Update proxy logic to handle cors when single url config is used

haupt/haupt/proxies/schemas/cors.py

@@ -0,0 +1,27 @@
+from haupt import settings
+from haupt.proxies.schemas.base import get_config
+
+CORS_OPTIONS = r"""
+    if ($request_method = 'OPTIONS') {{
+        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Headers' 'X-POLYAXON-SERVICE,x-csrftoken,X-CSRF-Token,Authorization,Accept,Origin,DNT,X-Mx-ReqToken,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Sec-Fetch-Mode,User-Agent' always;
+        add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;
+        add_header 'Access-Control-Max-Age' 1728000 always;
+        add_header 'Content-Length' 0;
+        add_header 'Content-Type' 'text/plain; charset=utf-8';
+        return 204;
+    }}
+
+    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;
+    add_header 'Access-Control-Allow-Headers' 'X-POLYAXON-SERVICE,x-csrftoken,X-CSRF-Token,Authorization,Accept,Origin,DNT,X-Mx-ReqToken,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Sec-Fetch-Mode,User-Agent' always;
+"""  # noqa
+
+
+def get_cors_config():
+    return get_config(
+        options=CORS_OPTIONS if settings.PROXIES_CONFIG.ui_single_url else "",
+        indent=0,
+    )

haupt/haupt/proxies/schemas/gateway/api.py

@@ -1,3 +1,5 @@
+from typing import Optional
+
 from haupt import settings
 from haupt.proxies.schemas.base import clean_config, get_config
 from haupt.proxies.schemas.urls import (
@@ -16,6 +18,7 @@
 
 OPTIONS = r"""
 location {path} {{
+    {cors}
     {auth}
     {resolver}
     {ssl_server_name}
@@ -35,6 +38,7 @@ def get_api_config(
     path: str,
     service: str,
     resolver: str,
+    cors: str,
     auth: str,
     ssl_server_name: str,
     header_host: str,
@@ -44,19 +48,24 @@ def get_api_config(
         path=path,
         service=service,
         resolver=resolver,
+        cors=cors,
         auth=auth,
         ssl_server_name=ssl_server_name,
         header_host=header_host,
     )
 
 
-def get_api_location_config(resolver: str, auth=str):
+def get_api_location_config(
+    resolver: str, cors: Optional[str] = "", auth: Optional[str] = ""
+):
     service = get_service_url(
         host=settings.PROXIES_CONFIG.api_host,
         port=settings.PROXIES_CONFIG.api_port,
     )
     if not settings.PROXIES_CONFIG.api_use_resolver:
         resolver = ""
+    if not settings.PROXIES_CONFIG.ui_single_url:
+        cors = ""
     if not settings.PROXIES_CONFIG.auth_external:
         auth = ""
     ssl_server_name = get_ssl_server_name(service)
@@ -68,6 +77,7 @@ def get_api_location_config(resolver: str, auth=str):
             path="= /",
             service=service,
             resolver=resolver,
+            cors=cors,
             auth=auth,
             ssl_server_name=ssl_server_name,
             header_host=header_host,
@@ -76,6 +86,7 @@ def get_api_location_config(resolver: str, auth=str):
             path=API_V1_LOCATION,
             service=service,
             resolver=resolver,
+            cors=cors,
             auth=auth,
             ssl_server_name=ssl_server_name,
             header_host=header_host,
@@ -84,6 +95,7 @@ def get_api_location_config(resolver: str, auth=str):
             path=AUTH_V1_LOCATION,
             service=service,
             resolver=resolver,
+            cors=cors,
             auth="",
             ssl_server_name=ssl_server_name,
             header_host=header_host,
@@ -92,6 +104,7 @@ def get_api_location_config(resolver: str, auth=str):
             path=UI_V1_LOCATION,
             service=service,
             resolver=resolver,
+            cors=cors,
             auth="",
             ssl_server_name=ssl_server_name,
             header_host=header_host,
@@ -100,6 +113,7 @@ def get_api_location_config(resolver: str, auth=str):
             path=SSO_V1_LOCATION,
             service=service,
             resolver=resolver,
+            cors=cors,
             auth="",
             ssl_server_name=ssl_server_name,
             header_host=header_host,
@@ -108,6 +122,7 @@ def get_api_location_config(resolver: str, auth=str):
             path="/static/",
             service=service,
             resolver=resolver,
+            cors=cors,
             auth="",
             ssl_server_name=ssl_server_name,
             header_host=header_host,
@@ -119,6 +134,7 @@ def get_api_location_config(resolver: str, auth=str):
                 path=ADMIN_V1_LOCATION,
                 service=service,
                 resolver=resolver,
+                cors=cors,
                 auth=auth,
                 ssl_server_name=ssl_server_name,
                 header_host=header_host,

