diff options
author | Michael Johnson <johnsomor@gmail.com> | 2022-03-23 20:52:35 +0000 |
---|---|---|
committer | Michael Johnson <johnsomor@gmail.com> | 2022-03-23 21:06:46 +0000 |
commit | 158e017be489eea5402ef258ea260183067bf1ca (patch) | |
tree | 8b83647b136daa0ad4f37345c49b1706a42bebfc /designate/api | |
parent | c998ff690058ea7319e6bc92b3f841a77dee8d6e (diff) | |
download | designate-158e017be489eea5402ef258ea260183067bf1ca.tar.gz |
Fix set-quotas for non-project scoped tokens
Previously, if set-quotas was called with a non-project scoped token and the all-projects flag was not set, the quotas would be updated but the result returned
would always be the default quota values.
This patch changes the API to require the all-projects flag when set-quota is called and the token is not project scoped.
Closes-Bug: #1966128
Change-Id: I55ca76ef7c2cbeb5fdae1aed1dcbe58b7acddc34
Diffstat (limited to 'designate/api')
-rw-r--r-- | designate/api/v2/controllers/quotas.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/designate/api/v2/controllers/quotas.py b/designate/api/v2/controllers/quotas.py index 7d0a74de..9fbc6d3a 100644 --- a/designate/api/v2/controllers/quotas.py +++ b/designate/api/v2/controllers/quotas.py @@ -19,6 +19,7 @@ import pecan from designate.api.v2.controllers import rest from designate.common import keystone +from designate import exceptions from designate.objects.adapters import DesignateAdapter from designate.objects import QuotaList @@ -63,6 +64,15 @@ class QuotasController(rest.RestController): quotas = DesignateAdapter.parse('API_v2', body, QuotaList()) + # The get_quotas lookup will always return the default quotas + # if the context does not have a project_id (system scoped token) and + # the all_tenants boolean is false. Let's require all_tenants for + # contexts with no project ID. + if context.project_id is None and not context.all_tenants: + raise exceptions.MissingProjectID( + "The all-projects flag must be used when using non-project " + "scoped tokens.") + for quota in quotas: self.central_api.set_quota(context, tenant_id, quota.resource, quota.hard_limit) |