Coverage for nova/quota.py: 94%
417 statements
« prev ^ index » next coverage.py v7.6.12, created at 2025-04-24 11:16 +0000
1# Copyright 2010 United States Government as represented by the
2# Administrator of the National Aeronautics and Space Administration.
3# All Rights Reserved.
4#
5# Licensed under the Apache License, Version 2.0 (the "License"); you may
6# not use this file except in compliance with the License. You may obtain
7# a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14# License for the specific language governing permissions and limitations
15# under the License.
17"""Quotas for resources per project."""
19import copy
21from oslo_log import log as logging
22from oslo_utils import importutils
23from sqlalchemy import sql
25import nova.conf
26from nova import context as nova_context
27from nova.db.api import api as api_db_api
28from nova.db.api import models as api_models
29from nova.db.main import api as main_db_api
30from nova import exception
31from nova.limit import local as local_limit
32from nova.limit import placement as placement_limit
33from nova import objects
34from nova.scheduler.client import report
36LOG = logging.getLogger(__name__)
37CONF = nova.conf.CONF
38# Lazy-loaded on first access.
39# Avoid constructing the KSA adapter and provider tree on every access.
40PLACEMENT_CLIENT = None
41# If user_id and queued_for_delete are populated for a project, cache the
42# result to avoid doing unnecessary EXISTS database queries.
43UID_QFD_POPULATED_CACHE_BY_PROJECT = set()
44# For the server group members check, we do not scope to a project, so if all
45# user_id and queued_for_delete are populated for all projects, cache the
46# result to avoid doing unnecessary EXISTS database queries.
47UID_QFD_POPULATED_CACHE_ALL = False
50class DbQuotaDriver(object):
51 """Driver to perform necessary checks to enforce quotas and obtain
52 quota information. The default driver utilizes the local
53 database.
54 """
55 UNLIMITED_VALUE = -1
57 def get_reserved(self):
58 # Since we stopped reserving the DB, we just return 0
59 return 0
61 def get_defaults(self, context, resources):
62 """Given a list of resources, retrieve the default quotas.
63 Use the class quotas named `_DEFAULT_QUOTA_NAME` as default quotas,
64 if it exists.
66 :param context: The request context, for access checks.
67 :param resources: A dictionary of the registered resources.
68 """
70 quotas = {}
71 default_quotas = objects.Quotas.get_default_class(context)
72 for resource in resources.values():
73 # resource.default returns the config options. So if there's not
74 # an entry for the resource in the default class, it uses the
75 # config option.
76 quotas[resource.name] = default_quotas.get(resource.name,
77 resource.default)
79 return quotas
81 def get_class_quotas(self, context, resources, quota_class):
82 """Given a list of resources, retrieve the quotas for the given
83 quota class.
85 :param context: The request context, for access checks.
86 :param resources: A dictionary of the registered resources.
87 :param quota_class: The name of the quota class to return
88 quotas for.
89 """
91 quotas = {}
92 class_quotas = objects.Quotas.get_all_class_by_name(context,
93 quota_class)
94 for resource in resources.values():
95 quotas[resource.name] = class_quotas.get(resource.name,
96 resource.default)
98 return quotas
100 def _process_quotas(self, context, resources, project_id, quotas,
101 quota_class=None, usages=None,
102 remains=False):
103 modified_quotas = {}
104 # Get the quotas for the appropriate class. If the project ID
105 # matches the one in the context, we use the quota_class from
106 # the context, otherwise, we use the provided quota_class (if
107 # any)
108 if project_id == context.project_id:
109 quota_class = context.quota_class
110 if quota_class:
111 class_quotas = objects.Quotas.get_all_class_by_name(context,
112 quota_class)
113 else:
114 class_quotas = {}
116 default_quotas = self.get_defaults(context, resources)
118 for resource in resources.values():
119 limit = quotas.get(resource.name, class_quotas.get(
120 resource.name, default_quotas[resource.name]))
121 modified_quotas[resource.name] = dict(limit=limit)
123 # Include usages if desired. This is optional because one
124 # internal consumer of this interface wants to access the
125 # usages directly from inside a transaction.
126 if usages:
127 usage = usages.get(resource.name, {})
128 modified_quotas[resource.name].update(
129 in_use=usage.get('in_use', 0),
130 )
132 # Initialize remains quotas with the default limits.
133 if remains:
134 modified_quotas[resource.name].update(remains=limit)
136 if remains:
137 # Get all user quotas for a project and subtract their limits
138 # from the class limits to get the remains. For example, if the
139 # class/default is 20 and there are two users each with quota of 5,
140 # then there is quota of 10 left to give out.
141 all_quotas = objects.Quotas.get_all(context, project_id)
142 for quota in all_quotas:
143 if quota.resource in modified_quotas: 143 ↛ 142line 143 didn't jump to line 142 because the condition on line 143 was always true
144 modified_quotas[quota.resource]['remains'] -= \
145 quota.hard_limit
147 return modified_quotas
149 def _get_usages(self, context, resources, project_id, user_id=None):
150 """Get usages of specified resources.
152 This function is called to get resource usages for validating quota
153 limit creates or updates in the os-quota-sets API and for displaying
154 resource usages in the os-used-limits API. This function is not used
155 for checking resource usage against quota limits.
157 :param context: The request context for access checks
158 :param resources: The dict of Resources for which to get usages
159 :param project_id: The project_id for scoping the usage count
160 :param user_id: Optional user_id for scoping the usage count
161 :returns: A dict containing resources and their usage information,
162 for example:
163 {'project_id': 'project-uuid',
164 'user_id': 'user-uuid',
165 'instances': {'in_use': 5}}
166 """
167 usages = {}
168 for resource in resources.values():
169 # NOTE(melwitt): We should skip resources that are not countable,
170 # such as AbsoluteResources.
171 if not isinstance(resource, CountableResource):
172 continue
173 if resource.name in usages:
174 # This is needed because for any of the resources:
175 # ('instances', 'cores', 'ram'), they are counted at the same
176 # time for efficiency (query the instances table once instead
177 # of multiple times). So, a count of any one of them contains
178 # counts for the others and we can avoid re-counting things.
179 continue
180 if resource.name in ('key_pairs', 'server_group_members'):
181 # These per user resources are special cases whose usages
182 # are not considered when validating limit create/update or
183 # displaying used limits. They are always zero.
184 usages[resource.name] = {'in_use': 0}
185 else:
186 if ( 186 ↛ 190line 186 didn't jump to line 190 because the condition on line 186 was never true
187 resource.name in
188 main_db_api.quota_get_per_project_resources()
189 ):
190 count = resource.count_as_dict(context, project_id)
191 key = 'project'
192 else:
193 # NOTE(melwitt): This assumes a specific signature for
194 # count_as_dict(). Usages used to be records in the
195 # database but now we are counting resources. The
196 # count_as_dict() function signature needs to match this
197 # call, else it should get a conditional in this function.
