Prevent assignment of space quota (v2)

Block assignment of a space quota via the v2 endpoint if the quota has a finite log rate where the space contains processes that have unlimited log rate limits.
cloudfoundry · Sep 2, 2022 · 2523601 · 2523601
1 parent 6d1d0e2
commit 2523601
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/app/controllers/runtime/space_quota_definitions_controller.rb b/app/controllers/runtime/space_quota_definitions_controller.rb
@@ -25,6 +25,23 @@ def self.translate_validation_exception(e, attributes)
       end
     end
 
+    def before_update(quota)
+      if request_attrs['space'] && quota.log_rate_limit != QuotaDefinition::UNLIMITED
+        affected_processes = Space.dataset.
+                             join(:apps, space_guid: :guid).
+                             join(:processes, app_guid: :guid).
+                             where(Sequel[:spaces][:guid] => request_attrs['space'])
+
+        unless affected_processes.where(log_rate_limit: ProcessModel::UNLIMITED_LOG_RATE).empty?
+          raise CloudController::Errors::ApiError.new_from_details(
+            'UnprocessableEntity',
+            'Current usage exceeds new quota values. This space currently contains apps running with an unlimited log rate limit.')
+        end
+      end
+
+      super(quota)
+    end
+
     def delete(guid)
       do_delete(find_guid_and_validate_access(:delete, guid))
     end

diff --git a/spec/request/v2/space_quota_definitions_spec.rb b/spec/request/v2/space_quota_definitions_spec.rb
@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+RSpec.describe 'SpaceQuotaDefinitions' do
+  let(:user) { VCAP::CloudController::User.make }
+  let(:org) { VCAP::CloudController::Organization.make }
+
+  describe 'PUT /v2/space_quota_definitions/guid/spaces/space_guid' do
+    context 'when the quota has a finite log rate limit and there are apps with unlimited log rates' do
+      let(:admin_header) { headers_for(user, scopes: %w(cloud_controller.admin)) }
+      let(:space_quota) { VCAP::CloudController::SpaceQuotaDefinition.make(organization: org, log_rate_limit: 100) }
+
+      let!(:space) { VCAP::CloudController::Space.make(organization: org) }
+      let!(:app_model) { VCAP::CloudController::AppModel.make(name: 'name1', space: space) }
+      let!(:process_model) { VCAP::CloudController::ProcessModel.make(app: app_model, log_rate_limit: -1) }
+
+      it 'returns 422' do
+        put "/v2/space_quota_definitions/#{space_quota.guid}/spaces/#{space.guid}", nil, admin_header
+        expect(last_response).to have_status_code(422)
+        expect(decoded_response['error_code']).to eq('CF-UnprocessableEntity')
+        expect(decoded_response['description']).to eq('Current usage exceeds new quota values. This space currently contains apps running with an unlimited log rate limit.')
+      end
+    end
+  end
+end