This repo does not support Python 2 anymore, so we don't need
six for compatibility between Python2 and 3, convert six usage to Python
3 code.
Change-Id: Icba56808f38277b27af2ae5aac4b8507dee71b3b
The service_id, region_id and resource_name columns in limit table
is useless now. These info can be got by 'registered_limit_id'
column from registered limit table. So there is no data migration
needed.
Since this is a silent change for end users, there is no need for
a release note as well.
Related-Bug: #1777892
Change-Id: Ibf4aa81dad7c5ebbd5599a55237cc5a658223432
Refactor strict-two-level model check function to
adopt domain level limit.
Change-Id: Idc9eaac372b66ecd439cdf8001666c0534feaf49
bp: domain-level-limit
Default_limit and Resource_limit should not be set
as negative values or out of range. This patch
addresses the above issue be checking the limit
passed by the user should be minimum and maximum to
the values defined in schema. If not, then raising
the 400 bad request. Also added the test cases for the
same.
Change-Id: I089f3c231a38be1a1f769a35b4904f5c078d5d07
Closes-Bug: #1797876
Region_id in registered limit is optional, so we should allow
updating its region_id to None as well.
Closes-bug: #1798716
Change-Id: Ia59950376e958aaa19973d3bc97180727f5e5326
This patch addresses the problem of HTTP 500 on
create and set of limit with lengthy resource_name.
It sets the minLength and maxLength in schema for
resource_name and if the string length of resource_
name exceeds the defined schema it will raise 404.
Includes test case too.
Change-Id: If408e81edec81c649c42bd4907156fbcdbc967ee
Closes-Bug: #1798495
Keystone uses translated strings both in
logging an exceptions. This is incorrect.
All strings that are passed to logging
should remain un-translated. This patch
addresses above issue.
Change-Id: Idf4f0bc1bd63eb8dc6dc61d8a49a9e2a93320474
Closes-Bug: #1777671
Convert limits and registered limits to flask native dispatching.
NOTE: A minor test change was needed. The limit JSON Home data
was incorrectly formatted and did not properly isolate the
singular forms of "limit" and "registered_limit" from the
plural (list) APIs.
Change-Id: Ib3ceeb0a249ccc73c143730fac78d9f54c67174e
Partial-Bug: #1776504
Keystone now doesn't support domain-level limits. When creating
limits, if the input project_id is a domain id, it should not be
allowed.
Change-Id: Ifafd96113499d533341870960f294dd5fada477d
Closes-Bug: #1785164
There were a couple really minor things that needed to be addressed
in:
https://review.openstack.org/#/c/580331/
This patch addresses those issues.
Change-Id: I68d39ef06efef08ed986e6525b13f2d2a09b193c
When deleting a project, the limits belong to the project should
be deleted as well.
Change-Id: I5f7eed9bf4f69cb7d79e44acac27c6c5881be22e
Closes-Bug: #1779903
Add a check function for project hierarchical tree check
when starting Keystone. If the tree depth exceed the
enforcement model's depth, fail to start keystone process
Change-Id: I4ce6a48505b8b9688bbdd18ee46ce035ee0938ed
bp: strict-two-level-model
Add project_id filter for listing limit. This filter
can be only used by system-scoped request to fetch the
specified project's limits.
bp: strict-two-level-model
Change-Id: I1b8cc227ed0710702aa099f09821f6eb897bb32c
This patch introduced the hierarchical limit structure
into Keystone.
The strict two level enforcement model is added as well.
Change-Id: Ic80e435a14ad7d6d4eccd4cd6365fb2d99fd26c1
bp: strict-two-level-model
When list limits, if more than one filter is provided and
"project_id" is contained, the limits should be filtered
with "project_id" as well.
Closes-bug: #1780896
Change-Id: I7c231130358ab8d7b0b2f507c52d34366ca0060a
This commit wires up the last couple pieces of code to expose
a deployment's enforcement model information via the API. This
is going to be consumed by other services to make decisions about
quota calculation.
Change-Id: I02431d58b50aab2a2da8ca5f90938472aad7a935
Closes-Bug: 1765193
This commit adds the necessary bits to return the enforcement model
used by a deployment in the limit Manager. A subsequent patch will
expose this functionality via the API.
This commit also starts introdcuing the concept of enforcement
models and puts the flat model into its own module. This will make
more sense and be easier to maintain as we implement more models.
Change-Id: I32227eb0023e6b6ce699909fabb60a63a07f0969
Related-Bug: 1765193
Related-Bug: 1768572
This patch add a registered_limit_id column referring to
the related registered limit for limit talbe.
This change aims to reduce the duplicate data between unified
limit tables.
In Rocky, "registered_limit_id" will co-exist with "service_id",
"region_id" and "resource_name" columns.
In Stein, we'll migrate the old data to satisfy the
"registered_limit_id" way
In T release, the "service_id", "region_id" and "resource_name"
columns will be removed at all.
Closes-Bug: #1777892
Change-Id: I9a81056b9afda924aac71f64c2158d9db53d8594
What this patch did and why:
1. added an auto increment primary column `interenal_id` for both
registered_limit and limit tables. Removed the primary key but
added unique index for `id` column. This change can improve
the db performance.
2. dropped the forieign keys in limit table. The `project_id`
column has a foreign key. Using foreign key between different
backends can lead some unexpected error.
3. dropped the unique constraints and foreign key constraint in both
tables. Because `region_id` can be null, in this case, both
constraints can't work well in all kinds of DBs. Instead, we'll
check the unique and foreign reference in code.
NOTE: For MySQL and PostgreSQL, we did the change inner tables. But
for SQLite, it doesn't support adding a primary column into an existed
table, so that we recreated the tables instead..
Closes-bug: #1777893
Change-Id: Ibb408758466ff367f57bafbd4b8c9213499f8dc3
According to the API-WG's suggestion, the update registered
limit/project limit APIs should be refactored as:
1. Change PUT to PATCH
2. Remove batch update limits support for PATCH
Closes-Bug: #1754184
Change-Id: I1102166ab425a55d8eaf85c75d8fd3a7dfbaceb6
Basic conversion of Keystone's core application to flask framework.
This doesn't add much in the way of flask-specific-isms but should
get keystone running directly under flask. This implementation does
not use paste-deploy.
Change-Id: Ib4c1ed3f645dd55fbfb76395263ecdaf605caae7
During Rocky PTG, We decided that the create apis for
registered limit and project limit should not return all
the limits.
They should only return the ones in the request body.
Change-Id: I26c37198861735bf85eb79570f192c71c7dd9941
Partial-Bug: #1754184
Last release we spent a bunch of time going through and updating the
code base to use the keystone/common/provider_api.py module. It
looks like the unified limit controller was missed through.
This commit updates the unified limit controller to be consistent
with the rest of the keystone in not using `self` to access other
subsystems in keystone.
Change-Id: I86fa5a6e889d24779b2451b8402d0e7bd92a64ba
This patch does:
1. Improve the error message as Morgan suggested before.
2. Add a new error type: RegisteredLimitError.
3. Catch the DBReferenceError in update/delete resigtered limit
functions.
4. Handle the case that region_id=None for update/delete
registered limits.
5. Fix a code error in create_limits function.
Change-Id: Id572348ca7867d7ce6f258cb3132b05a313624bd
bp: unified-limits
This patch adds the db operation part for unified limit
Co-Authored-By: Colleen Murphy<colleen@gazlene.net>
Change-Id: Ifb2bb54b35ea0d1573cdb9cdab77dfdeb8f22446
bp: unified-limits