Moved CORS middleware configuration into oslo-config-generator

The default values needed for cue's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to the default initialization procedure. This ensures
that if a value remains unset in the configuration file, it will
fallback to using sane defaults. It also ensures that an operator
modifying the configuration will be presented with that same
set of defaults.

Change-Id: Ia179bbd7489ca128186990439a161903b7b4c28d
Closes-Bug: 1551836

cue/api/app.py

@@ -80,11 +80,6 @@ def setup_app(pecan_config=None, extra_hooks=None):
     # Create a CORS wrapper, and attach ironic-specific defaults that must be
     # included in all CORS responses.
     app = cors_middleware.CORS(app, cfg.CONF)
-    app.set_latent(
-        allow_headers=['X-Auth-Token', 'X-Server-Management-Url'],
-        allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
-        expose_headers=['X-Auth-Token', 'X-Server-Management-Url']
-    )
 
     return app
 

cue/cmd/manage.py

@@ -21,6 +21,7 @@ from oslo_config import cfg
 from oslo_log import log
 from stevedore import extension
 
+from cue.common import config
 from cue import version
 
 
@@ -111,6 +112,7 @@ def main(argv=None, conf_fixture=None):
         conf_fixture.register_cli_opt(category_opt)
 
     log.register_options(CONF)
+    config.set_defaults()
 
     CONF(argv[1:], project='cue',
          version=version.version_info.version_string())

cue/common/config.py

@@ -0,0 +1,34 @@
+# Copyright 2016 Hewlett Packard Enterprise Development Corporation, L.P.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+from oslo_config import cfg
+from oslo_middleware import cors
+
+
+def set_defaults():
+    """Set all oslo.config default overrides for cue."""
+    # CORS Defaults
+    # TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/
+    cfg.set_defaults(cors.CORS_OPTS,
+                     allow_headers=['X-Auth-Token',
+                                    'X-Server-Management-Url'],
+                     expose_headers=['X-Auth-Token',
+                                     'X-Server-Management-Url'],
+                     allow_methods=['GET',
+                                    'PUT',
+                                    'POST',
+                                    'DELETE',
+                                    'PATCH']
+                     )

cue/common/service.py

@@ -23,6 +23,8 @@ import sys
 from oslo_config import cfg
 from oslo_log import log
 
+from cue.common import config
+
 
 service_opts = [
     cfg.IntOpt('periodic_interval',
@@ -55,6 +57,7 @@ def prepare_service(argv=None):
         argv = sys.argv
     CONF(argv[1:], project='cue')
     log.setup(CONF, 'cue')
+    config.set_defaults()
 
 
 def list_opts():

etc/cue/cue.conf.sample

@@ -47,12 +47,12 @@
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of default INFO
-# level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
 #debug = false
 
-# If set to false, will disable INFO logging level, making WARNING the default.
-# (boolean value)
+# If set to false, the logging level will be set to WARNING instead of the
+# default INFO level. (boolean value)
 # This option is deprecated for removal.
 # Its value may be silently ignored in the future.
 #verbose = true
@@ -62,34 +62,29 @@
 # files, see the Python logging module documentation. Note that when logging
 # configuration files are used then all logging configuration is set in the
 # configuration file and other logging configuration options are ignored (for
-# example, log_format). (string value)
+# example, logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may use any
-# of the available logging.LogRecord attributes. This option is deprecated.
-# Please use logging_context_format_string and logging_default_format_string
-# instead. This option is ignored if log_config_append is set. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s . This
-# option is ignored if log_config_append is set. (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set, logging will
-# go to stdout. This option is ignored if log_config_append is set. (string
-# value)
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths. This option
+# (Optional) The base directory used for relative log_file  paths. This option
 # is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# (Optional) Uses logging handler designed to watch file system. When log file
-# is moved or removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log-file option is specified and
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
 # Linux platform is used. This option is ignored if log_config_append is set.
 # (boolean value)
 #watch_log_file = false
@@ -99,15 +94,6 @@
 # is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled,
-# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The
-# format without the APP-NAME is deprecated in Kilo, and will be removed in
-# Mitaka, along with this option. This option is ignored if log_config_append
-# is set. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#use_syslog_rfc_format = true
-
 # Syslog facility to receive log lines. This option is ignored if
 # log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
@@ -119,18 +105,24 @@
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string value)
+# Format string to use for log messages when context is undefined. (string
+# value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string value)
 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. This option is ignored if log_config_append is
-# set. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
@@ -166,10 +158,20 @@
 # The chosen port is displayed in the service's log file. (string value)
 #backdoor_port = <None>
 