198 count = resource.count_as_dict(context, project_id,
199 user_id=user_id)
200 key = 'user' if user_id else 'project'
201 # Example count_as_dict() return value:
202 # {'project': {'instances': 5},
203 # 'user': {'instances': 2}}
204 counted_resources = count[key].keys()
205 for res in counted_resources:
206 count_value = count[key][res]
207 usages[res] = {'in_use': count_value}
208 return usages
210 def get_user_quotas(self, context, resources, project_id, user_id,
211 quota_class=None,
212 usages=True, project_quotas=None,
213 user_quotas=None):
214 """Given a list of resources, retrieve the quotas for the given
215 user and project.
217 :param context: The request context, for access checks.
218 :param resources: A dictionary of the registered resources.
219 :param project_id: The ID of the project to return quotas for.
220 :param user_id: The ID of the user to return quotas for.
221 :param quota_class: If project_id != context.project_id, the
222 quota class cannot be determined. This
223 parameter allows it to be specified. It
224 will be ignored if project_id ==
225 context.project_id.
226 :param usages: If True, the current counts will also be returned.
227 :param project_quotas: Quotas dictionary for the specified project.
228 :param user_quotas: Quotas dictionary for the specified project
229 and user.
230 """
231 if user_quotas:
232 user_quotas = user_quotas.copy()
233 else:
234 user_quotas = objects.Quotas.get_all_by_project_and_user(
235 context, project_id, user_id)
236 # Use the project quota for default user quota.
237 proj_quotas = project_quotas or objects.Quotas.get_all_by_project(
238 context, project_id)
239 for key, value in proj_quotas.items():
240 if key not in user_quotas.keys():
241 user_quotas[key] = value
242 user_usages = {}
243 if usages:
244 user_usages = self._get_usages(context, resources, project_id,
245 user_id=user_id)
246 return self._process_quotas(context, resources, project_id,
247 user_quotas, quota_class,
248 usages=user_usages)
250 def get_project_quotas(self, context, resources, project_id,
251 quota_class=None,
252 usages=True, remains=False, project_quotas=None):
253 """Given a list of resources, retrieve the quotas for the given
254 project.
256 :param context: The request context, for access checks.
257 :param resources: A dictionary of the registered resources.
258 :param project_id: The ID of the project to return quotas for.
259 :param quota_class: If project_id != context.project_id, the
260 quota class cannot be determined. This
261 parameter allows it to be specified. It
262 will be ignored if project_id ==
263 context.project_id.
264 :param usages: If True, the current counts will also be returned.
265 :param remains: If True, the current remains of the project will
266 will be returned.
267 :param project_quotas: Quotas dictionary for the specified project.
268 """
269 project_quotas = project_quotas or objects.Quotas.get_all_by_project(
270 context, project_id)
271 project_usages = {}
272 if usages:
273 project_usages = self._get_usages(context, resources, project_id)
274 return self._process_quotas(context, resources, project_id,
275 project_quotas, quota_class,
276 usages=project_usages,
277 remains=remains)
279 def _is_unlimited_value(self, v):
280 """A helper method to check for unlimited value.
281 """
283 return v <= self.UNLIMITED_VALUE
285 def _sum_quota_values(self, v1, v2):
286 """A helper method that handles unlimited values when performing
287 sum operation.
288 """
290 if self._is_unlimited_value(v1) or self._is_unlimited_value(v2):
291 return self.UNLIMITED_VALUE
292 return v1 + v2
294 def _sub_quota_values(self, v1, v2):
295 """A helper method that handles unlimited values when performing
296 subtraction operation.
297 """
299 if self._is_unlimited_value(v1) or self._is_unlimited_value(v2):
300 return self.UNLIMITED_VALUE
301 return v1 - v2
303 def get_settable_quotas(self, context, resources, project_id,
304 user_id=None):
305 """Given a list of resources, retrieve the range of settable quotas for
306 the given user or project.
308 :param context: The request context, for access checks.
309 :param resources: A dictionary of the registered resources.
310 :param project_id: The ID of the project to return quotas for.
311 :param user_id: The ID of the user to return quotas for.
312 """
314 settable_quotas = {}
315 db_proj_quotas = objects.Quotas.get_all_by_project(context, project_id)
316 project_quotas = self.get_project_quotas(context, resources,
317 project_id, remains=True,
318 project_quotas=db_proj_quotas)
319 if user_id:
320 setted_quotas = objects.Quotas.get_all_by_project_and_user(
321 context, project_id, user_id)
322 user_quotas = self.get_user_quotas(context, resources,
323 project_id, user_id,
324 project_quotas=db_proj_quotas,
325 user_quotas=setted_quotas)
326 for key, value in user_quotas.items():
327 # Maximum is the remaining quota for a project (class/default
328 # minus the sum of all user quotas in the project), plus the
329 # given user's quota. So if the class/default is 20 and there
330 # are two users each with quota of 5, then there is quota of
331 # 10 remaining. The given user currently has quota of 5, so
332 # the maximum you could update their quota to would be 15.
333 # Class/default 20 - currently used in project 10 + current
334 # user 5 = 15.
335 maximum = \
336 self._sum_quota_values(project_quotas[key]['remains'],
337 setted_quotas.get(key, 0))
338 # This function is called for the quota_sets api and the
339 # corresponding nova-manage command. The idea is when someone
340 # attempts to update a quota, the value chosen must be at least
341 # as much as the current usage and less than or equal to the
342 # project limit less the sum of existing per user limits.
343 minimum = value['in_use']
344 settable_quotas[key] = {'minimum': minimum, 'maximum': maximum}
345 else:
346 for key, value in project_quotas.items():
347 minimum = \
348 max(int(self._sub_quota_values(value['limit'],
349 value['remains'])),
350 int(value['in_use']))
351 settable_quotas[key] = {'minimum': minimum, 'maximum': -1}
352 return settable_quotas
354 def _get_quotas(self, context, resources, keys, project_id=None,
355 user_id=None, project_quotas=None):
356 """A helper method which retrieves the quotas for the specific
357 resources identified by keys, and which apply to the current
358 context.
360 :param context: The request context, for access checks.
361 :param resources: A dictionary of the registered resources.
362 :param keys: A list of the desired quotas to retrieve.
363 :param project_id: Specify the project_id if current context
364 is admin and admin wants to impact on
365 common user's tenant.
366 :param user_id: Specify the user_id if current context
367 is admin and admin wants to impact on
368 common user.
369 :param project_quotas: Quotas dictionary for the specified project.
370 """
372 # Filter resources
373 desired = set(keys)
374 sub_resources = {k: v for k, v in resources.items() if k in desired}
376 # Make sure we accounted for all of them...
