Modernize CORS config and setup

In the early days of placement, the CORS middleware's config options were registered out of band with other options, probably due to efforts to use non-global config and avoid conflicts with nova's use of the same settings. Now that placement always uses non-global config, we can change setup back to something more normal. At the same time a gap in header-visibility defaults is corrected. The updated test confirms header visibility. When the 'allow_headers' configuration setting in fixtures/gabbits.py is removed, it fails. Change-Id: I8481b3016de19e1617810cb3d3efa092560dfbb7
2019-05-29 10:12:17 +01:00 · 2019-05-29 10:12:17 +01:00 · fc35e3112e
commit fc35e3112e
parent c81f62d501
5 changed files with 17 additions and 16 deletions
--- a/placement/conf/init.py
+++ b/placement/conf/init.py
@ -15,6 +15,7 @@
 from __future__ import absolute_import

 from oslo_log import log as logging
+from oslo_middleware import cors

 from placement.conf import api
 from placement.conf import base
@ -33,3 +34,6 @@ def register_opts(conf):
    paths.register_opts(conf)
    placement.register_opts(conf)
    logging.register_options(conf)
+    # The CORS middleware does not present a register_opts method, instead
+    # it shares a list of available opts.
+    conf.register_opts(cors.CORS_OPTS, 'cors')
--- a/placement/deploy.py
+++ b/placement/deploy.py
@ -13,7 +13,6 @@

 from microversion_parse import middleware as mp_middleware
 import oslo_middleware
-from oslo_middleware import cors

 from placement import auth
 from placement.db.sqlalchemy import migration
@ -40,10 +39,8 @@ def deploy(conf):
        auth_middleware = auth.filter_factory(
            {}, oslo_config_config=conf)

-    # Pass in our CORS config, if any, manually as that's a)
-    # explicit, b) makes testing more straightfoward, c) let's
-    # us control the use of cors by the presence of its config.
-    conf.register_opts(cors.CORS_OPTS, 'cors')
+    # Conditionally add CORS middleware based on setting 'allowed_origin'
+    # in config.
    if conf.cors.allowed_origin:
        cors_middleware = oslo_middleware.CORS.factory(
            {}, **conf.cors)
--- a/placement/tests/functional/fixtures/gabbits.py
+++ b/placement/tests/functional/fixtures/gabbits.py
@ -18,7 +18,6 @@ import os_resource_classes as orc
 from oslo_config import cfg
 from oslo_config import fixture as config_fixture
 from oslo_log.fixture import logging_error
-from oslo_middleware import cors
 from oslo_policy import opts as policy_opts
 from oslo_utils.fixture import uuidsentinel as uuids
 from oslo_utils import uuidutils
@ -80,11 +79,6 @@ class APIFixture(fixture.GabbiFixture):

        self.context = context.RequestContext()

-        # Register CORS opts, but do not set config. This has the
-        # effect of exercising the "don't use cors" path in
-        # deploy.py. Without setting some config the group will not
-        # be present.
-        self.conf_fixture.register_opts(cors.CORS_OPTS, 'cors')
        # Set default policy opts, otherwise the deploy module can
        # NoSuchOptError.
        policy_opts.set_defaults(self.conf_fixture.conf)
@ -394,12 +388,13 @@ class CORSFixture(APIFixture):

    def start_fixture(self):
        super(CORSFixture, self).start_fixture()
-        # NOTE(cdent): If we remove this override, then the cors
-        # group ends up not existing in the conf, so when deploy.py
-        # wants to load the CORS middleware, it will not.
+        # Turn on the CORS middleware by setting 'allowed_origin'.
        self.conf_fixture.config(
            group='cors',
            allowed_origin='http://valid.example.com')
+        self.conf_fixture.config(
+            group='cors',
+            allow_headers=['openstack-api-version'])


 class GranularFixture(APIFixture):
--- a/placement/tests/functional/gabbits/cors.yaml
+++ b/placement/tests/functional/gabbits/cors.yaml
@ -15,9 +15,12 @@ tests:
  request_headers:
      origin: http://valid.example.com
      access-control-request-method: GET
+      access-control-request-headers: openstack-api-version
  status: 200
  response_headers:
      access-control-allow-origin: http://valid.example.com
+      # Confirm allow-headers configuration.
+      access-control-allow-headers: openstack-api-version

 - name: invalid options request
  OPTIONS: /
--- a/placement/wsgi.py
+++ b/placement/wsgi.py
@ -95,11 +95,13 @@ def _set_middleware_defaults():
                       'X-Roles',
                       'X-Service-Catalog',
                       'X-User-Id',
-                       'X-Tenant-Id'],
+                       'X-Tenant-Id',
+                       'OpenStack-API-Version'],
        expose_headers=['X-Auth-Token',
                        'X-Openstack-Request-Id',
                        'X-Subject-Token',
-                        'X-Service-Token'],
+                        'X-Service-Token',
+                        'OpenStack-API-Version'],
        allow_methods=['GET',
                       'PUT',
                       'POST',