租戶(swift中稱為項目),下面統一稱為租戶;
#### 1. 什麼是租戶配額
這是官方文檔關于租戶配額的說明和配置:
https://docs.openstack.org/swift/latest/middleware.html#module-swift.common.middleware.account_quotas
按照官方文檔配置完成,設定租戶配額請求一直是403Forbidden。查閱資料發現這是官方的一個bug,至今未進行修複;
從account_quotas.py源碼中可以看出,如果是設定租戶配額,直接傳回403
if not container:
# account request, so we pay attention to the quotas
new_quota = request.headers.get(
'X-Account-Meta-Quota-Bytes')
remove_quota = request.headers.get(
'X-Remove-Account-Meta-Quota-Bytes')
else:
# container or object request; even if the quota headers are set
# in the request, they're meaningless
new_quota = remove_quota = None
if remove_quota:
new_quota = 0 # X-Remove dominates if both are present
if request.environ.get('reseller_request') is True:
if new_quota and not new_quota.isdigit():
return HTTPBadRequest()
return self.app
# deny quota set for non-reseller
if new_quota is not None:
return HTTPForbidden()
#### 2. 修改源碼解決租戶配額
注釋掉之前的return HTTPForbidden(),添加新的實作邏輯。
if not container:
# account request, so we pay attention to the quotas
new_quota = request.headers.get(
'X-Account-Meta-Quota-Bytes')
remove_quota = request.headers.get(
'X-Remove-Account-Meta-Quota-Bytes')
else:
# container or object request; even if the quota headers are set
# in the request, they're meaningless
new_quota = remove_quota = None
if remove_quota:
new_quota = 0 # X-Remove dominates if both are present
if request.environ.get('reseller_request') is True:
if new_quota and not new_quota.isdigit():
return HTTPBadRequest()
return self.app
# deny quota set for non-reseller
if new_quota is not None:
#return HTTPForbidden()
#Add by kevin start
eccp_roles = request.environ.get('HTTP_X_ROLES', '')
if isinstance(eccp_roles, basestring):
if (set(eccp_roles.split(',')) & set({'reseller','reseller_admin','ResellerAdmin'})):
request.environ['reseller_request'] = True
#Add by kevin end
if request.environ.get('reseller_request') is True:
if new_quota and not new_quota.isdigit():
return HTTPBadRequest()
return self.app
#### 3. 測試
- 設定租戶配額62914560(60M)
- 擷取租戶詳情(已用58.6M,配額60M)
- 該租戶下任意桶上傳大小為3M的檔案,傳回413,上傳超過配額
- 再次上傳大小為100K檔案,上傳成功