FWaaS quota registration
Builds on prior attempts to register FWaaS resources to the quota
engine, such as commit Ia4d6b9a65acd1111a050dc73b63a1f0ce619cb55
which had to be reverted for bug 1513280 for failing gate via commit
28948f6559.
Since with router insertion a user can have a separate firewall
and policy per targeted router in their tenant, the original
fixes which had defaults of only 1 were too low.
Also added the release notes to reflect the quota.
Set default as -1 (unlimited) in Liberty to avoid breaking
compatibility.
Change-Id: I68a5538f7bc8df78212633c73eeca0eaae0d8455
Closes-Bug: #1399280
This commit is contained in:
James Arendt
parent
33c06d9c70
commit
2ce8b589c1
|
|
@ -353,15 +353,15 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
|
||||
firewall_quota_opts = [
|
||||
cfg.IntOpt('quota_firewall',
|
||||
default=1,
|
||||
default=-1,
|
||||
help=_('Number of firewalls allowed per tenant. '
|
||||
'A negative value means unlimited.')),
|
||||
cfg.IntOpt('quota_firewall_policy',
|
||||
default=1,
|
||||
default=-1,
|
||||
help=_('Number of firewall policies allowed per tenant. '
|
||||
'A negative value means unlimited.')),
|
||||
cfg.IntOpt('quota_firewall_rule',
|
||||
default=100,
|
||||
default=-1,
|
||||
help=_('Number of firewall rules allowed per tenant. '
|
||||
'A negative value means unlimited.')),
|
||||
]
|
||||
|
|
@ -401,7 +401,8 @@ class Firewall(extensions.ExtensionDescriptor):
|
|||
return resource_helper.build_resource_info(plural_mappings,
|
||||
RESOURCE_ATTRIBUTE_MAP,
|
||||
p_const.FIREWALL,
|
||||
action_map=action_map)
|
||||
action_map=action_map,
|
||||
register_quota=True)
|
||||
|
||||
@classmethod
|
||||
def get_plugin_interface(cls):
|
||||
|
|
|
|||
|
|
@ -62,10 +62,8 @@ class TestFirewallRouterInsertionBase(
|
|||
create=True, new=test_db_firewall.FakeAgentApi().delete_firewall)
|
||||
self.agentapi_del_fw_p.start()
|
||||
|
||||
plugin = None
|
||||
# the plugin without L3 support
|
||||
if not plugin:
|
||||
plugin = 'neutron.tests.unit.extensions.test_l3.TestNoL3NatPlugin'
|
||||
plugin = 'neutron.tests.unit.extensions.test_l3.TestNoL3NatPlugin'
|
||||
# the L3 service plugin
|
||||
l3_plugin = ('neutron.tests.unit.extensions.test_l3.'
|
||||
'TestL3NatServicePlugin')
|
||||
|
|
@ -611,3 +609,18 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
fw_rules = self.plugin._make_firewall_dict_with_rules(
|
||||
ctx, fw_id)
|
||||
self.assertEqual([], fw_rules['firewall_rule_list'])
|
||||
|
||||
def test_firewall_quota_lower(self):
|
||||
"""Test quota using overridden value."""
|
||||
cfg.CONF.set_override('quota_firewall', 3, group='QUOTAS')
|
||||
with self.firewall(name='quota1'), \
|
||||
self.firewall(name='quota2'), \
|
||||
self.firewall(name='quota3'):
|
||||
data = {'firewall': {'name': 'quota4',
|
||||
'firewall_policy_id': None,
|
||||
'tenant_id': self._tenant_id,
|
||||
'shared': False}}
|
||||
req = self.new_create_request('firewalls', data, 'json')
|
||||
res = req.get_response(self.ext_api)
|
||||
self.assertIn('Quota exceeded', res.body.decode('utf-8'))
|
||||
self.assertEqual(exc.HTTPConflict.code, res.status_int)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
prelude: >
|
||||
Enable quotas for FWaaS.
|
||||
features:
|
||||
- The FWaaS extension can register quotas.
|
||||
The default values for quota_firewall,
|
||||
quota_firewall_policy, and quota_firewall_rule
|
||||
are set to -1 (unlimited).
|
||||
issues:
|
||||
- Tenants may receive a 409 Conflict error with a
|
||||
message body containing a quota exceeded message
|
||||
during resource creation if their quota is exceeded.
|
||||
other:
|
||||
- Operators that increase the default limit for quota_routers
|
||||
from 10 may want to bump FWaaS quotas as well, since with
|
||||
router insertion a tenant can potentially have a unique
|
||||
policy and firewall for each router.
|
||||
Loading…
Reference in New Issue