Add ratelimiting options to nova::api

nova master now has proper support for ratelimitng via the api-paste.ini
This commit adds a configuration option based on
08d6932963

Change-Id: Ic29d4aa15fdf8b4613a1c3a641c60e6d8377f418

manifests/api.pp

@@ -20,6 +20,8 @@
 #     enable this if you have a sanitizing proxy. (boolean value)
 #     (Optional). Defaults to false.
 # * neutron_metadata_proxy_shared_secret
+# * ratelimit
+# * ratelimit_factory
 #
 class nova::api(
   $admin_password,
@@ -40,7 +42,10 @@ class nova::api(
   $use_forwarded_for = false,
   $workers           = $::processorcount,
   $sync_db           = true,
-  $neutron_metadata_proxy_shared_secret = undef
+  $neutron_metadata_proxy_shared_secret = undef,
+  $ratelimits        = undef,
+  $ratelimits_factory =
+    'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory'
 ) {
 
   include nova::params
@@ -133,6 +138,13 @@ class nova::api(
     }
   }
 
+  if ($ratelimits != undef) {
+    nova_paste_api_ini {
+      'filter:ratelimit/paste.filter_factory': value => $ratelimits_factory;
+      'filter:ratelimit/limits':               value => $ratelimits;
+    }
+  }
+
   # Added arg and if statement prevents this from being run
   # where db is not active i.e. the compute
   if $sync_db {

spec/classes/nova_api_spec.rb

@@ -95,25 +95,28 @@ describe 'nova::api' do
           :volume_api_class                     => 'nova.volume.cinder.API',
           :use_forwarded_for                    => false,
           :neutron_metadata_proxy_shared_secret => 'secrete',
+          :ratelimits                            => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)'
         }
       end
       it 'should use defined params for api-paste.ini' do
         should contain_nova_paste_api_ini(
-         'filter:authtoken/auth_host').with_value('10.0.0.1')
+          'filter:authtoken/auth_host').with_value('10.0.0.1')
         should contain_nova_paste_api_ini(
           'filter:authtoken/auth_port').with_value('1234')
         should contain_nova_paste_api_ini(
           'filter:authtoken/auth_protocol').with_value('https')
         should contain_nova_paste_api_ini(
-           'filter:authtoken/auth_admin_prefix').with_value('/keystone/admin')
+          'filter:authtoken/auth_admin_prefix').with_value('/keystone/admin')
         should contain_nova_paste_api_ini(
-           'filter:authtoken/auth_uri').with_value('https://10.0.0.1:9999/')
+          'filter:authtoken/auth_uri').with_value('https://10.0.0.1:9999/')
         should contain_nova_paste_api_ini(
           'filter:authtoken/admin_tenant_name').with_value('service2')
         should contain_nova_paste_api_ini(
           'filter:authtoken/admin_user').with_value('nova2')
         should contain_nova_paste_api_ini(
           'filter:authtoken/admin_password').with_value('passw0rd2').with_secret(true)
+        should contain_nova_paste_api_ini(
+          'filter:ratelimit/limits').with_value('(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)')
       end
       it { should contain_nova_config('DEFAULT/ec2_listen').with('value' => '192.168.56.210') }
       it { should contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210') }