apiserver: refactor cors unit test

This commit is contained in:
Abu Kashem 2022-11-03 09:05:40 -04:00
parent b30a6a3fc5
commit ae7327ab8e
No known key found for this signature in database
GPG Key ID: 33A4FA7088DB68A9

View File

@ -17,6 +17,7 @@ limitations under the License.
package filters package filters
import ( import (
"fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"reflect" "reflect"
@ -25,79 +26,123 @@ import (
) )
func TestCORSAllowedOrigins(t *testing.T) { func TestCORSAllowedOrigins(t *testing.T) {
table := []struct { tests := []struct {
name string
allowedOrigins []string allowedOrigins []string
origin string origins []string
allowed bool allowed bool
}{ }{
{[]string{}, "example.com", false}, {
{[]string{"example.com"}, "example.com", true}, name: "allowed origins list is empty",
{[]string{"example.com"}, "not-allowed.com", false}, allowedOrigins: []string{},
{[]string{"not-matching.com", "example.com"}, "example.com", true}, origins: []string{"example.com"},
{[]string{".*"}, "example.com", true}, allowed: false,
},
{
name: "origin request header not set",
allowedOrigins: []string{"example.com"},
origins: []string{""},
allowed: false,
},
{
name: "allowed regexp is a match",
allowedOrigins: []string{"example.com"},
origins: []string{"http://example.com", "example.com"},
allowed: true,
},
{
name: "allowed regexp is not a match",
allowedOrigins: []string{"example.com"},
origins: []string{"http://not-allowed.com", "not-allowed.com"},
allowed: false,
},
{
name: "allowed list with multiple regex",
allowedOrigins: []string{"not-matching.com", "example.com"},
origins: []string{"http://example.com", "example.com"},
allowed: true,
},
{
name: "wildcard matching",
allowedOrigins: []string{".*"},
origins: []string{"http://example.com", "example.com"},
allowed: true,
},
} }
for _, item := range table { for _, test := range tests {
handler := WithCORS( for _, origin := range test.origins {
http.HandlerFunc(func(http.ResponseWriter, *http.Request) {}), name := fmt.Sprintf("%s/origin/%s", test.name, origin)
item.allowedOrigins, nil, nil, nil, "true", t.Run(name, func(t *testing.T) {
) var handlerInvoked int
var response *http.Response handler := WithCORS(
func() { http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
server := httptest.NewServer(handler) handlerInvoked++
defer server.Close() }),
test.allowedOrigins, nil, nil, nil, "true",
)
var response *http.Response
func() {
server := httptest.NewServer(handler)
defer server.Close()
request, err := http.NewRequest("GET", server.URL+"/version", nil) request, err := http.NewRequest("GET", server.URL+"/version", nil)
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
} }
request.Header.Set("Origin", item.origin) request.Header.Set("Origin", origin)
client := http.Client{} client := http.Client{}
response, err = client.Do(request) response, err = client.Do(request)
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
} }
}() }()
if item.allowed { if handlerInvoked != 1 {
if !reflect.DeepEqual(item.origin, response.Header.Get("Access-Control-Allow-Origin")) { t.Errorf("Expected the handler to be invoked once, but got: %d", handlerInvoked)
t.Errorf("Expected %#v, Got %#v", item.origin, response.Header.Get("Access-Control-Allow-Origin")) }
}
if response.Header.Get("Access-Control-Allow-Credentials") == "" { if test.allowed {
t.Errorf("Expected Access-Control-Allow-Credentials header to be set") if !reflect.DeepEqual(origin, response.Header.Get("Access-Control-Allow-Origin")) {
} t.Errorf("Expected %#v, Got %#v", origin, response.Header.Get("Access-Control-Allow-Origin"))
}
if response.Header.Get("Access-Control-Allow-Headers") == "" { if response.Header.Get("Access-Control-Allow-Credentials") == "" {
t.Errorf("Expected Access-Control-Allow-Headers header to be set") t.Errorf("Expected Access-Control-Allow-Credentials header to be set")
} }
if response.Header.Get("Access-Control-Allow-Methods") == "" { if response.Header.Get("Access-Control-Allow-Headers") == "" {
t.Errorf("Expected Access-Control-Allow-Methods header to be set") t.Errorf("Expected Access-Control-Allow-Headers header to be set")
} }
if response.Header.Get("Access-Control-Expose-Headers") != "Date" { if response.Header.Get("Access-Control-Allow-Methods") == "" {
t.Errorf("Expected Date in Access-Control-Expose-Headers header") t.Errorf("Expected Access-Control-Allow-Methods header to be set")
} }
} else {
if response.Header.Get("Access-Control-Allow-Origin") != "" {
t.Errorf("Expected Access-Control-Allow-Origin header to not be set")
}
if response.Header.Get("Access-Control-Allow-Credentials") != "" { if response.Header.Get("Access-Control-Expose-Headers") != "Date" {
t.Errorf("Expected Access-Control-Allow-Credentials header to not be set") t.Errorf("Expected Date in Access-Control-Expose-Headers header")
} }
} else {
if response.Header.Get("Access-Control-Allow-Origin") != "" {
t.Errorf("Expected Access-Control-Allow-Origin header to not be set")
}
if response.Header.Get("Access-Control-Allow-Headers") != "" { if response.Header.Get("Access-Control-Allow-Credentials") != "" {
t.Errorf("Expected Access-Control-Allow-Headers header to not be set") t.Errorf("Expected Access-Control-Allow-Credentials header to not be set")
} }
if response.Header.Get("Access-Control-Allow-Methods") != "" { if response.Header.Get("Access-Control-Allow-Headers") != "" {
t.Errorf("Expected Access-Control-Allow-Methods header to not be set") t.Errorf("Expected Access-Control-Allow-Headers header to not be set")
} }
if response.Header.Get("Access-Control-Expose-Headers") == "Date" { if response.Header.Get("Access-Control-Allow-Methods") != "" {
t.Errorf("Expected Date in Access-Control-Expose-Headers header") t.Errorf("Expected Access-Control-Allow-Methods header to not be set")
} }
if response.Header.Get("Access-Control-Expose-Headers") == "Date" {
t.Errorf("Expected Date in Access-Control-Expose-Headers header")
}
}
})
} }
} }
} }