← Back to branch summary

~ubuntu-branches/ubuntu/saucy/nova/saucy-proposed

« back to all changes in this revision

Viewing changes to .pc/CVE-2012-2101.patch/nova/quota.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-05-24 13:12:53 UTC
  • mfrom: (1.1.55)
  • Revision ID: package-import@ubuntu.com-20120524131253-ommql08fg1en06ut
Tags: 2012.2~f1-0ubuntu1
https://launchpad.net/bugs/907197
* New upstream release.
* Prepare for quantal:
  - Dropped debian/patches/upstream/0006-Use-project_id-in-ec2.cloud._format_image.patch
  - Dropped debian/patches/upstream/0005-Populate-image-properties-with-project_id-again.patch
  - Dropped debian/patches/upstream/0004-Fixed-bug-962840-added-a-test-case.patch
  - Dropped debian/patches/upstream/0003-Allow-unprivileged-RADOS-users-to-access-rbd-volumes.patch
  - Dropped debian/patches/upstream/0002-Stop-libvirt-test-from-deleting-instances-dir.patch
  - Dropped debian/patches/upstream/0001-fix-bug-where-nova-ignores-glance-host-in-imageref.patch 
  - Dropped debian/patches/0001-fix-useexisting-deprecation-warnings.patch
* debian/control: Add python-keystone as a dependency. (LP: #907197)
* debian/patches/kombu_tests_timeout.patch: Refreshed.
* debian/nova.conf, debian/nova-common.postinst: Convert to new ini
  file configuration
* debian/patches/nova-manage_flagfile_location.patch: Refreshed

