CORS configuration support

Since CORS support has landed in Ironic, we should enable a bifrost user to be able to turn CORS on. Note: Presently the ironic-webclient sends an x-client header which causes the oslo middlewear portion that supplies CORS to reject the request. A change is pending to remove that from the webclient, however if a user wishes to perform testing with the webclient, x-client will need to be added to the list of allowed headers. Depends-On: I23e902c8637e142fba23d71467225d48ee265253 Change-Id: I487a57c54995e0572072aa54193e985ea257ed70
2015-09-15 09:23:58 -04:00 · 2015-09-15 09:23:58 -04:00 · 0bcdeaf0e7
commit 0bcdeaf0e7
parent 226ebe9642
3 changed files with 42 additions and 0 deletions
--- a/playbooks/roles/bifrost-ironic-install/README.md
+++ b/playbooks/roles/bifrost-ironic-install/README.md
@ -100,6 +100,24 @@ need to exist. The recommended approach for adding a new variable is:
 - If a given default applies to multiple versions of a distribution, that
  variable needs to be specified for each version which it affects.

+If you wish to enable Cross-Orogin Resource Sharing (CORS), such as to
+connect a javascript based web client, options have been added to allow
+a user to enable the integrated support.
+
+By default, this support is disabled, but the configuration options are below:
+
+enable_cors: Boolean value, default false, to enable CORS support.
+
+cors_allowed_origin: A URL string that represents the origin sent by the
+                     client web browser. If CORS is enabled, and this is
+                     not set, it will default to http://localhost:8000/.
+
+enable_cors_credential_support: Boolean value, default false.  This variable
+                                toggles the CORS configuration to expect user
+                                authentication.  Since bifrost makes use of
+                                noauth mode, this realistically should not
+                                be modified.
+
 Dependencies
 ------------

--- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml
+++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml
@ -54,3 +54,13 @@ network_interface: "virbr0"
 # as default route the same IP of the dnsmasq server.
 # Default: undefined
 # dnsmasq_router:
+
+# Support for CORS configuration
+# By default CORS support is disabled.
+enable_cors: false
+# Origin to accept for CORS requests
+cors_allowed_origin: "http://localhost:8000"
+# bifrost utilizes noauth mode by default and as such
+# the setting should be set to false. This setting should
+# not need to be modified by the user.
+enable_cors_credential_support: false
--- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml
@ -69,3 +69,17 @@
 - name: "Configure SSH libvirt URL if testing"
  lineinfile: dest=/etc/ironic/ironic.conf insertafter="[ssh]" regexp='^(.*)libvirt_uri=(.*)$' line="libvirt_uri=qemu:///system"
  when: testing | bool == true
+- name: "Set CORS allowed_origin if enable_cors is set"
+  lineinfile:
+    dest=/etc/ironic/ironic.conf
+    insertbefore='^(.*)cors.subdomain(.*)$'
+    regexp='^allowed_origin=(.*)$'
+    line="allowed_origin={{ cors_allowed_origin | default('allowed_origin=http://localhost:8000')}}"
+  when: enable_cors | bool
+- name: "Set CORS allow_credentials if enable_cors is set"
+  lineinfile:
+    dest=/etc/ironic/ironic.conf
+    insertbefore='^(.*)cors.subdomain(.*)$'
+    regexp='^allow_credentials=(.*)$'
+    line="allow_credentials={{ enable_cors_credential_support | default('true')}}"
+  when: enable_cors | bool