open-vault/http/sys_config_cors_test.go

79 lines
1.9 KiB
Go

package http
import (
"encoding/json"
"net/http"
"reflect"
"testing"
"github.com/hashicorp/vault/vault"
)
func TestSysConfigCors(t *testing.T) {
var resp *http.Response
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
corsConf := core.CORSConfig()
// Try to enable CORS without providing a value for allowed_origins
resp = testHttpPut(t, token, addr+"/v1/sys/config/cors", map[string]interface{}{
"allowed_headers": "X-Custom-Header",
})
testResponseStatus(t, resp, 500)
// Enable CORS, but provide an origin this time.
resp = testHttpPut(t, token, addr+"/v1/sys/config/cors", map[string]interface{}{
"allowed_origins": addr,
"allowed_headers": "X-Custom-Header",
})
testResponseStatus(t, resp, 204)
// Read the CORS configuration
resp = testHttpGet(t, token, addr+"/v1/sys/config/cors")
testResponseStatus(t, resp, 200)
var actual map[string]interface{}
var expected map[string]interface{}
lenStdHeaders := len(corsConf.AllowedHeaders)
expectedHeaders := make([]interface{}, lenStdHeaders)
for i := range corsConf.AllowedHeaders {
expectedHeaders[i] = corsConf.AllowedHeaders[i]
}
expected = map[string]interface{}{
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"enabled": true,
"allowed_origins": []interface{}{addr},
"allowed_headers": expectedHeaders,
},
"enabled": true,
"allowed_origins": []interface{}{addr},
"allowed_headers": expectedHeaders,
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
expected["request_id"] = actual["request_id"]
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: expected: %#v\nactual: %#v", expected, actual)
}
}