deb.open-vault/http/sys_config_cors_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package http

import (
	"encoding/json"
	"net/http"
	"reflect"
	"testing"

	"github.com/hashicorp/vault/vault"
)

func TestSysConfigCors(t *testing.T) {
	var resp *http.Response

	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	corsConf := core.CORSConfig()

	// Try to enable CORS without providing a value for allowed_origins
	resp = testHttpPut(t, token, addr+"/v1/sys/config/cors", map[string]interface{}{
		"allowed_headers": "X-Custom-Header",
	})

	testResponseStatus(t, resp, 500)

	// Enable CORS, but provide an origin this time.
	resp = testHttpPut(t, token, addr+"/v1/sys/config/cors", map[string]interface{}{
		"allowed_origins": addr,
		"allowed_headers": "X-Custom-Header",
	})

	testResponseStatus(t, resp, 204)

	// Read the CORS configuration
	resp = testHttpGet(t, token, addr+"/v1/sys/config/cors")
	testResponseStatus(t, resp, 200)

	var actual map[string]interface{}
	var expected map[string]interface{}

	lenStdHeaders := len(corsConf.AllowedHeaders)

	expectedHeaders := make([]interface{}, lenStdHeaders)

	for i := range corsConf.AllowedHeaders {
		expectedHeaders[i] = corsConf.AllowedHeaders[i]
	}

	expected = map[string]interface{}{
		"lease_id":       "",
		"renewable":      false,
		"lease_duration": json.Number("0"),
		"wrap_info":      nil,
		"warnings":       nil,
		"auth":           nil,
		"data": map[string]interface{}{
			"enabled":         true,
			"allowed_origins": []interface{}{addr},
			"allowed_headers": expectedHeaders,
		},
		"enabled":         true,
		"allowed_origins": []interface{}{addr},
		"allowed_headers": expectedHeaders,
	}

	testResponseStatus(t, resp, 200)

	testResponseBody(t, resp, &actual)
	expected["request_id"] = actual["request_id"]

	if !reflect.DeepEqual(actual, expected) {
		t.Fatalf("bad: expected: %#v\nactual: %#v", expected, actual)
	}
}
New upstream version 1.14.8 2024-04-20 12:23:50 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

			`package http`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"reflect"`
			`"testing"`

			`"github.com/hashicorp/vault/vault"`
			`)`

			`func TestSysConfigCors(t *testing.T) {`
			`var resp *http.Response`

			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`
			`TestServerAuth(t, addr, token)`

			`corsConf := core.CORSConfig()`

			`// Try to enable CORS without providing a value for allowed_origins`
			`resp = testHttpPut(t, token, addr+"/v1/sys/config/cors", map[string]interface{}{`
			`"allowed_headers": "X-Custom-Header",`
			`})`

			`testResponseStatus(t, resp, 500)`

			`// Enable CORS, but provide an origin this time.`
			`resp = testHttpPut(t, token, addr+"/v1/sys/config/cors", map[string]interface{}{`
			`"allowed_origins": addr,`
			`"allowed_headers": "X-Custom-Header",`
			`})`

			`testResponseStatus(t, resp, 204)`

			`// Read the CORS configuration`
			`resp = testHttpGet(t, token, addr+"/v1/sys/config/cors")`
			`testResponseStatus(t, resp, 200)`

			`var actual map[string]interface{}`
			`var expected map[string]interface{}`

			`lenStdHeaders := len(corsConf.AllowedHeaders)`

			`expectedHeaders := make([]interface{}, lenStdHeaders)`

			`for i := range corsConf.AllowedHeaders {`
			`expectedHeaders[i] = corsConf.AllowedHeaders[i]`
			`}`

			`expected = map[string]interface{}{`
			`"lease_id": "",`
			`"renewable": false,`
			`"lease_duration": json.Number("0"),`
			`"wrap_info": nil,`
			`"warnings": nil,`
			`"auth": nil,`
			`"data": map[string]interface{}{`
			`"enabled": true,`
			`"allowed_origins": []interface{}{addr},`
			`"allowed_headers": expectedHeaders,`
			`},`
			`"enabled": true,`
			`"allowed_origins": []interface{}{addr},`
			`"allowed_headers": expectedHeaders,`
			`}`

			`testResponseStatus(t, resp, 200)`

			`testResponseBody(t, resp, &actual)`
			`expected["request_id"] = actual["request_id"]`

			`if !reflect.DeepEqual(actual, expected) {`
			`t.Fatalf("bad: expected: %#v\nactual: %#v", expected, actual)`
			`}`
			`}`