Moved CORS middleware configuration into set_defaults

The default values needed for barbican's implementation of cors middleware have been moved from paste.ini into a common set_middleware_defaults method, invoked on load. Change-Id: I5722bfc31534936fd07a8dee4ca24afe81c06682 Closes-Bug: #1551836
2016-03-02 18:07:41 -06:00 · 2016-03-02 18:07:41 -06:00 · 034d09ec55
parent 330433db0a
commit 034d09ec55
3 changed files with 44 additions and 9 deletions
--- a/barbican/common/config.py
+++ b/barbican/common/config.py
@ -22,6 +22,7 @@ import os

 from oslo_config import cfg
 from oslo_log import log
+from oslo_middleware import cors
 from oslo_service import _options

 from barbican import i18n as u
@ -199,6 +200,10 @@ def new_config():
    conf.register_group(quota_opt_group)
    conf.register_opts(quota_opts, group=quota_opt_group)

+    # Update default values from libraries that carry their own oslo.config
+    # initialization and configuration.
+    set_middleware_defaults()
+
    return conf


@ -223,6 +228,39 @@ def setup_remote_pydev_debug():
                          CONF.pydev_debug_host, CONF.pydev_debug_port)
            raise

+
+def set_middleware_defaults():
+    """Update default configuration options for oslo.middleware."""
+    # CORS Defaults
+    # TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/
+    cfg.set_defaults(cors.CORS_OPTS,
+                     allow_headers=['X-Auth-Token',
+                                    'X-Openstack-Request-Id',
+                                    'X-Project-Id',
+                                    'X-Identity-Status',
+                                    'X-User-Id',
+                                    'X-Storage-Token',
+                                    'X-Domain-Id',
+                                    'X-User-Domain-Id',
+                                    'X-Project-Domain-Id',
+                                    'X-Roles'],
+                     expose_headers=['X-Auth-Token',
+                                     'X-Openstack-Request-Id',
+                                     'X-Project-Id',
+                                     'X-Identity-Status',
+                                     'X-User-Id',
+                                     'X-Storage-Token',
+                                     'X-Domain-Id',
+                                     'X-User-Domain-Id',
+                                     'X-Project-Domain-Id',
+                                     'X-Roles'],
+                     allow_methods=['GET',
+                                    'PUT',
+                                    'POST',
+                                    'DELETE',
+                                    'PATCH']
+                     )
+
 CONF = new_config()
 LOG = logging.getLogger(__name__)
 parse_args(CONF)
--- a/etc/barbican/barbican-api-paste.ini
+++ b/etc/barbican/barbican-api-paste.ini
@ -71,6 +71,3 @@ unwind = false
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = barbican
-latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
-latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
-latent_allow_methods = GET, PUT, POST, DELETE, PATCH
--- a/etc/barbican/barbican.conf
+++ b/etc/barbican/barbican.conf
@ -337,18 +337,18 @@ subca_cert_key_directory=/etc/barbican/snakeoil-cas

 # Indicate which headers are safe to expose to the API. Defaults to
 # HTTP Simple Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles

 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600

 # Indicate which methods can be used during the actual request. (list
 # value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH

 # Indicate which header field names may be used during the actual
 # request. (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles


 [cors.subdomain]
@ -367,15 +367,15 @@ subca_cert_key_directory=/etc/barbican/snakeoil-cas

 # Indicate which headers are safe to expose to the API. Defaults to
 # HTTP Simple Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles

 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600

 # Indicate which methods can be used during the actual request. (list
 # value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH

 # Indicate which header field names may be used during the actual
 # request. (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles