github.com/avenga/couper@v1.12.2/server/testdata/integration/config/09_couper.hcl (about) 1 server "scoped jwt" { 2 api { 3 base_path = "/scope" 4 access_control = ["scoped_jwt"] 5 required_permission = "z" 6 endpoint "/foo" { 7 required_permission = { 8 get = "" 9 post = "foo" 10 } 11 response { 12 status = 204 13 headers = { 14 x-granted-permissions = json_encode(request.context.granted_permissions) 15 } 16 } 17 } 18 endpoint "/bar" { 19 required_permission = { 20 delete = "" 21 "*" = "more" 22 } 23 error_handler "insufficient_permissions" { 24 response { 25 status = 403 26 headers = { 27 x-required-permission = request.context.required_permission 28 } 29 } 30 } 31 response { 32 status = 204 33 headers = { 34 x-granted-permissions = json_encode(request.context.granted_permissions) 35 } 36 } 37 } 38 endpoint "/path/{p}/path" { 39 required_permission = request.path_params.p 40 response { 41 status = 204 42 headers = { 43 x-granted-permissions = json_encode(request.context.granted_permissions) 44 } 45 } 46 } 47 endpoint "/object/{method}" { 48 required_permission = { 49 (request.path_params.method) = contains(["get", "post"], request.path_params.method) ? "a" : "z" 50 } 51 response { 52 status = 204 53 headers = { 54 x-granted-permissions = json_encode(request.context.granted_permissions) 55 } 56 } 57 } 58 endpoint "/bad/expression" { 59 required_permission = request 60 response { 61 status = 204 62 headers = { 63 x-granted-permissions = json_encode(request.context.granted_permissions) 64 } 65 } 66 } 67 endpoint "/bad/type/number" { 68 required_permission = 123 69 response { 70 status = 204 71 headers = { 72 x-granted-permissions = json_encode(request.context.granted_permissions) 73 } 74 } 75 } 76 endpoint "/bad/type/boolean" { 77 required_permission = true 78 response { 79 status = 204 80 headers = { 81 x-granted-permissions = json_encode(request.context.granted_permissions) 82 } 83 } 84 } 85 endpoint "/bad/type/tuple" { 86 required_permission = ["p1", "p2"] 87 response { 88 status = 204 89 headers = { 90 x-granted-permissions = json_encode(request.context.granted_permissions) 91 } 92 } 93 } 94 endpoint "/bad/type/null" { 95 required_permission = null 96 response { 97 status = 204 98 headers = { 99 x-granted-permissions = json_encode(request.context.granted_permissions) 100 } 101 } 102 } 103 endpoint "/permission-from-api" { 104 response { 105 status = 204 106 headers = { 107 x-granted-permissions = json_encode(request.context.granted_permissions) 108 } 109 } 110 } 111 } 112 api { 113 base_path = "/role" 114 access_control = ["roled_jwt"] 115 required_permission = "a" 116 endpoint "/foo" { 117 required_permission = { 118 get = "" 119 post = "foo" 120 } 121 response { 122 status = 204 123 headers = { 124 x-granted-permissions = json_encode(request.context.granted_permissions) 125 } 126 } 127 } 128 endpoint "/bar" { 129 required_permission = { 130 delete = "" 131 "*" = "more" 132 } 133 error_handler "insufficient_permissions" { 134 response { 135 status = 403 136 headers = { 137 x-required-permission = request.context.required_permission 138 } 139 } 140 } 141 response { 142 status = 204 143 headers = { 144 x-granted-permissions = json_encode(request.context.granted_permissions) 145 } 146 } 147 } 148 } 149 api { 150 base_path = "/scope_and_role" 151 access_control = ["scoped_and_roled_jwt"] 152 endpoint "/foo" { 153 required_permission = "d" 154 response { 155 status = 204 156 headers = { 157 x-granted-permissions = json_encode(request.context.granted_permissions) 158 } 159 } 160 } 161 endpoint "/bar" { 162 required_permission = "e" 163 response { 164 status = 204 165 headers = { 166 x-granted-permissions = json_encode(request.context.granted_permissions) 167 } 168 } 169 } 170 } 171 api { 172 base_path = "/scope_and_role_files" 173 access_control = ["scoped_and_roled_jwt_files"] 174 endpoint "/foo" { 175 required_permission = "d" 176 response { 177 status = 204 178 headers = { 179 x-granted-permissions = json_encode(request.context.granted_permissions) 180 } 181 } 182 } 183 endpoint "/bar" { 184 required_permission = "e" 185 response { 186 status = 204 187 headers = { 188 x-granted-permissions = json_encode(request.context.granted_permissions) 189 } 190 } 191 } 192 } 193 } 194 definitions { 195 jwt "scoped_jwt" { 196 header = "authorization" 197 signature_algorithm = "HS256" 198 key = "asdf" 199 permissions_claim = "scp" 200 } 201 jwt "roled_jwt" { 202 header = "authorization" 203 signature_algorithm = "HS256" 204 key = "asdf" 205 roles_claim = "rl" 206 roles_map = { 207 "r1" = ["a", "b"] 208 } 209 } 210 jwt "scoped_and_roled_jwt" { 211 header = "authorization" 212 signature_algorithm = "HS256" 213 key = "asdf" 214 permissions_claim = "scp" 215 roles_claim = "rl" 216 roles_map = { 217 "r1" = ["b"] 218 } 219 permissions_map = { 220 a = ["c"] 221 b = ["e"] # from role-mapped permission 222 c = ["d"] 223 d = ["a"] # cycle is ignored 224 } 225 } 226 jwt "scoped_and_roled_jwt_files" { 227 header = "authorization" 228 signature_algorithm = "HS256" 229 key = "asdf" 230 permissions_claim = "scp" 231 roles_claim = "rl" 232 roles_map_file = "roles.json" 233 permissions_map_file = "permissions.json" 234 } 235 }