yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #47144
[Bug 1551836] Re: CORS middleware's latent configuration options need to change
The long-term implications of not updating this patch are that of
maintenance. Using latent options is dangerous, because if they go away,
and the configuration file does not update (as frequently happens in
rolling updates), then suddenly CORS will break. Teams that do not
assist in landing this in mitaka will have to carry the burden of
maintaining this forward.
** Also affects: oslo.config
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1551836
Title:
CORS middleware's latent configuration options need to change
Status in Aodh:
New
Status in Barbican:
New
Status in Ceilometer:
New
Status in Cinder:
New
Status in cloudkitty:
New
Status in congress:
New
Status in Cue:
New
Status in Designate:
New
Status in Glance:
New
Status in heat:
New
Status in Ironic:
New
Status in OpenStack Identity (keystone):
Fix Committed
Status in Magnum:
New
Status in Manila:
New
Status in Mistral:
New
Status in Murano:
New
Status in neutron:
New
Status in OpenStack Compute (nova):
New
Status in oslo.config:
Fix Released
Status in Sahara:
New
Status in OpenStack Search (Searchlight):
New
Status in Solum:
New
Status in Trove:
New
Bug description:
It was pointed out in http://lists.openstack.org/pipermail/openstack-
dev/2016-February/086746.html that configuration options included in
paste.ini are less than optimal, because they impose an upgrade burden
on both operators and engineers. The following discussion expanded to
all projects (not just those using paste), and the following
conclusion was reached:
A) All generated configuration files should contain any headers which the API needs to operate. This is currently supported in oslo.config's generate-config script, as of 3.7.0
B) These same configuration headers should be set as defaults for the given API, using cfg.set_defaults. This permits an operator to simply activate a domain, and not have to worry about tweaking additional settings.
C) All hardcoded headers should be detached from the CORS middleware.
D) Configuration and activation of CORS should be consistent across all projects.
It was also agreed that this is a blocking bug for mitaka. A reference
patch has already been approved for keystone, available here:
https://review.openstack.org/#/c/285308/
To manage notifications about this bug go to:
https://bugs.launchpad.net/aodh/+bug/1551836/+subscriptions
References