377 if len(keys) != len(sub_resources):
378 unknown = desired - set(sub_resources.keys())
379 raise exception.QuotaResourceUnknown(unknown=sorted(unknown))
381 if user_id:
382 LOG.debug('Getting quotas for user %(user_id)s and project '
383 '%(project_id)s. Resources: %(keys)s',
384 {'user_id': user_id, 'project_id': project_id,
385 'keys': keys})
386 # Grab and return the quotas (without usages)
387 quotas = self.get_user_quotas(context, sub_resources,
388 project_id, user_id,
389 context.quota_class, usages=False,
390 project_quotas=project_quotas)
391 else:
392 LOG.debug('Getting quotas for project %(project_id)s. Resources: '
393 '%(keys)s', {'project_id': project_id, 'keys': keys})
394 # Grab and return the quotas (without usages)
395 quotas = self.get_project_quotas(context, sub_resources,
396 project_id,
397 context.quota_class,
398 usages=False,
399 project_quotas=project_quotas)
401 return {k: v['limit'] for k, v in quotas.items()}
403 def limit_check(self, context, resources, values, project_id=None,
404 user_id=None):
405 """Check simple quota limits.
407 For limits--those quotas for which there is no usage
408 synchronization function--this method checks that a set of
409 proposed values are permitted by the limit restriction.
411 This method will raise a QuotaResourceUnknown exception if a
412 given resource is unknown or if it is not a simple limit
413 resource.
415 If any of the proposed values is over the defined quota, an
416 OverQuota exception will be raised with the sorted list of the
417 resources which are too high. Otherwise, the method returns
418 nothing.
420 :param context: The request context, for access checks.
421 :param resources: A dictionary of the registered resources.
422 :param values: A dictionary of the values to check against the
423 quota.
424 :param project_id: Specify the project_id if current context
425 is admin and admin wants to impact on
426 common user's tenant.
427 :param user_id: Specify the user_id if current context
428 is admin and admin wants to impact on
429 common user.
430 """
431 _valid_method_call_check_resources(values, 'check', resources)
433 # Ensure no value is less than zero
434 unders = [key for key, val in values.items() if val < 0]
435 if unders:
436 raise exception.InvalidQuotaValue(unders=sorted(unders))
438 # If project_id is None, then we use the project_id in context
439 if project_id is None: 439 ↛ 442line 439 didn't jump to line 442 because the condition on line 439 was always true
440 project_id = context.project_id
441 # If user id is None, then we use the user_id in context
442 if user_id is None: 442 ↛ 446line 442 didn't jump to line 446 because the condition on line 442 was always true
443 user_id = context.user_id
445 # Get the applicable quotas
446 project_quotas = objects.Quotas.get_all_by_project(context, project_id)
447 quotas = self._get_quotas(context, resources, values.keys(),
448 project_id=project_id,
449 project_quotas=project_quotas)
450 user_quotas = self._get_quotas(context, resources, values.keys(),
451 project_id=project_id,
452 user_id=user_id,
453 project_quotas=project_quotas)
455 # Check the quotas and construct a list of the resources that
456 # would be put over limit by the desired values
457 overs = [key for key, val in values.items()
458 if quotas[key] >= 0 and quotas[key] < val or
459 (user_quotas[key] >= 0 and user_quotas[key] < val)]
460 if overs:
461 headroom = {}
462 for key in overs:
463 headroom[key] = min(
464 val for val in (quotas.get(key), project_quotas.get(key))
465 if val is not None
466 )
467 raise exception.OverQuota(overs=sorted(overs), quotas=quotas,
468 usages={}, headroom=headroom)
470 def limit_check_project_and_user(self, context, resources,
471 project_values=None, user_values=None,
472 project_id=None, user_id=None):
473 """Check values (usage + desired delta) against quota limits.
475 For limits--this method checks that a set of
476 proposed values are permitted by the limit restriction.
478 This method will raise a QuotaResourceUnknown exception if a
479 given resource is unknown or if it is not a simple limit
480 resource.
482 If any of the proposed values is over the defined quota, an
483 OverQuota exception will be raised with the sorted list of the
484 resources which are too high. Otherwise, the method returns
485 nothing.
487 :param context: The request context, for access checks
488 :param resources: A dictionary of the registered resources
489 :param project_values: Optional dict containing the resource values to
490 check against project quota,
491 e.g. {'instances': 1, 'cores': 2, 'memory_mb': 512}
492 :param user_values: Optional dict containing the resource values to
493 check against user quota,
494 e.g. {'instances': 1, 'cores': 2, 'memory_mb': 512}
495 :param project_id: Optional project_id for scoping the limit check to a
496 different project than in the context
497 :param user_id: Optional user_id for scoping the limit check to a
498 different user than in the context
499 """
500 if project_values is None:
501 project_values = {}
502 if user_values is None:
503 user_values = {}
505 _valid_method_call_check_resources(project_values, 'check', resources)
506 _valid_method_call_check_resources(user_values, 'check', resources)
508 if not any([project_values, user_values]):
509 raise exception.Invalid(
510 'Must specify at least one of project_values or user_values '
511 'for the limit check.')
513 # Ensure no value is less than zero
514 for vals in (project_values, user_values):
515 unders = [key for key, val in vals.items() if val < 0]
516 if unders:
517 raise exception.InvalidQuotaValue(unders=sorted(unders))
519 # Get a set of all keys for calling _get_quotas() so we get all of the
520 # resource limits we need.
521 all_keys = set(project_values).union(user_values)
523 # Keys that are in both project_values and user_values need to be
524 # checked against project quota and user quota, respectively.
525 # Keys that are not in both only need to be checked against project
526 # quota or user quota, if it is defined. Separate the keys that don't
527 # need to be checked against both quotas, merge them into one dict,
528 # and remove them from project_values and user_values.
529 keys_to_merge = set(project_values).symmetric_difference(user_values)
530 merged_values = {}
531 for key in keys_to_merge:
532 # The key will be either in project_values or user_values based on
533 # the earlier symmetric_difference. Default to 0 in case the found
534 # value is 0 and won't take precedence over a None default.
535 merged_values[key] = (project_values.get(key, 0) or
536 user_values.get(key, 0))
537 project_values.pop(key, None)
538 user_values.pop(key, None)
540 # If project_id is None, then we use the project_id in context
541 if project_id is None:
542 project_id = context.project_id
543 # If user id is None, then we use the user_id in context
544 if user_id is None:
545 user_id = context.user_id
547 # Get the applicable quotas. They will be merged together (taking the
548 # min limit) if project_values and user_values were not specified
549 # together.
551 # per project quota limits (quotas that have no concept of
552 # user-scoping: <none>)
553 project_quotas = objects.Quotas.get_all_by_project(context, project_id)
554 # per user quotas, project quota limits (for quotas that have
555 # user-scoping, limits for the project)
556 quotas = self._get_quotas(context, resources, all_keys,
557 project_id=project_id,
558 project_quotas=project_quotas)
559 # per user quotas, user quota limits (for quotas that have
560 # user-scoping, the limits for the user)
561 user_quotas = self._get_quotas(context, resources, all_keys,
562 project_id=project_id,
563 user_id=user_id,
564 project_quotas=project_quotas)
566 if merged_values:
567 # This is for resources that are not counted across a project and
568 # must pass both the quota for the project and the quota for the
569 # user.
