Support [metadata_rate_limiting] options

... which were added in the 2023.2 release[1].

[1] 5f4a41326d7b1da03e1929b4fd8bcdaf69da19ab

Change-Id: I791f7a76c3ca2dc6715b84ef289f56e437ac50a9

manifests/agents/dhcp/metadata_rate_limiting.pp

@@ -0,0 +1,62 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: neutron::agents:dhcp::metadata_rate_limiting
+#
+# Setups metadata ratelimit options for dhcp agent
+#
+# === Parameters
+#
+# [*rate_limit_enabled*]
+#  (Optional) Enable rate limiting on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*ip_versions*]
+#  (Optional) List of the metadata address IP versions for which rate limiting
+#  will be enabled.
+#  Defaults to $facts['os_service_default'].
+#
+# [*base_window_duration*]
+#  (Optional) Duration (seconds) of the base window on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*base_query_rate_limit*]
+#  (Optional) Max number of queries to accept during the base window.
+#  Defaults to $facts['os_service_default'].
+#
+# [*burst_window_duration*]
+#  (Optional) Duration (seconds) of the burst window on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*burst_query_rate_limit*]
+#  (Optional) Max number of queries to accept during the burst window.
+#  Defaults to $facts['os_service_default'].
+#
+class neutron::agents::dhcp::metadata_rate_limiting (
+  $rate_limit_enabled     = $facts['os_service_default'],
+  $ip_versions            = $facts['os_service_default'],
+  $base_window_duration   = $facts['os_service_default'],
+  $base_query_rate_limit  = $facts['os_service_default'],
+  $burst_window_duration  = $facts['os_service_default'],
+  $burst_query_rate_limit = $facts['os_service_default'],
+) {
+  include neutron::deps
+
+  neutron_dhcp_agent_config {
+    'metadata_rate_limiting/rate_limit_enabled':     value => $rate_limit_enabled;
+    'metadata_rate_limiting/ip_versions':            value => join(any2array($ip_versions), ',');
+    'metadata_rate_limiting/base_window_duration':   value => $base_window_duration;
+    'metadata_rate_limiting/base_query_rate_limit':  value => $base_query_rate_limit;
+    'metadata_rate_limiting/burst_window_duration':  value => $burst_window_duration;
+    'metadata_rate_limiting/burst_query_rate_limit': value => $burst_query_rate_limit;
+  }
+}

manifests/agents/l3/metadata_rate_limiting.pp

@@ -0,0 +1,62 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: neutron::agents:l3::metadata_rate_limiting
+#
+# Setups metadata ratelimit options for l3 agent
+#
+# === Parameters
+#
+# [*rate_limit_enabled*]
+#  (Optional) Enable rate limiting on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*ip_versions*]
+#  (Optional) List of the metadata address IP versions for which rate limiting
+#  will be enabled.
+#  Defaults to $facts['os_service_default'].
+#
+# [*base_window_duration*]
+#  (Optional) Duration (seconds) of the base window on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*base_query_rate_limit*]
+#  (Optional) Max number of queries to accept during the base window.
+#  Defaults to $facts['os_service_default'].
+#
+# [*burst_window_duration*]
+#  (Optional) Duration (seconds) of the burst window on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*burst_query_rate_limit*]
+#  (Optional) Max number of queries to accept during the burst window.
+#  Defaults to $facts['os_service_default'].
+#
+class neutron::agents::l3::metadata_rate_limiting (
+  $rate_limit_enabled     = $facts['os_service_default'],
+  $ip_versions            = $facts['os_service_default'],
+  $base_window_duration   = $facts['os_service_default'],
+  $base_query_rate_limit  = $facts['os_service_default'],
+  $burst_window_duration  = $facts['os_service_default'],
+  $burst_query_rate_limit = $facts['os_service_default'],
+) {
+  include neutron::deps
+
+  neutron_l3_agent_config {
+    'metadata_rate_limiting/rate_limit_enabled':     value => $rate_limit_enabled;
+    'metadata_rate_limiting/ip_versions':            value => join(any2array($ip_versions), ',');
+    'metadata_rate_limiting/base_window_duration':   value => $base_window_duration;
+    'metadata_rate_limiting/base_query_rate_limit':  value => $base_query_rate_limit;
+    'metadata_rate_limiting/burst_window_duration':  value => $burst_window_duration;
+    'metadata_rate_limiting/burst_query_rate_limit': value => $burst_query_rate_limit;
+  }
+}