haupt/haupt/proxies/schemas/gateway/base.py

@@ -1,6 +1,7 @@
 from haupt import settings
 from haupt.proxies.schemas.auth import get_auth_config
 from haupt.proxies.schemas.base import clean_config
+from haupt.proxies.schemas.cors import get_cors_config
 from haupt.proxies.schemas.dns import get_resolver
 from haupt.proxies.schemas.gateway.api import get_api_location_config
 from haupt.proxies.schemas.gateway.healthz import get_healthz_location_config
@@ -12,20 +13,21 @@
 
 def get_base_config(is_platform: bool = True):
     resolver = get_resolver()
+    cors = get_cors_config()
     auth = get_auth_config()
     if is_platform:
         api_configs = [
             get_platform_config(),
         ]
         api_location_configs = [
-            get_platform_locations_config(),
-            get_k8s_root_location_config(),
+            get_platform_locations_config(cors=cors),
+            get_k8s_root_location_config(cors=cors),
         ]
         port = settings.PROXIES_CONFIG.api_target_port
     else:
         api_configs = None
         api_location_configs = [
-            get_api_location_config(resolver=resolver, auth=auth),
+            get_api_location_config(resolver=resolver, cors=cors, auth=auth),
             get_healthz_location_config(),
         ]
         port = settings.PROXIES_CONFIG.gateway_target_port
@@ -36,6 +38,7 @@ def get_base_config(is_platform: bool = True):
         use_assets_config=True,
         use_services_configs=True,
         resolver=resolver,
+        cors=cors,
         auth=auth,
         api_configs=api_configs,
         api_location_configs=api_location_configs,

haupt/haupt/proxies/schemas/locations.py

@@ -1,9 +1,12 @@
+from typing import Optional
+
 from haupt import settings
 from haupt.proxies.schemas.base import get_config
 from haupt.proxies.schemas.urls import get_ssl_server_name, has_https
 
 STATIC_PROXY_OPTIONS = """
 location /static/ {{
+    {cors}
     {ssl_server_name}
     proxy_pass {service};
     proxy_pass_request_body off;
@@ -17,17 +20,19 @@
 """
 
 
-def get_static_proxy_config():
+def get_static_proxy_config(cors: Optional[str] = ""):
     return get_config(
         options=STATIC_PROXY_OPTIONS,
         indent=0,
         service=settings.PROXIES_CONFIG.static_url.rstrip("/") + "/",
         ssl_server_name=get_ssl_server_name(settings.PROXIES_CONFIG.static_url),
+        cors=cors,
     )
 
 
 STATIC_LOCATION_OPTIONS = """
 location /static/ {{
+    {cors}
     alias {static_root};
     autoindex on;
     expires                   30d;
@@ -37,16 +42,18 @@ def get_static_proxy_config():
 """
 
 
-def get_static_location_config():
+def get_static_location_config(cors: Optional[str] = ""):
     return get_config(
         options=STATIC_LOCATION_OPTIONS,
         indent=0,
         static_root=settings.PROXIES_CONFIG.static_root.rstrip("/") + "/",
+        cors=cors,
     )
 
