Documentation
¶
Index ¶
- Constants
- Variables
- func AttrValueFromTagField(name string, obj interface{}) string
- func BackendAttrFields(obj interface{}) []string
- func ParseDuration(attribute string, value string, _default time.Duration) (time.Duration, error)
- func WithErrorHandlerSchema(schema *hcl.BodySchema) *hcl.BodySchema
- type API
- type APIs
- type AcceptForwarded
- type AccessControl
- type Backend
- type BackendInitialization
- type BackendReference
- type BackendTLS
- type BasicAuth
- type Body
- type CORS
- type Claims
- type ClientCertificate
- type Couper
- type DefaultEnvVars
- type Defaults
- type DefaultsBlock
- type Definitions
- type Endpoint
- type Endpoints
- type ErrorHandler
- type ErrorHandlerGetter
- type ErrorHandlerSetter
- type Files
- type FilesBlocks
- type Headers
- type Health
- type HealthCheck
- type Inline
- type Introspection
- type JWT
- type JWTSigningProfile
- type Job
- type List
- type OAuth2AC
- func (oa *OAuth2AC) ClientAuthenticationRequired() bool
- func (oa *OAuth2AC) GetAuthorizationEndpoint() (string, error)
- func (oa *OAuth2AC) GetClientID() string
- func (oa *OAuth2AC) GetClientSecret() string
- func (oa *OAuth2AC) GetGrantType() string
- func (oa *OAuth2AC) GetJWTSigningProfile() *JWTSigningProfile
- func (oa *OAuth2AC) GetRedirectURI() string
- func (oa *OAuth2AC) GetScope() string
- func (oa *OAuth2AC) GetTokenEndpoint() (string, error)
- func (oa *OAuth2AC) GetTokenEndpointAuthMethod() *string
- func (oa *OAuth2AC) GetVerifierMethod() (string, error)
- func (oa *OAuth2AC) HCLBody() *hclsyntax.Body
- func (oa *OAuth2AC) Inline() interface{}
- func (oa *OAuth2AC) Prepare(backendFunc PrepareBackendFunc) (err error)
- func (oa *OAuth2AC) Reference() string
- func (oa *OAuth2AC) Schema(inline bool) *hcl.BodySchema
- type OAuth2AS
- type OAuth2AcClient
- type OAuth2Authorization
- type OAuth2Client
- type OAuth2ReqAuth
- func (oa *OAuth2ReqAuth) ClientAuthenticationRequired() bool
- func (oa *OAuth2ReqAuth) GetClientID() string
- func (oa *OAuth2ReqAuth) GetClientSecret() string
- func (oa *OAuth2ReqAuth) GetJWTSigningProfile() *JWTSigningProfile
- func (oa *OAuth2ReqAuth) GetTokenEndpoint() (string, error)
- func (oa *OAuth2ReqAuth) GetTokenEndpointAuthMethod() *string
- func (oa *OAuth2ReqAuth) HCLBody() *hclsyntax.Body
- func (oa *OAuth2ReqAuth) Inline() interface{}
- func (oa *OAuth2ReqAuth) Reference() string
- func (oa *OAuth2ReqAuth) Schema(inline bool) *hcl.BodySchema
- type OIDC
- func (o *OIDC) ClientAuthenticationRequired() bool
- func (o *OIDC) GetClientID() string
- func (o *OIDC) GetClientSecret() string
- func (o *OIDC) GetGrantType() string
- func (o *OIDC) GetJWTSigningProfile() *JWTSigningProfile
- func (o *OIDC) GetRedirectURI() string
- func (o *OIDC) GetScope() string
- func (o *OIDC) GetTokenEndpointAuthMethod() *string
- func (o *OIDC) HCLBody() *hclsyntax.Body
- func (o *OIDC) Inline() interface{}
- func (o *OIDC) Prepare(backendFunc PrepareBackendFunc) (err error)
- func (o *OIDC) Reference() string
- func (o *OIDC) Schema(inline bool) *hcl.BodySchema
- type OpenAPI
- type PrepareBackendFunc
- type Proxies
- type Proxy
- type RateLimiter
- type Request
- type Requests
- type Response
- type SAML
- type SPAs
- type Server
- type ServerCertificate
- type ServerTLS
- type Servers
- type Settings
- type Spa
- type Throttle
- type Throttles
- type TokenRequest
- type Websockets
Constants ¶
View Source
const ( ClientCredentials = "client_credentials" JwtBearer = "urn:ietf:params:oauth:grant-type:jwt-bearer" Password = "password" )
View Source
const (
CcmS256 = "ccm_s256"
)
View Source
const DefaultFilename = "couper.hcl"
DefaultFilename defines the default filename for a couper config file.
View Source
const DefaultNameLabel = "default"
DefaultNameLabel maps the hcl label attr 'name'.
