Documentation
¶
Index ¶
- Constants
- Variables
- func AttrValueFromTagField(name string, obj interface{}) string
- func BackendAttrFields(obj interface{}) []string
- func ParseDuration(attribute string, value string, _default time.Duration) (time.Duration, error)
- func WithErrorHandlerSchema(schema *hcl.BodySchema) *hcl.BodySchema
- type API
- type APIs
- type AcceptForwarded
- type AccessControl
- type Backend
- type BackendInitialization
- type BackendReference
- type BasicAuth
- type Body
- type CORS
- type Claims
- type Couper
- type DefaultEnvVars
- type Defaults
- type DefaultsBlock
- type Definitions
- type Endpoint
- type Endpoints
- type ErrorHandler
- type ErrorHandlerGetter
- type ErrorHandlerSetter
- type Files
- type FilesBlocks
- type Headers
- type Health
- type HealthCheck
- type Inline
- type JWT
- type JWTSigningProfile
- type List
- type OAuth2AC
- func (oa *OAuth2AC) ClientAuthenticationRequired() bool
- func (oa *OAuth2AC) GetAuthorizationEndpoint() (string, error)
- func (oa *OAuth2AC) GetClientID() string
- func (oa *OAuth2AC) GetClientSecret() string
- func (oa *OAuth2AC) GetGrantType() string
- func (oa *OAuth2AC) GetScope() string
- func (oa *OAuth2AC) GetTokenEndpoint() (string, error)
- func (oa *OAuth2AC) GetTokenEndpointAuthMethod() *string
- func (oa *OAuth2AC) GetVerifierMethod() (string, error)
- func (oa *OAuth2AC) HCLBody() hcl.Body
- func (oa *OAuth2AC) Inline() interface{}
- func (oa *OAuth2AC) Prepare(backendFunc PrepareBackendFunc) (err error)
- func (oa *OAuth2AC) Reference() string
- func (oa *OAuth2AC) Schema(inline bool) *hcl.BodySchema
- type OAuth2AS
- type OAuth2AcClient
- type OAuth2Authorization
- type OAuth2Client
- type OAuth2ReqAuth
- func (oa *OAuth2ReqAuth) ClientAuthenticationRequired() bool
- func (oa *OAuth2ReqAuth) GetClientID() string
- func (oa *OAuth2ReqAuth) GetClientSecret() string
- func (oa *OAuth2ReqAuth) GetTokenEndpoint() (string, error)
- func (oa *OAuth2ReqAuth) GetTokenEndpointAuthMethod() *string
- func (oa *OAuth2ReqAuth) HCLBody() hcl.Body
- func (oa *OAuth2ReqAuth) Inline() interface{}
- func (oa *OAuth2ReqAuth) Reference() string
- func (oa *OAuth2ReqAuth) Schema(inline bool) *hcl.BodySchema
- type OIDC
- func (o *OIDC) ClientAuthenticationRequired() bool
- func (o *OIDC) GetClientID() string
- func (o *OIDC) GetClientSecret() string
- func (o *OIDC) GetGrantType() string
- func (o *OIDC) GetScope() string
- func (o *OIDC) GetTokenEndpointAuthMethod() *string
- func (o *OIDC) HCLBody() hcl.Body
- func (o *OIDC) Inline() interface{}
- func (o *OIDC) Prepare(backendFunc PrepareBackendFunc) (err error)
- func (o *OIDC) Reference() string
- func (o *OIDC) Schema(inline bool) *hcl.BodySchema
- type OpenAPI
- type PrepareBackendFunc
- type Proxies
- type Proxy
- type RateLimit
- type RateLimits
- type Request
- type Requests
- type Response
- type SAML
- type SPAs
- type Server
- type Servers
- type Settings
- type Spa
- type TokenRequest
- type Websockets
Constants ¶
View Source
const ( ClientCredentials = "client_credentials" JwtBearer = "urn:ietf:params:oauth:grant-type:jwt-bearer" Password = "password" )
View Source
const (
CcmS256 = "ccm_s256"
)
View Source
const DefaultFilename = "couper.hcl"
DefaultFilename defines the default filename for a couper config file.
