From 266d7b41c57e8a39b2d8ac72a5fd817c295a7106 Mon Sep 17 00:00:00 2001 From: Oleh Hryhorov Date: Wed, 21 Aug 2019 12:31:15 +0300 Subject: [PATCH] Set glance.conf.cors.allowed_origin variable The patch sets allowed_origin in cors section to have ability to operate along with CSRF operations and direct upload in horizon dashboard. Change-Id: Icdd9aa97d24c5bf3cc42d3cd1dfd5b2f7adbefc9 --- glance/templates/configmap-etc.yaml | 18 ++++++++++++++++++ glance/values.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index c2729c7d59..b145afc499 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -156,6 +156,24 @@ limitations under the License. {{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} {{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} {{- end -}} + +{{- if empty .Values.conf.glance.cors.allowed_origin -}} +{{- $endpointScheme := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }} +{{- $endpointHost := tuple "dashboard" "public" . | include "helm-toolkit.endpoints.endpoint_host_lookup" }} +{{- $endpointPort := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + # Common browsers don't add default ports like 80 and 443 to the headers + # and URLs therefore CORS should allow to use URLs both with 80,443 and + # without it in the URL. + {{- if eq $endpointPort "80" "443" }} + {{- $_ := set $envAll.Values.conf.glance.cors "allowed_origin" ( list ) }} + {{- $__allowed_origin := append $envAll.Values.conf.glance.cors.allowed_origin (printf "%s://%s" $endpointScheme $endpointHost) }} + {{- $_ := set $envAll.Values.conf.glance.cors "allowed_origin" $__allowed_origin }} + {{- $__allowed_origin := append $envAll.Values.conf.glance.cors.allowed_origin (printf "%s://%s:%s" $endpointScheme $endpointHost $endpointPort) }} + {{- $_ := set $envAll.Values.conf.glance.cors "allowed_origin" $__allowed_origin }} + {{- else }} + {{- printf "%s://%s:%s" $endpointScheme $endpointHost $endpointPort | set .Values.conf.glance.cors "allowed_origin" }} + {{- end }} +{{- end -}} --- apiVersion: v1 kind: Secret diff --git a/glance/values.yaml b/glance/values.yaml index b1448bb0b6..17bdf4dfe2 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -302,6 +302,7 @@ conf: driver: messagingv2 oslo_messaging_rabbit: rabbit_ha_queues: true + cors: {} logging: loggers: keys: @@ -811,6 +812,29 @@ endpoints: namespace: kube-system kube_public: namespace: kube-public + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public + # endpoints using the following format: + # public: + # host: null + # tls: + # crt: null + # key: null + path: + default: null + scheme: + default: http + public: https + port: + web: + default: 80 + public: 443 pod: security_context: