From 064d5d50c086e1e8f1bbe3092d33c858bc31e8f7 Mon Sep 17 00:00:00 2001
From: Honza Pokorny <honza@redhat.com>
Date: Thu, 19 Apr 2018 13:58:23 -0300
Subject: [PATCH] [tripleo-ui] Explicitly configure Nova CORS

Change-Id: I17d6f6b7710a398f207009f4115fcc9cd38952bf
---
 environments/undercloud.yaml    |  1 +
 puppet/services/tripleo-ui.yaml | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index 0d4a67aa6e..45bc7fa712 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -33,6 +33,7 @@ parameter_defaults:
   # we do not want the nova-compute instance running on the undercloud for
   # Ironic to be disabled in the case of multiple deployment failures.
   NovaAutoDisabling: '0'
+  NovaCorsAllowedOrigin: '*'
   NeutronDhcpAgentsPerNetwork: 2
   HeatConvergenceEngine: false
   HeatCorsAllowedOrigin: '*'
diff --git a/puppet/services/tripleo-ui.yaml b/puppet/services/tripleo-ui.yaml
index 091e1470be..c7736acc7b 100644
--- a/puppet/services/tripleo-ui.yaml
+++ b/puppet/services/tripleo-ui.yaml
@@ -39,6 +39,14 @@ parameters:
       tag: openstack.tripleo.ui
       # FIXME(mandre)
       path: /var/log/tripleo/ui.log
+  NovaCorsAllowedOrigin:
+    type: string
+    default: ''
+    description: Indicate whether this resource may be shared with the domain received in the request
+                 "origin" header.
+
+conditions:
+  cors_allowed_origin_unset: {equals : [{get_param: NovaCorsAllowedOrigin}, '']}
 
 resources:
 
@@ -64,6 +72,11 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [ApacheServiceBase, role_data, config_settings]
+          -
+            if:
+            - cors_allowed_origin_unset
+            - {}
+            - nova::cors::allowed_origin: {get_param: NovaCorsAllowedOrigin}
           - tripleo::ui::endpoint_proxy_zaqar: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri_no_suffix]}
             tripleo::ui::endpoint_proxy_keystone: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             tripleo::ui::endpoint_proxy_heat: {get_param: [EndpointMap, HeatInternal, uri_no_suffix]}
@@ -80,6 +93,10 @@ outputs:
             tripleo::ui::endpoint_config_mistral: {get_param: [EndpointMap, MistralUIConfig, uri]}
             tripleo::ui::endpoint_config_nova: {get_param: [EndpointMap, NovaUIConfig, uri]}
             tripleo::ui::endpoint_config_swift: {get_param: [EndpointMap, SwiftUIConfig, uri]}
+            nova::cors::max_age: 3600
+            nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
+            nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
+            nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
             tripleo::ui::bind_host:
               str_replace:
                 template: