def set_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID',
'X-Trace-Info',
'X-Trace-HMAC',
'OpenStack-API-Version'],
expose_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID',
'OpenStack-API-Version'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH',
'HEAD']
)
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['Content-MD5',
'X-Image-Meta-Checksum',
'X-Storage-Token',
'Accept-Encoding',
'X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID'],
expose_headers=['X-Image-Meta-Checksum',
'X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
def _wrap_app(app):
"""Wraps wsgi app with additional middlewares."""
app = request_id.RequestId(app)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list
)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exceptions.InputFileError(
file_name=CONF.audit.audit_map_file,
reason=e
)
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
app = keystone.SkippingAuthProtocol(app, {})
# This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth
# middleware - are annotated with CORS headers, and thus accessible
# by the browser.
app = cors.CORS(app, cfg.CONF)
cors.set_defaults(
allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'],
allow_methods=['GET', 'PUT', 'POST', 'DELETE'],
expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id']
)
return app
def set_external_opts_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Subject-Token',
'X-Project-Id',
'X-Project-Name',
'X-Project-Domain-Id',
'X-Project-Domain-Name',
'X-Domain-Id',
'X-Domain-Name'],
expose_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Subject-Token'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
# configure OSprofiler options
profiler.set_defaults(CONF, enabled=False, trace_sqlalchemy=False)
# Oslo.cache is always enabled by default for request-local caching
# TODO(morganfainberg): Fix this to not use internal interface when
# oslo.cache has proper interface to set defaults added. This is
# just a bad way to do this.
opts = cache._opts.list_opts()
for opt_list in opts:
if opt_list[0] == 'cache':
for o in opt_list[1]:
if o.name == 'enabled':
o.default = True
def _wrap_app(app):
"""Wraps wsgi app with additional middlewares."""
app = request_id.RequestId(app)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exceptions.InputFileError(
file_name=CONF.audit.audit_map_file, reason=e)
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
app = keystone.SkippingAuthProtocol(app, {})
# This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth
# middleware - are annotated with CORS headers, and thus accessible
# by the browser.
app = cors.CORS(app, cfg.CONF)
cors.set_defaults(
allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'],
allow_methods=['GET', 'PUT', 'POST', 'DELETE'],
expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id'])
return app
def set_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID',
'X-Trace-Info',
'X-Trace-HMAC',
'OpenStack-API-Version'],
expose_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID',
'OpenStack-API-Version'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH',
'HEAD']
)
def install(cls, app, auth_app, conf):
LOG.debug(u'Installing CORS middleware.')
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID',
'X-Trace-Info',
'X-Trace-HMAC',
'Client-id'],
expose_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH',
'HEAD']
)
return CORSMiddleware(app, auth_app, conf)
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['Content-MD5',
'X-Image-Meta-Checksum',
'X-Storage-Token',
'Accept-Encoding',
'X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID'],
expose_headers=['X-Image-Meta-Checksum',
'X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
def set_external_opts_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Subject-Token',
'X-Project-Id',
'X-Project-Name',
'X-Project-Domain-Id',
'X-Project-Domain-Name',
'X-Domain-Id',
'X-Domain-Name'],
expose_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Subject-Token'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
# configure OSprofiler options
profiler.set_defaults(CONF, enabled=False, trace_sqlalchemy=False)
# Oslo.cache is always enabled by default for request-local caching
# TODO(morganfainberg): Fix this to not use internal interface when
# oslo.cache has proper interface to set defaults added. This is
# just a bad way to do this.
opts = cache._opts.list_opts()
for opt_list in opts:
if opt_list[0] == 'cache':
for o in opt_list[1]:
if o.name == 'enabled':
o.default = True
def set_external_opts_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id', 'X-Subject-Token',
'X-Project-Id', 'X-Project-Name', 'X-Project-Domain-Id',
'X-Project-Domain-Name', 'X-Domain-Id', 'X-Domain-Name',
'Openstack-Auth-Receipt'
],
expose_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id',
'X-Subject-Token', 'Openstack-Auth-Receipt'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
# configure OSprofiler options
profiler.set_defaults(CONF, enabled=False, trace_sqlalchemy=False)
# TODO(gmann): Remove setting the default value of config policy_file
# once oslo_policy change the default value to 'policy.yaml'.
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
DEFAULT_POLICY_FILE = 'policy.yaml'
policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
# Oslo.cache is always enabled by default for request-local caching
# TODO(morganfainberg): Fix this to not use internal interface when
# oslo.cache has proper interface to set defaults added. This is
# just a bad way to do this.
opts = cache._opts.list_opts()
for opt_list in opts:
if opt_list[0] == 'cache':
for o in opt_list[1]:
if o.name == 'enabled':
o.default = True
def _wrap_app(app):
app = request_id.RequestId(app)
if cfg.CONF.auth_strategy == 'noauth':
pass
elif cfg.CONF.auth_strategy == 'keystone':
app = auth_token.AuthProtocol(app, {})
else:
raise n_exc.InvalidConfigurationOption(
opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy)
# version can be unauthenticated so it goes outside of auth
app = versions.Versions(app)
# handle cases where neutron-server is behind a proxy
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
# This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth
# middleware - are annotated with CORS headers, and thus accessible
# by the browser.
app = cors.CORS(app, cfg.CONF)
cors.set_defaults(
allow_headers=['X-Auth-Token', 'X-Identity-Status', 'X-Roles',
'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id',
'X-OpenStack-Request-ID',
'X-Trace-Info', 'X-Trace-HMAC'],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=['X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
'X-OpenStack-Request-ID',
'X-Trace-Info', 'X-Trace-HMAC']
)
return app
def setup_app(config=None):
app_hooks = [hooks.ConfigHook(),
hooks.DBHook(),
hooks.ContextHook(config.app.acl_public_routes),
hooks.RPCHook(),
hooks.NoExceptionTracebackHook(),
hooks.PublicUrlHook()]
app_conf = dict(config.app)
app = make_app(
app_conf.pop('root'),
hooks=app_hooks,
force_canonical=getattr(config.app, 'force_canonical', True),
wrap_app=middleware.ParsableErrorMiddleware,
**app_conf
)
if CONF.auth_strategy == "keystone":
app = auth_token.AuthTokenMiddleware(
app, dict(cfg.CONF),
public_api_routes=config.app.acl_public_routes)
# Create a CORS wrapper, and attach iotronic-specific defaults that must be
# included in all CORS responses.
app = IotronicCORS(app, CONF)
cors_middleware.set_defaults(
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[base.Version.max_string, base.Version.min_string,
base.Version.string]
)
return app
def set_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Project-Id',
'X-Identity-Status',
'X-User-Id',
'X-Storage-Token',
'X-Domain-Id',
'X-User-Domain-Id',
'X-Project-Domain-Id',
'X-Roles'],
expose_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Project-Id',
'X-Identity-Status',
'X-User-Id',
'X-Storage-Token',
'X-Domain-Id',
'X-User-Domain-Id',
'X-Project-Domain-Id',
'X-Roles'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
def setup_app(pecan_config=None, extra_hooks=None):
app_hooks = [
hooks.ConfigHook(),
hooks.DBHook(),
hooks.ContextHook(pecan_config.app.acl_public_routes),
hooks.RPCHook(),
hooks.NoExceptionTracebackHook(),
hooks.PublicUrlHook()
]
if extra_hooks:
app_hooks.extend(extra_hooks)
if not pecan_config:
pecan_config = get_pecan_config()
pecan.configuration.set_config(dict(pecan_config), overwrite=True)
app = pecan.make_app(
pecan_config.app.root,
debug=CONF.pecan_debug,
static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
force_canonical=getattr(pecan_config.app, 'force_canonical', True),
hooks=app_hooks,
wrap_app=middleware.ParsableErrorMiddleware,
)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exception.InputFileError(file_name=CONF.audit.audit_map_file,
reason=e)
if CONF.auth_strategy == "keystone":
app = auth_token.AuthTokenMiddleware(
app,
dict(cfg.CONF),
public_api_routes=pecan_config.app.acl_public_routes)