+# Enable eventlet backdoor, using the provided path as a unix socket that can
+# receive connections. This option is mutually exclusive with 'backdoor_port'
+# in that only one should be provided. If both are provided then the existence
+# of this option overrides the usage of that option. (string value)
+#backdoor_socket = <None>
+
 # Enables or disables logging values of all registered options when starting a
 # service (at DEBUG level). (boolean value)
 #log_options = true
 
+# Specify a timeout after which a gracefully shutdown server will exit. Zero
+# value means endless wait. (integer value)
+#graceful_shutdown_timeout = 60
+
 
 [api]
 
@@ -208,7 +210,7 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (string value)
+# requests "origin" header. (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -216,17 +218,17 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token,X-Server-Management-Url
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
 # Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token,X-Server-Management-Url
 
 
 [cors.subdomain]
@@ -236,7 +238,7 @@
 #
 
 # Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. (string value)
+# requests "origin" header. (list value)
 #allowed_origin = <None>
 
 # Indicate that the actual request can include user credentials (boolean value)
@@ -244,17 +246,17 @@
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
-#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#expose_headers = X-Auth-Token,X-Server-Management-Url
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 
 # Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+#allow_methods = GET,PUT,POST,DELETE,PATCH
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
-#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+#allow_headers = X-Auth-Token,X-Server-Management-Url
 
 
 [cue_monitor]
@@ -332,7 +334,7 @@
 # If set, use this value for max_overflow with SQLAlchemy. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = <None>
+#max_overflow = 50
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
 # value)
@@ -430,12 +432,12 @@
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. Acceptable values are MAC or ENCRYPT.  If MAC,
-# token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data
-# is encrypted and authenticated in the cache. If the value is not one of these
-# options or empty, auth_token will raise an exception on initialization.
-# (string value)
-#memcache_security_strategy = <None>
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
 
 # (Optional, mandatory if memcache_security_strategy is defined) This string is
 # used for key derivation. (string value)
@@ -493,41 +495,12 @@
 # performance. (list value)
 #hash_algorithms = md5
 
-# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-# (string value)
-#auth_admin_prefix =
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
 
-# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-# (string value)
-#auth_host = 127.0.0.1
-
-# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-# (integer value)
-#auth_port = 35357
-
-# Protocol of the admin Identity API endpoint (http or https). Deprecated, use
-# identity_uri. (string value)
-#auth_protocol = https
-
-# Complete admin Identity API endpoint. This should specify the unversioned
-# root endpoint e.g. https://localhost:35357/ (string value)
-#identity_uri = <None>
-
-# This option is deprecated and may be removed in a future release. Single
-# shared secret with the Keystone configuration used for bootstrapping a
-# Keystone installation, or otherwise bypassing the normal authentication
-# process. This option should not be used, use `admin_user` and
-# `admin_password` instead. (string value)
-#admin_token = <None>
-
-# Service username. (string value)
-#admin_user = <None>
-
-# Service user password. (string value)
-#admin_password = <None>
-
-# Service tenant name. (string value)
-#admin_tenant_name = admin
+# Config Section from which to load plugin specific options (unknown value)
+#auth_section = <None>
 
 
 [oslo_policy]
@@ -571,6 +544,15 @@
 # Deprecated group/name - [DEFAULT]/ssl_key_file
 #key_file = <None>
 
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+#version = <None>
+
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
+#ciphers = <None>
+
 
 [taskflow]
 
@@ -608,3 +590,9 @@
 # Number of times to check a node for status before declaring it FAULTED
 # (integer value)
 #cluster_node_check_max_count = 30
+
+# Anti-affinity policy for cue cluster nodes (boolean value)
+#cluster_node_anti_affinity = false
+
+# Cleanup taskflow job details (boolean value)
+#cleanup_job_details = true

setup.cfg

@@ -46,6 +46,9 @@ oslo.config.opts =
     cue.monitor = cue.monitor:list_opts
     cue.taskflow = cue.taskflow:list_opts
 
+oslo.config.opts.defaults =
+    cue.api = cue.common.config:set_defaults
+
 [pbr]
 autodoc_index_modules = True