Variables ¶
View Source
var OAuthBlockSchema = &hcl.BodySchema{ Blocks: []hcl.BlockHeaderSchema{ oauthBlockHeaderSchema, }, }
View Source
var (
ResponseInlineSchema = Response{}.Schema(true)
)
View Source
var TokenRequestBlockSchema = &hcl.BodySchema{ Blocks: []hcl.BlockHeaderSchema{ tokenRequestBlockHeaderSchema, }, }
View Source
var (
WebsocketsInlineSchema = Websockets{}.Schema(true)
)
Functions ¶
func AttrValueFromTagField ¶
func BackendAttrFields ¶
func BackendAttrFields(obj interface{}) []string
func ParseDuration ¶
func WithErrorHandlerSchema ¶
func WithErrorHandlerSchema(schema *hcl.BodySchema) *hcl.BodySchema
Types ¶
type API ¶
type API struct {
ErrorHandlerSetter
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined [access control](../access-control) for this block."`
AllowedMethods []string `` /* 223-byte string literal not displayed */
BasePath string `hcl:"base_path,optional" docs:"Configures the path prefix for all requests."`
CORS *CORS `hcl:"cors,block" docs:"Configures [CORS](/configuration/block/cors) settings (zero or one)."`
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
Endpoints Endpoints `hcl:"endpoint,block" docs:"Configures an [endpoint](/configuration/block/endpoint) (zero or more)."`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Name string `hcl:"name,label_optional"`
Remain hcl.Body `hcl:",remain"`
// internally used
CatchAllEndpoint *Endpoint
RequiredPermission hcl.Expression
}
API represents the <API> object.
type AcceptForwarded ¶
type AcceptForwarded struct {
// contains filtered or unexported fields
}
func (*AcceptForwarded) Set ¶
func (a *AcceptForwarded) Set(forwarded []string) error
type AccessControl ¶
AccessControl holds all active and inactive access control references.
func NewAccessControl ¶
func NewAccessControl(ac, dac []string) AccessControl
NewAccessControl creates the container object for ac configuration.
func (AccessControl) List ¶
func (ac AccessControl) List() []string
List returns all active access controls.
func (AccessControl) Merge ¶
func (ac AccessControl) Merge(oac AccessControl) AccessControl
Merge appends control references in order.
type Backend ¶
type Backend struct {
DisableCertValidation bool `` /* 134-byte string literal not displayed */
DisableConnectionReuse bool `` /* 133-byte string literal not displayed */
Health *Health `hcl:"beta_health,block" docs:"Configures a [health check](/configuration/block/health) (zero or one)."`
HTTP2 bool `hcl:"http2,optional" docs:"Enables the HTTP2 support. Must not be used in backend refinement."`
MaxConnections int `` /* 183-byte string literal not displayed */
Name string `hcl:"name,label_optional"`
OpenAPI *OpenAPI `hcl:"openapi,block" docs:"Configures [OpenAPI validation](/configuration/block/openapi) (zero or one)."`
Throttles Throttles `hcl:"throttle,block" docs:"Configures [throttling](/configuration/block/throttle) (zero or one)."`
Remain hcl.Body `hcl:",remain"`
TLS *BackendTLS `hcl:"tls,block" docs:"Configures [backend TLS](/configuration/block/backend_tls) (zero or one)."`
// used for validation and documentation
OAuth2 *OAuth2ReqAuth `hcl:"oauth2,block" docs:"Configures an [OAuth2 authorization](/configuration/block/oauth2) (zero or one)."`
TokenRequest []*TokenRequest `` /* 132-byte string literal not displayed */
}
Backend represents the <Backend> object.
func (Backend) Inline ¶
func (b Backend) Inline() interface{}
Inline implements the <Inline> interface.
type BackendInitialization ¶
type BackendInitialization interface {
Prepare(backendFunc PrepareBackendFunc) error
}
type BackendReference ¶
type BackendReference interface {
Reference() string
}
BackendReference defines the <BackendReference> interface.
type BackendTLS ¶
type BackendTLS struct {
ServerCertificate string `` /* 160-byte string literal not displayed */
ServerCertificateFile string `` /* 200-byte string literal not displayed */
ClientCertificate string `` /* 151-byte string literal not displayed */
ClientCertificateFile string `` /* 191-byte string literal not displayed */
ClientPrivateKey string `` /* 192-byte string literal not displayed */
ClientPrivateKeyFile string `` /* 232-byte string literal not displayed */
}
type BasicAuth ¶
type BasicAuth struct {
ErrorHandlerSetter
File string `hcl:"htpasswd_file,optional" docs:"The htpasswd file."`
Name string `hcl:"name,label"`
User string `hcl:"user,optional" docs:"The user name."`
Pass string `hcl:"password,optional" docs:"The corresponding password."`
Realm string `hcl:"realm,optional" docs:"The realm to be sent in a WWW-Authenticate response HTTP header field."`
Remain hcl.Body `hcl:",remain"`
}
BasicAuth represents the "basic_auth" config block
func (*BasicAuth) DefaultErrorHandlers ¶
func (b *BasicAuth) DefaultErrorHandlers() []*ErrorHandler
type CORS ¶
type CORS struct {
AllowedOrigins cty.Value `hcl:"allowed_origins" docs:"An allowed origin or a list of allowed origins." type:"string or tuple"`
AllowCredentials bool `` /* 171-byte string literal not displayed */
Disable bool `hcl:"disable,optional" docs:"Set to {true} to disable the inheritance of CORS from parent context."`
MaxAge string `` /* 191-byte string literal not displayed */
}
CORS represents the <CORS> object.