# Create a CORS wrapper, and attach ironic-specific defaults that must be
# included in all CORS responses.
app = cors_middleware.CORS(app, CONF)
cors_middleware.set_defaults(
allow_headers=[
base.Version.max_string, base.Version.min_string,
base.Version.string
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[
base.Version.max_string, base.Version.min_string,
base.Version.string
])
return app
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', MIN_VERSION_HEADER, MAX_VERSION_HEADER, VERSION_HEADER
],
allow_methods=[
'GET', 'POST', 'PUT', 'HEAD', 'PATCH', 'DELETE',
'OPTIONS'
])
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id', 'X-Subject-Token'
],
expose_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id',
'X-Subject-Token'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
MIN_VERSION_HEADER,
MAX_VERSION_HEADER,
VERSION_HEADER],
allow_methods=['GET', 'POST', 'PUT', 'HEAD',
'PATCH', 'DELETE', 'OPTIONS']
)
def set_config_defaults():
"""This method updates all configuration default values."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Identity-Status', 'X-Roles', 'X-Service-Catalog',
'X-User-Id', 'X-Tenant-Id', 'X-OpenStack-Request-ID'
],
expose_headers=[
'X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
'X-OpenStack-Request-ID'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Subject-Token', 'X-Roles', 'X-User-Id',
'X-Domain-Id', 'X-Project-Id', 'X-Tenant-Id', 'X-OpenStack-Request-ID'
],
expose_headers=[
'X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
'X-OpenStack-Request-ID'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Identity-Status', 'X-Roles', 'X-Service-Catalog',
'X-User-Id', 'X-Tenant-Id', 'X-Project-Id', 'X-User-Name',
'X-Project-Name'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[
'X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
'X-Project-Id', 'X-User-Name', 'X-Project-Name'
])
def setup_app(pecan_config=None, extra_hooks=None):
app_hooks = [hooks.ConfigHook(),
hooks.DBHook(),
hooks.ContextHook(pecan_config.app.acl_public_routes),
hooks.RPCHook(),
hooks.NoExceptionTracebackHook(),
hooks.PublicUrlHook()]
if extra_hooks:
app_hooks.extend(extra_hooks)
if not pecan_config:
pecan_config = get_pecan_config()
pecan.configuration.set_config(dict(pecan_config), overwrite=True)
app = pecan.make_app(
pecan_config.app.root,
debug=CONF.pecan_debug,
static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
force_canonical=getattr(pecan_config.app, 'force_canonical', True),
hooks=app_hooks,
wrap_app=middleware.ParsableErrorMiddleware,
)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list
)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exception.InputFileError(
file_name=CONF.audit.audit_map_file,
reason=e
)
if CONF.auth_strategy == "keystone":
app = auth_token.AuthTokenMiddleware(
app, dict(cfg.CONF),
public_api_routes=pecan_config.app.acl_public_routes)
# Create a CORS wrapper, and attach ironic-specific defaults that must be
# included in all CORS responses.
app = IronicCORS(app, CONF)
cors_middleware.set_defaults(
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[base.Version.max_string, base.Version.min_string,
base.Version.string]
)
return app
def set_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id', 'X-Configuration-Session',
'X-Roles', 'X-User-Id', 'X-Tenant-Id'
],
expose_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id',
'X-Configuration-Session', 'X-Roles', 'X-User-Id',
'X-Tenant-Id'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
def set_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id', 'X-Project-Id',
'X-Identity-Status', 'X-User-Id', 'X-Storage-Token', 'X-Domain-Id',
'X-User-Domain-Id', 'X-Project-Domain-Id', 'X-Roles'
],
expose_headers=[
'X-Auth-Token', 'X-Openstack-Request-Id',
'X-Project-Id', 'X-Identity-Status', 'X-User-Id',
'X-Storage-Token', 'X-Domain-Id', 'X-User-Domain-Id',
'X-Project-Domain-Id', 'X-Roles'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Subject-Token'],
expose_headers=['X-Auth-Token',
'X-Openstack-Request-Id',
'X-Subject-Token'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
def install(cls, app, auth_app, conf):
LOG.debug(u'Installing CORS middleware.')
