mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-14 11:48:09 -05:00
e1fe3bbdc0
This is an implementation of a quota engine, and the API routes to manage its settings. This does *not* contain any enforcement code: this is just the bedrock, the engine itself. The goal of the engine is to be flexible and future proof: to be nimble enough to build on it further, without having to rewrite large parts of it. It might feel a little more complicated than necessary, because the goal was to be able to support scenarios only very few Forgejo instances need, scenarios the vast majority of mostly smaller instances simply do not care about. The goal is to support both big and small, and for that, we need a solid, flexible foundation. There are thee big parts to the engine: counting quota use, setting limits, and evaluating whether the usage is within the limits. Sounds simple on paper, less so in practice! Quota counting ============== Quota is counted based on repo ownership, whenever possible, because repo owners are in ultimate control over the resources they use: they can delete repos, attachments, everything, even if they don't *own* those themselves. They can clean up, and will always have the permission and access required to do so. Would we count quota based on the owning user, that could lead to situations where a user is unable to free up space, because they uploaded a big attachment to a repo that has been taken private since. It's both more fair, and much safer to count quota against repo owners. This means that if user A uploads an attachment to an issue opened against organization O, that will count towards the quota of organization O, rather than user A. One's quota usage stats can be queried using the `/user/quota` API endpoint. To figure out what's eating into it, the `/user/repos?order_by=size`, `/user/quota/attachments`, `/user/quota/artifacts`, and `/user/quota/packages` endpoints should be consulted. There's also `/user/quota/check?subject=<...>` to check whether the signed-in user is within a particular quota limit. Quotas are counted based on sizes stored in the database. Setting quota limits ==================== There are different "subjects" one can limit usage for. At this time, only size-based limits are implemented, which are: - `size:all`: As the name would imply, the total size of everything Forgejo tracks. - `size:repos:all`: The total size of all repositories (not including LFS). - `size:repos:public`: The total size of all public repositories (not including LFS). - `size:repos:private`: The total size of all private repositories (not including LFS). - `sizeall`: The total size of all git data (including all repositories, and LFS). - `sizelfs`: The size of all git LFS data (either in private or public repos). - `size:assets:all`: The size of all assets tracked by Forgejo. - `size:assets:attachments:all`: The size of all kinds of attachments tracked by Forgejo. - `size:assets:attachments:issues`: Size of all attachments attached to issues, including issue comments. - `size:assets:attachments:releases`: Size of all attachments attached to releases. This does *not* include automatically generated archives. - `size:assets:artifacts`: Size of all Action artifacts. - `size:assets:packages:all`: Size of all Packages. - `size:wiki`: Wiki size Wiki size is currently not tracked, and the engine will always deem it within quota. These subjects are built into Rules, which set a limit on *all* subjects within a rule. Thus, we can create a rule that says: "1Gb limit on all release assets, all packages, and git LFS, combined". For a rule to stand, the total sum of all subjects must be below the rule's limit. Rules are in turn collected into groups. A group is just a name, and a list of rules. For a group to stand, all of its rules must stand. Thus, if we have a group with two rules, one that sets a combined 1Gb limit on release assets, all packages, and git LFS, and another rule that sets a 256Mb limit on packages, if the user has 512Mb of packages, the group will not stand, because the second rule deems it over quota. Similarly, if the user has only 128Mb of packages, but 900Mb of release assets, the group will not stand, because the combined size of packages and release assets is over the 1Gb limit of the first rule. Groups themselves are collected into Group Lists. A group list stands when *any* of the groups within stand. This allows an administrator to set conservative defaults, but then place select users into additional groups that increase some aspect of their limits. To top it off, it is possible to set the default quota