yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1551836] Re: CORS middleware's latent configuration options need to change

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Junyuan Leng <junyuan.leng@xxxxxxxxxxx>
Date: Fri, 04 Mar 2016 19:00:51 -0000
Reply-to: Bug 1551836 <1551836@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: ironic
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1551836

Title:
  CORS middleware's latent configuration options need to change

Status in Aodh:
  In Progress
Status in Barbican:
  In Progress
Status in Ceilometer:
  In Progress
Status in Cinder:
  In Progress
Status in cloudkitty:
  In Progress
Status in congress:
  In Progress
Status in Cue:
  In Progress
Status in Designate:
  In Progress
Status in Glance:
  In Progress
Status in heat:
  In Progress
Status in Ironic:
  Fix Released
Status in OpenStack Identity (keystone):
  Fix Released
Status in Magnum:
  In Progress
Status in Manila:
  In Progress
Status in Mistral:
  In Progress
Status in Murano:
  In Progress
Status in neutron:
  In Progress
Status in OpenStack Compute (nova):
  Fix Released
Status in oslo.config:
  Fix Released
Status in Sahara:
  In Progress
Status in OpenStack Search (Searchlight):
  In Progress
Status in Solum:
  In Progress
Status in Trove:
  In Progress

Bug description:
  It was pointed out in http://lists.openstack.org/pipermail/openstack-
  dev/2016-February/086746.html that configuration options included in
  paste.ini are less than optimal, because they impose an upgrade burden
  on both operators and engineers. The following discussion expanded to
  all projects (not just those using paste), and the following
  conclusion was reached:

  A) All generated configuration files should contain any headers which the API needs to operate. This is currently supported in oslo.config's generate-config script, as of 3.7.0
  B) These same configuration headers should be set as defaults for the given API, using cfg.set_defaults. This permits an operator to simply activate a domain, and not have to worry about tweaking additional settings.
  C) All hardcoded headers should be detached from the CORS middleware.
  D) Configuration and activation of CORS should be consistent across all projects.

  It was also agreed that this is a blocking bug for mitaka. A reference
  patch has already been approved for keystone, available here:
  https://review.openstack.org/#/c/285308/

To manage notifications about this bug go to:
https://bugs.launchpad.net/aodh/+bug/1551836/+subscriptions

References

[Bug 1551836] [NEW] CORS middleware's latent configuration options need to change
From: Michael, 2016-03-01