cors.set_defaults(
allow_headers=[
'X-Auth-Token', 'X-Identity-Status', 'X-Roles',
'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id',
'X-OpenStack-Request-ID', 'X-Trace-Info', 'X-Trace-HMAC',
'Client-id'
],
expose_headers=[
'X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
'X-OpenStack-Request-ID'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH', 'HEAD'])
return CORSMiddleware(app, auth_app, conf)
def set_lib_defaults():
"""Update default configuration options for external lib namespace"""
cors.set_defaults(allow_headers=[
'X-Auth-Token', 'X-OpenStack-Request-ID',
'X-Openstack-Manila-Api-Version',
'X-OpenStack-Manila-API-Experimental', 'X-Identity-Status', 'X-Roles',
'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id'
],
expose_headers=[
'X-Auth-Token', 'X-OpenStack-Request-ID',
'X-Openstack-Manila-Api-Version',
'X-OpenStack-Manila-API-Experimental',
'X-Subject-Token', 'X-Service-Token'
],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'])
# Update default value of oslo.policy policy_file config option.
policy_opts.set_defaults(CONF, 'policy.yaml')
def _wrap_app(app):
"""Wraps wsgi app with additional middlewares."""
app = request_id.RequestId(app)
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
app = keystone.SkippingAuthProtocol(app, {})
# This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth
# middleware - are annotated with CORS headers, and thus accessible
# by the browser.
app = cors.CORS(app, cfg.CONF)
cors.set_defaults(
allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'],
allow_methods=['GET', 'PUT', 'POST', 'DELETE'],
expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id'])
return app
def set_defaults():
"""Override all default values from upstream packages"""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Auth-Sudo-Tenant-ID',
'X-Auth-Sudo-Project-ID',
'X-Auth-All-Projects',
'X-Designate-Edit-Managed-Records',
'OpenStack-DNS-Hide-Counts'],
expose_headers=['X-OpenStack-Request-ID',
'Host'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH',
'HEAD']
)
def set_config_defaults():
"""This method updates all configuration default values."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID'],
expose_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH']
)
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Roles',
'X-User-Id',
'X-Domain-Id',
'X-Project-Id',
'X-Tenant-Id',
'X-OpenStack-Request-ID'],
expose_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH'])
def set_cors_middleware_defaults():
"""Update default configuration options for oslo.middleware."""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Identity-Status',
'X-Roles',
'X-Service-Catalog',
'X-User-Id',
'X-Project-Id',
'X-OpenStack-Request-ID',
'X-Server-Management-Url'],
expose_headers=['X-Auth-Token',
'X-Subject-Token',
'X-Service-Token',
'X-OpenStack-Request-ID',
'X-Server-Management-Url'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH'])
def _wrap_app(app):
app = request_id.RequestId(app)
if CONF.api.auth_strategy == 'noauth':
pass
elif CONF.api.auth_strategy == 'keystone':
app = auth_token.AuthProtocol(app, {})
LOG.info("Keystone authentication is enabled")
else:
raise g_exc.InvalidConfigurationOption(
opt_name='auth_strategy', opt_value=CONF.auth_strategy)
