From ae7327ab8eb2e05c3ccb185354eed247795bbc6d Mon Sep 17 00:00:00 2001
From: Abu Kashem <akashem@redhat.com>
Date: Thu, 3 Nov 2022 09:05:40 -0400
Subject: [PATCH] apiserver: refactor cors unit test

---
 .../apiserver/pkg/server/filters/cors_test.go | 163 +++++++++++-------
 1 file changed, 104 insertions(+), 59 deletions(-)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/filters/cors_test.go b/staging/src/k8s.io/apiserver/pkg/server/filters/cors_test.go
index 8b39c9497d0..afab083a883 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/filters/cors_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/filters/cors_test.go
@@ -17,6 +17,7 @@ limitations under the License.
 package filters
 
 import (
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"reflect"
@@ -25,79 +26,123 @@ import (
 )
 
 func TestCORSAllowedOrigins(t *testing.T) {
-	table := []struct {
+	tests := []struct {
+		name           string
 		allowedOrigins []string
-		origin         string
+		origins        []string
 		allowed        bool
 	}{
-		{[]string{}, "example.com", false},
-		{[]string{"example.com"}, "example.com", true},
-		{[]string{"example.com"}, "not-allowed.com", false},
-		{[]string{"not-matching.com", "example.com"}, "example.com", true},
-		{[]string{".*"}, "example.com", true},
+		{
+			name:           "allowed origins list is empty",
+			allowedOrigins: []string{},
+			origins:        []string{"example.com"},
+			allowed:        false,
+		},
+		{
+			name:           "origin request header not set",
+			allowedOrigins: []string{"example.com"},
+			origins:        []string{""},
+			allowed:        false,
+		},
+		{
+			name:           "allowed regexp is a match",
+			allowedOrigins: []string{"example.com"},
+			origins:        []string{"http://example.com", "example.com"},
+			allowed:        true,
+		},
+		{
+			name:           "allowed regexp is not a match",
+			allowedOrigins: []string{"example.com"},
+			origins:        []string{"http://not-allowed.com", "not-allowed.com"},
+			allowed:        false,
+		},
+		{
+			name:           "allowed list with multiple regex",
+			allowedOrigins: []string{"not-matching.com", "example.com"},
+			origins:        []string{"http://example.com", "example.com"},
+			allowed:        true,
+		},
+		{
+			name:           "wildcard matching",
+			allowedOrigins: []string{".*"},
+			origins:        []string{"http://example.com", "example.com"},
+			allowed:        true,
+		},
 	}
 
-	for _, item := range table {
-		handler := WithCORS(
-			http.HandlerFunc(func(http.ResponseWriter, *http.Request) {}),
-			item.allowedOrigins, nil, nil, nil, "true",
-		)
-		var response *http.Response
-		func() {
-			server := httptest.NewServer(handler)
-			defer server.Close()
+	for _, test := range tests {
+		for _, origin := range test.origins {
+			name := fmt.Sprintf("%s/origin/%s", test.name, origin)
+			t.Run(name, func(t *testing.T) {
+				var handlerInvoked int
+				handler := WithCORS(
+					http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
+						handlerInvoked++
+					}),
+					test.allowedOrigins, nil, nil, nil, "true",
+				)
+				var response *http.Response
+				func() {
+					server := httptest.NewServer(handler)
+					defer server.Close()
 
-			request, err := http.NewRequest("GET", server.URL+"/version", nil)
-			if err != nil {
-				t.Errorf("unexpected error: %v", err)
-			}
-			request.Header.Set("Origin", item.origin)
-			client := http.Client{}
-			response, err = client.Do(request)
-			if err != nil {
-				t.Errorf("unexpected error: %v", err)
-			}
-		}()
-		if item.allowed {
-			if !reflect.DeepEqual(item.origin, response.Header.Get("Access-Control-Allow-Origin")) {
-				t.Errorf("Expected %#v, Got %#v", item.origin, response.Header.Get("Access-Control-Allow-Origin"))
-			}
+					request, err := http.NewRequest("GET", server.URL+"/version", nil)
+					if err != nil {
+						t.Errorf("unexpected error: %v", err)
+					}
+					request.Header.Set("Origin", origin)
+					client := http.Client{}
+					response, err = client.Do(request)
+					if err != nil {
+						t.Errorf("unexpected error: %v", err)
+					}
+				}()
+				if handlerInvoked != 1 {
+					t.Errorf("Expected the handler to be invoked once, but got: %d", handlerInvoked)
+				}
 
