From 24b482ac15b5fa99edd2c3438318a41f9af06bcf Mon Sep 17 00:00:00 2001 From: Salvatore Orlando Date: Mon, 12 Oct 2015 15:47:03 -0700 Subject: [PATCH] Scope get_tenant_quotas by tenant_id Using model_query in the operation for retrieving tenant limits will spare the need for explicit authorization check in the quota controller. This is particularly relevant for the pecan framework where every Neutron API call undergoes authZ checks in the same pecan hook. This patch will automatically adapt by eventuals changes introducing "un-scoped" contexts. Closes-bug: #1505406 Change-Id: I6952f5c85cd7fb0263789f768d23de3fe80b8183 --- neutron/db/quota/driver.py | 6 ++++-- neutron/tests/unit/db/quota/test_driver.py | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/neutron/db/quota/driver.py b/neutron/db/quota/driver.py index f61b1ada630..832916647e3 100644 --- a/neutron/db/quota/driver.py +++ b/neutron/db/quota/driver.py @@ -18,6 +18,7 @@ from oslo_log import log from neutron.common import exceptions from neutron.db import api as db_api +from neutron.db import common_db_mixin as common_db from neutron.db.quota import api as quota_api from neutron.db.quota import models as quota_models @@ -34,7 +35,8 @@ class DbQuotaDriver(object): @staticmethod def get_tenant_quotas(context, resources, tenant_id): """Given a list of resources, retrieve the quotas for the given - tenant. + tenant. If no limits are found for the specified tenant, the operation + returns the default limits. :param context: The request context, for access checks. :param resources: A dictionary of the registered resource keys. @@ -47,7 +49,7 @@ class DbQuotaDriver(object): for key, resource in resources.items()) # update with tenant specific limits - q_qry = context.session.query(quota_models.Quota).filter_by( + q_qry = common_db.model_query(context, quota_models.Quota).filter_by( tenant_id=tenant_id) for item in q_qry: tenant_quota[item['resource']] = item['limit'] diff --git a/neutron/tests/unit/db/quota/test_driver.py b/neutron/tests/unit/db/quota/test_driver.py index dafee362a6d..c505331178a 100644 --- a/neutron/tests/unit/db/quota/test_driver.py +++ b/neutron/tests/unit/db/quota/test_driver.py @@ -74,6 +74,21 @@ class TestDbQuotaDriver(testlib_api.SqlTestCase): quotas = self.plugin.get_tenant_quotas(self.context, defaults, PROJECT) self.assertEqual(4, quotas[RESOURCE]) + def test_get_tenant_quotas(self): + user_ctx = context.Context(user_id=PROJECT, tenant_id=PROJECT) + self.plugin.update_quota_limit(self.context, PROJECT, RESOURCE, 2) + quotas = self.plugin.get_tenant_quotas(user_ctx, {}, PROJECT) + self.assertEqual(2, quotas[RESOURCE]) + + def test_get_tenant_quotas_different_tenant(self): + user_ctx = context.Context(user_id=PROJECT, + tenant_id='another_project') + self.plugin.update_quota_limit(self.context, PROJECT, RESOURCE, 2) + # It is appropriate to use assertFalse here as the expected return + # value is an empty dict (the defaults passed in the statement below + # after the request context) + self.assertFalse(self.plugin.get_tenant_quotas(user_ctx, {}, PROJECT)) + def test_get_all_quotas(self): project_1 = 'prj_test_1' project_2 = 'prj_test_2'