open-vault/http/http_test.go
hghaf099 ad2ef412cc
Customizing HTTP headers in the config file (#12485)
* Customizing HTTP headers in the config file

* Add changelog, fix bad imports

* fixing some bugs

* fixing interaction of custom headers and /ui

* Defining a member in core to set custom response headers

* missing additional file

* Some refactoring

* Adding automated tests for the feature

* Changing some error messages based on some recommendations

* Incorporating custom response headers struct into the request context

* removing some unused references

* fixing a test

* changing some error messages, removing a default header value from /ui

* fixing a test

* wrapping ResponseWriter to set the custom headers

* adding a new test

* some cleanup

* removing some extra lines

* Addressing comments

* fixing some agent tests

* skipping custom headers from agent listener config,
removing two of the default headers as they cause issues with Vault in UI mode
Adding X-Content-Type-Options to the ui default headers
Let Content-Type be set as before

* Removing default custom headers, and renaming some function varibles

* some refacotring

* Refactoring and addressing comments

* removing a function and fixing comments
2021-10-13 11:06:33 -04:00

145 lines
4.1 KiB
Go

package http
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"regexp"
"strings"
"testing"
"time"
cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
)
func testHttpGet(t *testing.T, token string, addr string) *http.Response {
loggedToken := token
if len(token) == 0 {
loggedToken = "<empty>"
}
t.Logf("Token is %s", loggedToken)
return testHttpData(t, "GET", token, addr, nil, false, 0)
}
func testHttpDelete(t *testing.T, token string, addr string) *http.Response {
return testHttpData(t, "DELETE", token, addr, nil, false, 0)
}
// Go 1.8+ clients redirect automatically which breaks our 307 standby testing
func testHttpDeleteDisableRedirect(t *testing.T, token string, addr string) *http.Response {
return testHttpData(t, "DELETE", token, addr, nil, true, 0)
}
func testHttpPostWrapped(t *testing.T, token string, addr string, body interface{}, wrapTTL time.Duration) *http.Response {
return testHttpData(t, "POST", token, addr, body, false, wrapTTL)
}
func testHttpPost(t *testing.T, token string, addr string, body interface{}) *http.Response {
return testHttpData(t, "POST", token, addr, body, false, 0)
}
func testHttpPut(t *testing.T, token string, addr string, body interface{}) *http.Response {
return testHttpData(t, "PUT", token, addr, body, false, 0)
}
// Go 1.8+ clients redirect automatically which breaks our 307 standby testing
func testHttpPutDisableRedirect(t *testing.T, token string, addr string, body interface{}) *http.Response {
return testHttpData(t, "PUT", token, addr, body, true, 0)
}
func testHttpData(t *testing.T, method string, token string, addr string, body interface{}, disableRedirect bool, wrapTTL time.Duration) *http.Response {
bodyReader := new(bytes.Buffer)
if body != nil {
enc := json.NewEncoder(bodyReader)
if err := enc.Encode(body); err != nil {
t.Fatalf("err:%s", err)
}
}
req, err := http.NewRequest(method, addr, bodyReader)
if err != nil {
t.Fatalf("err: %s", err)
}
// Get the address of the local listener in order to attach it to an Origin header.
// This will allow for the testing of requests that require CORS, without using a browser.
hostURLRegexp, _ := regexp.Compile("http[s]?://.+:[0-9]+")
req.Header.Set("Origin", hostURLRegexp.FindString(addr))
req.Header.Set("Content-Type", "application/json")
if wrapTTL > 0 {
req.Header.Set("X-Vault-Wrap-TTL", wrapTTL.String())
}
if len(token) != 0 {
req.Header.Set(consts.AuthHeaderName, token)
}
client := cleanhttp.DefaultClient()
client.Timeout = 60 * time.Second
// From https://github.com/michiwend/gomusicbrainz/pull/4/files
defaultRedirectLimit := 30
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
if disableRedirect {
return fmt.Errorf("checkRedirect disabled for test")
}
if len(via) > defaultRedirectLimit {
return fmt.Errorf("%d consecutive requests(redirects)", len(via))
}
if len(via) == 0 {
// No redirects
return nil
}
// mutate the subsequent redirect requests with the first Header
if token := via[0].Header.Get(consts.AuthHeaderName); len(token) != 0 {
req.Header.Set(consts.AuthHeaderName, token)
}
return nil
}
resp, err := client.Do(req)
if err != nil && !strings.Contains(err.Error(), "checkRedirect disabled for test") {
t.Fatalf("err: %s", err)
}
return resp
}
func testResponseStatus(t *testing.T, resp *http.Response, code int) {
t.Helper()
if resp.StatusCode != code {
body := new(bytes.Buffer)
io.Copy(body, resp.Body)
resp.Body.Close()
t.Fatalf(
"Expected status %d, got %d. Body:\n\n%s",
code, resp.StatusCode, body.String())
}
}
func testResponseHeader(t *testing.T, resp *http.Response, expectedHeaders map[string]string) {
t.Helper()
for k, v := range expectedHeaders {
hv := resp.Header.Get(k)
if v != hv {
t.Fatalf("expected header value %v=%v, got %v=%v", k, v, k, hv)
}
}
}
func testResponseBody(t *testing.T, resp *http.Response, out interface{}) {
defer resp.Body.Close()
if err := jsonutil.DecodeJSONFromReader(resp.Body, out); err != nil {
t.Fatalf("err: %s", err)
}
}