Added CORS middleware to Sahara

This adds the CORS support middleware to Sahara, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.

OpenStack Spec:
   http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
   http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
   http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html

Change-Id: I839e2adc0a13271cfb590a52a6626660cc17190e

doc/source/userdoc/advanced.configuration.guide.rst

@@ -445,3 +445,35 @@ template, use the ``URL of NTP server`` setting in the ``General Parameters``
 section when you create the template. If you would like to disable NTP for a
 particular cluster template, deselect the ``Enable NTP service`` checkbox in
 the ``General Parameters`` section when you create the template.
+
+CORS (Cross Origin Resource Sharing) Configuration
+--------------------------------------------------
+
+Sahara provides direct API access to user-agents (browsers) via the HTTP
+CORS protocol. Detailed documentation, as well as troubleshooting examples,
+may be found in the OpenStack `Cloud Admin Guide`_.
+
+To get started quickly, use the example configuration block below, replacing
+the :code:`allowed origin` field with the host(s) from which your API expects
+access.
+
+.. sourcecode:: cfg
+
+    [cors]
+    allowed_origin=https://we.example.com:443
+    max_age=3600
+    allow_credentials=true
+
+    [cors.additional_domain_1]
+    allowed_origin=https://additional_domain_1.example.com:443
+
+    [cors.additional_domain_2]
+    allowed_origin=https://additional_domain_2.example.com:443
+
+..
+
+For more information on Cross Origin Resource Sharing, please review the `W3C
+CORS specification`_.
+
+.. _Cloud Admin Guide: http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
+.. _W3C CORS specification: www.w3.org/TR/cors/

sahara/main.py

@@ -18,6 +18,7 @@ import os
 import flask
 from oslo_config import cfg
 from oslo_log import log
+import oslo_middleware.cors as cors_middleware
 from oslo_middleware import request_id
 from oslo_service import systemd
 import six
@@ -154,6 +155,15 @@ def make_app():
         LOG.debug('Logging of request/response exchange could be enabled using'
                   ' flag --log-exchange')
 
+    # Create a CORS wrapper, and attach sahara-specific defaults that must be
+    # included in all CORS responses.
+    app.wsgi_app = cors_middleware.CORS(app.wsgi_app, CONF)
+    app.wsgi_app.set_latent(
+        allow_headers=['X-Auth-Token', 'X-Server-Management-Url'],
+        allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
+        expose_headers=['X-Auth-Token', 'X-Server-Management-Url']
+    )
+
     if CONF.log_exchange:
         app.wsgi_app = log_exchange.LogExchange.factory(CONF)(app.wsgi_app)
 

tools/config/config-generator.sahara.conf

@@ -8,3 +8,4 @@ namespace = oslo.log
 namespace = oslo.policy
 namespace = oslo.service.periodic_task
 namespace = oslo.service.sslutils
+namespace = oslo.middleware.cors