Fix audit test and make audited headers more robust in map checks

vault/audit_test.go

@@ -438,8 +438,10 @@ func TestAuditBroker_LogResponse(t *testing.T) {
 }
 
 func TestAuditBroker_AuditHeaders(t *testing.T) {
-	l := logformat.NewVaultLogger(log.LevelTrace)
-	b := NewAuditBroker(l)
+	logger := logformat.NewVaultLogger(log.LevelTrace)
+	b := NewAuditBroker(logger)
+	_, barrier, _ := mockBarrier(t)
+	view := NewBarrierView(barrier, "headers/")
 	a1 := &NoopAudit{}
 	a2 := &NoopAudit{}
 	b.Register("foo", a1, nil)
@@ -472,11 +474,10 @@ func TestAuditBroker_AuditHeaders(t *testing.T) {
 	reqCopy := reqCopyRaw.(*logical.Request)
 
 	headersConf := &AuditedHeadersConfig{
-		Headers: map[string]*auditedHeaderSettings{
-			"X-Test-Header":  &auditedHeaderSettings{false},
-			"X-Vault-Header": &auditedHeaderSettings{false},
-		},
+		view: view,
 	}
+	headersConf.add("X-Test-Header", false)
+	headersConf.add("X-Vault-Header", false)
 
 	err = b.LogRequest(auth, reqCopy, headersConf, respErr)
 	if err != nil {
@@ -484,8 +485,8 @@ func TestAuditBroker_AuditHeaders(t *testing.T) {
 	}
 
 	expected := map[string][]string{
-		"X-Test-Header":  []string{"foo"},
-		"X-Vault-Header": []string{"bar"},
+		"x-test-header":  []string{"foo"},
+		"x-vault-header": []string{"bar"},
 	}
 
 	for _, a := range []*NoopAudit{a1, a2} {

vault/audited_headers.go

@@ -41,6 +41,10 @@ func (a *AuditedHeadersConfig) add(header string, hmac bool) error {
 	a.Lock()
 	defer a.Unlock()
 
+	if a.Headers == nil {
+		a.Headers = make(map[string]*auditedHeaderSettings, 1)
+	}
+
 	a.Headers[strings.ToLower(header)] = &auditedHeaderSettings{hmac}
 	entry, err := logical.StorageEntryJSON(auditedHeadersEntry, a.Headers)
 	if err != nil {
@@ -64,6 +68,11 @@ func (a *AuditedHeadersConfig) remove(header string) error {
 	a.Lock()
 	defer a.Unlock()
 
+	// Nothing to delete
+	if len(a.Headers) == 0 {
+		return nil
+	}
+
 	delete(a.Headers, strings.ToLower(header))
 	entry, err := logical.StorageEntryJSON(auditedHeadersEntry, a.Headers)
 	if err != nil {