chore: add more tests in proxy extension headers (#14842) (#14853)

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Co-authored-by: Leonardo Luz Almeida <leoluz@users.noreply.github.com>
argoproj · Aug 2, 2023 · b4e29cf · b4e29cf
1 parent 0d5ef9c
commit b4e29cf
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md
@@ -243,7 +243,7 @@ same headers are also sent to the backend service. The backend service
 must also validate if the validated headers are compatible with the
 rest of the incoming request.
 
-### Outgoing Requets Headers
+### Outgoing Requests Headers
 
 Requests sent to backend services will be decorated with additional
 headers. The outgoing request headers are documented below:

diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go
@@ -342,9 +342,11 @@ func TestExtensionsHandler(t *testing.T) {
 		f.rbacMock.On("EnforceErr", mock.Anything, rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, mock.Anything).Return(extAccessError)
 	}
 
-	secrets := make(map[string]string)
-	secrets["extension.auth.header"] = "Bearer some-bearer-token"
 	withExtensionConfig := func(configYaml string, f *fixture) {
+		secrets := make(map[string]string)
+		secrets["extension.auth.header"] = "Bearer some-bearer-token"
+		secrets["extension.auth.header2"] = "Bearer another-bearer-token"
+
 		settings := &settings.ArgoCDSettings{
 			ExtensionConfig: configYaml,
 			Secrets:         secrets,
@@ -363,6 +365,9 @@ func TestExtensionsHandler(t *testing.T) {
 
 	startBackendTestSrv := func(response string) *httptest.Server {
 		return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			for k, v := range r.Header {
+				w.Header().Add(k, strings.Join(v, ","))
+			}
 			fmt.Fprintln(w, response)
 		}))
 
@@ -482,13 +487,15 @@ func TestExtensionsHandler(t *testing.T) {
 		require.NoError(t, err)
 		actual := strings.TrimSuffix(string(body), "\n")
 		assert.Equal(t, response1, actual)
+		assert.Equal(t, "Bearer some-bearer-token", resp1.Header.Get("Authorization"))
 
 		require.NotNil(t, resp2)
 		assert.Equal(t, http.StatusOK, resp2.StatusCode)
 		body, err = io.ReadAll(resp2.Body)
 		require.NoError(t, err)
 		actual = strings.TrimSuffix(string(body), "\n")
 		assert.Equal(t, response2, actual)
+		assert.Equal(t, "Bearer another-bearer-token", resp2.Header.Get("Authorization"))
 	})
 	t.Run("will return 401 if sub has no access to get application", func(t *testing.T) {
 		// given
@@ -667,9 +674,15 @@ extensions:
   backend:
     services:
     - url: %s
+      headers:
+      - name: Authorization
+        value: '$extension.auth.header'
       cluster:
         name: %s
     - url: %s
+      headers:
+      - name: Authorization
+        value: '$extension.auth.header2'
       cluster:
         server: %s
 `
@@ -731,8 +744,8 @@ extensions:
   backend:
     services:
     - url: https://httpbin.org
-	  headers:
-	  - value: '$some.secret.key'
+      headers:
+      - value: '$some.secret.key'
 `
 }
 
@@ -743,7 +756,7 @@ extensions:
   backend:
     services:
     - url: https://httpbin.org
-	  headers:
-	  - name: some-header-name
+      headers:
+      - name: some-header-name
 `
 }