dbe1b9
Closes-bug: #1391242
The create subnet button (visible for each network in the networks list and on
the detail page when looking at an individual network) should be disabled if
the quota for subnets is at capacity.
Tests have been added to check that when the quota is exceeded the buttons are
disabled.
Change-Id: I7bba89c2d89a39220900480f0091bdc6215505fe
Closes-bug: 1369779
The current implementation of tenant_quota_usages did not allow for
queries regarding projects that were not the currently active project,
this meant that when an admin went to edit or create a project it tried
to verify the usages against the wrong project. This patch adds the
code for passing a project id to the tenant_quota_usages function so
that the usages can be fetched for a specific project, as well as
removes the need for usage validation on creation of a new project.
Change-Id: I3ec84d14c8be7e3aae066119e963c4093f8aa345
Closes-Bug: 1380701
Added quota checks for security groups, networks and routers. If quotas are
exceeded then buttons to create are disabled and feedback is given to the
user.
Appropriate tests are also in place
Change-Id: Ie49db5397d87a0c9a583b64e5de34460144b5956
Closes-bug: 1278449
If the config option 'enable_router' is set to False,
Floating IP features are disabled when Neutron is enabled.
It does not affect when Neutron is disabled.
It also adds unit tests for api.network.servers_update_addresses
which is affected by this change.
Completes blueprint hide-router-panel-by-config
Closes-Bug: #1292022
Change-Id: Ib63c6a0e7bb5661d4a60d10a1722fdad978b50bb
Warnings H904, H307 and H405 are new or considerably changed, and will
be fixed in a separate patch.
Closes-bug: #1349820
Partial-bug: #1347472
Change-Id: I4fd28990dacf16f03a4eaa6074ef59c37f1a2c14
When creating a new volume snapshot the window shows the quota of number
of volumes and what should be shown is the quota of snapshots.
Basically, the code was pasted from "Create Volume" and nothing has been
changed to respect the equivalent quotas.
Change-Id: Ifbfa84a008d7b61e4b53f885793c5a1750dade3c
Closes-bug: 1282172
We have a lot of import with #noqa that is there to ignore h302,
because it's traditional to import and use a name directly, instead
of a whole module. This hides other errors and gives people the
impression that it's actually fine to import non-modules, you just
have to slap #noqa on those lines.
I went through the code and identified about a dozen names that are
most commonly imported this way. I remove the #noqa tag from them,
and added them to the list in import_exceptions.
I also removed a few unused imports that were revealed in the process.
Change-Id: I27afb8e2b1d4759ec974ded9464d8f010312ee78
The QuotaUsage class was missing __contains__() and get() methods which was
causing unexpected behaviour, e.g:
>>> usages = quotas.tenant_quota_usages(request)
>>> 'ram' in usages
False
>>> usages.get('ram')
None
Change-Id: Ib0b1ad69c4bf4effd7c10827d23bcc713bdc5ed6
Commit d4b0ab4aa395bf4df2964efcc358100117efdaa0 fixing
bug #1178694 removed volume quotas from project overview.
Cinder is not reporting Snapshot limits today, so that info
can't be added without including quotas again, defeating the
purpose of the original fix.
This fix will only add Volume Qty & Total Storage GB used (including
snapshot size, if any ).
Information is hidden if volume list is empty.
Partial-Bug: #1244875
Change-Id: Ia72e40329ecf08b57fb26cd847f02cececc53579
In an effort to help horizon more friendly to OpenStack hacking
guidelines, we now gate on H40* violations.
Change-Id: Id07294543660368d2f7f5ac363710176ab23b874
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Now all files are properly licensed per OpenStack Hacking.
Change-Id: I223d983018568357197b0d9cf5dde12c135c53c9
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>