From 1ce2ffd15fbb9423cd5f705e10d34dee5e23a4d5 Mon Sep 17 00:00:00 2001
From: "Joe H. Rahme" <joe.hakim.rahme@enovance.com>
Date: Tue, 22 Oct 2013 15:19:09 +0200
Subject: [PATCH] Enables Swift crossdomain middleware by default

This step is needed to enable its testing in Tempest. The patch adds a
variable SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH that holds a list of
middlewares inserted in the pipeline before authentication middlewares
(tempauth, keystoneauth, ...).

Change-Id: I1927103feff997a354ccf82ccf12aa77db083ad3
---
 lib/swift | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/swift b/lib/swift
index 6ab43c420f..2b23e44d78 100644
--- a/lib/swift
+++ b/lib/swift
@@ -72,6 +72,10 @@ SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-tempurl formpost staticweb}
 # the end of the pipeline.
 SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST}
 
+# Set ``SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH`` to extras middlewares that need to be at
+# the beginning of the pipeline, before authentication middlewares.
+SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH=${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH:-crossdomain}
+
 # The ring uses a configurable number of bits from a path’s MD5 hash as
 # a partition index that designates a device. The number of bits kept
 # from the hash is known as the partition power, and 2 to the partition
@@ -210,7 +214,7 @@ function _config_swift_apache_wsgi() {
 
 # configure_swift() - Set config files, create data dirs and loop image
 function configure_swift() {
-    local swift_pipeline=" "
+    local swift_pipeline="${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH}"
     local node_number
     local swift_node_config
     local swift_log_dir
@@ -271,7 +275,7 @@ function configure_swift() {
     # tempauth would be prefixed with the reseller_prefix setting TEMPAUTH_ the
     # token for keystoneauth would have the standard reseller_prefix AUTH_
     if is_service_enabled swift3;then
-        swift_pipeline=" swift3 s3token "
+        swift_pipeline+=" swift3 s3token "
     fi
     swift_pipeline+=" authtoken keystoneauth tempauth "
     sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
@@ -283,6 +287,9 @@ function configure_swift() {
     iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
 
+    # Configure Crossdomain
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
+
     # Configure Keystone
     sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_host $KEYSTONE_AUTH_HOST