570 # Combine per user project quotas and user_quotas for use in the
571 # checks, taking the minimum limit between the two.
572 merged_quotas = copy.deepcopy(quotas)
573 for k, v in user_quotas.items():
574 if k in merged_quotas: 574 ↛ 577line 574 didn't jump to line 577 because the condition on line 574 was always true
575 merged_quotas[k] = min(merged_quotas[k], v)
576 else:
577 merged_quotas[k] = v
579 # Check the quotas and construct a list of the resources that
580 # would be put over limit by the desired values
581 overs = [key for key, val in merged_values.items()
582 if merged_quotas[key] >= 0 and merged_quotas[key] < val]
583 if overs:
584 headroom = {}
585 for key in overs:
586 headroom[key] = merged_quotas[key]
587 raise exception.OverQuota(overs=sorted(overs),
588 quotas=merged_quotas, usages={},
589 headroom=headroom)
591 # This is for resources that are counted across a project and
592 # across a user (instances, cores, ram, server_groups). The
593 # project_values must pass the quota for the project and the
594 # user_values must pass the quota for the user.
595 over_user_quota = False
596 overs = []
597 for key in user_values.keys():
598 # project_values and user_values should contain the same keys or
599 # be empty after the keys in the symmetric_difference were removed
600 # from both dicts.
601 if quotas[key] >= 0 and quotas[key] < project_values[key]:
602 overs.append(key)
603 elif (user_quotas[key] >= 0 and
604 user_quotas[key] < user_values[key]):
605 overs.append(key)
606 over_user_quota = True
607 if overs:
608 quotas_exceeded = user_quotas if over_user_quota else quotas
609 headroom = {}
610 for key in overs:
611 headroom[key] = quotas_exceeded[key]
612 raise exception.OverQuota(overs=sorted(overs),
613 quotas=quotas_exceeded, usages={},
614 headroom=headroom)
617class NoopQuotaDriver(object):
618 """Driver that turns quotas calls into no-ops and pretends that quotas
619 for all resources are unlimited. This can be used if you do not
620 wish to have any quota checking.
621 """
623 def get_reserved(self):
624 # Noop has always returned -1 for reserved
625 return -1
627 def get_defaults(self, context, resources):
628 """Given a list of resources, retrieve the default quotas.
630 :param context: The request context, for access checks.
631 :param resources: A dictionary of the registered resources.
632 """
633 quotas = {}
634 for resource in resources.values():
635 quotas[resource.name] = -1
636 return quotas
638 def get_class_quotas(self, context, resources, quota_class):
639 """Given a list of resources, retrieve the quotas for the given
640 quota class.
642 :param context: The request context, for access checks.
643 :param resources: A dictionary of the registered resources.
644 :param quota_class: The name of the quota class to return
645 quotas for.
646 """
647 quotas = {}
648 for resource in resources.values():
649 quotas[resource.name] = -1
650 return quotas
652 def _get_noop_quotas(self, resources, usages=None, remains=False):
653 quotas = {}
654 for resource in resources.values():
655 quotas[resource.name] = {}
656 quotas[resource.name]['limit'] = -1
657 if usages:
658 quotas[resource.name]['in_use'] = -1
659 if remains: 659 ↛ 660line 659 didn't jump to line 660 because the condition on line 659 was never true
660 quotas[resource.name]['remains'] = -1
661 return quotas
663 def get_user_quotas(self, context, resources, project_id, user_id,
664 quota_class=None,
665 usages=True):
666 """Given a list of resources, retrieve the quotas for the given
667 user and project.
669 :param context: The request context, for access checks.
670 :param resources: A dictionary of the registered resources.
671 :param project_id: The ID of the project to return quotas for.
672 :param user_id: The ID of the user to return quotas for.
673 :param quota_class: If project_id != context.project_id, the
674 quota class cannot be determined. This
675 parameter allows it to be specified. It
676 will be ignored if project_id ==
677 context.project_id.
678 :param usages: If True, the current counts will also be returned.
679 """
680 return self._get_noop_quotas(resources, usages=usages)
682 def get_project_quotas(self, context, resources, project_id,
683 quota_class=None,
684 usages=True, remains=False):
685 """Given a list of resources, retrieve the quotas for the given
686 project.
688 :param context: The request context, for access checks.
689 :param resources: A dictionary of the registered resources.
690 :param project_id: The ID of the project to return quotas for.
691 :param quota_class: If project_id != context.project_id, the
692 quota class cannot be determined. This
693 parameter allows it to be specified. It
694 will be ignored if project_id ==
695 context.project_id.
696 :param usages: If True, the current counts will also be returned.
697 :param remains: If True, the current remains of the project will
698 will be returned.
699 """
700 return self._get_noop_quotas(resources, usages=usages, remains=remains)
702 def get_settable_quotas(self, context, resources, project_id,
703 user_id=None):
704 """Given a list of resources, retrieve the range of settable quotas for
705 the given user or project.
707 :param context: The request context, for access checks.
708 :param resources: A dictionary of the registered resources.
709 :param project_id: The ID of the project to return quotas for.
710 :param user_id: The ID of the user to return quotas for.
711 """
712 quotas = {}
713 for resource in resources.values():
714 quotas[resource.name] = {'minimum': 0, 'maximum': -1}
715 return quotas
717 def limit_check(self, context, resources, values, project_id=None,
718 user_id=None):
719 """Check simple quota limits.
721 For limits--those quotas for which there is no usage
722 synchronization function--this method checks that a set of
723 proposed values are permitted by the limit restriction.
725 This method will raise a QuotaResourceUnknown exception if a
726 given resource is unknown or if it is not a simple limit
727 resource.
729 If any of the proposed values is over the defined quota, an
730 OverQuota exception will be raised with the sorted list of the
731 resources which are too high. Otherwise, the method returns
732 nothing.
734 :param context: The request context, for access checks.
735 :param resources: A dictionary of the registered resources.
736 :param values: A dictionary of the values to check against the
737 quota.
738 :param project_id: Specify the project_id if current context
739 is admin and admin wants to impact on
740 common user's tenant.
741 :param user_id: Specify the user_id if current context
742 is admin and admin wants to impact on
743 common user.
744 """
745 pass
747 def limit_check_project_and_user(self, context, resources,
748 project_values=None, user_values=None,
749 project_id=None, user_id=None):
750 """Check values against quota limits.
752 For limits--this method checks that a set of
753 proposed values are permitted by the limit restriction.
755 This method will raise a QuotaResourceUnknown exception if a
756 given resource is unknown or if it is not a simple limit
757 resource.