 
 TMP_LOCATION_OPTIONS = """
 location /tmp/ {{
+    {cors}
     alias                     /tmp/;
     expires                   0;
     add_header                Cache-Control private;
@@ -55,12 +62,13 @@ def get_static_location_config():
 """
 
 
-def get_tmp_location_config():
-    return get_config(options=TMP_LOCATION_OPTIONS, indent=0)
+def get_tmp_location_config(cors: Optional[str] = ""):
+    return get_config(options=TMP_LOCATION_OPTIONS, cors=cors, indent=0)
 
 
 ARCHIVES_LOCATION_OPTIONS = """
 location {archives_root} {{
+    {cors}
     alias                     {archives_root};
     expires                   0;
     add_header                Cache-Control private;
@@ -71,11 +79,12 @@ def get_tmp_location_config():
 """
 
 
-def get_archives_root_location_config():
+def get_archives_root_location_config(cors: Optional[str] = ""):
     return get_config(
         options=ARCHIVES_LOCATION_OPTIONS,
         indent=0,
         archives_root=settings.PROXIES_CONFIG.archives_root.rstrip("/") + "/",
+        cors=cors,
     )
 
 
@@ -90,24 +99,24 @@ def get_api_locations_config():
     return "\n".join(config)
 
 
-def get_streams_locations_config():
+def get_streams_locations_config(cors: Optional[str] = ""):
     config = [
-        get_tmp_location_config(),
-        get_archives_root_location_config(),
+        get_tmp_location_config(cors=cors),
+        get_archives_root_location_config(cors=cors),
     ]
     return "\n".join(config)
 
 
-def get_platform_locations_config():
+def get_platform_locations_config(cors: Optional[str] = ""):
     if settings.PROXIES_CONFIG.static_url and has_https(
         settings.PROXIES_CONFIG.static_url
     ):
-        static_location = get_static_proxy_config()
+        static_location = get_static_proxy_config(cors=cors)
     else:
-        static_location = get_static_location_config()
+        static_location = get_static_location_config(cors=cors)
     config = [
         static_location,
-        get_tmp_location_config(),
-        get_archives_root_location_config(),
+        get_tmp_location_config(cors=cors),
+        get_archives_root_location_config(cors=cors),
     ]
     return "\n".join(config)

haupt/haupt/proxies/schemas/scaffold.py

@@ -27,6 +27,7 @@ def get_scaffold_config(
     use_assets_config: bool = False,
     use_services_configs: bool = False,
     resolver: Optional[str] = None,
+    cors: Optional[str] = None,
     auth: Optional[str] = None,
     api_configs: Optional[List[str]] = None,
     api_location_configs: Optional[List[str]] = None,
@@ -52,22 +53,28 @@ def get_scaffold_config(
         ]
     if is_local_streams_service:
         config.append(
-            get_auth_request_config(),
+            get_auth_request_config(cors=cors),
         )
     if use_services_configs:
         config += [
             get_internal_location_config(
-                resolver=resolver, is_local_service=is_local_streams_service
+                resolver=resolver, cors=cors, is_local_service=is_local_streams_service
             ),
             get_streams_location_config(
-                resolver=resolver, auth=auth, is_local_service=is_local_streams_service
+                resolver=resolver,
+                cors=cors,
+                auth=auth,
+                is_local_service=is_local_streams_service,
             ),
             get_k8s_location_config(
-                resolver=resolver, auth=auth, is_local_service=is_local_streams_service
+                resolver=resolver,
+                cors=cors,
+                auth=auth,
+                is_local_service=is_local_streams_service,
             ),
-            # get_plugins_location_config(resolver=resolver, auth=auth)
+            # get_plugins_location_config(resolver=resolver, cors=cors, auth=auth)
         ]
-        config += get_services_definitions(resolver=resolver, auth=auth)
+        config += get_services_definitions(resolver=resolver, cors=cors, auth=auth)
     if api_location_configs:
         config += api_location_configs
     return config