On Thu, 7 Mar 2019 09:08:46 -0600, Matt Riedemann <mriedemos@gmail.com>
wrote:
> Change [1] in Juno added the server_groups and server_group_members quotas.
>
> Server group quota is counted per project and user [2].
>
> Server group member quota is only counted per group and user [3].
>
> The question coming up in IRC today is why is the server group member
> count not also constrained by project? Or is project implied since the
> member count is within the scope of a group, which is itself per-project?
>
> Note that the original change that added these quotas said, "They can be
> defined per project or per user within a project".

When it says, "they can be defined per project or per user within a
project," that means the quota _limit_ can be defined per project or per
user. Which means, you can define a quota of 100 server group members
for anyone in project A, but could restrict user B in project A to only
10 server group members, if you wanted to. So, the quota limit is
definable per project or per project + user.

This is different than how the server group members are counted. As you
pointed out, server group members are counted only per user, not per
project. I don't know the reasoning behind it either. It might be like
you speculated, that since server groups are owned by a project, then
server group members have a project implied.

> Given none of the people that originally added this are around still
> maintaining it, nor was there a spec (we didn't have specs in Juno),
> we're left to guess as to the reasons.
>
> If we changed the server_group_members quota enforcement to count per
> group/project/user, would that break anything?

It would behave differently, but I'm not aware of anything that would
break. When we talked about moving nova to unified limits, I think the
plan was to change any existing per-user counts to count by project
instead (along with deprecating any per-user quota limit setting). I
think that server group members and key pairs are the only two that
count by user only, today.