759 If any of the proposed values is over the defined quota, an
760 OverQuota exception will be raised with the sorted list of the
761 resources which are too high. Otherwise, the method returns
762 nothing.
764 :param context: The request context, for access checks
765 :param resources: A dictionary of the registered resources
766 :param project_values: Optional dict containing the resource values to
767 check against project quota,
768 e.g. {'instances': 1, 'cores': 2, 'memory_mb': 512}
769 :param user_values: Optional dict containing the resource values to
770 check against user quota,
771 e.g. {'instances': 1, 'cores': 2, 'memory_mb': 512}
772 :param project_id: Optional project_id for scoping the limit check to a
773 different project than in the context
774 :param user_id: Optional user_id for scoping the limit check to a
775 different user than in the context
776 """
777 pass
780class UnifiedLimitsDriver(NoopQuotaDriver):
781 """Ease migration to new unified limits code.
783 Help ease migration to unified limits by ensuring the old code
784 paths still work with unified limits. Eventually the expectation is
785 all this legacy quota code will go away, leaving the new simpler code
786 """
788 def __init__(self):
789 LOG.warning("The Unified Limits Quota Driver is experimental and "
790 "is under active development. Do not use this driver.")
792 def get_reserved(self):
793 # To make unified limits APIs the same as the DB driver, return 0
794 return 0
796 def get_class_quotas(self, context, resources, quota_class):
797 """Given a list of resources, retrieve the quotas for the given
798 quota class.
800 :param context: The request context, for access checks.
801 :param resources: A dictionary of the registered resources.
802 :param quota_class: Placeholder, we always assume default quota class.
803 """
804 # NOTE(johngarbutt): ignoring quota_class, as ignored in noop driver
805 return self.get_defaults(context, resources)
807 def get_defaults(self, context, resources):
808 local_limits = local_limit.get_legacy_default_limits()
809 # Note we get 0 if there is no registered limit,
810 # to mirror oslo_limit behaviour when there is no registered limit
811 placement_limits = placement_limit.get_legacy_default_limits()
812 quotas = {}
813 for resource in resources.values():
814 if resource.name in placement_limits:
815 quotas[resource.name] = placement_limits[resource.name]
816 else:
817 # return -1 for things like security_group_rules
818 # that are neither a keystone limit or a local limit
819 quotas[resource.name] = local_limits.get(resource.name, -1)
821 return quotas
823 def get_project_quotas(self, context, resources, project_id,
824 quota_class=None,
825 usages=True, remains=False):
826 if quota_class is not None: 826 ↛ 827line 826 didn't jump to line 827 because the condition on line 826 was never true
827 raise NotImplementedError("quota_class")
829 if remains: 829 ↛ 830line 829 didn't jump to line 830 because the condition on line 829 was never true
830 raise NotImplementedError("remains")
832 local_limits = local_limit.get_legacy_default_limits()
833 # keystone limits always returns core, ram and instances
834 # if nothing set in keystone, we get back 0, i.e. don't allow
835 placement_limits = placement_limit.get_legacy_project_limits(
836 project_id)
838 project_quotas = {}
839 for resource in resources.values():
840 if resource.name in placement_limits:
841 limit = placement_limits[resource.name]
842 else:
843 # return -1 for things like security_group_rules
844 # that are neither a keystone limit or a local limit
845 limit = local_limits.get(resource.name, -1)
846 project_quotas[resource.name] = {"limit": limit}
848 if usages:
849 local_in_use = local_limit.get_in_use(context, project_id)
850 p_in_use = placement_limit.get_legacy_counts(context, project_id)
852 for resource in resources.values():
853 # default to 0 for resources that are deprecated,
854 # i.e. not in keystone or local limits, such that we
855 # are API compatible with what was returned with
856 # the db driver, even though noop driver returned -1
857 usage_count = 0
858 if resource.name in local_in_use:
859 usage_count = local_in_use[resource.name]
860 if resource.name in p_in_use:
861 usage_count = p_in_use[resource.name]
862 project_quotas[resource.name]["in_use"] = usage_count
864 return project_quotas
866 def get_user_quotas(self, context, resources, project_id, user_id,
867 quota_class=None, usages=True):
868 return self.get_project_quotas(context, resources, project_id,
869 quota_class, usages)
872class BaseResource(object):
873 """Describe a single resource for quota checking."""
875 def __init__(self, name, flag=None):
876 """Initializes a Resource.
878 :param name: The name of the resource, i.e., "instances".
879 :param flag: The name of the flag or configuration option
880 which specifies the default value of the quota
881 for this resource.
882 """
884 self.name = name
885 self.flag = flag
887 @property
888 def default(self):
889 """Return the default value of the quota."""
890 return CONF.quota[self.flag] if self.flag else -1
893class AbsoluteResource(BaseResource):
894 """Describe a resource that does not correspond to database objects."""
895 valid_method = 'check'
898class CountableResource(AbsoluteResource):
899 """Describe a resource where the counts aren't based solely on the
900 project ID.
901 """
903 def __init__(self, name, count_as_dict, flag=None):
904 """Initializes a CountableResource.
906 Countable resources are those resources which directly
907 correspond to objects in the database, but for which a count
908 by project ID is inappropriate e.g. keypairs
909 A CountableResource must be constructed with a counting
910 function, which will be called to determine the current counts
911 of the resource.
913 The counting function will be passed the context, along with
914 the extra positional and keyword arguments that are passed to
915 Quota.count_as_dict(). It should return a dict specifying the
916 count scoped to a project and/or a user.
918 Example count of instances, cores, or ram returned as a rollup
919 of all the resources since we only want to query the instances
920 table once, not multiple times, for each resource.
921 Instances, cores, and ram are counted across a project and
922 across a user:
924 {'project': {'instances': 5, 'cores': 8, 'ram': 4096},
925 'user': {'instances': 1, 'cores': 2, 'ram': 512}}
927 Example count of server groups keeping a consistent format.
928 Server groups are counted across a project and across a user:
930 {'project': {'server_groups': 7},
931 'user': {'server_groups': 2}}
933 Example count of key pairs keeping a consistent format.
934 Key pairs are counted across a user only:
936 {'user': {'key_pairs': 5}}
938 Note that this counting is not performed in a transaction-safe
939 manner. This resource class is a temporary measure to provide
940 required functionality, until a better approach to solving
941 this problem can be evolved.
943 :param name: The name of the resource, i.e., "instances".
944 :param count_as_dict: A callable which returns the count of the
945 resource as a dict. The arguments passed are as
946 described above.
947 :param flag: The name of the flag or configuration option
948 which specifies the default value of the quota
949 for this resource.
950 """
952 super(CountableResource, self).__init__(name, flag=flag)
953 self.count_as_dict = count_as_dict
956class QuotaEngine(object):
957 """Represent the set of recognized quotas."""