type ClientCertificate ¶
type ClientCertificate struct {
Name string `hcl:",label_optional"`
CA string `` /* 146-byte string literal not displayed */
CAFile string `` /* 186-byte string literal not displayed */
Leaf string `` /* 147-byte string literal not displayed */
LeafFile string `` /* 187-byte string literal not displayed */
}
type Couper ¶
type Couper struct {
Context context.Context
Environment string
Files file.Files
Definitions *Definitions `hcl:"definitions,block"`
Servers Servers `hcl:"server,block"`
Settings *Settings `hcl:"settings,block"`
Defaults *Defaults `hcl:"defaults,block"`
}
Couper represents the <Couper> config object.
type DefaultEnvVars ¶
type Defaults ¶
type Defaults struct {
EnvironmentVariables DefaultEnvVars `` /* 151-byte string literal not displayed */
}
type DefaultsBlock ¶
type Definitions ¶
type Definitions struct {
Backend []*Backend `hcl:"backend,block" docs:"Configure a [backend](/configuration/block/backend) (zero or more)."`
BasicAuth []*BasicAuth `hcl:"basic_auth,block" docs:"Configure a [BasicAuth access control](/configuration/block/basic_auth) (zero or more)."`
Job []*Job `hcl:"job,block" docs:"Configure a [job](/configuration/block/job) (zero or more)."`
JWT []*JWT `hcl:"jwt,block" docs:"Configure a [JWT access control](/configuration/block/jwt) (zero or more)."`
JWTSigningProfile []*JWTSigningProfile `` /* 130-byte string literal not displayed */
RateLimiter []*RateLimiter `` /* 129-byte string literal not displayed */
SAML []*SAML `hcl:"saml,block" docs:"Configure a [SAML access control](/configuration/block/saml) (zero or more)."`
OAuth2AC []*OAuth2AC `hcl:"beta_oauth2,block" docs:"Configure an [OAuth2 access control](/configuration/block/beta_oauth2) (zero or more)."`
OIDC []*OIDC `hcl:"oidc,block" docs:"Configure an [OIDC access control](/configuration/block/oidc) (zero or more)."`
// used for documentation
Proxy []*Proxy `hcl:"proxy,block" docs:"Configure a [proxy](/configuration/block/proxy) (zero or more)."`
}
Definitions represents the <Definitions> object.
type Endpoint ¶
type Endpoint struct {
ErrorHandlerSetter
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined access control for this block context."`
AllowedMethods []string `` /* 237-byte string literal not displayed */
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Pattern string `hcl:"pattern,label"`
Proxies Proxies `hcl:"proxy,block" docs:"Configures a [proxy](/configuration/block/proxy) (zero or more)."`
Proxy string `` /* 140-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
RequestBodyLimit string `` /* 197-byte string literal not displayed */
Requests Requests `hcl:"request,block" docs:"Configures a [request](/configuration/block/request) (zero or more)."`
Response *Response `hcl:"response,block" docs:"Configures the [response](/configuration/block/response) (zero or one)."`
// internally configured due to multi-label options
RequiredPermission hcl.Expression
Sequences sequence.List
}
Endpoint represents the <Endpoint> object.
type ErrorHandler ¶
type ErrorHandler struct {
Kinds []string
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Proxies Proxies `hcl:"proxy,block" docs:"Configures a [proxy](/configuration/block/proxy) (zero or more)."`
Remain hcl.Body `hcl:",remain"`
Requests Requests `hcl:"request,block" docs:"Configures a [request](/configuration/block/request) (zero or more)."`
Response *Response `hcl:"response,block" docs:"Configures the [response](/configuration/block/response) (zero or one)."`
}
ErrorHandler represents a subset of Endpoint.
func (ErrorHandler) HCLBody ¶
func (e ErrorHandler) HCLBody() *hclsyntax.Body
HCLBody implements the <Body> interface.
func (ErrorHandler) Inline ¶
func (e ErrorHandler) Inline() interface{}
Inline implements the <Inline> interface.
func (ErrorHandler) Schema ¶
func (e ErrorHandler) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type ErrorHandlerGetter ¶
type ErrorHandlerGetter interface {
DefaultErrorHandlers() []*ErrorHandler
}
ErrorHandlerGetter defines the <ErrorHandlerGetter> interface.
type ErrorHandlerSetter ¶
type ErrorHandlerSetter struct {
ErrorHandler []*ErrorHandler `hcl:"error_handler,block" docs:"Configures an [error handler](/configuration/block/error_handler) (zero or more)."`
}
func (*ErrorHandlerSetter) Set ¶
func (ehs *ErrorHandlerSetter) Set(ehConf *ErrorHandler)
type Files ¶
type Files struct {
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined access control for this block context."`
BasePath string `hcl:"base_path,optional" docs:"Configures the path prefix for all requests."`
CORS *CORS `hcl:"cors,block" docs:"Configures [CORS](/configuration/block/cors) settings (zero or one)."`
DisableAccessControl []string `hcl:"disable_access_control,optional"`
DocumentRoot string `hcl:"document_root" docs:"Location of the document root (directory)."`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Name string `hcl:"name,label_optional"`
Remain hcl.Body `hcl:",remain"`
}
Files represents the <Files> object.