manifests/agents/ovn_metadata/metadata_rate_limiting.pp

@@ -0,0 +1,62 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: neutron::agents:ovn_metadata::metadata_rate_limiting
+#
+# Setups metadata ratelimit options for ovn metadata agent
+#
+# === Parameters
+#
+# [*rate_limit_enabled*]
+#  (Optional) Enable rate limiting on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*ip_versions*]
+#  (Optional) List of the metadata address IP versions for which rate limiting
+#  will be enabled.
+#  Defaults to $facts['os_service_default'].
+#
+# [*base_window_duration*]
+#  (Optional) Duration (seconds) of the base window on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*base_query_rate_limit*]
+#  (Optional) Max number of queries to accept during the base window.
+#  Defaults to $facts['os_service_default'].
+#
+# [*burst_window_duration*]
+#  (Optional) Duration (seconds) of the burst window on the metadata API.
+#  Defaults to $facts['os_service_default'].
+#
+# [*burst_query_rate_limit*]
+#  (Optional) Max number of queries to accept during the burst window.
+#  Defaults to $facts['os_service_default'].
+#
+class neutron::agents::ovn_metadata::metadata_rate_limiting (
+  $rate_limit_enabled     = $facts['os_service_default'],
+  $ip_versions            = $facts['os_service_default'],
+  $base_window_duration   = $facts['os_service_default'],
+  $base_query_rate_limit  = $facts['os_service_default'],
+  $burst_window_duration  = $facts['os_service_default'],
+  $burst_query_rate_limit = $facts['os_service_default'],
+) {
+  include neutron::deps
+
+  ovn_metadata_agent_config {
+    'metadata_rate_limiting/rate_limit_enabled':     value => $rate_limit_enabled;
+    'metadata_rate_limiting/ip_versions':            value => join(any2array($ip_versions), ',');
+    'metadata_rate_limiting/base_window_duration':   value => $base_window_duration;
+    'metadata_rate_limiting/base_query_rate_limit':  value => $base_query_rate_limit;
+    'metadata_rate_limiting/burst_window_duration':  value => $burst_window_duration;
+    'metadata_rate_limiting/burst_query_rate_limit': value => $burst_query_rate_limit;
+  }
+}

releasenotes/notes/metadata_rate_limiting-cac7b863fc99acc0.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    The following three classes have been added, to support configuration of
+    ``[metadata_rate_limiting]`` options.
+
+    - ``neutron::agents::dhcp::metadata_rate_limiting``
+    - ``neutron::agents::l3::metadata_rate_limiting``
+    - ``neutron::agents::ovn_metadata::metadata_rate_limiting``

spec/classes/neutron_agents_dhcp_metadata_rate_limiting_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe 'neutron::agents::dhcp::metadata_rate_limiting' do
+  shared_examples 'neutron::agents::dhcp::metadata_rate_limiting' do
+    context 'with defaults' do
+      it 'configures the default values' do
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/ip_versions').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_window_duration').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_window_duration').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value('<SERVICE DEFAULT>');
+      end
+    end
+
+    context 'with parameters' do
+      let :params do
+        {
+          :rate_limit_enabled     => false,
+          :ip_versions            => [4],
+          :base_window_duration   => 10,
+          :base_query_rate_limit  => 11,
+          :burst_window_duration  => 12,
+          :burst_query_rate_limit => 13,
+        }
+      end
+      it 'configures the given values' do
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(false);
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/ip_versions').with_value(4);
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_window_duration').with_value(10);
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(11);
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_window_duration').with_value(12);
+        should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(13);
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'neutron::agents::dhcp::metadata_rate_limiting'
+    end
+  end
+end

spec/classes/neutron_agents_l3_metadata_rate_limiting_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe 'neutron::agents::l3::metadata_rate_limiting' do
+  shared_examples 'neutron::agents::l3::metadata_rate_limiting' do
+    context 'with defaults' do
+      it 'configures the default values' do
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/ip_versions').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/base_window_duration').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_window_duration').with_value('<SERVICE DEFAULT>');
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value('<SERVICE DEFAULT>');
+      end
+    end
+
+    context 'with parameters' do
+      let :params do
+        {
+          :rate_limit_enabled     => false,
+          :ip_versions            => [4],
+          :base_window_duration   => 10,
+          :base_query_rate_limit  => 11,
+          :burst_window_duration  => 12,
+          :burst_query_rate_limit => 13,
+        }
+      end
+      it 'configures the given values' do
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(false);
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/ip_versions').with_value(4);
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/base_window_duration').with_value(10);
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(11);
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_window_duration').with_value(12);
+        should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(13);
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'neutron::agents::l3::metadata_rate_limiting'
+    end
+  end
+end

spec/classes/neutron_agents_ovn_metadata_metadara_rate_limiting_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe 'neutron::agents::ovn_metadata::metadata_rate_limiting' do
+  shared_examples 'neutron::agents::ovn_metadata::metadata_rate_limiting' do
+    context 'with defaults' do
+      it 'configures the default values' do
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value('<SERVICE DEFAULT>');
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/ip_versions').with_value('<SERVICE DEFAULT>');
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_window_duration').with_value('<SERVICE DEFAULT>');
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value('<SERVICE DEFAULT>');
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_window_duration').with_value('<SERVICE DEFAULT>');
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value('<SERVICE DEFAULT>');
+      end
+    end
+
+    context 'with parameters' do
+      let :params do
+        {
+          :rate_limit_enabled     => false,
+          :ip_versions            => [4],
+          :base_window_duration   => 10,
+          :base_query_rate_limit  => 11,
+          :burst_window_duration  => 12,
+          :burst_query_rate_limit => 13,
+        }
+      end
+      it 'configures the given values' do
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(false);
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/ip_versions').with_value(4);
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_window_duration').with_value(10);
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(11);
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_window_duration').with_value(12);
+        should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(13);
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'neutron::agents::ovn_metadata::metadata_rate_limiting'
+    end
+  end
+end