Show diffs side-by-side

added added

removed removed

Lines of Context:
.pc/CVE-2012-2101.patch/nova/quota.py
1
 
# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
 
 
3
 
# Copyright 2010 United States Government as represented by the
4
 
# Administrator of the National Aeronautics and Space Administration.
5
 
# All Rights Reserved.
6
 
#
7
 
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
8
 
#    not use this file except in compliance with the License. You may obtain
9
 
#    a copy of the License at
10
 
#
11
 
#         http://www.apache.org/licenses/LICENSE-2.0
12
 
#
13
 
#    Unless required by applicable law or agreed to in writing, software
14
 
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15
 
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
16
 
#    License for the specific language governing permissions and limitations
17
 
#    under the License.
18
 
 
19
 
"""Quotas for instances, volumes, and floating ips."""
20
 
 
21
 
from nova import db
22
 
from nova.openstack.common import cfg
23
 
from nova import flags
24
 
 
25
 
 
26
 
quota_opts = [
27
 
    cfg.IntOpt('quota_instances',
28
 
               default=10,
29
 
               help='number of instances allowed per project'),
30
 
    cfg.IntOpt('quota_cores',
31
 
               default=20,
32
 
               help='number of instance cores allowed per project'),
33
 
    cfg.IntOpt('quota_ram',
34
 
               default=50 * 1024,
35
 
               help='megabytes of instance ram allowed per project'),
36
 
    cfg.IntOpt('quota_volumes',
37
 
               default=10,
38
 
               help='number of volumes allowed per project'),
39
 
    cfg.IntOpt('quota_gigabytes',
40
 
               default=1000,
41
 
               help='number of volume gigabytes allowed per project'),
42
 
    cfg.IntOpt('quota_floating_ips',
43
 
               default=10,
44
 
               help='number of floating ips allowed per project'),
45
 
    cfg.IntOpt('quota_metadata_items',
46
 
               default=128,
47
 
               help='number of metadata items allowed per instance'),
48
 
    cfg.IntOpt('quota_max_injected_files',
49
 
               default=5,
50
 
               help='number of injected files allowed'),
51
 
    cfg.IntOpt('quota_max_injected_file_content_bytes',
52
 
               default=10 * 1024,
53
 
               help='number of bytes allowed per injected file'),
54
 
    cfg.IntOpt('quota_max_injected_file_path_bytes',
55
 
               default=255,
56
 
               help='number of bytes allowed per injected file path'),
57
 
    ]
58
 
 
59
 
FLAGS = flags.FLAGS
60
 
FLAGS.register_opts(quota_opts)
61
 
 
62
 
 
63
 
def _get_default_quotas():
64
 
    defaults = {
65
 
        'instances': FLAGS.quota_instances,
66
 
        'cores': FLAGS.quota_cores,
67
 
        'ram': FLAGS.quota_ram,
68
 
        'volumes': FLAGS.quota_volumes,
69
 
        'gigabytes': FLAGS.quota_gigabytes,
70
 
        'floating_ips': FLAGS.quota_floating_ips,
71
 
        'metadata_items': FLAGS.quota_metadata_items,
72
 
        'injected_files': FLAGS.quota_max_injected_files,
73
 
        'injected_file_content_bytes':
74
 
            FLAGS.quota_max_injected_file_content_bytes,
75
 
    }
76
 
    # -1 in the quota flags means unlimited
77
 
    for key in defaults.keys():
78
 
        if defaults[key] == -1:
79
 
            defaults[key] = None
80
 
    return defaults
81
 
 
82
 
 
83
 
def get_project_quotas(context, project_id):
84
 
    rval = _get_default_quotas()
85
 
    quota = db.quota_get_all_by_project(context, project_id)
86
 
    for key in rval.keys():
87
 
        if key in quota:
88
 
            rval[key] = quota[key]
89
 
    return rval
90
 
 
91
 
 
92
 
def _get_request_allotment(requested, used, quota):
93
 
    if quota is None:
94
 
        return requested
95
 
    return quota - used
96
 
 
97
 
 
98
 
def allowed_instances(context, requested_instances, instance_type):
99
 
    """Check quota and return min(requested_instances, allowed_instances)."""
100
 
    project_id = context.project_id
101
 
    context = context.elevated()
102
 
    requested_cores = requested_instances * instance_type['vcpus']
103
 
    requested_ram = requested_instances * instance_type['memory_mb']
104
 
    usage = db.instance_data_get_for_project(context, project_id)
105
 
    used_instances, used_cores, used_ram = usage
106
 
    quota = get_project_quotas(context, project_id)
107
 
    allowed_instances = _get_request_allotment(requested_instances,
108
 
                                               used_instances,
109
 
                                               quota['instances'])
110
 
    allowed_cores = _get_request_allotment(requested_cores, used_cores,
111
 
                                           quota['cores'])
112
 
    allowed_ram = _get_request_allotment(requested_ram, used_ram, quota['ram'])
113
 
    if instance_type['vcpus']:
114
 
        allowed_instances = min(allowed_instances,
115
 
                                allowed_cores // instance_type['vcpus'])
116
 
    if instance_type['memory_mb']:
117
 
        allowed_instances = min(allowed_instances,
118
 
                                allowed_ram // instance_type['memory_mb'])
119
 
 
120
 
    return min(requested_instances, allowed_instances)
121
 
 
122
 
 
123
 
def allowed_volumes(context, requested_volumes, size):
124
 
    """Check quota and return min(requested_volumes, allowed_volumes)."""
125
 
    project_id = context.project_id
126
 
    context = context.elevated()
127
 
    size = int(size)
128
 
    requested_gigabytes = requested_volumes * size
129
 
    used_volumes, used_gigabytes = db.volume_data_get_for_project(context,
130
 
                                                                  project_id)
131
 
    quota = get_project_quotas(context, project_id)
132
 
    allowed_volumes = _get_request_allotment(requested_volumes, used_volumes,
133
 
                                             quota['volumes'])
134
 
    allowed_gigabytes = _get_request_allotment(requested_gigabytes,
135
 
                                               used_gigabytes,
136
 
                                               quota['gigabytes'])
137
 
    if size != 0:
138
 
        allowed_volumes = min(allowed_volumes,
139
 
                              int(allowed_gigabytes // size))
140
 
    return min(requested_volumes, allowed_volumes)
141
 
 
142
 
 
143
 
def allowed_floating_ips(context, requested_floating_ips):
144
 
    """Check quota and return min(requested, allowed) floating ips."""
145
 
    project_id = context.project_id
146
 
    context = context.elevated()
147
 
    used_floating_ips = db.floating_ip_count_by_project(context, project_id)
148
 
    quota = get_project_quotas(context, project_id)
149
 
    allowed_floating_ips = _get_request_allotment(requested_floating_ips,
150
 
                                                  used_floating_ips,
151
 
                                                  quota['floating_ips'])
152
 
    return min(requested_floating_ips, allowed_floating_ips)
153
 
 
154
 
 
155
 
def _calculate_simple_quota(context, resource, requested):
156
 
    """Check quota for resource; return min(requested, allowed)."""
157
 
    quota = get_project_quotas(context, context.project_id)
158
 
    allowed = _get_request_allotment(requested, 0, quota[resource])
159
 
    return min(requested, allowed)
160
 
 
161
 
 
162
 
def allowed_metadata_items(context, requested_metadata_items):
163
 
    """Return the number of metadata items allowed."""
164
 
    return _calculate_simple_quota(context, 'metadata_items',
165
 
                                   requested_metadata_items)
166
 
 
167
 
 
168
 
def allowed_injected_files(context, requested_injected_files):
169
 
    """Return the number of injected files allowed."""
170
 
    return _calculate_simple_quota(context, 'injected_files',
171
 
                                   requested_injected_files)
172
 
 
173
 
 
174
 
def allowed_injected_file_content_bytes(context, requested_bytes):
175
 
    """Return the number of bytes allowed per injected file content."""
176
 
    resource = 'injected_file_content_bytes'
177
 
    return _calculate_simple_quota(context, resource, requested_bytes)
178
 
 
179
 
 
180
 
def allowed_injected_file_path_bytes(context):
181
 
    """Return the number of bytes allowed in an injected file path."""
182
 
    return FLAGS.quota_max_injected_file_path_bytes