From 771f5a205f08da1828bd4cb13fc9e1e0871a8041 Mon Sep 17 00:00:00 2001 From: Michael Krotscheck Date: Fri, 4 Mar 2016 06:34:15 -0800 Subject: [PATCH] Moved CORS middleware configuration into set_defaults The default values needed for designate's implementation of cors middleware have been moved from paste.ini into a common set_defaults method, invoked on load. Unlike similar patches on other services, this patch does not include config-generation hooks, as designate does not use it. Change-Id: I6661f67bbdc36e17bc297128b470007e4762b603 Closes-Bug: 1551836 --- designate/common/__init__.py | 0 designate/common/config.py | 38 ++++++++++++++++++++++ designate/utils.py | 2 ++ etc/designate/api-paste.ini | 3 -- etc/designate/designate.conf.sample | 49 +++++++++++++++++++++++++++++ 5 files changed, 89 insertions(+), 3 deletions(-) create mode 100644 designate/common/__init__.py create mode 100644 designate/common/config.py diff --git a/designate/common/__init__.py b/designate/common/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/designate/common/config.py b/designate/common/config.py new file mode 100644 index 00000000..d32b6cb7 --- /dev/null +++ b/designate/common/config.py @@ -0,0 +1,38 @@ +# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg +from oslo_middleware import cors + + +def set_defaults(): + """Override all default values from upstream packages""" + + # CORS Middleware Defaults + # TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/ + cfg.set_defaults(cors.CORS_OPTS, + allow_headers=['X-Auth-Token', + 'X-Auth-Sudo-Tenant-ID', + 'X-Auth-Sudo-Project-ID', + 'X-Auth-All-Projects', + 'X-Designate-Edit-Managed-Records'], + expose_headers=['X-OpenStack-Request-ID', + 'Host'], + allow_methods=['GET', + 'PUT', + 'POST', + 'DELETE', + 'PATCH', + 'HEAD'] + ) diff --git a/designate/utils.py b/designate/utils.py index fb7e1d8a..4db6fa28 100644 --- a/designate/utils.py +++ b/designate/utils.py @@ -29,6 +29,7 @@ from oslo_concurrency import processutils from oslo_log import log as logging from oslo_utils import timeutils +from designate.common import config from designate import exceptions from designate.i18n import _ from designate.i18n import _LI @@ -94,6 +95,7 @@ def read_config(prog, argv): config_files = find_config('%s.conf' % prog) cfg.CONF(argv[1:], project='designate', prog=prog, default_config_files=config_files) + config.set_defaults() register_plugin_opts() diff --git a/etc/designate/api-paste.ini b/etc/designate/api-paste.ini index 43063cb1..b899d46c 100644 --- a/etc/designate/api-paste.ini +++ b/etc/designate/api-paste.ini @@ -41,9 +41,6 @@ paste.app_factory = designate.api.admin:factory [filter:cors] paste.filter_factory = oslo_middleware.cors:filter_factory oslo_config_project = designate -latent_allow_headers = X-Auth-Token, X-Auth-Sudo-Tenant-ID, X-Auth-Sudo-Project-ID, X-Auth-All-Projects, X-Designate-Edit-Managed-Records -latent_expose_headers = X-OpenStack-Request-ID, Host -latent_allow_methods = GET, PUT, POST, DELETE, PATCH [filter:request_id] paste.filter_factory = oslo_middleware:RequestId.factory diff --git a/etc/designate/designate.conf.sample b/etc/designate/designate.conf.sample index 49477e3a..6dbd302f 100644 --- a/etc/designate/designate.conf.sample +++ b/etc/designate/designate.conf.sample @@ -162,6 +162,55 @@ debug = False #admin_password = designate #memcached_servers = localhost:11211 +#----------------------- +# CORS Middleware +#----------------------- +[cors] + +# Indicate whether this resource may be shared with the domain received in the +# requests "origin" header. (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple +# Headers. (list value) +#expose_headers = X-OpenStack-Request-ID,Host + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list value) +#allow_methods = GET,PUT,POST,DELETE,PATCH,HEAD + +# Indicate which header field names may be used during the actual request. +# (list value) +#allow_headers = X-Auth-Token,X-Auth-Sudo-Tenant-ID,X-Auth-Sudo-Project-ID,X-Auth-All-Projects,X-Designate-Edit-Managed-Records + +[cors.subdomain] + +# Indicate whether this resource may be shared with the domain received in the +# requests "origin" header. (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple +# Headers. (list value) +#expose_headers = X-OpenStack-Request-ID,Host + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list value) +#allow_methods = GET,PUT,POST,DELETE,PATCH,HEAD + +# Indicate which header field names may be used during the actual request. +# (list value) +#allow_headers = X-Auth-Token,X-Auth-Sudo-Tenant-ID,X-Auth-Sudo-Project-ID,X-Auth-All-Projects,X-Designate-Edit-Managed-Records + #----------------------- # Sink Service #-----------------------