diff options
author | Michael Johnson <johnsomor@gmail.com> | 2022-03-23 20:52:35 +0000 |
---|---|---|
committer | Michael Johnson <johnsomor@gmail.com> | 2022-05-31 22:36:52 +0000 |
commit | ea85d917a174f44269cf2d4b72ef57e14e785670 (patch) | |
tree | 03668a48e0868e64431cc99fe1d4101dd2be14e2 | |
parent | 2e55c3e24bfaf1b03241aa1a4a538d03c29d69ad (diff) | |
download | designate-ea85d917a174f44269cf2d4b72ef57e14e785670.tar.gz |
Fix set-quotas for non-project scoped tokens
Previously, if set-quotas was called with a non-project scoped token and the all-projects flag was not set, the quotas would be updated but the result returned
would always be the default quota values.
This patch changes the API to require the all-projects flag when set-quota is called and the token is not project scoped.
Closes-Bug: #1966128
Change-Id: I55ca76ef7c2cbeb5fdae1aed1dcbe58b7acddc34
(cherry picked from commit 158e017be489eea5402ef258ea260183067bf1ca)
-rw-r--r-- | designate/api/v2/controllers/quotas.py | 10 | ||||
-rw-r--r-- | releasenotes/notes/Require-all-projects-for-set-quotas-with-non-project-scoped-tokens-ffe3082db3dbb55b.yaml | 6 |
2 files changed, 16 insertions, 0 deletions
diff --git a/designate/api/v2/controllers/quotas.py b/designate/api/v2/controllers/quotas.py index c4a766f4..801a2d8a 100644 --- a/designate/api/v2/controllers/quotas.py +++ b/designate/api/v2/controllers/quotas.py @@ -19,6 +19,7 @@ from oslo_log import log as logging from designate.api.v2.controllers import rest from designate.common import keystone +from designate import exceptions from designate.objects.adapters import DesignateAdapter from designate.objects import QuotaList @@ -63,6 +64,15 @@ class QuotasController(rest.RestController): quotas = DesignateAdapter.parse('API_v2', body, QuotaList()) + # The get_quotas lookup will always return the default quotas + # if the context does not have a project_id (system scoped token) and + # the all_tenants boolean is false. Let's require all_tenants for + # contexts with no project ID. + if context.project_id is None and not context.all_tenants: + raise exceptions.MissingProjectID( + "The all-projects flag must be used when using non-project " + "scoped tokens.") + for quota in quotas: self.central_api.set_quota(context, tenant_id, quota.resource, quota.hard_limit) diff --git a/releasenotes/notes/Require-all-projects-for-set-quotas-with-non-project-scoped-tokens-ffe3082db3dbb55b.yaml b/releasenotes/notes/Require-all-projects-for-set-quotas-with-non-project-scoped-tokens-ffe3082db3dbb55b.yaml new file mode 100644 index 00000000..eaf17979 --- /dev/null +++ b/releasenotes/notes/Require-all-projects-for-set-quotas-with-non-project-scoped-tokens-ffe3082db3dbb55b.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixed an issue where set-quotas will always return the default quotas if + it was called with a non-project scoped token and the all-projects flag + was not set. |