Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent assignment of org and space quotas (v2)
Browse files Browse the repository at this point in the history
Block assignment of org or space quotas via the v2 endpoint if the quota
has a finite log rate where the org or space contains processes that have
unlimited log rate limits.

Co-authored-by: Carson Long <[email protected]>
acrmp and ctlong committed Sep 7, 2022
1 parent 7ab0057 commit cd83d9f
Showing 4 changed files with 77 additions and 0 deletions.
12 changes: 12 additions & 0 deletions app/controllers/runtime/organizations_controller.rb
Original file line number Diff line number Diff line change
@@ -73,6 +73,18 @@ def before_update(org)
end
end

if request_attrs['quota_definition_guid']
quota = QuotaDefinition.first(guid: request_attrs['quota_definition_guid'])
if quota.log_rate_limit != QuotaDefinition::UNLIMITED
affected_processes = org.processes_dataset
unless affected_processes.where(log_rate_limit: ProcessModel::UNLIMITED_LOG_RATE).empty?
raise CloudController::Errors::ApiError.new_from_details(
'UnprocessableEntity',
'Current usage exceeds new quota values. This org currently contains apps running with an unlimited log rate limit.')
end
end
end

super(org)
end

17 changes: 17 additions & 0 deletions app/controllers/runtime/space_quota_definitions_controller.rb
Original file line number Diff line number Diff line change
@@ -25,6 +25,23 @@ def self.translate_validation_exception(e, attributes)
end
end

def before_update(quota)
if request_attrs['space'] && quota.log_rate_limit != QuotaDefinition::UNLIMITED
affected_processes = Space.dataset.
join(:apps, space_guid: :guid).
join(:processes, app_guid: :guid).
where(Sequel[:spaces][:guid] => request_attrs['space'])

unless affected_processes.where(log_rate_limit: ProcessModel::UNLIMITED_LOG_RATE).empty?
raise CloudController::Errors::ApiError.new_from_details(
'UnprocessableEntity',
'Current usage exceeds new quota values. This space currently contains apps running with an unlimited log rate limit.')
end
end

super(quota)
end

def delete(guid)
do_delete(find_guid_and_validate_access(:delete, guid))
end
24 changes: 24 additions & 0 deletions spec/request/v2/organizations_spec.rb
Original file line number Diff line number Diff line change
@@ -99,4 +99,28 @@
)
end
end

describe 'PUT /v2/organizations/:guid' do
context 'when the quota has a finite log rate limit and there are apps with unlimited log rates' do
let(:admin_header) { headers_for(user, scopes: %w(cloud_controller.admin)) }
let(:org_quota) { VCAP::CloudController::QuotaDefinition.make(log_rate_limit: 100) }

let(:params) do
{
quota_definition_guid: org_quota.guid
}
end

let!(:space) { VCAP::CloudController::Space.make(organization: org) }
let!(:app_model) { VCAP::CloudController::AppModel.make(name: 'name1', space: space) }
let!(:process_model) { VCAP::CloudController::ProcessModel.make(app: app_model, log_rate_limit: -1) }

it 'returns 422' do
put "/v2/organizations/#{org.guid}", params.to_json, admin_header
expect(last_response).to have_status_code(422)
expect(decoded_response['error_code']).to eq('CF-UnprocessableEntity')
expect(decoded_response['description']).to eq('Current usage exceeds new quota values. This org currently contains apps running with an unlimited log rate limit.')
end
end
end
end
24 changes: 24 additions & 0 deletions spec/request/v2/space_quota_definitions_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
require 'spec_helper'

RSpec.describe 'SpaceQuotaDefinitions' do
let(:user) { VCAP::CloudController::User.make }
let(:org) { VCAP::CloudController::Organization.make }

describe 'PUT /v2/space_quota_definitions/guid/spaces/space_guid' do
context 'when the quota has a finite log rate limit and there are apps with unlimited log rates' do
let(:admin_header) { headers_for(user, scopes: %w(cloud_controller.admin)) }
let(:space_quota) { VCAP::CloudController::SpaceQuotaDefinition.make(organization: org, log_rate_limit: 100) }

let!(:space) { VCAP::CloudController::Space.make(organization: org) }
let!(:app_model) { VCAP::CloudController::AppModel.make(name: 'name1', space: space) }
let!(:process_model) { VCAP::CloudController::ProcessModel.make(app: app_model, log_rate_limit: -1) }

it 'returns 422' do
put "/v2/space_quota_definitions/#{space_quota.guid}/spaces/#{space.guid}", nil, admin_header
expect(last_response).to have_status_code(422)
expect(decoded_response['error_code']).to eq('CF-UnprocessableEntity')
expect(decoded_response['description']).to eq('Current usage exceeds new quota values. This space currently contains apps running with an unlimited log rate limit.')
end
end
end
end

0 comments on commit cd83d9f

Please sign in to comment.