OpenStack Identity (keystone)

Unified limits API doesn't expose model information

Bug #1765193 reported by Lance Bragstad on 2018-04-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	wangxiyuan	OpenStack Identity (keystone) rocky-3

Bug Description

One of the primary advantages of the unified limit concept in keystone was that keystone would expose the limit model via the API so that other services could reason about it during enforcement with oslo.limit.

This was documented in the Queens specification [0], but the implementation never included it. This wasn't a real big deal because the only enforcement model supported currently is flat. We should add this API before we mark the unified limit API as stable or before we add any more enforcement models to keystone.

[0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/limits-api.html#flat-hierarchy-enforcement

Tags:

Lance Bragstad (lbragstad) on 2018-04-18

Changed in keystone:
importance:	Undecided → Medium
status:	New → Confirmed
status:	Confirmed → Triaged
tags:	added: limits

Revision history for this message

wangxiyuan (wangxiyuan) wrote on 2018-04-19:

yeah, this API is mentioned in the spec:
https://review.openstack.org/#/c/540803/

I can start coding once it's merged.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-19: Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/562713

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2018-04-19:

No problem - I have a couple patches up for review that start the implementation [0].

[0] https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bug/1765193

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-19:

Related fix proposed to branch: master
Review: https://review.openstack.org/562714

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-19:

Related fix proposed to branch: master
Review: https://review.openstack.org/562715

Changed in keystone:
assignee:	nobody → Lance Bragstad (lbragstad)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-19: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/562716

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-05-01: Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/562713
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b8e8a8b55071f13be89d282c36e949b9f306e5e0
Submitter: Zuul
Branch: master

commit b8e8a8b55071f13be89d282c36e949b9f306e5e0
Author: Lance Bragstad <email address hidden>
Date: Thu Apr 19 15:13:47 2018 +0000

Add configuration option for enforcement models

    We eventually want deployers to be able to choose which enforcement
    model they want for their deployment. This commit adds a new
    configuration options that exposes the enforcement model via config.

This will dictate how project limits are validated.

Change-Id: Ied398b92fef09f3a446960b0757c68a21ba50ed6
Related-Bug: 1765193

OpenStack Infra (hudson-openstack) on 2018-06-08

Changed in keystone:
assignee:	Lance Bragstad (lbragstad) → wangxiyuan (wangxiyuan)

OpenStack Infra (hudson-openstack) on 2018-06-08

Changed in keystone:
assignee:	wangxiyuan (wangxiyuan) → Lance Bragstad (lbragstad)

OpenStack Infra (hudson-openstack) on 2018-06-19

Changed in keystone:
assignee:	Lance Bragstad (lbragstad) → wangxiyuan (wangxiyuan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-19:

Reviewed: https://review.openstack.org/562714
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0022adb6ae44a8d0a471d22dcd1bf2b95ee88490
Submitter: Zuul
Branch: master

commit 0022adb6ae44a8d0a471d22dcd1bf2b95ee88490
Author: Lance Bragstad <email address hidden>
Date: Thu Apr 19 15:17:04 2018 +0000

Add policy for limit model protection

    We plan to expose the enforcement model a deployment is using via
    the limit API. This commit prepares for that implementation by
    introducing the policy for it.

Change-Id: I03c9cec3646ee354ebcdd4ddc1168e00d611171b
Related-Bug: 1765193

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-10:

Reviewed: https://review.openstack.org/562715
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=fd4b7371338d9a7d5487254ada3303eef7796d62
Submitter: Zuul
Branch: master

commit fd4b7371338d9a7d5487254ada3303eef7796d62
Author: Lance Bragstad <email address hidden>
Date: Thu Apr 19 15:22:50 2018 +0000

Implement enforcement model logic in Manager

    This commit adds the necessary bits to return the enforcement model
    used by a deployment in the limit Manager. A subsequent patch will
    expose this functionality via the API.

    This commit also starts introdcuing the concept of enforcement
    models and puts the flat model into its own module. This will make
    more sense and be easier to maintain as we implement more models.

    Change-Id: I32227eb0023e6b6ce699909fabb60a63a07f0969
    Related-Bug: 1765193
    Related-Bug: 1768572

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-11: Fix merged to keystone (master)

#10

Reviewed: https://review.openstack.org/562716
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=5a52e5aab71cec3840a79616914af5ece8c0af49
Submitter: Zuul
Branch: master

commit 5a52e5aab71cec3840a79616914af5ece8c0af49
Author: Lance Bragstad <email address hidden>
Date: Thu Apr 19 15:33:56 2018 +0000

Expose endpoint to return enforcement model

    This commit wires up the last couple pieces of code to expose
    a deployment's enforcement model information via the API. This
    is going to be consumed by other services to make decisions about
    quota calculation.

Change-Id: I02431d58b50aab2a2da8ca5f90938472aad7a935
Closes-Bug: 1765193

Changed in keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-09: Fix included in openstack/keystone 14.0.0.0rc1

#11

This issue was fixed in the openstack/keystone 14.0.0.0rc1 release candidate.

Lance Bragstad (lbragstad) on 2019-01-28

Changed in keystone:
milestone:	none → rocky-3

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.