租户(swift中称为项目),下面统一称为租户;
#### 1. 什么是租户配额
这是官方文档关于租户配额的说明和配置:
https://docs.openstack.org/swift/latest/middleware.html#module-swift.common.middleware.account_quotas
按照官方文档配置完成,设置租户配额请求一直是403Forbidden。查阅资料发现这是官方的一个bug,至今未进行修复;
从account_quotas.py源码中可以看出,如果是设置租户配额,直接返回403
if not container:
# account request, so we pay attention to the quotas
new_quota = request.headers.get(
'X-Account-Meta-Quota-Bytes')
remove_quota = request.headers.get(
'X-Remove-Account-Meta-Quota-Bytes')
else:
# container or object request; even if the quota headers are set
# in the request, they're meaningless
new_quota = remove_quota = None
if remove_quota:
new_quota = 0 # X-Remove dominates if both are present
if request.environ.get('reseller_request') is True:
if new_quota and not new_quota.isdigit():
return HTTPBadRequest()
return self.app
# deny quota set for non-reseller
if new_quota is not None:
return HTTPForbidden()
#### 2. 修改源码解决租户配额
注释掉之前的return HTTPForbidden(),添加新的实现逻辑。
if not container:
# account request, so we pay attention to the quotas
new_quota = request.headers.get(
'X-Account-Meta-Quota-Bytes')
remove_quota = request.headers.get(
'X-Remove-Account-Meta-Quota-Bytes')
else:
# container or object request; even if the quota headers are set
# in the request, they're meaningless
new_quota = remove_quota = None
if remove_quota:
new_quota = 0 # X-Remove dominates if both are present
if request.environ.get('reseller_request') is True:
if new_quota and not new_quota.isdigit():
return HTTPBadRequest()
return self.app
# deny quota set for non-reseller
if new_quota is not None:
#return HTTPForbidden()
#Add by kevin start
eccp_roles = request.environ.get('HTTP_X_ROLES', '')
if isinstance(eccp_roles, basestring):
if (set(eccp_roles.split(',')) & set({'reseller','reseller_admin','ResellerAdmin'})):
request.environ['reseller_request'] = True
#Add by kevin end
if request.environ.get('reseller_request') is True:
if new_quota and not new_quota.isdigit():
return HTTPBadRequest()
return self.app
#### 3. 测试
- 设置租户配额62914560(60M)
- 获取租户详情(已用58.6M,配额60M)
- 该租户下任意桶上传大小为3M的文件,返回413,上传超过配额
- 再次上传大小为100K文件,上传成功