type FilesBlocks ¶
type FilesBlocks []*Files
type Health ¶
type Health struct {
FailureThreshold *uint `hcl:"failure_threshold,optional" docs:"Failed checks needed to consider backend unhealthy." default:"2"`
Interval string `hcl:"interval,optional" docs:"Time interval for recheck." default:"1s"`
Timeout string `hcl:"timeout,optional" docs:"Maximum allowed time limit which is bounded by {interval}." default:"1s"`
Path string `hcl:"path,optional" docs:"URL path with query on backend host."`
ExpectedStatus []int `hcl:"expected_status,optional" docs:"One of wanted response status codes." default:"[200, 204, 301]"`
ExpectedText string `hcl:"expected_text,optional" docs:"Text which the response body must contain."`
Headers Headers `hcl:"headers,optional" docs:"Request HTTP header fields."`
Remain hcl.Body `hcl:",remain"`
}
type HealthCheck ¶
type HealthCheck struct {
Context context.Context
ExpectedStatus map[int]bool
ExpectedText string
FailureThreshold uint
Interval time.Duration
Request *http.Request
RequestUIDFormat string
Timeout time.Duration
}
func NewHealthCheck ¶
func NewHealthCheck(baseURL string, options *Health, conf *Couper) (*HealthCheck, error)
type Inline ¶
type Inline interface {
Inline() interface{}
Schema(inline bool) *hcl.BodySchema
}
Inline defines the <Inline> interface.
type Introspection ¶ added in v1.14.0
type Introspection struct {
BackendName string `` /* 202-byte string literal not displayed */
ClientID string `hcl:"client_id" docs:"The client identifier."`
ClientSecret string `hcl:"client_secret,optional" docs:"The client password. Required unless the {endpoint_auth_method} is {\"private_key_jwt\"}."`
Endpoint string `hcl:"endpoint" docs:"The authorization server's {introspection_endpoint}."`
EndpointAuthMethod *string `` /* 587-byte string literal not displayed */
JWTSigningProfile *JWTSigningProfile `` /* 230-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
TTL string `` /* 180-byte string literal not displayed */
// Internally used
Backend *hclsyntax.Body
TTLSeconds int64
}
func (*Introspection) HCLBody ¶ added in v1.14.0
func (i *Introspection) HCLBody() *hclsyntax.Body
HCLBody implements the <Body> interface.
func (*Introspection) Inline ¶ added in v1.14.0
func (i *Introspection) Inline() interface{}
Inline implements the <Inline> interface.
func (*Introspection) Prepare ¶ added in v1.14.0
func (i *Introspection) Prepare(backendFunc PrepareBackendFunc) error
func (*Introspection) Reference ¶ added in v1.14.0
func (i *Introspection) Reference() string
Reference implements the <BackendReference> interface.
func (*Introspection) Schema ¶ added in v1.14.0
func (i *Introspection) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type JWT ¶
type JWT struct {
ErrorHandlerSetter
BackendName string `` /* 193-byte string literal not displayed */
Bearer bool `` /* 198-byte string literal not displayed */
Claims Claims `` /* 166-byte string literal not displayed */
ClaimsRequired []string `hcl:"required_claims,optional" docs:"List of claim names that must be given for a valid token."`
Cookie string `` /* 138-byte string literal not displayed */
DisablePrivateCaching bool `` /* 155-byte string literal not displayed */
Dpop bool `` /* 196-byte string literal not displayed */
Header string `` /* 284-byte string literal not displayed */
Introspection *Introspection `` /* 127-byte string literal not displayed */
JWKsURL string `` /* 129-byte string literal not displayed */
JWKsTTL string `hcl:"jwks_ttl,optional" docs:"Time period the JWK set stays valid and may be cached." type:"duration" default:"1h"`
JWKsMaxStale string `` /* 134-byte string literal not displayed */
Key string `` /* 152-byte string literal not displayed */
KeyFile string `` /* 140-byte string literal not displayed */
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
RolesClaim string `` /* 228-byte string literal not displayed */
RolesMap map[string][]string `` /* 181-byte string literal not displayed */
RolesMapFile string `` /* 160-byte string literal not displayed */
PermissionsClaim string `` /* 211-byte string literal not displayed */
PermissionsMap map[string][]string `` /* 255-byte string literal not displayed */
PermissionsMapFile string `` /* 184-byte string literal not displayed */
SignatureAlgorithm string `` /* 135-byte string literal not displayed */
SigningKey string `` /* 135-byte string literal not displayed */
SigningKeyFile string `` /* 159-byte string literal not displayed */
SigningTTL string `hcl:"signing_ttl,optional" docs:"The token's time-to-live (creates the {exp} claim)." type:"duration"`
TokenValue hcl.Expression `` /* 153-byte string literal not displayed */
// Internally used
Backend *hclsyntax.Body
}
JWT represents the <JWT> object.
