github.com/avenga/couper@v1.12.2/server/testdata/integration/config/09_couper.hcl (about)

     1  server "scoped jwt" {
     2    api {
     3      base_path = "/scope"
     4      access_control = ["scoped_jwt"]
     5      required_permission = "z"
     6      endpoint "/foo" {
     7        required_permission = {
     8          get = ""
     9          post = "foo"
    10        }
    11        response {
    12          status = 204
    13          headers = {
    14            x-granted-permissions = json_encode(request.context.granted_permissions)
    15          }
    16        }
    17      }
    18      endpoint "/bar" {
    19        required_permission = {
    20          delete = ""
    21          "*" = "more"
    22        }
    23        error_handler "insufficient_permissions" {
    24          response {
    25            status = 403
    26            headers = {
    27              x-required-permission = request.context.required_permission
    28            }
    29          }
    30        }
    31        response {
    32          status = 204
    33          headers = {
    34            x-granted-permissions = json_encode(request.context.granted_permissions)
    35          }
    36        }
    37      }
    38      endpoint "/path/{p}/path" {
    39        required_permission = request.path_params.p
    40        response {
    41          status = 204
    42          headers = {
    43            x-granted-permissions = json_encode(request.context.granted_permissions)
    44          }
    45        }
    46      }
    47      endpoint "/object/{method}" {
    48        required_permission = {
    49          (request.path_params.method) = contains(["get", "post"], request.path_params.method) ? "a" : "z"
    50        }
    51        response {
    52          status = 204
    53          headers = {
    54            x-granted-permissions = json_encode(request.context.granted_permissions)
    55          }
    56        }
    57      }
    58      endpoint "/bad/expression" {
    59        required_permission = request
    60        response {
    61          status = 204
    62          headers = {
    63            x-granted-permissions = json_encode(request.context.granted_permissions)
    64          }
    65        }
    66      }
    67      endpoint "/bad/type/number" {
    68        required_permission = 123
    69        response {
    70          status = 204
    71          headers = {
    72            x-granted-permissions = json_encode(request.context.granted_permissions)
    73          }
    74        }
    75      }
    76      endpoint "/bad/type/boolean" {
    77        required_permission = true
    78        response {
    79          status = 204
    80          headers = {
    81            x-granted-permissions = json_encode(request.context.granted_permissions)
    82          }
    83        }
    84      }
    85      endpoint "/bad/type/tuple" {
    86        required_permission = ["p1", "p2"]
    87        response {
    88          status = 204
    89          headers = {
    90            x-granted-permissions = json_encode(request.context.granted_permissions)
    91          }
    92        }
    93      }
    94      endpoint "/bad/type/null" {
    95        required_permission = null
    96        response {
    97          status = 204
    98          headers = {
    99            x-granted-permissions = json_encode(request.context.granted_permissions)
   100          }
   101        }
   102      }
   103      endpoint "/permission-from-api" {
   104        response {
   105          status = 204
   106          headers = {
   107            x-granted-permissions = json_encode(request.context.granted_permissions)
   108          }
   109        }
   110      }
   111    }
   112    api {
   113      base_path = "/role"
   114      access_control = ["roled_jwt"]
   115      required_permission = "a"
   116      endpoint "/foo" {
   117        required_permission = {
   118          get = ""
   119          post = "foo"
   120        }
   121        response {
   122          status = 204
   123          headers = {
   124            x-granted-permissions = json_encode(request.context.granted_permissions)
   125          }
   126        }
   127      }
   128      endpoint "/bar" {
   129        required_permission = {
   130          delete = ""
   131          "*" = "more"
   132        }
   133        error_handler "insufficient_permissions" {
   134          response {
   135            status = 403
   136            headers = {
   137              x-required-permission = request.context.required_permission
   138            }
   139          }
   140        }
   141        response {
   142          status = 204
   143          headers = {
   144            x-granted-permissions = json_encode(request.context.granted_permissions)
   145          }
   146        }
   147      }
   148    }
   149    api {
   150      base_path = "/scope_and_role"
   151      access_control = ["scoped_and_roled_jwt"]
   152      endpoint "/foo" {
   153        required_permission = "d"
   154        response {
   155          status = 204
   156          headers = {
   157            x-granted-permissions = json_encode(request.context.granted_permissions)
   158          }
   159        }
   160      }
   161      endpoint "/bar" {
   162        required_permission = "e"
   163        response {
   164          status = 204
   165          headers = {
   166            x-granted-permissions = json_encode(request.context.granted_permissions)
   167          }
   168        }
   169      }
   170    }
   171    api {
   172      base_path = "/scope_and_role_files"
   173      access_control = ["scoped_and_roled_jwt_files"]
   174      endpoint "/foo" {
   175        required_permission = "d"
   176        response {
   177          status = 204
   178          headers = {
   179            x-granted-permissions = json_encode(request.context.granted_permissions)
   180          }
   181        }
   182      }
   183      endpoint "/bar" {
   184        required_permission = "e"
   185        response {
   186          status = 204
   187          headers = {
   188            x-granted-permissions = json_encode(request.context.granted_permissions)
   189          }
   190        }
   191      }
   192    }
   193  }
   194  definitions {
   195    jwt "scoped_jwt" {
   196      header = "authorization"
   197      signature_algorithm = "HS256"
   198      key = "asdf"
   199      permissions_claim = "scp"
   200    }
   201    jwt "roled_jwt" {
   202      header = "authorization"
   203      signature_algorithm = "HS256"
   204      key = "asdf"
   205      roles_claim = "rl"
   206      roles_map = {
   207        "r1" = ["a", "b"]
   208      }
   209    }
   210    jwt "scoped_and_roled_jwt" {
   211      header = "authorization"
   212      signature_algorithm = "HS256"
   213      key = "asdf"
   214      permissions_claim = "scp"
   215      roles_claim = "rl"
   216      roles_map = {
   217        "r1" = ["b"]
   218      }
   219      permissions_map = {
   220        a = ["c"]
   221        b = ["e"] # from role-mapped permission
   222        c = ["d"]
   223        d = ["a"] # cycle is ignored
   224      }
   225    }
   226    jwt "scoped_and_roled_jwt_files" {
   227      header = "authorization"
   228      signature_algorithm = "HS256"
   229      key = "asdf"
   230      permissions_claim = "scp"
   231      roles_claim = "rl"
   232      roles_map_file = "roles.json"
   233      permissions_map_file = "permissions.json"
   234    }
   235  }