Skip to content

Commit

Permalink
Update cors headers in grand-central ingress
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomach
tomach committed Nov 22, 2024
1 parent ff075a8 commit 6da16cf
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 6 deletions.
2 changes: 2 additions & 0 deletions CHANGES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ Unreleased

* Bump ``sql_exporter`` to ``0.16.0``

* Set CORS annotations in ``grand-central`` ingress.

2.42.0 (2024-10-02)
-------------------

Expand Down
24 changes: 18 additions & 6 deletions crate/operator/grand_central.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,12 @@ def get_grand_central_ingress(
name: str,
labels: LabelType,
hostname: str,
spec: kopf.Spec,
) -> V1Ingress:
allow_origin = (
spec["cluster"].get("settings", {}).get("http.cors.allow-origin")
or "$http_origin"
)
return V1Ingress(
metadata=V1ObjectMeta(
name=f"{GRAND_CENTRAL_RESOURCE_PREFIX}-{name}",
Expand All @@ -325,17 +330,22 @@ def get_grand_central_ingress(
more_set_headers "X-XSS-Protection: 1;mode=block"
"X-Frame-Options: DENY"
"X-Content-Type-Options: nosniff"
"Access-Control-Allow-Origin: $http_origin"
"Access-Control-Allow-Headers: Content-Type,Authorization"
"Access-Control-Allow-Credentials: true"
"Access-Control-Max-Age: 7200"
"Access-Control-Allow-Methods: GET,POST,PUT,PATCH,OPTIONS,DELETE"
"Referrer-Policy: strict-origin-when-cross-origin"
;
""" # noqa
),
"nginx.ingress.kubernetes.io/proxy-buffer-size": "64k",
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-credentials": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": allow_origin,
"nginx.ingress.kubernetes.io/cors-allow-methods": (
"GET,POST,PUT,PATCH,OPTIONS,DELETE"
),
"nginx.ingress.kubernetes.io/cors-allow-headers": (
"Content-Type,Authorization"
),
"nginx.ingress.kubernetes.io/cors-max-age": "7200",
},
),
spec=V1IngressSpec(
Expand Down Expand Up @@ -427,7 +437,9 @@ async def create_grand_central_backend(
logger,
continue_on_conflict=True,
namespace=namespace,
body=get_grand_central_ingress(owner_references, name, labels, hostname),
body=get_grand_central_ingress(
owner_references, name, labels, hostname, spec
),
)


Expand Down
26 changes: 26 additions & 0 deletions tests/test_create_grand_central.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,32 @@ async def test_create_grand_central(faker, namespace, kopf_runner, api_client):
ingress.metadata.annotations["external-dns.alpha.kubernetes.io/hostname"]
== "my-crate-cluster.gc.aks1.eastus.azure.cratedb-dev.net"
)
assert (
ingress.metadata.annotations[
"nginx.ingress.kubernetes.io/cors-allow-credentials"
]
== "true"
)
assert (
ingress.metadata.annotations["nginx.ingress.kubernetes.io/enable-cors"]
== "true"
)
assert (
ingress.metadata.annotations["nginx.ingress.kubernetes.io/cors-allow-origin"]
== "$http_origin"
)
assert (
ingress.metadata.annotations["nginx.ingress.kubernetes.io/cors-allow-methods"]
== "GET,POST,PUT,PATCH,OPTIONS,DELETE"
)
assert (
ingress.metadata.annotations["nginx.ingress.kubernetes.io/cors-allow-headers"]
== "Content-Type,Authorization"
)
assert (
ingress.metadata.annotations["nginx.ingress.kubernetes.io/cors-max-age"]
== "7200"
)

await assert_wait_for(
True,
Expand Down

0 comments on commit 6da16cf

Please sign in to comment.