-			if response.Header.Get("Access-Control-Allow-Credentials") == "" {
-				t.Errorf("Expected Access-Control-Allow-Credentials header to be set")
-			}
+				if test.allowed {
+					if !reflect.DeepEqual(origin, response.Header.Get("Access-Control-Allow-Origin")) {
+						t.Errorf("Expected %#v, Got %#v", origin, response.Header.Get("Access-Control-Allow-Origin"))
+					}
 
-			if response.Header.Get("Access-Control-Allow-Headers") == "" {
-				t.Errorf("Expected Access-Control-Allow-Headers header to be set")
-			}
+					if response.Header.Get("Access-Control-Allow-Credentials") == "" {
+						t.Errorf("Expected Access-Control-Allow-Credentials header to be set")
+					}
 
-			if response.Header.Get("Access-Control-Allow-Methods") == "" {
-				t.Errorf("Expected Access-Control-Allow-Methods header to be set")
-			}
+					if response.Header.Get("Access-Control-Allow-Headers") == "" {
+						t.Errorf("Expected Access-Control-Allow-Headers header to be set")
+					}
 
-			if response.Header.Get("Access-Control-Expose-Headers") != "Date" {
-				t.Errorf("Expected Date in Access-Control-Expose-Headers header")
-			}
-		} else {
-			if response.Header.Get("Access-Control-Allow-Origin") != "" {
-				t.Errorf("Expected Access-Control-Allow-Origin header to not be set")
-			}
+					if response.Header.Get("Access-Control-Allow-Methods") == "" {
+						t.Errorf("Expected Access-Control-Allow-Methods header to be set")
+					}
 
-			if response.Header.Get("Access-Control-Allow-Credentials") != "" {
-				t.Errorf("Expected Access-Control-Allow-Credentials header to not be set")
-			}
+					if response.Header.Get("Access-Control-Expose-Headers") != "Date" {
+						t.Errorf("Expected Date in Access-Control-Expose-Headers header")
+					}
+				} else {
+					if response.Header.Get("Access-Control-Allow-Origin") != "" {
+						t.Errorf("Expected Access-Control-Allow-Origin header to not be set")
+					}
 
-			if response.Header.Get("Access-Control-Allow-Headers") != "" {
-				t.Errorf("Expected Access-Control-Allow-Headers header to not be set")
-			}
+					if response.Header.Get("Access-Control-Allow-Credentials") != "" {
+						t.Errorf("Expected Access-Control-Allow-Credentials header to not be set")
+					}
 
-			if response.Header.Get("Access-Control-Allow-Methods") != "" {
-				t.Errorf("Expected Access-Control-Allow-Methods header to not be set")
-			}
+					if response.Header.Get("Access-Control-Allow-Headers") != "" {
+						t.Errorf("Expected Access-Control-Allow-Headers header to not be set")
+					}
 
-			if response.Header.Get("Access-Control-Expose-Headers") == "Date" {
-				t.Errorf("Expected Date in Access-Control-Expose-Headers header")
-			}
+					if response.Header.Get("Access-Control-Allow-Methods") != "" {
+						t.Errorf("Expected Access-Control-Allow-Methods header to not be set")
+					}
+
+					if response.Header.Get("Access-Control-Expose-Headers") == "Date" {
+						t.Errorf("Expected Date in Access-Control-Expose-Headers header")
+					}
+				}
+			})
 		}
 	}
 }