959 def __init__(self, quota_driver=None, resources=None):
960 """Initialize a Quota object.
962 :param quota_driver: a QuotaDriver object (only used in testing. if
963 None (default), instantiates a driver from the
964 CONF.quota.driver option)
965 :param resources: iterable of Resource objects
966 """
967 resources = resources or []
968 self._resources = {
969 resource.name: resource for resource in resources
970 }
971 # NOTE(mriedem): quota_driver is ever only supplied in tests with a
972 # fake driver.
973 self.__driver_override = quota_driver
974 self.__driver = None
975 self.__driver_name = None
977 @property
978 def _driver(self):
979 if self.__driver_override:
980 return self.__driver_override
982 # NOTE(johngarbutt) to allow unit tests to change the driver by
983 # simply overriding config, double check if we have the correct
984 # driver cached before we return the currently cached driver
985 driver_name_in_config = CONF.quota.driver
986 if self.__driver_name != driver_name_in_config:
987 self.__driver = importutils.import_object(driver_name_in_config)
988 self.__driver_name = driver_name_in_config
990 return self.__driver
992 def get_defaults(self, context):
993 """Retrieve the default quotas.
995 :param context: The request context, for access checks.
996 """
998 return self._driver.get_defaults(context, self._resources)
1000 def get_class_quotas(self, context, quota_class):
1001 """Retrieve the quotas for the given quota class.
1003 :param context: The request context, for access checks.
1004 :param quota_class: The name of the quota class to return
1005 quotas for.
1006 """
1008 return self._driver.get_class_quotas(context, self._resources,
1009 quota_class)
1011 def get_user_quotas(self, context, project_id, user_id, quota_class=None,
1012 usages=True):
1013 """Retrieve the quotas for the given user and project.
1015 :param context: The request context, for access checks.
1016 :param project_id: The ID of the project to return quotas for.
1017 :param user_id: The ID of the user to return quotas for.
1018 :param quota_class: If project_id != context.project_id, the
1019 quota class cannot be determined. This
1020 parameter allows it to be specified.
1021 :param usages: If True, the current counts will also be returned.
1022 """
1024 return self._driver.get_user_quotas(context, self._resources,
1025 project_id, user_id,
1026 quota_class=quota_class,
1027 usages=usages)
1029 def get_project_quotas(self, context, project_id, quota_class=None,
1030 usages=True, remains=False):
1031 """Retrieve the quotas for the given project.
1033 :param context: The request context, for access checks.
1034 :param project_id: The ID of the project to return quotas for.
1035 :param quota_class: If project_id != context.project_id, the
1036 quota class cannot be determined. This
1037 parameter allows it to be specified.
1038 :param usages: If True, the current counts will also be returned.
1039 :param remains: If True, the current remains of the project will
1040 will be returned.
1041 """
1043 return self._driver.get_project_quotas(context, self._resources,
1044 project_id,
1045 quota_class=quota_class,
1046 usages=usages,
1047 remains=remains)
1049 def get_settable_quotas(self, context, project_id, user_id=None):
1050 """Given a list of resources, retrieve the range of settable quotas for
1051 the given user or project.
1053 :param context: The request context, for access checks.
1054 :param project_id: The ID of the project to return quotas for.
1055 :param user_id: The ID of the user to return quotas for.
1056 """
1058 return self._driver.get_settable_quotas(context, self._resources,
1059 project_id,
1060 user_id=user_id)
1062 def count_as_dict(self, context, resource, *args, **kwargs):
1063 """Count a resource and return a dict.
1065 For countable resources, invokes the count_as_dict() function and
1066 returns its result. Arguments following the context and
1067 resource are passed directly to the count function declared by
1068 the resource.
1070 :param context: The request context, for access checks.
1071 :param resource: The name of the resource, as a string.
1072 :returns: A dict containing the count(s) for the resource, for example:
1073 {'project': {'instances': 2, 'cores': 4, 'ram': 1024},
1074 'user': {'instances': 1, 'cores': 2, 'ram': 512}}
1076 another example:
1077 {'user': {'key_pairs': 5}}
1078 """
1080 # Get the resource
1081 res = self._resources.get(resource)
1082 if not res or not hasattr(res, 'count_as_dict'):
1083 raise exception.QuotaResourceUnknown(unknown=[resource])
1085 return res.count_as_dict(context, *args, **kwargs)
1087 # TODO(melwitt): This can be removed once no old code can call
1088 # limit_check(). It will be replaced with limit_check_project_and_user().
1089 def limit_check(self, context, project_id=None, user_id=None, **values):
1090 """Check simple quota limits.
1092 For limits--those quotas for which there is no usage
1093 synchronization function--this method checks that a set of
1094 proposed values are permitted by the limit restriction. The
1095 values to check are given as keyword arguments, where the key
1096 identifies the specific quota limit to check, and the value is
1097 the proposed value.
1099 This method will raise a QuotaResourceUnknown exception if a
1100 given resource is unknown or if it is not a simple limit
1101 resource.
1103 If any of the proposed values is over the defined quota, an
1104 OverQuota exception will be raised with the sorted list of the
1105 resources which are too high. Otherwise, the method returns
1106 nothing.
1108 :param context: The request context, for access checks.
1109 :param project_id: Specify the project_id if current context
1110 is admin and admin wants to impact on
1111 common user's tenant.
1112 :param user_id: Specify the user_id if current context
1113 is admin and admin wants to impact on
1114 common user.
1115 """
1117 return self._driver.limit_check(context, self._resources, values,
1118 project_id=project_id, user_id=user_id)
1120 def limit_check_project_and_user(self, context, project_values=None,
1121 user_values=None, project_id=None,
1122 user_id=None):
1123 """Check values against quota limits.
1125 For limits--this method checks that a set of
1126 proposed values are permitted by the limit restriction.
1128 This method will raise a QuotaResourceUnknown exception if a
1129 given resource is unknown or if it is not a simple limit
1130 resource.
1132 If any of the proposed values is over the defined quota, an
1133 OverQuota exception will be raised with the sorted list of the
1134 resources which are too high. Otherwise, the method returns
1135 nothing.
1137 :param context: The request context, for access checks
1138 :param project_values: Optional dict containing the resource values to
1139 check against project quota,
1140 e.g. {'instances': 1, 'cores': 2, 'memory_mb': 512}
1141 :param user_values: Optional dict containing the resource values to
1142 check against user quota,
1143 e.g. {'instances': 1, 'cores': 2, 'memory_mb': 512}
1144 :param project_id: Optional project_id for scoping the limit check to a
1145 different project than in the context
1146 :param user_id: Optional user_id for scoping the limit check to a
1147 different user than in the context
1148 """
1149 return self._driver.limit_check_project_and_user(
1150 context, self._resources, project_values=project_values,
1151 user_values=user_values, project_id=project_id, user_id=user_id)
1153 @property
1154 def resources(self):
1155 return sorted(self._resources.keys())
1157 def get_reserved(self):
1158 return self._driver.get_reserved()
1161@api_db_api.context_manager.reader
1162def _user_id_queued_for_delete_populated(context, project_id=None):
1163 """Determine whether user_id and queued_for_delete are set.
