Add ability to configure cross-origin requests

The patch introduces a variable `glance_cors_allowed_origin` which allows a user to configure a specific origin that can do cross domain requests. Change-Id: I45f30d2ea7070e62d5d14ad87c872e98af1d7890
2018-06-29 12:54:49 -04:00 · 2018-06-29 12:54:49 -04:00 · 788273c6b5
commit 788273c6b5
parent 0d4ea81077
3 changed files with 14 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -172,6 +172,8 @@ glance_keystone_auth_plugin: password
 ## Glance config
 glance_image_cache_max_size: 10737418240

+# CORS options
+glance_cors_allowed_origin: "{{ (glance_show_multiple_locations | bool) | ternary(external_lb_vip_address, None) }}"
 # If ``glance_api_workers`` is unset the system will use half the number of available VCPUS to
 # compute the number of api workers to use.
 # glance_api_workers: 16
--- a/releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml
+++ b/releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - It is possible to configure Glance to allow cross origin requests by
+    specifying the allowed origin address using the ``glance_cors_allowed_origin``
+    variable. By default, this will be the load balancer address.
--- a/templates/glance-api.conf.j2
+++ b/templates/glance-api.conf.j2
@ -118,3 +118,10 @@ enabled = {{ glance_profiler_enabled }}
 [oslo_middleware]
 enable_proxy_headers_parsing = True
 {% endif %}
+
+{% if glance_cors_allowed_origin is not none %}
+[cors]
+allow_headers = origin,content-md5,x-image-meta-checksum,x-storage-token,accept-encoding,x-auth-token,x-identity-status,x-roles,x-service-catalog,x-user-id,x-tenant-id,x-openstack-request-id
+allow_methods = GET,POST,PUT,PATCH,DELETE
+allowed_origin = {{ glance_cors_allowed_origin }}
+{% endif %}