func (*JWT) DefaultErrorHandlers ¶
func (j *JWT) DefaultErrorHandlers() []*ErrorHandler
func (*JWT) Prepare ¶
func (j *JWT) Prepare(backendFunc PrepareBackendFunc) (err error)
type JWTSigningProfile ¶
type JWTSigningProfile struct {
Claims Claims `hcl:"claims,optional" docs:"Claims for the JWT payload, claim values are evaluated per request."`
Headers hcl.Expression `` /* 128-byte string literal not displayed */
Key string `` /* 154-byte string literal not displayed */
KeyFile string `` /* 135-byte string literal not displayed */
Name string `hcl:"name,label_optional"`
SignatureAlgorithm string `` /* 177-byte string literal not displayed */
TTL string `hcl:"ttl" docs:"The token's time-to-live, creates the {exp} claim."`
}
type Job ¶
type Job struct {
Interval string `hcl:"interval" docs:"Execution interval." type:"duration"`
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
Requests Requests `hcl:"request,block" docs:"Configures a [request](/configuration/block/request) (zero or more)."`
StartupDelay string `hcl:"startup_delay,optional" docs:"Delays the first execution of the job after startup." type:"duration" default:"0s"`
// Internally used
Endpoint *Endpoint
IntervalDuration time.Duration
StartupDelayDuration time.Duration
}
Job represents the <Job> object.
type OAuth2AC ¶
type OAuth2AC struct {
ErrorHandlerSetter
// AuthorizationEndpoint is used for lib.FnOAuthAuthorizationURL
AuthorizationEndpoint string `hcl:"authorization_endpoint" docs:"The authorization server endpoint URL used for authorization."`
BackendName string `` /* 194-byte string literal not displayed */
ClientID string `hcl:"client_id" docs:"The client identifier."`
ClientSecret string `` /* 127-byte string literal not displayed */
GrantType string `hcl:"grant_type" docs:"The grant type. Required, to be set to: {\"authorization_code\"}"`
JWTSigningProfile *JWTSigningProfile `` /* 250-byte string literal not displayed */
Name string `hcl:"name,label"`
RedirectURI string `` /* 284-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
Scope string `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
TokenEndpoint string `hcl:"token_endpoint" docs:"The authorization server endpoint URL used for requesting the token."`
TokenEndpointAuthMethod *string `` /* 585-byte string literal not displayed */
VerifierMethod string `` /* 226-byte string literal not displayed */
// internally used
Backend *hclsyntax.Body
}
OAuth2AC represents an oauth2 block for an OAuth2 client using the authorization code flow.
func (*OAuth2AC) ClientAuthenticationRequired ¶
func (*OAuth2AC) GetAuthorizationEndpoint ¶
func (*OAuth2AC) GetClientID ¶
func (*OAuth2AC) GetClientSecret ¶
func (*OAuth2AC) GetGrantType ¶
func (*OAuth2AC) GetJWTSigningProfile ¶
func (oa *OAuth2AC) GetJWTSigningProfile() *JWTSigningProfile
func (*OAuth2AC) GetRedirectURI ¶
func (*OAuth2AC) GetTokenEndpoint ¶
func (*OAuth2AC) GetTokenEndpointAuthMethod ¶
func (*OAuth2AC) GetVerifierMethod ¶
GetVerifierMethod retrieves the verifier method (ccm_s256 or state)
func (*OAuth2AC) Inline ¶
func (oa *OAuth2AC) Inline() interface{}
Inline implements the <Inline> interface.
func (*OAuth2AC) Prepare ¶
func (oa *OAuth2AC) Prepare(backendFunc PrepareBackendFunc) (err error)
type OAuth2AcClient ¶
type OAuth2AcClient interface {
Body
OAuth2Client
GetGrantType() string
GetRedirectURI() string
// GetVerifierMethod retrieves the verifier method (ccm_s256, nonce or state)
GetVerifierMethod() (string, error)
}
OAuth2AcClient represents the client configuration for OAuth2 clients using the authorization code flow.
type OAuth2Authorization ¶
type OAuth2Authorization interface {
GetAuthorizationEndpoint() (string, error)
GetClientID() string
GetRedirectURI() string
GetScope() string
GetVerifierMethod() (string, error)
}
OAuth2Authorization represents the configuration for the OAuth2 authorization URL function
type OAuth2Client ¶
type OAuth2Client interface {
ClientAuthenticationRequired() bool
GetClientID() string
GetClientSecret() string
GetJWTSigningProfile() *JWTSigningProfile
GetTokenEndpointAuthMethod() *string
}
OAuth2Client represents the client configuration for OAuth2 clients.
type OAuth2ReqAuth ¶
type OAuth2ReqAuth struct {
AssertionExpr hcl.Expression `` /* 218-byte string literal not displayed */
BackendName string `` /* 194-byte string literal not displayed */
ClientID string `` /* 141-byte string literal not displayed */
ClientSecret string `` /* 200-byte string literal not displayed */
GrantType string `` /* 140-byte string literal not displayed */
JWTSigningProfile *JWTSigningProfile `` /* 382-byte string literal not displayed */
Password string `` /* 126-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
Retries *uint8 `` /* 169-byte string literal not displayed */
Scope string `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
TokenEndpoint string `hcl:"token_endpoint,optional" docs:"URL of the token endpoint at the authorization server."`
TokenEndpointAuthMethod *string `` /* 585-byte string literal not displayed */
Username string `` /* 126-byte string literal not displayed */
}
OAuth2ReqAuth represents the oauth2 block in a backend block.
