Set glance.conf.cors.allowed_origin variable

The patch sets allowed_origin in cors section to have ability to operate along with CSRF operations and direct upload in horizon dashboard. Change-Id: Icdd9aa97d24c5bf3cc42d3cd1dfd5b2f7adbefc9
2019-08-21 12:31:15 +03:00 · 2019-08-21 12:31:15 +03:00 · 266d7b41c5
commit 266d7b41c5
parent 6ae549ea6d
2 changed files with 42 additions and 0 deletions
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@ -156,6 +156,24 @@ limitations under the License.
 {{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
 {{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
 {{- end -}}
+
+{{- if empty .Values.conf.glance.cors.allowed_origin -}}
+{{- $endpointScheme := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}
+{{- $endpointHost := tuple "dashboard" "public" . | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
+{{- $endpointPort := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    # Common browsers don't add default ports like 80 and 443 to the headers
+    # and URLs therefore CORS should allow to use URLs both with 80,443 and
+    # without it in the URL.
+    {{- if eq $endpointPort "80" "443" }}
+        {{- $_ := set $envAll.Values.conf.glance.cors "allowed_origin" ( list ) }}
+        {{- $__allowed_origin := append $envAll.Values.conf.glance.cors.allowed_origin (printf "%s://%s" $endpointScheme $endpointHost) }}
+        {{- $_ := set $envAll.Values.conf.glance.cors "allowed_origin" $__allowed_origin }}
+        {{- $__allowed_origin := append $envAll.Values.conf.glance.cors.allowed_origin (printf "%s://%s:%s" $endpointScheme $endpointHost $endpointPort) }}
+        {{- $_ := set $envAll.Values.conf.glance.cors "allowed_origin" $__allowed_origin }}
+    {{- else }}
+        {{- printf "%s://%s:%s" $endpointScheme $endpointHost $endpointPort | set .Values.conf.glance.cors "allowed_origin" }}
+    {{- end }}
+{{- end -}}
 ---
 apiVersion: v1
 kind: Secret
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -302,6 +302,7 @@ conf:
      driver: messagingv2
    oslo_messaging_rabbit:
      rabbit_ha_queues: true
+    cors: {}
  logging:
    loggers:
      keys:
@ -811,6 +812,29 @@ endpoints:
    namespace: kube-system
  kube_public:
    namespace: kube-public
+  dashboard:
+    name: horizon
+    hosts:
+      default: horizon-int
+      public: horizon
+    host_fqdn_override:
+      default: null
+      # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
+      # endpoints using the following format:
+      # public:
+      #   host: null
+      #   tls:
+      #     crt: null
+      #     key: null
+    path:
+      default: null
+    scheme:
+      default: http
+      public: https
+    port:
+      web:
+        default: 80
+        public: 443

 pod:
  security_context: