Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add more tests in proxy extension headers #14842

Merged
merged 1 commit into from
Aug 2, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/developer-guide/extensions/proxy-extensions.md
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ same headers are also sent to the backend service. The backend service
must also validate if the validated headers are compatible with the
rest of the incoming request.

### Outgoing Requets Headers
### Outgoing Requests Headers

Requests sent to backend services will be decorated with additional
headers. The outgoing request headers are documented below:
Expand Down
25 changes: 19 additions & 6 deletions server/extension/extension_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -342,9 +342,11 @@ func TestExtensionsHandler(t *testing.T) {
f.rbacMock.On("EnforceErr", mock.Anything, rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, mock.Anything).Return(extAccessError)
}

secrets := make(map[string]string)
secrets["extension.auth.header"] = "Bearer some-bearer-token"
withExtensionConfig := func(configYaml string, f *fixture) {
secrets := make(map[string]string)
secrets["extension.auth.header"] = "Bearer some-bearer-token"
secrets["extension.auth.header2"] = "Bearer another-bearer-token"

settings := &settings.ArgoCDSettings{
ExtensionConfig: configYaml,
Secrets: secrets,
Expand All @@ -363,6 +365,9 @@ func TestExtensionsHandler(t *testing.T) {

startBackendTestSrv := func(response string) *httptest.Server {
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
for k, v := range r.Header {
w.Header().Add(k, strings.Join(v, ","))
}
fmt.Fprintln(w, response)
}))

Expand Down Expand Up @@ -482,13 +487,15 @@ func TestExtensionsHandler(t *testing.T) {
require.NoError(t, err)
actual := strings.TrimSuffix(string(body), "\n")
assert.Equal(t, response1, actual)
assert.Equal(t, "Bearer some-bearer-token", resp1.Header.Get("Authorization"))

require.NotNil(t, resp2)
assert.Equal(t, http.StatusOK, resp2.StatusCode)
body, err = io.ReadAll(resp2.Body)
require.NoError(t, err)
actual = strings.TrimSuffix(string(body), "\n")
assert.Equal(t, response2, actual)
assert.Equal(t, "Bearer another-bearer-token", resp2.Header.Get("Authorization"))
})
t.Run("will return 401 if sub has no access to get application", func(t *testing.T) {
// given
Expand Down Expand Up @@ -667,9 +674,15 @@ extensions:
backend:
services:
- url: %s
headers:
- name: Authorization
value: '$extension.auth.header'
cluster:
name: %s
- url: %s
headers:
- name: Authorization
value: '$extension.auth.header2'
cluster:
server: %s
`
Expand Down Expand Up @@ -731,8 +744,8 @@ extensions:
backend:
services:
- url: https://httpbin.org
headers:
- value: '$some.secret.key'
headers:
- value: '$some.secret.key'
`
}

Expand All @@ -743,7 +756,7 @@ extensions:
backend:
services:
- url: https://httpbin.org
headers:
- name: some-header-name
headers:
- name: some-header-name
`
}