added support for cors parameters

commit: 16e1bb7963e0dc7b7f84c78a7faacc24f8bb4740 [log] [tgz]
author: Ondrej Smola <ondrej.smola@tcpcloud.eu> Tue Apr 18 23:37:49 2017 +0200
committer: Ondrej Smola <ondrej.smola@tcpcloud.eu> Thu Apr 27 20:09:52 2017 +0200
tree: 9ee6f86dc12e1844ac03e83898fef53d76dbd2ac
parent: 18ec810d98473761c0737db5fbd1ef400b65dc76 [diff]
diff --git a/README.rst b/README.rst
index 9acaebb..6f80924 100644
--- a/README.rst
+++ b/README.rst

@@ -350,6 +350,21 @@
           caching: true
           cache_time: 600
 
+Enable CORS parameters
+
+.. code-block:: yaml
+
+    keystone:
+      server:
+        cors:
+          allowed_origin: https:localhost.local,http:localhost.local
+          expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+          allow_methods: GET,PUT,POST,DELETE,PATCH
+          allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+          allow_credentials: True
+          max_age: 86400
+
+
 
 Keystone client
 ---------------

diff --git a/keystone/files/mitaka/keystone.conf.Debian b/keystone/files/mitaka/keystone.conf.Debian
index 608f38a..84d1897 100644
--- a/keystone/files/mitaka/keystone.conf.Debian
+++ b/keystone/files/mitaka/keystone.conf.Debian

@@ -495,23 +495,42 @@
 # Indicate whether this resource may be shared with the domain received in the
 # requests "origin" header. (list value)
 #allowed_origin = <None>
+{% if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{% endif %}
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+{% if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{% endif %}
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+{% if server.cors.expose_headers is defined %}
+expose_headers = {{ server.cors.expose_headers }}
+{% endif %}
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
+{% if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{% endif %}
+
 
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+{% if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{% endif %}
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
+{% if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{% endif %}
 
 
 [cors.subdomain]

diff --git a/keystone/files/newton/keystone.conf.Debian b/keystone/files/newton/keystone.conf.Debian
index 0807960..1e5fb4b 100644
--- a/keystone/files/newton/keystone.conf.Debian
+++ b/keystone/files/newton/keystone.conf.Debian

@@ -577,23 +577,42 @@
 # requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
 # slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
+{% if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{% endif %}
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+{% if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{% endif %}
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+{% if server.cors.expose_headers is defined %}
+allowed_origin = {{ server.cors.expose_headers }}
+{% endif %}
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
+{% if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{% endif %}
+
 
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+{% if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{% endif %}
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
+{% if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{% endif %}
 
 
 [cors.subdomain]

diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index dd9a7c9..8194834 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian

@@ -649,23 +649,42 @@
 # requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
 # slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
+{% if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{% endif %}
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+{% if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{% endif %}
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+{% if server.cors.expose_headers is defined %}
+allowed_origin = {{ server.cors.expose_headers }}
+{% endif %}
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
+{% if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{% endif %}
+
 
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+{% if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{% endif %}
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
+{% if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{% endif %}
 
 
 [cors.subdomain]

diff --git a/keystone/map.jinja b/keystone/map.jinja
index 284130f..16ed756 100644
--- a/keystone/map.jinja
+++ b/keystone/map.jinja

@@ -5,6 +5,7 @@
         'service_name': 'keystone',
         'version': 'icehouse',
         'api_version': '2',
+        'cors': {},
         'tokens': {
           'engine': 'database',
           'expiration': '86400'
@@ -17,6 +18,7 @@
         'service_name': 'openstack-keystone',
         'api_version': '2',
         'version': 'icehouse',
+        'cors': {},
         'tokens': {
           'engine': 'database',
           'expiration': '86400'
commit	16e1bb7963e0dc7b7f84c78a7faacc24f8bb4740	[log] [tgz]
author	Ondrej Smola <ondrej.smola@tcpcloud.eu>	Tue Apr 18 23:37:49 2017 +0200
committer	Ondrej Smola <ondrej.smola@tcpcloud.eu>	Thu Apr 27 20:09:52 2017 +0200
tree	9ee6f86dc12e1844ac03e83898fef53d76dbd2ac
parent	18ec810d98473761c0737db5fbd1ef400b65dc76 [diff]