From 6a53bf90d0c1ea547a1c920c45e0eeef7ddfba2e Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Sun, 22 Apr 2012 19:34:38 -0400
Subject: Implement key pair quotas.

Fixes LP Bug #987058.

Change-Id: Ibefcdc448cb60754d5358fd08d74f7d279c8b16e
---
 nova/api/ec2/cloud.py                          | 10 ++++++++++
 nova/api/openstack/compute/contrib/keypairs.py |  6 ++++++
 2 files changed, 16 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index 8c6a1fdc3..28ed0279f 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -73,6 +73,11 @@ def _gen_key(context, user_id, key_name):
         raise exception.KeyPairExists(key_name=key_name)
     except exception.NotFound:
         pass
+
+    if quota.allowed_key_pairs(context, 1) < 1:
+        msg = _("Quota exceeded, too many key pairs.")
+        raise exception.EC2APIError(msg)
+
     private_key, public_key, fingerprint = crypto.generate_key_pair()
     key = {}
     key['user_id'] = user_id
@@ -395,6 +400,11 @@ class CloudController(object):
             raise exception.KeyPairExists(key_name=key_name)
         except exception.NotFound:
             pass
+
+        if quota.allowed_key_pairs(context, 1) < 1:
+            msg = _("Quota exceeded, too many key pairs.")
+            raise exception.EC2APIError(msg)
+
         public_key = base64.b64decode(public_key_material)
         fingerprint = crypto.generate_fingerprint(public_key)
         key = {}
diff --git a/nova/api/openstack/compute/contrib/keypairs.py b/nova/api/openstack/compute/contrib/keypairs.py
index 7dbbf14f3..5a764978c 100644
--- a/nova/api/openstack/compute/contrib/keypairs.py
+++ b/nova/api/openstack/compute/contrib/keypairs.py
@@ -28,6 +28,7 @@ from nova.api.openstack import extensions
 from nova import crypto
 from nova import db
 from nova import exception
+from nova import quota
 
 
 authorize = extensions.extension_authorizer('compute', 'keypairs')
@@ -105,6 +106,11 @@ class KeypairController(object):
         keypair = {'user_id': context.user_id,
                    'name': name}
 
+        if quota.allowed_key_pairs(context, 1) < 1:
+            msg = _("Quota exceeded, too many key pairs.")
+            raise webob.exc.HTTPRequestEntityTooLarge(
+                      explanation=msg,
+                      headers={'Retry-After': 0})
         # import if public_key is sent
         if 'public_key' in params:
             try:
-- 
cgit