Merge "FWaaS quota registration" into stable/liberty

This commit is contained in:
Jenkins 2016-05-10 15:42:47 +00:00 committed by Gerrit Code Review
commit 4db4a46df1
3 changed files with 38 additions and 7 deletions

View File

@ -353,15 +353,15 @@ RESOURCE_ATTRIBUTE_MAP = {
firewall_quota_opts = [
cfg.IntOpt('quota_firewall',
default=1,
default=-1,
help=_('Number of firewalls allowed per tenant. '
'A negative value means unlimited.')),
cfg.IntOpt('quota_firewall_policy',
default=1,
default=-1,
help=_('Number of firewall policies allowed per tenant. '
'A negative value means unlimited.')),
cfg.IntOpt('quota_firewall_rule',
default=100,
default=-1,
help=_('Number of firewall rules allowed per tenant. '
'A negative value means unlimited.')),
]
@ -401,7 +401,8 @@ class Firewall(extensions.ExtensionDescriptor):
return resource_helper.build_resource_info(plural_mappings,
RESOURCE_ATTRIBUTE_MAP,
p_const.FIREWALL,
action_map=action_map)
action_map=action_map,
register_quota=True)
@classmethod
def get_plugin_interface(cls):

View File

@ -62,10 +62,8 @@ class TestFirewallRouterInsertionBase(
create=True, new=test_db_firewall.FakeAgentApi().delete_firewall)
self.agentapi_del_fw_p.start()
plugin = None
# the plugin without L3 support
if not plugin:
plugin = 'neutron.tests.unit.extensions.test_l3.TestNoL3NatPlugin'
plugin = 'neutron.tests.unit.extensions.test_l3.TestNoL3NatPlugin'
# the L3 service plugin
l3_plugin = ('neutron.tests.unit.extensions.test_l3.'
'TestL3NatServicePlugin')
@ -611,3 +609,18 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
fw_rules = self.plugin._make_firewall_dict_with_rules(
ctx, fw_id)
self.assertEqual([], fw_rules['firewall_rule_list'])
def test_firewall_quota_lower(self):
"""Test quota using overridden value."""
cfg.CONF.set_override('quota_firewall', 3, group='QUOTAS')
with self.firewall(name='quota1'), \
self.firewall(name='quota2'), \
self.firewall(name='quota3'):
data = {'firewall': {'name': 'quota4',
'firewall_policy_id': None,
'tenant_id': self._tenant_id,
'shared': False}}
req = self.new_create_request('firewalls', data, 'json')
res = req.get_response(self.ext_api)
self.assertIn('Quota exceeded', res.body.decode('utf-8'))
self.assertEqual(exc.HTTPConflict.code, res.status_int)

View File

@ -0,0 +1,17 @@
---
prelude: >
Enable quotas for FWaaS.
features:
- The FWaaS extension can register quotas.
The default values for quota_firewall,
quota_firewall_policy, and quota_firewall_rule
are set to -1 (unlimited).
issues:
- Tenants may receive a 409 Conflict error with a
message body containing a quota exceeded message
during resource creation if their quota is exceeded.
other:
- Operators that increase the default limit for quota_routers
from 10 may want to bump FWaaS quotas as well, since with
router insertion a tenant can potentially have a unique
policy and firewall for each router.