1165 This will be used to determine whether we need to fall back on
1166 the legacy quota counting method (if we cannot rely on counting
1167 instance mappings for the instance count). If any records with user_id=None
1168 and queued_for_delete=False are found, we need to fall back to the legacy
1169 counting method. If any records with queued_for_delete=None are found, we
1170 need to fall back to the legacy counting method.
1172 Note that this check specifies queued_for_deleted=False, which excludes
1173 deleted and SOFT_DELETED instances. The 'populate_user_id' data migration
1174 migrates SOFT_DELETED instances because they could be restored at any time
1175 in the future. However, for this quota-check-time method, it is acceptable
1176 to ignore SOFT_DELETED instances, since we just want to know if it is safe
1177 to use instance mappings to count instances at this point in time (and
1178 SOFT_DELETED instances do not count against quota limits).
1180 We also want to fall back to the legacy counting method if we detect any
1181 records that have not yet populated the queued_for_delete field. We do this
1182 instead of counting queued_for_delete=None records since that might not
1183 accurately reflect the project or project user's quota usage.
1185 :param project_id: The project to check
1186 :returns: True if user_id is set for all non-deleted instances and
1187 queued_for_delete is set for all instances, else False
1188 """
1189 user_id_not_populated = sql.and_(
1190 api_models.InstanceMapping.user_id == sql.null(),
1191 api_models.InstanceMapping.queued_for_delete == sql.false())
1192 # If either queued_for_delete or user_id are unmigrated, we will return
1193 # False.
1194 unmigrated_filter = sql.or_(
1195 api_models.InstanceMapping.queued_for_delete == sql.null(),
1196 user_id_not_populated)
1197 query = context.session.query(api_models.InstanceMapping).filter(
1198 unmigrated_filter)
1199 if project_id: 1199 ↛ 1200line 1199 didn't jump to line 1200 because the condition on line 1199 was never true
1200 query = query.filter_by(project_id=project_id)
1201 return not context.session.query(query.exists()).scalar()
1204def _keypair_get_count_by_user(context, user_id):
1205 count = objects.KeyPairList.get_count_by_user(context, user_id)
1206 return {'user': {'key_pairs': count}}
1209def _server_group_count_members_by_user_legacy(context, group, user_id):
1210 filters = {'deleted': False, 'user_id': user_id, 'uuid': group.members}
1212 def group_member_uuids(cctxt):
1213 return {inst.uuid for inst in objects.InstanceList.get_by_filters(
1214 cctxt, filters, expected_attrs=[])}
1216 # Ignore any duplicates since build requests and instances can co-exist
1217 # for a short window of time after the instance is created in a cell but
1218 # before the build request is deleted.
1219 instance_uuids = set()
1221 # NOTE(melwitt): Counting across cells for instances means we will miss
1222 # counting resources if a cell is down.
1223 per_cell = nova_context.scatter_gather_all_cells(
1224 context, group_member_uuids)
1225 for uuids in per_cell.values():
1226 instance_uuids |= uuids
1228 # Count build requests using the same filters to catch group members
1229 # that are not yet created in a cell.
1230 build_requests = objects.BuildRequestList.get_by_filters(context, filters)
1231 for build_request in build_requests:
1232 instance_uuids.add(build_request.instance_uuid)
1234 return {'user': {'server_group_members': len(instance_uuids)}}
1237def is_qfd_populated(context):
1238 """Check if user_id and queued_for_delete fields are populated.
1240 This method is related to counting quota usage from placement. It is not
1241 yet possible to count instances from placement, so in the meantime we can
1242 use instance mappings for counting. This method is used to determine
1243 whether the user_id and queued_for_delete columns are populated in the API
1244 database's instance_mappings table. Instance mapping records are not
1245 deleted from the database until the database is archived, so
1246 queued_for_delete tells us whether or not we should count them for instance
1247 quota usage. The user_id field enables us to scope instance quota usage to
1248 a user (legacy quota).
1250 Scoping instance quota to a user is only possible
1251 when counting quota usage from placement is configured and unified limits
1252 is not configured. When unified limits is configured, quotas are scoped
1253 only to projects.
1255 In the future when it is possible to count instance usage from placement,
1256 this method will no longer be needed.
1257 """
1258 global UID_QFD_POPULATED_CACHE_ALL
1259 if not UID_QFD_POPULATED_CACHE_ALL:
1260 LOG.debug('Checking whether user_id and queued_for_delete are '
1261 'populated for all projects')
1262 UID_QFD_POPULATED_CACHE_ALL = _user_id_queued_for_delete_populated(
1263 context)
1265 return UID_QFD_POPULATED_CACHE_ALL
1268def _server_group_count_members_by_user(context, group, user_id):
1269 """Get the count of server group members for a group by user.
1271 :param context: The request context for database access
1272 :param group: The InstanceGroup object with members to count
1273 :param user_id: The user_id to count across
1274 :returns: A dict containing the user-scoped count. For example:
1276 {'user': 'server_group_members': <count across user>}}
1277 """
1278 # Because server group members quota counting is not scoped to a project,
1279 # but scoped to a particular InstanceGroup and user, we have no reasonable
1280 # way of pruning down our migration check to only a subset of all instance
1281 # mapping records.
1282 # So, we check whether user_id/queued_for_delete is populated for all
1283 # records and cache the result to prevent unnecessary checking once the
1284 # data migration has been completed.
1285 if is_qfd_populated(context): 1285 ↛ 1290line 1285 didn't jump to line 1290 because the condition on line 1285 was always true
1286 count = objects.InstanceMappingList.get_count_by_uuids_and_user(
1287 context, group.members, user_id)
1288 return {'user': {'server_group_members': count}}
1290 LOG.warning('Falling back to legacy quota counting method for server '
1291 'group members')
1292 return _server_group_count_members_by_user_legacy(context, group,
1293 user_id)
1296def _instances_cores_ram_count_legacy(context, project_id, user_id=None):
1297 """Get the counts of instances, cores, and ram in cell databases.
1299 :param context: The request context for database access
1300 :param project_id: The project_id to count across
1301 :param user_id: The user_id to count across
1302 :returns: A dict containing the project-scoped counts and user-scoped
1303 counts if user_id is specified. For example:
1305 {'project': {'instances': <count across project>,
1306 'cores': <count across project>,
1307 'ram': <count across project>},
1308 'user': {'instances': <count across user>,
1309 'cores': <count across user>,
1310 'ram': <count across user>}}
1311 """
1312 # NOTE(melwitt): Counting across cells for instances, cores, and ram means
1313 # we will miss counting resources if a cell is down.
