mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-26 13:07:07 +00:00
apiserver: refactor cors unit test
This commit is contained in:
Abu Kashem
parent
b30a6a3fc5
commit
ae7327ab8e
@ -17,6 +17,7 @@ limitations under the License.
|
|||||||
package filters
|
package filters
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"reflect"
|
"reflect"
|
||||||
@ -25,79 +26,123 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestCORSAllowedOrigins(t *testing.T) {
|
func TestCORSAllowedOrigins(t *testing.T) {
|
||||||
table := []struct {
|
tests := []struct {
|
||||||
|
name string
|
||||||
allowedOrigins []string
|
allowedOrigins []string
|
||||||
origin string
|
origins []string
|
||||||
allowed bool
|
allowed bool
|
||||||
}{
|
}{
|
||||||
{[]string{}, "example.com", false},
|
{
|
||||||
{[]string{"example.com"}, "example.com", true},
|
name: "allowed origins list is empty",
|
||||||
{[]string{"example.com"}, "not-allowed.com", false},
|
allowedOrigins: []string{},
|
||||||
{[]string{"not-matching.com", "example.com"}, "example.com", true},
|
origins: []string{"example.com"},
|
||||||
{[]string{".*"}, "example.com", true},
|
allowed: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "origin request header not set",
|
||||||
|
allowedOrigins: []string{"example.com"},
|
||||||
|
origins: []string{""},
|
||||||
|
allowed: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "allowed regexp is a match",
|
||||||
|
allowedOrigins: []string{"example.com"},
|
||||||
|
origins: []string{"http://example.com", "example.com"},
|
||||||
|
allowed: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "allowed regexp is not a match",
|
||||||
|
allowedOrigins: []string{"example.com"},
|
||||||
|
origins: []string{"http://not-allowed.com", "not-allowed.com"},
|
||||||
|
allowed: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "allowed list with multiple regex",
|
||||||
|
allowedOrigins: []string{"not-matching.com", "example.com"},
|
||||||
|
origins: []string{"http://example.com", "example.com"},
|
||||||
|
allowed: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "wildcard matching",
|
||||||
|
allowedOrigins: []string{".*"},
|
||||||
|
origins: []string{"http://example.com", "example.com"},
|
||||||
|
allowed: true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, item := range table {
|
for _, test := range tests {
|
||||||
handler := WithCORS(
|
for _, origin := range test.origins {
|
||||||
http.HandlerFunc(func(http.ResponseWriter, *http.Request) {}),
|
name := fmt.Sprintf("%s/origin/%s", test.name, origin)
|
||||||
item.allowedOrigins, nil, nil, nil, "true",
|
t.Run(name, func(t *testing.T) {
|
||||||
)
|
var handlerInvoked int
|
||||||
var response *http.Response
|
handler := WithCORS(
|
||||||
func() {
|
http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
|
||||||
server := httptest.NewServer(handler)
|
handlerInvoked++
|
||||||
defer server.Close()
|
}),
|
||||||
|
test.allowedOrigins, nil, nil, nil, "true",
|
||||||
|
)
|
||||||
|
var response *http.Response
|
||||||
|
func() {
|
||||||
|
server := httptest.NewServer(handler)
|
||||||
|
defer server.Close()
|
||||||
|
|
||||||
request, err := http.NewRequest("GET", server.URL+"/version", nil)
|
request, err := http.NewRequest("GET", server.URL+"/version", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpected error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
}
|
}
|
||||||
request.Header.Set("Origin", item.origin)
|
request.Header.Set("Origin", origin)
|
||||||
client := http.Client{}
|
client := http.Client{}
|
||||||
response, err = client.Do(request)
|
response, err = client.Do(request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpected error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
if item.allowed {
|
if handlerInvoked != 1 {
|
||||||
if !reflect.DeepEqual(item.origin, response.Header.Get("Access-Control-Allow-Origin")) {
|
t.Errorf("Expected the handler to be invoked once, but got: %d", handlerInvoked)
|
||||||
t.Errorf("Expected %#v, Got %#v", item.origin, response.Header.Get("Access-Control-Allow-Origin"))
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Allow-Credentials") == "" {
|
if test.allowed {
|
||||||
t.Errorf("Expected Access-Control-Allow-Credentials header to be set")
|
if !reflect.DeepEqual(origin, response.Header.Get("Access-Control-Allow-Origin")) {
|
||||||
}
|
t.Errorf("Expected %#v, Got %#v", origin, response.Header.Get("Access-Control-Allow-Origin"))
|
||||||
|
}
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Allow-Headers") == "" {
|
if response.Header.Get("Access-Control-Allow-Credentials") == "" {
|
||||||
t.Errorf("Expected Access-Control-Allow-Headers header to be set")
|
t.Errorf("Expected Access-Control-Allow-Credentials header to be set")
|
||||||
}
|
}
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Allow-Methods") == "" {
|
if response.Header.Get("Access-Control-Allow-Headers") == "" {
|
||||||
t.Errorf("Expected Access-Control-Allow-Methods header to be set")
|
t.Errorf("Expected Access-Control-Allow-Headers header to be set")
|
||||||
}
|
}
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Expose-Headers") != "Date" {
|
if response.Header.Get("Access-Control-Allow-Methods") == "" {
|
||||||
t.Errorf("Expected Date in Access-Control-Expose-Headers header")
|
t.Errorf("Expected Access-Control-Allow-Methods header to be set")
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
if response.Header.Get("Access-Control-Allow-Origin") != "" {
|
|
||||||
t.Errorf("Expected Access-Control-Allow-Origin header to not be set")
|
|
||||||
}
|
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Allow-Credentials") != "" {
|
if response.Header.Get("Access-Control-Expose-Headers") != "Date" {
|
||||||
t.Errorf("Expected Access-Control-Allow-Credentials header to not be set")
|
t.Errorf("Expected Date in Access-Control-Expose-Headers header")
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if response.Header.Get("Access-Control-Allow-Origin") != "" {
|
||||||
|
t.Errorf("Expected Access-Control-Allow-Origin header to not be set")
|
||||||
|
}
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Allow-Headers") != "" {
|
if response.Header.Get("Access-Control-Allow-Credentials") != "" {
|
||||||
t.Errorf("Expected Access-Control-Allow-Headers header to not be set")
|
t.Errorf("Expected Access-Control-Allow-Credentials header to not be set")
|
||||||
}
|
}
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Allow-Methods") != "" {
|
if response.Header.Get("Access-Control-Allow-Headers") != "" {
|
||||||
t.Errorf("Expected Access-Control-Allow-Methods header to not be set")
|
t.Errorf("Expected Access-Control-Allow-Headers header to not be set")
|
||||||
}
|
}
|
||||||
|
|
||||||
if response.Header.Get("Access-Control-Expose-Headers") == "Date" {
|
if response.Header.Get("Access-Control-Allow-Methods") != "" {
|
||||||
t.Errorf("Expected Date in Access-Control-Expose-Headers header")
|
t.Errorf("Expected Access-Control-Allow-Methods header to not be set")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if response.Header.Get("Access-Control-Expose-Headers") == "Date" {
|
||||||
|
t.Errorf("Expected Date in Access-Control-Expose-Headers header")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user