Merge "Added CORS support to Barbican"

etc/barbican/barbican-api-paste.ini

@@ -5,21 +5,21 @@ use = egg:Paste#urlmap
 
 # Use this pipeline for Barbican API - versions no authentication
 [pipeline:barbican_version]
-pipeline = versionapp
+pipeline = cors versionapp
 
 # Use this pipeline for Barbican API - DEFAULT no authentication
 [pipeline:barbican_api]
-pipeline = unauthenticated-context apiapp
+pipeline = cors unauthenticated-context apiapp
 #pipeline = keystone_authtoken context apiapp
 
 #Use this pipeline to activate a repoze.profile middleware and HTTP port,
 #  to provide profiling information for the REST API processing.
 [pipeline:barbican-profile]
-pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
+pipeline = cors unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
 
 #Use this pipeline for keystone auth
 [pipeline:barbican-api-keystone]
-pipeline = keystone_authtoken context apiapp
+pipeline = cors keystone_authtoken context apiapp
 
 #Use this pipeline for keystone auth with audit feature
 [pipeline:barbican-api-keystone-audit]
@@ -68,3 +68,10 @@ discard_first_request = true
 path = /__profile__
 flush_at_shutdown = true
 unwind = false
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = barbican
+latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
+latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
+latent_allow_methods = GET, PUT, POST, DELETE, PATCH

etc/barbican/barbican.conf

@@ -320,3 +320,62 @@ ca_cert_key_path = /etc/barbican/snakeoil-ca.key
 ca_cert_chain_path = /etc/barbican/snakeoil-ca.chain
 ca_cert_pkcs7_path = /etc/barbican/snakeoil-ca.p7b
 subca_cert_key_directory=/etc/barbican/snakeoil-cas
+
+[cors]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma

requirements.txt

@@ -12,6 +12,7 @@ oslo.config>=3.4.0 # Apache-2.0
 oslo.context>=0.2.0 # Apache-2.0
 oslo.i18n>=2.1.0 # Apache-2.0
 oslo.messaging>=4.0.0 # Apache-2.0
+oslo.middleware>=3.0.0 # Apache-2.0
 oslo.log>=1.14.0 # Apache-2.0
 oslo.policy>=0.5.0 # Apache-2.0
 oslo.serialization>=1.10.0 # Apache-2.0