func (*OAuth2ReqAuth) ClientAuthenticationRequired ¶
func (oa *OAuth2ReqAuth) ClientAuthenticationRequired() bool
func (*OAuth2ReqAuth) GetClientID ¶
func (oa *OAuth2ReqAuth) GetClientID() string
func (*OAuth2ReqAuth) GetClientSecret ¶
func (oa *OAuth2ReqAuth) GetClientSecret() string
func (*OAuth2ReqAuth) GetJWTSigningProfile ¶
func (oa *OAuth2ReqAuth) GetJWTSigningProfile() *JWTSigningProfile
func (*OAuth2ReqAuth) GetTokenEndpoint ¶
func (oa *OAuth2ReqAuth) GetTokenEndpoint() (string, error)
func (*OAuth2ReqAuth) GetTokenEndpointAuthMethod ¶
func (oa *OAuth2ReqAuth) GetTokenEndpointAuthMethod() *string
func (*OAuth2ReqAuth) HCLBody ¶
func (oa *OAuth2ReqAuth) HCLBody() *hclsyntax.Body
HCLBody implements the <Body> interface.
func (*OAuth2ReqAuth) Inline ¶
func (oa *OAuth2ReqAuth) Inline() interface{}
Inline implements the <Inline> interface.
func (*OAuth2ReqAuth) Reference ¶
func (oa *OAuth2ReqAuth) Reference() string
Reference implements the <BackendReference> interface.
func (*OAuth2ReqAuth) Schema ¶
func (oa *OAuth2ReqAuth) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type OIDC ¶
type OIDC struct {
ErrorHandlerSetter
BackendName string `` /* 243-byte string literal not displayed */
ClientID string `hcl:"client_id" docs:"The client identifier."`
ClientSecret string `` /* 127-byte string literal not displayed */
ConfigurationURL string `hcl:"configuration_url" docs:"The OpenID configuration URL."`
JWKsTTL string `hcl:"jwks_ttl,optional" docs:"Time period the JWK set stays valid and may be cached." type:"duration" default:"1h"`
JWKsMaxStale string `` /* 134-byte string literal not displayed */
JWTSigningProfile *JWTSigningProfile `` /* 236-byte string literal not displayed */
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
RedirectURI string `` /* 284-byte string literal not displayed */
Scope string `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
TokenEndpointAuthMethod *string `` /* 585-byte string literal not displayed */
ConfigurationTTL string `` /* 147-byte string literal not displayed */
ConfigurationMaxStale string `` /* 151-byte string literal not displayed */
VerifierMethod string `hcl:"verifier_method,optional" docs:"The method to verify the integrity of the authorization code flow."`
// configuration related backends
ConfigurationBackendName string `` /* 182-byte string literal not displayed */
JWKSBackendName string `` /* 161-byte string literal not displayed */
TokenBackendName string `` /* 159-byte string literal not displayed */
UserinfoBackendName string `` /* 165-byte string literal not displayed */
// internally used
Backends map[string]*hclsyntax.Body
}
OIDC represents an oidc block. The backend block will be used as backend template for all configuration related backends. Backend references along with an anonymous one must match the url with the backend origin definition.
func (*OIDC) ClientAuthenticationRequired ¶
func (*OIDC) GetClientID ¶
func (*OIDC) GetClientSecret ¶
func (*OIDC) GetGrantType ¶
func (*OIDC) GetJWTSigningProfile ¶
func (o *OIDC) GetJWTSigningProfile() *JWTSigningProfile
func (*OIDC) GetRedirectURI ¶
func (*OIDC) GetTokenEndpointAuthMethod ¶
func (*OIDC) Prepare ¶
func (o *OIDC) Prepare(backendFunc PrepareBackendFunc) (err error)
type OpenAPI ¶
type OpenAPI struct {
File string `hcl:"file" docs:"OpenAPI YAML definition file."`
IgnoreRequestViolations bool `hcl:"ignore_request_violations,optional" docs:"Logs request validation results, skips error handling."`
IgnoreResponseViolations bool `hcl:"ignore_response_violations,optional" docs:"Logs response validation results, skips error handling."`
}
OpenAPI represents the <OpenAPI> object.
type PrepareBackendFunc ¶
type Proxy ¶
type Proxy struct {
BackendName string `` /* 197-byte string literal not displayed */
Name string `hcl:"name,label_optional"`
Remain hcl.Body `hcl:",remain"`
ReqName string `` /* 132-byte string literal not displayed */
Websockets *bool `` /* 283-byte string literal not displayed */
// internally used
Backend *hclsyntax.Body
}
Proxy represents the <Proxy> object.
type RateLimiter ¶ added in v1.14.0
type RateLimiter struct {
ErrorHandlerSetter
Name string `hcl:"name,label"`
Period string `hcl:"period" docs:"Defines the rate limit period." type:"duration"`
PerPeriod int `hcl:"per_period" docs:"Defines the number of allowed requests in a period."`
PeriodWindow string `` /* 330-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
}
RateLimiter represents the "beta_rate_limiter" config block
func (*RateLimiter) HCLBody ¶ added in v1.14.0
func (r *RateLimiter) HCLBody() *hclsyntax.Body
HCLBody implements the <Body> interface. Internally used for 'error_handler'.
