Moved CORS middleware configuration into oslo-config-generator

Default values for CORS middleware have been moved from paste.ini
into oslo's config generator. All configuration options in use will
now live in one place.

Change-Id: I9d31c574de6af4c7598c90d7e128cd9fa7273672

etc/keystone-paste.ini

@@ -23,9 +23,6 @@ use = egg:keystone#json_body
 [filter:cors]
 use = egg:oslo.middleware#cors
 oslo_config_project = keystone
-latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Subject-Token, X-Project-Id, X-Project-Name, X-Project-Domain-Id, X-Project-Domain-Name, X-Domain-Id, X-Domain-Name
-latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Subject-Token
-latent_allow_methods = GET, PUT, POST, DELETE, PATCH
 
 [filter:ec2_extension]
 use = egg:keystone#ec2_extension

etc/keystone.conf.sample

@@ -470,17 +470,17 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
 # Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
 
 
 [cors.subdomain]
@@ -498,17 +498,17 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
 # Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
 
 
 [credential]

keystone/common/config.py

@@ -19,6 +19,7 @@ from oslo_cache import core as cache
 from oslo_config import cfg
 from oslo_log import log
 import oslo_messaging
+from oslo_middleware import cors
 import passlib.utils
 
 from keystone import exception
@@ -1218,3 +1219,28 @@ def list_opts():
     :returns: a list of (group_name, opts) tuples
     """
     return list(FILE_OPTIONS.items())
+
+
+def set_middleware_defaults():
+    """Update default configuration options for oslo.middleware."""
+    # CORS Defaults
+    # TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/
+    cfg.set_defaults(cors.CORS_OPTS,
+                     allow_headers=['X-Auth-Token',
+                                    'X-Openstack-Request-Id',
+                                    'X-Subject-Token',
+                                    'X-Project-Id',
+                                    'X-Project-Name',
+                                    'X-Project-Domain-Id',
+                                    'X-Project-Domain-Name',
+                                    'X-Domain-Id',
+                                    'X-Domain-Name'],
+                     expose_headers=['X-Auth-Token',
+                                     'X-Openstack-Request-Id',
+                                     'X-Subject-Token'],
+                     allow_methods=['GET',
+                                    'PUT',
+                                    'POST',
+                                    'DELETE',
+                                    'PATCH']
+                     )

keystone/server/common.py

@@ -31,6 +31,7 @@ def configure(version=None, config_files=None,
     config.configure()
     sql.initialize()
     config.set_default_for_default_log_levels()
+    config.set_middleware_defaults()
 
     CONF(project='keystone', version=version,
          default_config_files=config_files)

setup.cfg

@@ -172,6 +172,9 @@ oslo.config.opts =
     keystone = keystone.common.config:list_opts
     keystone.notifications = keystone.notifications:list_opts
 
+oslo.config.opts.defaults =
+    oslo.middleware = keystone.common.config:set_middleware_defaults
+
 paste.filter_factory =
     admin_token_auth = keystone.middleware:AdminTokenAuthMiddleware.factory
     build_auth_context = keystone.middleware:AuthContextMiddleware.factory