groups a user belongs to in `app.ini`. If there's no explicit assignment, the engine will use the default groups. This makes it possible to avoid having to assign each and every user a list of quota groups, and only those need to be explicitly assigned who need a different set of groups than the defaults. If a user has any quota groups assigned to them, the default list will not be considered for them. The management APIs =================== This commit contains the engine itself, its unit tests, and the quota management APIs. It does not contain any enforcement. The APIs are documented in-code, and in the swagger docs, and the integration tests can serve as an example on how to use them. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
304 lines
7.7 KiB
Go
304 lines
7.7 KiB
Go
// Copyright 2024 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package quota_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
quota_model "code.gitea.io/gitea/models/quota"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func makeFullyUsed() quota_model.Used {
|
|
return quota_model.Used{
|
|
Size: quota_model.UsedSize{
|
|
Repos: quota_model.UsedSizeRepos{
|
|
Public: 1024,
|
|
Private: 1024,
|
|
},
|
|
Git: quota_model.UsedSizeGit{
|
|
LFS: 1024,
|
|
},
|
|
Assets: quota_model.UsedSizeAssets{
|
|
Attachments: quota_model.UsedSizeAssetsAttachments{
|
|
Issues: 1024,
|
|
Releases: 1024,
|
|
},
|
|
Artifacts: 1024,
|
|
Packages: quota_model.UsedSizeAssetsPackages{
|
|
All: 1024,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func makePartiallyUsed() quota_model.Used {
|
|
return quota_model.Used{
|
|
Size: quota_model.UsedSize{
|
|
Repos: quota_model.UsedSizeRepos{
|
|
Public: 1024,
|
|
},
|
|
Assets: quota_model.UsedSizeAssets{
|
|
Attachments: quota_model.UsedSizeAssetsAttachments{
|
|
Releases: 1024,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func setUsed(used quota_model.Used, subject quota_model.LimitSubject, value int64) *quota_model.Used {
|
|
switch subject {
|
|
case quota_model.LimitSubjectSizeReposPublic:
|
|
used.Size.Repos.Public = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeReposPrivate:
|
|
used.Size.Repos.Private = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeGitLFS:
|
|
used.Size.Git.LFS = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeAssetsAttachmentsIssues:
|
|
used.Size.Assets.Attachments.Issues = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeAssetsAttachmentsReleases:
|
|
used.Size.Assets.Attachments.Releases = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeAssetsArtifacts:
|
|
used.Size.Assets.Artifacts = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeAssetsPackagesAll:
|
|
used.Size.Assets.Packages.All = value
|
|
return &used
|
|
case quota_model.LimitSubjectSizeWiki:
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func assertEvaluation(t *testing.T, rule quota_model.Rule, used quota_model.Used, subject quota_model.LimitSubject, expected bool) {
|
|
t.Helper()
|
|
|
|
t.Run(subject.String(), func(t *testing.T) {
|
|
ok, has := rule.Evaluate(used, subject)
|
|
assert.True(t, has)
|
|
assert.Equal(t, expected, ok)
|
|
})
|
|
}
|
|
|
|
func TestQuotaRuleNoEvaluation(t *testing.T) {
|
|
rule := quota_model.Rule{
|
|
Limit: 1024,
|
|
Subjects: quota_model.LimitSubjects{
|
|
quota_model.LimitSubjectSizeAssetsAttachmentsAll,
|
|
},
|
|
}
|
|
used := quota_model.Used{}
|
|
used.Size.Repos.Public = 4096
|
|
|
|
_, has := rule.Evaluate(used, quota_model.LimitSubjectSizeReposAll)
|
|
|
|
// We have a rule for "size:assets:attachments:all", and query for
|
|
// "size:repos:all". We don't cover that subject, so the evaluation returns
|
|
// with no rules found.
|
|
assert.False(t, has)
|
|
}
|
|
|
|
func TestQuotaRuleDirectEvaluation(t *testing.T) {
|
|
// This function is meant to test direct rule evaluation: cases where we set
|
|
// a rule for a subject, and we evaluate against the same subject.
|
|
|
|
runTest := func(t *testing.T, subject quota_model.LimitSubject, limit, used int64, expected bool) {
|
|
t.Helper()
|
|
|
|
rule := quota_model.Rule{
|
|
Limit: limit,
|
|
Subjects: quota_model.LimitSubjects{
|
|
subject,
|
|
},
|
|
}
|
|
usedObj := setUsed(quota_model.Used{}, subject, used)
|
|
if usedObj == nil {
|
|
return
|
|
}
|
|
|
|
assertEvaluation(t, rule, *usedObj, subject, expected)
|
|
}
|
|
|
|
t.Run("limit:0", func(t *testing.T) {
|
|
// With limit:0, nothing used is fine.
|
|
t.Run("used:0", func(t *testing.T) {
|
|
for subject := quota_model.LimitSubjectFirst; subject <= quota_model.LimitSubjectLast; subject++ {
|
|
runTest(t, subject, 0, 0, true)
|
|
}
