openstack/openstack-helm
Code Issues Proposed changes

Horizon: Expose security config params

Browse Source 
This PS exposes security related config params

Change-Id: Ia6d2e089301cfc8fd809380ad3f31c6e37dc5607
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2019-02-01 15:06:58 -06:00 committed by Steve Wilkerson
parent 23f5b18f1c
commit b02ec05d76
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
horizon/values.yaml
View File

@ -171,6 +171,11 @@ conf:
debug: "False" debug: "False"
keystone_multidomain_support: "True" keystone_multidomain_support: "True"
keystone_default_domain: Default keystone_default_domain: Default
disable_password_reveal: "False"
csrf_cookie_secure: "False"
session_cookie_secure: "False"
session_cookie_httponly: "False"
secure_proxy_ssl_header: false
openstack_cinder_features: openstack_cinder_features:
enable_backup: "True" enable_backup: "True"
openstack_neutron_network: openstack_neutron_network:
@ -234,12 +239,16 @@ conf:
# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header # https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') #SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
# https://docs.djangoproject.com/en/1.5/ref/settings/#secure-proxy-ssl-header # https://docs.djangoproject.com/en/1.5/ref/settings/#secure-proxy-ssl-header
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') {{- if .Values.conf.horizon.local_settings.config.secure_proxy_ssl_header }}
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
{{- end }}
# If Horizon is being served through SSL, then uncomment the following two # If Horizon is being served through SSL, then uncomment the following two
# settings to better secure the cookies from security exploits # settings to better secure the cookies from security exploits
#CSRF_COOKIE_SECURE = True CSRF_COOKIE_SECURE = '{{ .Values.conf.horizon.local_settings.config.csrf_cookie_secure }}'
#SESSION_COOKIE_SECURE = True SESSION_COOKIE_SECURE = '{{ .Values.conf.horizon.local_settings.config.session_cookie_secure }}'
SESSION_COOKIE_HTTPONLY = '{{ .Values.conf.horizon.local_settings.config.session_cookie_httponly }}'
# Overrides for OpenStack API versions. Use this setting to force the # Overrides for OpenStack API versions. Use this setting to force the
# OpenStack dashboard to use a specific API version for a given service API. # OpenStack dashboard to use a specific API version for a given service API.
@ -305,7 +314,7 @@ conf:
# Setting this to True will disable the reveal button for password fields, # Setting this to True will disable the reveal button for password fields,
# including on the login form. # including on the login form.
#HORIZON_CONFIG["disable_password_reveal"] = False HORIZON_CONFIG["disable_password_reveal"] = '{{ .Values.conf.horizon.local_settings.config.disable_password_reveal }}'
LOCAL_PATH = '/tmp' LOCAL_PATH = '/tmp'