Add AllowedHeader and fix AllowedOrigins in the API (#10482)

* Add AllowedHeader and fix AllowedOrigins in the API

* Update changelog entry

* Fix wrong response conversion

api/sys_config_cors.go

@@ -35,71 +35,41 @@ func (c *Sys) CORSStatus() (*CORSResponse, error) {
 	return &result, err
 }
 
-func (c *Sys) ConfigureCORS(req *CORSRequest) (*CORSResponse, error) {
+func (c *Sys) ConfigureCORS(req *CORSRequest) error {
 	r := c.c.NewRequest("PUT", "/v1/sys/config/cors")
 	if err := r.SetJSONBody(req); err != nil {
-		return nil, err
+		return err
 	}
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
 	resp, err := c.c.RawRequestWithContext(ctx, r)
-	if err != nil {
-		return nil, err
+	if err == nil {
+		defer resp.Body.Close()
 	}
-	defer resp.Body.Close()
-
-	secret, err := ParseSecret(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	if secret == nil || secret.Data == nil {
-		return nil, errors.New("data from server response is empty")
-	}
-
-	var result CORSResponse
-	err = mapstructure.Decode(secret.Data, &result)
-	if err != nil {
-		return nil, err
-	}
-
-	return &result, err
+	return err
 }
 
-func (c *Sys) DisableCORS() (*CORSResponse, error) {
+func (c *Sys) DisableCORS() error {
 	r := c.c.NewRequest("DELETE", "/v1/sys/config/cors")
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
 	resp, err := c.c.RawRequestWithContext(ctx, r)
-	if err != nil {
-		return nil, err
+	if err == nil {
+		defer resp.Body.Close()
 	}
-	defer resp.Body.Close()
-
-	secret, err := ParseSecret(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	if secret == nil || secret.Data == nil {
-		return nil, errors.New("data from server response is empty")
-	}
-
-	var result CORSResponse
-	err = mapstructure.Decode(secret.Data, &result)
-	if err != nil {
-		return nil, err
-	}
-
-	return &result, err
+	return err
 }
 
 type CORSRequest struct {
-	AllowedOrigins string `json:"allowed_origins" mapstructure:"allowed_origins"`
-	Enabled        bool   `json:"enabled" mapstructure:"enabled"`
+	AllowedOrigins []string `json:"allowed_origins" mapstructure:"allowed_origins"`
+	AllowedHeaders []string `json:"allowed_headers" mapstructure:"allowed_headers"`
+	Enabled        bool     `json:"enabled" mapstructure:"enabled"`
 }
 
 type CORSResponse struct {
-	AllowedOrigins string `json:"allowed_origins" mapstructure:"allowed_origins"`
-	Enabled        bool   `json:"enabled" mapstructure:"enabled"`
+	AllowedOrigins []string `json:"allowed_origins" mapstructure:"allowed_origins"`
+	AllowedHeaders []string `json:"allowed_headers" mapstructure:"allowed_headers"`
+	Enabled        bool     `json:"enabled" mapstructure:"enabled"`
 }

changelog/10444.txt

@@ -0,0 +1,4 @@
+```release-note:bug
+api: Fixes CORS API methods that were outdated and invalid
+```
+

vendor/github.com/hashicorp/vault/api/sys_config_cors.go

@@ -95,11 +95,13 @@ func (c *Sys) DisableCORS() (*CORSResponse, error) {
 }
 
 type CORSRequest struct {
-	AllowedOrigins string `json:"allowed_origins" mapstructure:"allowed_origins"`
-	Enabled        bool   `json:"enabled" mapstructure:"enabled"`
+	AllowedOrigins []string `json:"allowed_origins" mapstructure:"allowed_origins"`
+	AllowedHeaders []string `json:"allowed_headers" mapstructure:"allowed_headers"`
+	Enabled        bool     `json:"enabled" mapstructure:"enabled"`
 }
 
 type CORSResponse struct {
-	AllowedOrigins string `json:"allowed_origins" mapstructure:"allowed_origins"`
-	Enabled        bool   `json:"enabled" mapstructure:"enabled"`
+	AllowedOrigins []string `json:"allowed_origins" mapstructure:"allowed_origins"`
+	AllowedHeaders []string `json:"allowed_headers" mapstructure:"allowed_headers"`
+	Enabled        bool     `json:"enabled" mapstructure:"enabled"`
 }