|
|
})
|
|
// With limit:0, any usage will fail evaluation
|
|
t.Run("used:512", func(t *testing.T) {
|
|
for subject := quota_model.LimitSubjectFirst; subject <= quota_model.LimitSubjectLast; subject++ {
|
|
runTest(t, subject, 0, 512, false)
|
|
}
|
|
})
|
|
})
|
|
|
|
t.Run("limit:unlimited", func(t *testing.T) {
|
|
// With no limits, any usage will succeed evaluation
|
|
t.Run("used:512", func(t *testing.T) {
|
|
for subject := quota_model.LimitSubjectFirst; subject <= quota_model.LimitSubjectLast; subject++ {
|
|
runTest(t, subject, -1, 512, true)
|
|
}
|
|
})
|
|
})
|
|
|
|
t.Run("limit:1024", func(t *testing.T) {
|
|
// With a set limit, usage below the limit succeeds
|
|
t.Run("used:512", func(t *testing.T) {
|
|
for subject := quota_model.LimitSubjectFirst; subject <= quota_model.LimitSubjectLast; subject++ {
|
|
runTest(t, subject, 1024, 512, true)
|
|
}
|
|
})
|
|
|
|
// With a set limit, usage above the limit fails
|
|
t.Run("used:2048", func(t *testing.T) {
|
|
for subject := quota_model.LimitSubjectFirst; subject <= quota_model.LimitSubjectLast; subject++ {
|
|
runTest(t, subject, 1024, 2048, false)
|
|
}
|
|
})
|
|
})
|
|
}
|
|
|
|
func TestQuotaRuleCombined(t *testing.T) {
|
|
rule := quota_model.Rule{
|
|
Limit: 1024,
|
|
Subjects: quota_model.LimitSubjects{
|
|
quota_model.LimitSubjectSizeGitLFS,
|
|
quota_model.LimitSubjectSizeAssetsAttachmentsReleases,
|
|
quota_model.LimitSubjectSizeAssetsPackagesAll,
|
|
},
|
|
}
|
|
used := quota_model.Used{
|
|
Size: quota_model.UsedSize{
|
|
Repos: quota_model.UsedSizeRepos{
|
|
Public: 4096,
|
|
},
|
|
Git: quota_model.UsedSizeGit{
|
|
LFS: 256,
|
|
},
|
|
Assets: quota_model.UsedSizeAssets{
|
|
Attachments: quota_model.UsedSizeAssetsAttachments{
|
|
Issues: 2048,
|
|
Releases: 256,
|
|
},
|
|
Packages: quota_model.UsedSizeAssetsPackages{
|
|
All: 2560,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
expectationMap := map[quota_model.LimitSubject]bool{
|
|
quota_model.LimitSubjectSizeGitLFS: false,
|
|
quota_model.LimitSubjectSizeAssetsAttachmentsReleases: false,
|
|
quota_model.LimitSubjectSizeAssetsPackagesAll: false,
|
|
}
|
|
|
|
for subject := quota_model.LimitSubjectFirst; subject <= quota_model.LimitSubjectLast; subject++ {
|
|
t.Run(subject.String(), func(t *testing.T) {
|
|
evalOk, evalHas := rule.Evaluate(used, subject)
|
|
expected, expectedHas := expectationMap[subject]
|
|
|
|
assert.Equal(t, expectedHas, evalHas)
|
|
if expectedHas {
|
|
assert.Equal(t, expected, evalOk)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestQuotaRuleSizeAll(t *testing.T) {
|
|
runTests := func(t *testing.T, rule quota_model.Rule, expected bool) {
|
|
t.Helper()
|
|
|
|
subject := quota_model.LimitSubjectSizeAll
|
|
|
|
t.Run("used:0", func(t *testing.T) {
|
|
used := quota_model.Used{}
|
|
|
|
assertEvaluation(t, rule, used, subject, true)
|
|
})
|
|
|
|
t.Run("used:some-each", func(t *testing.T) {
|
|
used := makeFullyUsed()
|
|
|
|
assertEvaluation(t, rule, used, subject, expected)
|
|
})
|
|
|
|
t.Run("used:some", func(t *testing.T) {
|
|
used := makePartiallyUsed()
|
|
|
|
assertEvaluation(t, rule, used, subject, expected)
|
|
})
|
|
}
|
|
|
|
// With all limits set to 0, evaluation always fails if usage > 0
|
|
t.Run("rule:0", func(t *testing.T) {
|
|
rule := quota_model.Rule{
|
|
Limit: 0,
|
|
Subjects: quota_model.LimitSubjects{
|
|
quota_model.LimitSubjectSizeAll,
|
|
},
|
|
}
|
|
|
|
runTests(t, rule, false)
|
|
})
|
|
|
|
// With no limits, evaluation always succeeds
|
|
t.Run("rule:unlimited", func(t *testing.T) {
|
|
rule := quota_model.Rule{
|
|
Limit: -1,
|
|
Subjects: quota_model.LimitSubjects{
|
|
quota_model.LimitSubjectSizeAll,
|
|
},
|
|
}
|
|
|
|
runTests(t, rule, true)
|
|
})
|
|
|
|
// With a specific, very generous limit, evaluation succeeds if the limit isn't exhausted
|
|
t.Run("rule:generous", func(t *testing.T) {
|
|
rule := quota_model.Rule{
|
|
Limit: 102400,
|
|
Subjects: quota_model.LimitSubjects{
|
|
quota_model.LimitSubjectSizeAll,
|
|
},
|
|
}
|
|
|
|
runTests(t, rule, true)
|
|
|
|
t.Run("limit exhaustion", func(t *testing.T) {
|
|
used := quota_model.Used{
|
|
Size: quota_model.UsedSize{
|
|
Repos: quota_model.UsedSizeRepos{
|
|
Public: 204800,
|
|
},
|
|
},
|
|
}
|
|
|
|
assertEvaluation(t, rule, used, quota_model.LimitSubjectSizeAll, false)
|
|
})
|
|
})
|
|
|
|
// With a specific, small limit, evaluation fails
|
|
t.Run("rule:limited", func(t *testing.T) {
|
|
rule := quota_model.Rule{
|
|
Limit: 512,
|
|
Subjects: quota_model.LimitSubjects{
|
|
quota_model.LimitSubjectSizeAll,
|
|
},
|
|
}
|
|
|
|
runTests(t, rule, false)
|
|
})
|
|
}
|