# dont bother authenticating version
# app = versions.Versions(app)
# gluon server is behind the proxy
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
# This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth
# middleware - are annotated with CORS headers, and thus accessible
# by the browser.
app = cors.CORS(app, CONF)
cors.set_defaults(
allow_headers=['X-Auth-Token', 'X-Identity-Status', 'X-Roles',
'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id',
'X-OpenStack-Request-ID',
'X-Trace-Info', 'X-Trace-HMAC'],
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=['X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
'X-OpenStack-Request-ID',
'X-Trace-Info', 'X-Trace-HMAC']
)
return app
def set_defaults():
"""Override all default values from upstream packages"""
cors.set_defaults(
allow_headers=['X-Auth-Token',
'X-Auth-Sudo-Tenant-ID',
'X-Auth-Sudo-Project-ID',
'X-Auth-All-Projects',
'X-Designate-Edit-Managed-Records',
'OpenStack-DNS-Hide-Counts'],
expose_headers=['X-OpenStack-Request-ID',
'Host'],
allow_methods=['GET',
'PUT',
'POST',
'DELETE',
'PATCH',
'HEAD']
)
# TODO(gmann): Remove setting the default value of config policy_file
# once oslo_policy change the default value to 'policy.yaml'.
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
DEFAULT_POLICY_FILE = 'policy.yaml'
policy_opts.set_defaults(designate.conf.CONF, DEFAULT_POLICY_FILE)
def setup_app(pecan_config=None, extra_hooks=None):
app_hooks = [hooks.ConfigHook(),
hooks.DBHook(),
hooks.ContextHook(pecan_config.app.acl_public_routes),
hooks.RPCHook(),
hooks.NoExceptionTracebackHook(),
hooks.PublicUrlHook()]
if extra_hooks:
app_hooks.extend(extra_hooks)
if not pecan_config:
pecan_config = get_pecan_config()
pecan.configuration.set_config(dict(pecan_config), overwrite=True)
app = pecan.make_app(
pecan_config.app.root,
debug=CONF.pecan_debug,
static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
force_canonical=getattr(pecan_config.app, 'force_canonical', True),
hooks=app_hooks,
wrap_app=middleware.ParsableErrorMiddleware,
# NOTE(dtantsur): enabling this causes weird issues with nodes named
# as if they had a known mime extension, e.g. "mynode.1". We do
# simulate the same behaviour for .json extensions for backward
# compatibility through JsonExtensionMiddleware.
guess_content_type_from_ext=False,
)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list
)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exception.InputFileError(
file_name=CONF.audit.audit_map_file,
reason=e
)
if CONF.auth_strategy == "keystone":
app = auth_token.AuthTokenMiddleware(
app, {"oslo_config_config": cfg.CONF},
public_api_routes=pecan_config.app.acl_public_routes)
if CONF.profiler.enabled:
app = osprofiler_web.WsgiMiddleware(app)
# add in the healthcheck middleware if enabled
# NOTE(jroll) this is after the auth token middleware as we don't want auth
# in front of this, and WSGI works from the outside in. Requests to
# /healthcheck will be handled and returned before the auth middleware
# is reached.
if CONF.healthcheck.enabled:
app = healthcheck.Healthcheck(app, CONF)
# Create a CORS wrapper, and attach ironic-specific defaults that must be
# included in all CORS responses.
app = IronicCORS(app, CONF)
cors_middleware.set_defaults(
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[base.Version.max_string, base.Version.min_string,
base.Version.string]
)
app = json_ext.JsonExtensionMiddleware(app)
return app
def setup_app(pecan_config=None, extra_hooks=None):
app_hooks = [
hooks.ConfigHook(),
hooks.DBHook(),
hooks.ContextHook(pecan_config.app.acl_public_routes),
hooks.RPCHook(),
hooks.NoExceptionTracebackHook(),
hooks.PublicUrlHook()
]
if extra_hooks:
app_hooks.extend(extra_hooks)
if not pecan_config:
pecan_config = get_pecan_config()
pecan.configuration.set_config(dict(pecan_config), overwrite=True)
