Angular direct service access.

Angular based Horizon widgets and Horizon plugins will want to contact OpenStack API's directly to enable much more responsive UI and to place less load on the Horizon servers by proxying service calls through horizon proxies. Change-Id: I612c6bfefa8e157f7219938bb3e82896dde8fa09
2016-07-15 13:04:47 -07:00 · 2016-07-15 13:04:47 -07:00 · 31e5672905
commit 31e5672905
parent 8f4f2673f6
4 changed files with 34 additions and 1 deletions
--- a/doc/source/topics/settings.rst
+++ b/doc/source/topics/settings.rst
@ -567,6 +567,16 @@ This setting sets the maximum number of items displayed in a dropdown.
 Dropdowns that limit based on this value need to support a way to observe
 the entire list.

+``ENABLE_CLIENT_TOKEN``
+--------------------------
+
+.. versionadded:: 10.0.0(Newton)
+
+Default: ``True``
+
+This setting will Enable/Disable access to the Keystone Token to the
+browser.
+
 ``ENFORCE_PASSWORD_CHECK``
 --------------------------

--- a/openstack_dashboard/api/rest/keystone.py
+++ b/openstack_dashboard/api/rest/keystone.py
@ -14,6 +14,7 @@
 """API over the keystone service.
 """

+from django.conf import settings
 import django.http
 from django.views import generic

@ -562,7 +563,10 @@ class UserSession(generic.View):
    def get(self, request):
        """Get the current user session.
        """
-        return {k: getattr(request.user, k, None) for k in self.allowed_fields}
+        res = {k: getattr(request.user, k, None) for k in self.allowed_fields}
+        if getattr(settings, 'ENABLE_CLIENT_TOKEN', True):
+            res['token'] = request.user.token.id
+        return res


@urls.register
--- a/openstack_dashboard/test/api_tests/keystone_rest_tests.py
+++ b/openstack_dashboard/test/api_tests/keystone_rest_tests.py
@ -662,6 +662,7 @@ class KeystoneRestTestCase(test.TestCase):
        request.user = mock.Mock(
            services_region='some region',
            super_secret_thing='not here',
+            token=type('', (object,), {'id': 'token here'}),
            is_authenticated=lambda: True,
            spec=['services_region', 'super_secret_thing']
        )
@ -669,6 +670,7 @@ class KeystoneRestTestCase(test.TestCase):
        self.assertStatusCode(response, 200)
        content = jsonutils.loads(response.content)
        self.assertEqual(content['services_region'], 'some region')
+        self.assertEqual(content['token'], 'token here')
        self.assertNotIn('super_secret_thing', content)

    #
--- a/releasenotes/notes/angular-direct-1b156f152590ab93.yaml
+++ b/releasenotes/notes/angular-direct-1b156f152590ab93.yaml
@ -0,0 +1,17 @@
+---
+prelude: >
+    JavaScript can now access the Keystone Token.
+features:
+  - >
+    Horizon and Horizon Plugins can access the Keystone
+    Token from JavaScript so that they can make CORS
+    calls directly to other OpenStack Services. This
+    can enable much more responsive UI.
+security:
+  - >
+    Making Keystone Tokens available to JavaScript
+    slightly increases the risk of a Token being
+    captured. If you don't need this functionality, it
+    can be disabled by setting the following option
+    in your local_settings:
+    ENABLE_CLIENT_TOKEN = False