func (*RateLimiter) Inline ¶ added in v1.14.0
func (r *RateLimiter) Inline() any
func (*RateLimiter) Schema ¶ added in v1.14.0
func (r *RateLimiter) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type Request ¶
type Request struct {
BackendName string `` /* 191-byte string literal not displayed */
Name string `hcl:"name,label_optional"`
Remain hcl.Body `hcl:",remain"`
// Internally used
Backend *hclsyntax.Body
}
Request represents the <Request> object.
func (Request) Inline ¶
func (r Request) Inline() interface{}
Inline implements the <Inline> interface.
type Response ¶
Response represents the <Response> object.
type SAML ¶
type SAML struct {
ErrorHandlerSetter
ArrayAttributes []string `` /* 181-byte string literal not displayed */
IdpMetadataFile string `` /* 142-byte string literal not displayed */
IdpMetadataURL string `` /* 132-byte string literal not displayed */
MetadataTTL string `hcl:"metadata_ttl,optional" docs:"Time period the IdP metadata stays valid and may be cached." type:"duration" default:"1h"`
MetadataMaxStale string `` /* 143-byte string literal not displayed */
BackendName string `` /* 201-byte string literal not displayed */
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
SpAcsURL string `` /* 272-byte string literal not displayed */
SpEntityID string `hcl:"sp_entity_id" docs:"The Service Provider's entity ID."`
// internally used
MetadataBytes []byte
Backend *hclsyntax.Body
}
SAML represents the <SAML> object.
func (*SAML) HCLBody ¶
HCLBody implements the <Body> interface. Internally used for 'error_handler'.
func (*SAML) Prepare ¶ added in v1.14.0
func (s *SAML) Prepare(backendFunc PrepareBackendFunc) (err error)
Prepare implements the BackendInitialization interface.
type Server ¶
type Server struct {
AccessControl []string `` /* 128-byte string literal not displayed */
APIs APIs `hcl:"api,block" docs:"Configures an API (zero or more)."`
BasePath string `hcl:"base_path,optional" docs:"The path prefix for all requests."`
CORS *CORS `hcl:"cors,block" docs:"Configures [CORS](/configuration/block/cors) settings (zero or one)."`
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
Endpoints Endpoints `hcl:"endpoint,block" docs:"Configures a free [endpoint](/configuration/block/endpoint) (zero or more)."`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Files FilesBlocks `hcl:"files,block" docs:"Configures file serving (zero or more)."`
Hosts []string `hcl:"hosts,optional" docs:"Mandatory, if there is more than one {server} block."`
Name string `hcl:"name,label_optional"`
Remain hcl.Body `hcl:",remain"`
SPAs SPAs `hcl:"spa,block" docs:"Configures an SPA (zero or more)."`
TLS *ServerTLS `hcl:"tls,block" docs:"Configures [server TLS](/configuration/block/server_tls) (zero or one)."`
}
Server represents the <Server> object.
type ServerCertificate ¶
type ServerCertificate struct {
Name string `hcl:",label_optional"`
PublicKey string `` /* 128-byte string literal not displayed */
PublicKeyFile string `` /* 168-byte string literal not displayed */
PrivateKey string `` /* 131-byte string literal not displayed */
PrivateKeyFile string `` /* 171-byte string literal not displayed */
}
type ServerTLS ¶
type ServerTLS struct {
// TBA
//Ocsp bool `hcl:"ocsp,optional"`
//OcspTTL string `hcl:"ocsp_ttl,optional" type:"duration" default:"12h"`
ClientCertificate []*ClientCertificate `` /* 128-byte string literal not displayed */
ServerCertificates []*ServerCertificate `` /* 128-byte string literal not displayed */
}
type Settings ¶
type Settings struct {
AcceptForwarded *AcceptForwarded
BindAddresses map[string]string
Certificate []byte
AcceptForwardedURL List `` /* 500-byte string literal not displayed */
BindAddress string `hcl:"bind_address,optional" docs:"A comma-separated list of addresses to bind." default:"*"`
CAFile string `` /* 141-byte string literal not displayed */
DefaultPort int `` /* 150-byte string literal not displayed */
Environment string `hcl:"environment,optional" docs:"The [environment](../command-line#basic-options) Couper is to run in."`
HealthPath string `hcl:"health_path,optional" docs:"Health path for all configured servers and ports." default:"/healthz"`
LogFormat string `hcl:"log_format,optional" docs:"Tab/field based colored logs or JSON logs: {\"common\"} or {\"json\"}." default:"common"`
LogLevel string `` /* 155-byte string literal not displayed */
LogPretty bool `hcl:"log_pretty,optional" docs:"Global option for {json} log format which pretty prints with basic key coloring."`
NoProxyFromEnv bool `` /* 154-byte string literal not displayed */
PProf bool `hcl:"pprof,optional" docs:"Enables [profiling](https://github.com/google/pprof/blob/main/doc/README.md#pprof)."`
PProfPort int `hcl:"pprof_port,optional" docs:"Port for profiling interface." default:"6060"`