app = pecan.make_app(
pecan_config.app.root,
debug=CONF.pecan_debug,
static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
force_canonical=getattr(pecan_config.app, 'force_canonical', True),
hooks=app_hooks,
wrap_app=middleware.ParsableErrorMiddleware,
# NOTE(dtantsur): enabling this causes weird issues with nodes named
# as if they had a known mime extension, e.g. "mynode.1". We do
# simulate the same behaviour for .json extensions for backward
# compatibility through JsonExtensionMiddleware.
guess_content_type_from_ext=False,
)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exception.InputFileError(file_name=CONF.audit.audit_map_file,
reason=e)
auth_middleware = None
if CONF.auth_strategy == "keystone":
auth_middleware = auth_token.AuthProtocol(
app, {"oslo_config_config": cfg.CONF})
elif CONF.auth_strategy == "http_basic":
auth_middleware = auth_basic.BasicAuthMiddleware(
app, cfg.CONF.http_basic_auth_user_file)
if auth_middleware:
app = auth_public_routes.AuthPublicRoutes(
app,
auth=auth_middleware,
public_api_routes=pecan_config.app.acl_public_routes)
if CONF.profiler.enabled:
app = osprofiler_web.WsgiMiddleware(app)
# NOTE(pas-ha) this registers oslo_middleware.enable_proxy_headers_parsing
# option, when disabled (default) this is noop middleware
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app, CONF)
# add in the healthcheck middleware if enabled
# NOTE(jroll) this is after the auth token middleware as we don't want auth
# in front of this, and WSGI works from the outside in. Requests to
# /healthcheck will be handled and returned before the auth middleware
# is reached.
if CONF.healthcheck.enabled:
app = healthcheck.Healthcheck(app, CONF)
# Create a CORS wrapper, and attach ironic-specific defaults that must be
# included in all CORS responses.
app = IronicCORS(app, CONF)
cors_middleware.set_defaults(
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[
base.Version.max_string, base.Version.min_string,
base.Version.string
])
app = json_ext.JsonExtensionMiddleware(app)
return app
def setup_app(pecan_config=None, extra_hooks=None):
app_hooks = [
hooks.ConfigHook(),
hooks.DBHook(),
hooks.ContextHook(pecan_config.app.acl_public_routes),
hooks.RPCHook(),
hooks.NoExceptionTracebackHook(),
hooks.PublicUrlHook()
]
if extra_hooks:
app_hooks.extend(extra_hooks)
if not pecan_config:
pecan_config = get_pecan_config()
pecan.configuration.set_config(dict(pecan_config), overwrite=True)
app = pecan.make_app(
pecan_config.app.root,
debug=CONF.pecan_debug,
static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
force_canonical=getattr(pecan_config.app, 'force_canonical', True),
hooks=app_hooks,
wrap_app=middleware.ParsableErrorMiddleware,
# NOTE(dtantsur): enabling this causes weird issues with nodes named
# as if they had a known mime extension, e.g. "mynode.1". We do
# simulate the same behaviour for .json extensions for backward
# compatibility through JsonExtensionMiddleware.
guess_content_type_from_ext=False,
)
if CONF.audit.enabled:
try:
app = audit_middleware.AuditMiddleware(
app,
audit_map_file=CONF.audit.audit_map_file,
ignore_req_list=CONF.audit.ignore_req_list)
except (EnvironmentError, OSError,
audit_middleware.PycadfAuditApiConfigError) as e:
raise exception.InputFileError(file_name=CONF.audit.audit_map_file,
reason=e)
if CONF.auth_strategy == "keystone":
app = auth_token.AuthTokenMiddleware(
app, {"oslo_config_config": cfg.CONF},
public_api_routes=pecan_config.app.acl_public_routes)
if CONF.profiler.enabled:
app = osprofiler_web.WsgiMiddleware(app)
# Create a CORS wrapper, and attach ironic-specific defaults that must be
# included in all CORS responses.
app = IronicCORS(app, CONF)
cors_middleware.set_defaults(
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
expose_headers=[
base.Version.max_string, base.Version.min_string,
base.Version.string
])
app = json_ext.JsonExtensionMiddleware(app)
return app
