Add support to set cors config in gnocchi templates

Depends-On: I4f750863ba1bde478efff026f9bc64bac13030ec Change-Id: Ibedf37e70746486a16366a87888a8963c7fb9cc7
2018-06-18 13:41:15 -04:00 · 2018-06-18 13:41:15 -04:00 · b021c4efdf
parent ba0f683d7c
commit b021c4efdf
1 changed files with 18 additions and 0 deletions
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@ -66,6 +66,14 @@ parameters:
      e.g. { gnocchi-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
    default: {}
    type: json
+  GnocchiCorsAllowedOrigin:
+    type: string
+    default: ''
+    description: Indicate whether this resource may be shared with the domain received in the request
+                 "origin" header.
+
+conditions:
+  cors_allowed_origin_unset: {equals : [{get_param: GnocchiCorsAllowedOrigin}, '']}

 resources:

@ -100,6 +108,12 @@ outputs:
        map_merge:
          - get_attr: [ApacheServiceBase, role_data, config_settings]
          - get_attr: [GnocchiServiceBase, role_data, config_settings]
+          -
+            if:
+            - cors_allowed_origin_unset
+            - {}
+            - gnocchi::cors::allowed_origin: {get_param: GnocchiCorsAllowedOrigin}
+              gnocchi::api::middlewares: 'oslo_middleware.cors.CORS'
          - tripleo.gnocchi_api.firewall_rules:
              '129 gnocchi-api':
                dport:
@ -109,6 +123,10 @@ outputs:
            gnocchi::api::enable_proxy_headers_parsing: true
            gnocchi::api::service_name: 'httpd'
            gnocchi::policy::policies: {get_param: GnocchiApiPolicies}
+            gnocchi::cors::max_age: 3600
+            gnocchi::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
+            gnocchi::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
+            gnocchi::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
            gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
            gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}