From 0bcdeaf0e725ab044bb6e1fb56b0c49516dc9345 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Tue, 15 Sep 2015 09:23:58 -0400 Subject: [PATCH] CORS configuration support Since CORS support has landed in Ironic, we should enable a bifrost user to be able to turn CORS on. Note: Presently the ironic-webclient sends an x-client header which causes the oslo middlewear portion that supplies CORS to reject the request. A change is pending to remove that from the webclient, however if a user wishes to perform testing with the webclient, x-client will need to be added to the list of allowed headers. Depends-On: I23e902c8637e142fba23d71467225d48ee265253 Change-Id: I487a57c54995e0572072aa54193e985ea257ed70 --- .../roles/bifrost-ironic-install/README.md | 18 ++++++++++++++++++ .../bifrost-ironic-install/defaults/main.yml | 10 ++++++++++ .../tasks/ironic_config.yml | 14 ++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/playbooks/roles/bifrost-ironic-install/README.md b/playbooks/roles/bifrost-ironic-install/README.md index cbac3360a..5b20defa8 100644 --- a/playbooks/roles/bifrost-ironic-install/README.md +++ b/playbooks/roles/bifrost-ironic-install/README.md @@ -100,6 +100,24 @@ need to exist. The recommended approach for adding a new variable is: - If a given default applies to multiple versions of a distribution, that variable needs to be specified for each version which it affects. +If you wish to enable Cross-Orogin Resource Sharing (CORS), such as to +connect a javascript based web client, options have been added to allow +a user to enable the integrated support. + +By default, this support is disabled, but the configuration options are below: + +enable_cors: Boolean value, default false, to enable CORS support. + +cors_allowed_origin: A URL string that represents the origin sent by the + client web browser. If CORS is enabled, and this is + not set, it will default to http://localhost:8000/. + +enable_cors_credential_support: Boolean value, default false. This variable + toggles the CORS configuration to expect user + authentication. Since bifrost makes use of + noauth mode, this realistically should not + be modified. + Dependencies ------------ diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index f0d5a3804..4bcff12d0 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -54,3 +54,13 @@ network_interface: "virbr0" # as default route the same IP of the dnsmasq server. # Default: undefined # dnsmasq_router: + +# Support for CORS configuration +# By default CORS support is disabled. +enable_cors: false +# Origin to accept for CORS requests +cors_allowed_origin: "http://localhost:8000" +# bifrost utilizes noauth mode by default and as such +# the setting should be set to false. This setting should +# not need to be modified by the user. +enable_cors_credential_support: false diff --git a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml index fd200a1b2..8eceed04c 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml @@ -69,3 +69,17 @@ - name: "Configure SSH libvirt URL if testing" lineinfile: dest=/etc/ironic/ironic.conf insertafter="[ssh]" regexp='^(.*)libvirt_uri=(.*)$' line="libvirt_uri=qemu:///system" when: testing | bool == true +- name: "Set CORS allowed_origin if enable_cors is set" + lineinfile: + dest=/etc/ironic/ironic.conf + insertbefore='^(.*)cors.subdomain(.*)$' + regexp='^allowed_origin=(.*)$' + line="allowed_origin={{ cors_allowed_origin | default('allowed_origin=http://localhost:8000')}}" + when: enable_cors | bool +- name: "Set CORS allow_credentials if enable_cors is set" + lineinfile: + dest=/etc/ironic/ironic.conf + insertbefore='^(.*)cors.subdomain(.*)$' + regexp='^allow_credentials=(.*)$' + line="allow_credentials={{ enable_cors_credential_support | default('true')}}" + when: enable_cors | bool