1314 # NOTE(tssurya): We only go into those cells in which the tenant has
1315 # instances. We could optimize this to avoid the CellMappingList query
1316 # for single-cell deployments by checking the cell cache and only doing
1317 # this filtering if there is more than one non-cell0 cell.
1318 # TODO(tssurya): Consider adding a scatter_gather_cells_for_project
1319 # variant that makes this native to nova.context.
1320 if CONF.api.instance_list_per_project_cells: 1320 ↛ 1321line 1320 didn't jump to line 1321 because the condition on line 1320 was never true
1321 cell_mappings = objects.CellMappingList.get_by_project_id(
1322 context, project_id)
1323 else:
1324 nova_context.load_cells()
1325 cell_mappings = nova_context.CELLS
1326 results = nova_context.scatter_gather_cells(
1327 context, cell_mappings, nova_context.CELL_TIMEOUT,
1328 objects.InstanceList.get_counts, project_id, user_id=user_id)
1329 total_counts = {'project': {'instances': 0, 'cores': 0, 'ram': 0}}
1330 if user_id:
1331 total_counts['user'] = {'instances': 0, 'cores': 0, 'ram': 0}
1332 for result in results.values():
1333 if not nova_context.is_cell_failure_sentinel(result): 1333 ↛ 1332line 1333 didn't jump to line 1332 because the condition on line 1333 was always true
1334 for resource, count in result['project'].items():
1335 total_counts['project'][resource] += count
1336 if user_id:
1337 for resource, count in result['user'].items():
1338 total_counts['user'][resource] += count
1339 return total_counts
1342def _cores_ram_count_placement(context, project_id, user_id=None):
1343 return report.report_client_singleton().get_usages_counts_for_quota(
1344 context, project_id, user_id=user_id)
1347def _instances_cores_ram_count_api_db_placement(context, project_id,
1348 user_id=None):
1349 # Will return a dict with format: {'project': {'instances': M},
1350 # 'user': {'instances': N}}
1351 # where the 'user' key is optional.
1352 total_counts = objects.InstanceMappingList.get_counts(context,
1353 project_id,
1354 user_id=user_id)
1355 cores_ram_counts = _cores_ram_count_placement(context, project_id,
1356 user_id=user_id)
1357 total_counts['project'].update(cores_ram_counts['project'])
1358 if 'user' in total_counts: 1358 ↛ 1360line 1358 didn't jump to line 1360 because the condition on line 1358 was always true
1359 total_counts['user'].update(cores_ram_counts['user'])
1360 return total_counts
1363def _instances_cores_ram_count(context, project_id, user_id=None):
1364 """Get the counts of instances, cores, and ram.
1366 :param context: The request context for database access
1367 :param project_id: The project_id to count across
1368 :param user_id: The user_id to count across
1369 :returns: A dict containing the project-scoped counts and user-scoped
1370 counts if user_id is specified. For example:
1372 {'project': {'instances': <count across project>,
1373 'cores': <count across project>,
1374 'ram': <count across project>},
1375 'user': {'instances': <count across user>,
1376 'cores': <count across user>,
1377 'ram': <count across user>}}
1378 """
1379 global UID_QFD_POPULATED_CACHE_BY_PROJECT
1380 if CONF.quota.count_usage_from_placement:
1381 # If a project has all user_id and queued_for_delete data populated,
1382 # cache the result to avoid needless database checking in the future.
1383 if (not UID_QFD_POPULATED_CACHE_ALL and
1384 project_id not in UID_QFD_POPULATED_CACHE_BY_PROJECT):
1385 LOG.debug('Checking whether user_id and queued_for_delete are '
1386 'populated for project_id %s', project_id)
1387 uid_qfd_populated = _user_id_queued_for_delete_populated(
1388 context, project_id)
1389 if uid_qfd_populated:
1390 UID_QFD_POPULATED_CACHE_BY_PROJECT.add(project_id)
1391 else:
1392 uid_qfd_populated = True
1393 if uid_qfd_populated:
1394 return _instances_cores_ram_count_api_db_placement(context,
1395 project_id,
1396 user_id=user_id)
1397 LOG.warning('Falling back to legacy quota counting method for '
1398 'instances, cores, and ram')
1399 return _instances_cores_ram_count_legacy(context, project_id,
1400 user_id=user_id)
1403def _server_group_count(context, project_id, user_id=None):
1404 """Get the counts of server groups in the database.
1406 :param context: The request context for database access
1407 :param project_id: The project_id to count across
1408 :param user_id: The user_id to count across
1409 :returns: A dict containing the project-scoped counts and user-scoped
1410 counts if user_id is specified. For example:
1412 {'project': {'server_groups': <count across project>},
1413 'user': {'server_groups': <count across user>}}
1414 """
1415 return objects.InstanceGroupList.get_counts(context, project_id,
1416 user_id=user_id)
1419QUOTAS = QuotaEngine(
1420 resources=[
1421 CountableResource(
1422 'instances', _instances_cores_ram_count, 'instances'),
1423 CountableResource(
1424 'cores', _instances_cores_ram_count, 'cores'),
1425 CountableResource(
1426 'ram', _instances_cores_ram_count, 'ram'),
1427 AbsoluteResource(
1428 'metadata_items', 'metadata_items'),
1429 AbsoluteResource(
1430 'injected_files', 'injected_files'),
1431 AbsoluteResource(
1432 'injected_file_content_bytes', 'injected_file_content_bytes'),
1433 AbsoluteResource(
1434 'injected_file_path_bytes', 'injected_file_path_length'),
1435 CountableResource(
1436 'key_pairs', _keypair_get_count_by_user, 'key_pairs'),
1437 CountableResource(
1438 'server_groups', _server_group_count, 'server_groups'),
1439 CountableResource(
1440 'server_group_members', _server_group_count_members_by_user,
1441 'server_group_members'),
1442 # Deprecated nova-network quotas, retained to avoid changing API
1443 # responses
1444 AbsoluteResource('fixed_ips'),
1445 AbsoluteResource('floating_ips'),
1446 AbsoluteResource('security_groups'),
1447 AbsoluteResource('security_group_rules'),
1448 ],
1449)
1452def _valid_method_call_check_resource(name, method, resources):
1453 if name not in resources:
1454 raise exception.InvalidQuotaMethodUsage(method=method, res=name)
1455 res = resources[name]
1457 if res.valid_method != method:
1458 raise exception.InvalidQuotaMethodUsage(method=method, res=name)
1461def _valid_method_call_check_resources(resource_values, method, resources):
1462 """A method to check whether the resource can use the quota method.
1464 :param resource_values: Dict containing the resource names and values
1465 :param method: The quota method to check
1466 :param resources: Dict containing Resource objects to validate against
1467 """
1469 for name in resource_values.keys():
1470 _valid_method_call_check_resource(name, method, resources)