RequestIDAcceptFromHeader string `` /* 194-byte string literal not displayed */
RequestIDBackendHeader string `` /* 157-byte string literal not displayed */
RequestIDClientHeader string `` /* 155-byte string literal not displayed */
RequestIDFormat string `` /* 187-byte string literal not displayed */
SecureCookies string `` /* 184-byte string literal not displayed */
SendServerTimings bool `` /* 278-byte string literal not displayed */
TLSDevProxy List `` /* 225-byte string literal not displayed */
TelemetryMetrics bool `hcl:"beta_metrics,optional" docs:"Enables the Prometheus [metrics](/observation/metrics) exporter."`
TelemetryMetricsEndpoint string `hcl:"beta_metrics_endpoint,optional" docs:"" default:""`
TelemetryMetricsExporter string `hcl:"beta_metrics_exporter,optional" docs:"" default:""`
TelemetryMetricsPort int `hcl:"beta_metrics_port,optional" docs:"Prometheus exporter listen port." default:"9090"`
TelemetryServiceName string `` /* 130-byte string literal not displayed */
TelemetryTraces bool `hcl:"beta_traces,optional" docs:"Enables the [OpenTelemetry](/observation/tracing) traces exporter."`
TelemetryTracesEndpoint string `` /* 131-byte string literal not displayed */
TelemetryTracesTrustParent bool `` /* 214-byte string literal not displayed */
TelemetryTracesWithParentOnly bool `` /* 182-byte string literal not displayed */
XForwardedHost bool `hcl:"xfh,optional" docs:"Whether to use the {X-Forwarded-Host} header as the request host."`
}
Settings represents the <Settings> object.
func NewDefaultSettings ¶
func NewDefaultSettings() *Settings
func (*Settings) AcceptsForwardedHost ¶
func (*Settings) AcceptsForwardedPort ¶
func (*Settings) AcceptsForwardedProtocol ¶
func (*Settings) ApplyAcceptForwarded ¶
type Spa ¶
type Spa struct {
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined [access control](../access-control) for {spa} block context."`
BasePath string `hcl:"base_path,optional" docs:"Configures the path prefix for all requests."`
BootStrapDataName string `` /* 130-byte string literal not displayed */
BootstrapData hcl.Expression `hcl:"bootstrap_data,optional" docs:"JSON object which replaces the placeholder from {bootstrap_file} content."`
BootstrapFile string `hcl:"bootstrap_file" docs:"Location of the bootstrap file."`
CORS *CORS `hcl:"cors,block" docs:"Configures [CORS](/configuration/block/cors) settings (zero or one)."`
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
Name string `hcl:"name,label_optional"`
Paths []string `hcl:"paths" docs:"List of SPA paths that need the bootstrap file."`
Remain hcl.Body `hcl:",remain"`
}
Spa represents the <Spa> object.
type Throttle ¶ added in v1.14.0
type Throttle struct {
Mode string `` /* 346-byte string literal not displayed */
Period string `hcl:"period" docs:"Defines the throttle period." type:"duration"`
PerPeriod uint64 `hcl:"per_period" docs:"Defines the number of allowed backend requests in a period."`
PeriodWindow string `` /* 376-byte string literal not displayed */
}
Throttle represents the <config.Throttle> object.
type Throttles ¶ added in v1.14.0
type Throttles []*Throttle
Throttles represents a list of <config.Throttle> objects.
type TokenRequest ¶
type TokenRequest struct {
BackendName string `` /* 197-byte string literal not displayed */
Name string `hcl:"name,label_optional"`
URL string `` /* 154-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
// Internally used
Backend hcl.Body
}
func (*TokenRequest) HCLBody ¶
func (t *TokenRequest) HCLBody() *hclsyntax.Body
HCLBody implements the <Body> interface.
func (*TokenRequest) Inline ¶
func (t *TokenRequest) Inline() interface{}
Inline implements the <Inline> interface.
func (*TokenRequest) Reference ¶
func (t *TokenRequest) Reference() string
Reference implements the <BackendReference> interface.
func (*TokenRequest) Schema ¶
func (t *TokenRequest) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type Websockets ¶
func (Websockets) Inline ¶
func (w Websockets) Inline() interface{}
Inline implements the <Inline> interface.
func (Websockets) Schema ¶
func (w Websockets) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
Source Files
¶
- ac_basic_auth.go
- ac_jwt.go
- ac_oauth2.go
- ac_oidc.go
- ac_rate_limiter.go
- ac_saml.go
- access_control.go
- api.go
- backend.go
- certificate.go
- const.go
- cors.go
- couper.go
- defaults.go
- definitions.go
- duration.go
- endpoint.go
- error_handler.go
- error_handler_setter.go
- field.go
- files.go
- health_check.go
- inline.go
- introspection.go
- job.go
- jwt_signing_profile.go
- oauth2.go
- oauth2ra.go
- openapi.go
- proxy.go
- request.go
- response.go
- server.go
- settings.go
- spa.go
- throttle.go
- tls.go
- token_request.go
- websockets.go
Directories
Click to show internal directories.
Click to hide internal directories.