Moved CORS middleware configuration into set_defaults

The default values needed for designate's implementation of cors middleware have been moved from paste.ini into a common set_defaults method, invoked on load. Unlike similar patches on other services, this patch does not include config-generation hooks, as designate does not use it. Change-Id: I6661f67bbdc36e17bc297128b470007e4762b603 Closes-Bug: 1551836
2016-03-04 06:34:15 -08:00 · 2016-03-04 06:34:15 -08:00 · 771f5a205f
parent 3e95c7c723
commit 771f5a205f
5 changed files with 89 additions and 3 deletions
--- a/designate/common/init.py
+++ b/designate/common/init.py
--- a/designate/common/config.py
+++ b/designate/common/config.py
@ -0,0 +1,38 @@
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_config import cfg
+from oslo_middleware import cors
+
+
+def set_defaults():
+    """Override all default values from upstream packages"""
+
+    # CORS Middleware Defaults
+    # TODO(krotscheck): Update with https://review.openstack.org/#/c/285368/
+    cfg.set_defaults(cors.CORS_OPTS,
+                     allow_headers=['X-Auth-Token',
+                                    'X-Auth-Sudo-Tenant-ID',
+                                    'X-Auth-Sudo-Project-ID',
+                                    'X-Auth-All-Projects',
+                                    'X-Designate-Edit-Managed-Records'],
+                     expose_headers=['X-OpenStack-Request-ID',
+                                     'Host'],
+                     allow_methods=['GET',
+                                    'PUT',
+                                    'POST',
+                                    'DELETE',
+                                    'PATCH',
+                                    'HEAD']
+                     )
--- a/designate/utils.py
+++ b/designate/utils.py
@ -29,6 +29,7 @@ from oslo_concurrency import processutils
 from oslo_log import log as logging
 from oslo_utils import timeutils

+from designate.common import config
 from designate import exceptions
 from designate.i18n import _
 from designate.i18n import _LI
@ -94,6 +95,7 @@ def read_config(prog, argv):
    config_files = find_config('%s.conf' % prog)
    cfg.CONF(argv[1:], project='designate', prog=prog,
             default_config_files=config_files)
+    config.set_defaults()

    register_plugin_opts()

--- a/etc/designate/api-paste.ini
+++ b/etc/designate/api-paste.ini
@ -41,9 +41,6 @@ paste.app_factory = designate.api.admin:factory
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = designate
-latent_allow_headers = X-Auth-Token, X-Auth-Sudo-Tenant-ID, X-Auth-Sudo-Project-ID, X-Auth-All-Projects, X-Designate-Edit-Managed-Records
-latent_expose_headers = X-OpenStack-Request-ID, Host
-latent_allow_methods = GET, PUT, POST, DELETE, PATCH

 [filter:request_id]
 paste.filter_factory = oslo_middleware:RequestId.factory
--- a/etc/designate/designate.conf.sample
+++ b/etc/designate/designate.conf.sample
@ -162,6 +162,55 @@ debug = False
 #admin_password = designate
 #memcached_servers = localhost:11211

+#-----------------------
+# CORS Middleware
+#-----------------------
+[cors]
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-OpenStack-Request-ID,Host
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH,HEAD
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Auth-Sudo-Tenant-ID,X-Auth-Sudo-Project-ID,X-Auth-All-Projects,X-Designate-Edit-Managed-Records
+
+[cors.subdomain]
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-OpenStack-Request-ID,Host
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH,HEAD
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Auth-Sudo-Tenant-ID,X-Auth-Sudo-Project-ID,X-Auth-All-Projects,X-Designate-Edit-Managed-Records
+
 #-----------------------
 # Sink Service
 #-----------------------