Merge "FWaaS quota registration" into stable/liberty
This commit is contained in:
commit
4db4a46df1
|
@ -353,15 +353,15 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
|
||||
firewall_quota_opts = [
|
||||
cfg.IntOpt('quota_firewall',
|
||||
default=1,
|
||||
default=-1,
|
||||
help=_('Number of firewalls allowed per tenant. '
|
||||
'A negative value means unlimited.')),
|
||||
cfg.IntOpt('quota_firewall_policy',
|
||||
default=1,
|
||||
default=-1,
|
||||
help=_('Number of firewall policies allowed per tenant. '
|
||||
'A negative value means unlimited.')),
|
||||
cfg.IntOpt('quota_firewall_rule',
|
||||
default=100,
|
||||
default=-1,
|
||||
help=_('Number of firewall rules allowed per tenant. '
|
||||
'A negative value means unlimited.')),
|
||||
]
|
||||
|
@ -401,7 +401,8 @@ class Firewall(extensions.ExtensionDescriptor):
|
|||
return resource_helper.build_resource_info(plural_mappings,
|
||||
RESOURCE_ATTRIBUTE_MAP,
|
||||
p_const.FIREWALL,
|
||||
action_map=action_map)
|
||||
action_map=action_map,
|
||||
register_quota=True)
|
||||
|
||||
@classmethod
|
||||
def get_plugin_interface(cls):
|
||||
|
|
|
@ -62,10 +62,8 @@ class TestFirewallRouterInsertionBase(
|
|||
create=True, new=test_db_firewall.FakeAgentApi().delete_firewall)
|
||||
self.agentapi_del_fw_p.start()
|
||||
|
||||
plugin = None
|
||||
# the plugin without L3 support
|
||||
if not plugin:
|
||||
plugin = 'neutron.tests.unit.extensions.test_l3.TestNoL3NatPlugin'
|
||||
plugin = 'neutron.tests.unit.extensions.test_l3.TestNoL3NatPlugin'
|
||||
# the L3 service plugin
|
||||
l3_plugin = ('neutron.tests.unit.extensions.test_l3.'
|
||||
'TestL3NatServicePlugin')
|
||||
|
@ -611,3 +609,18 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
fw_rules = self.plugin._make_firewall_dict_with_rules(
|
||||
ctx, fw_id)
|
||||
self.assertEqual([], fw_rules['firewall_rule_list'])
|
||||
|
||||
def test_firewall_quota_lower(self):
|
||||
"""Test quota using overridden value."""
|
||||
cfg.CONF.set_override('quota_firewall', 3, group='QUOTAS')
|
||||
with self.firewall(name='quota1'), \
|
||||
self.firewall(name='quota2'), \
|
||||
self.firewall(name='quota3'):
|
||||
data = {'firewall': {'name': 'quota4',
|
||||
'firewall_policy_id': None,
|
||||
'tenant_id': self._tenant_id,
|
||||
'shared': False}}
|
||||
req = self.new_create_request('firewalls', data, 'json')
|
||||
res = req.get_response(self.ext_api)
|
||||
self.assertIn('Quota exceeded', res.body.decode('utf-8'))
|
||||
self.assertEqual(exc.HTTPConflict.code, res.status_int)
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
prelude: >
|
||||
Enable quotas for FWaaS.
|
||||
features:
|
||||
- The FWaaS extension can register quotas.
|
||||
The default values for quota_firewall,
|
||||
quota_firewall_policy, and quota_firewall_rule
|
||||
are set to -1 (unlimited).
|
||||
issues:
|
||||
- Tenants may receive a 409 Conflict error with a
|
||||
message body containing a quota exceeded message
|
||||
during resource creation if their quota is exceeded.
|
||||
other:
|
||||
- Operators that increase the default limit for quota_routers
|
||||
from 10 may want to bump FWaaS quotas as well, since with
|
||||
router insertion a tenant can potentially have a unique
|
||||
policy and firewall for each router.
|
Loading…
Reference in New Issue