Variables ¶
View Source
var (
BackendInlineSchema = Backend{}.Schema(true)
)
View Source
var DefaultSettings = Settings{ DefaultPort: 8080, Environment: "", HealthPath: "/healthz", LogFormat: "common", LogLevel: "info", LogPretty: false, NoProxyFromEnv: false, PProf: false, PProfPort: 6060, RequestIDBackendHeader: "Couper-Request-ID", RequestIDClientHeader: "Couper-Request-ID", RequestIDFormat: "common", TelemetryMetricsEndpoint: otelCollectorEndpoint, TelemetryMetricsExporter: "prometheus", TelemetryMetricsPort: 9090, TelemetryServiceName: "couper", TelemetryTracesEndpoint: otelCollectorEndpoint, XForwardedHost: false, AcceptForwardedURL: []string{}, AcceptForwarded: &AcceptForwarded{}, }
DefaultSettings defines the <DefaultSettings> object.
View Source
var OAuthBlockHeaderSchema = hcl.BlockHeaderSchema{
Type: "oauth2",
}
View Source
var OAuthBlockSchema = &hcl.BodySchema{ Blocks: []hcl.BlockHeaderSchema{ OAuthBlockHeaderSchema, }, }
View Source
var (
ResponseInlineSchema = Response{}.Schema(true)
)
View Source
var TokenRequestBlockHeaderSchema = hcl.BlockHeaderSchema{ Type: "beta_token_request", LabelNames: []string{"name"}, LabelOptional: true, }
View Source
var TokenRequestBlockSchema = &hcl.BodySchema{ Blocks: []hcl.BlockHeaderSchema{ TokenRequestBlockHeaderSchema, }, }
View Source
var (
WebsocketsInlineSchema = Websockets{}.Schema(true)
)
Functions ¶
func AttrValueFromTagField ¶ added in v1.9.0
func BackendAttrFields ¶ added in v1.9.0
func BackendAttrFields(obj interface{}) []string
func ParseDuration ¶ added in v1.9.0
func WithErrorHandlerSchema ¶
func WithErrorHandlerSchema(schema *hcl.BodySchema) *hcl.BodySchema
Types ¶
type API ¶
type API struct {
ErrorHandlerSetter
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined [access control](../access-control) for this block."`
AllowedMethods []string `` /* 223-byte string literal not displayed */
BasePath string `hcl:"base_path,optional" docs:"Configures the path prefix for all requests."`
CORS *CORS `hcl:"cors,block"`
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
Endpoints Endpoints `hcl:"endpoint,block"`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Name string `hcl:"name,label,optional"`
Remain hcl.Body `hcl:",remain"`
// internally used
CatchAllEndpoint *Endpoint
RequiredPermission hcl.Expression
}
API represents the <API> object.
type AcceptForwarded ¶
type AcceptForwarded struct {
// contains filtered or unexported fields
}
func (*AcceptForwarded) Set ¶
func (a *AcceptForwarded) Set(forwarded []string) error
func (AcceptForwarded) String ¶
func (a AcceptForwarded) String() string
type AccessControl ¶
AccessControl holds all active and inactive access control references.
func NewAccessControl ¶
func NewAccessControl(ac, dac []string) AccessControl
NewAccessControl creates the container object for ac configuration.
func (AccessControl) List ¶
func (ac AccessControl) List() []string
List returns all active access controls.
func (AccessControl) Merge ¶
func (ac AccessControl) Merge(oac AccessControl) AccessControl
Merge appends control references in order.
type Backend ¶
type Backend struct {
DisableCertValidation bool `hcl:"disable_certificate_validation,optional" docs:"Disables the peer certificate validation."`
DisableConnectionReuse bool `hcl:"disable_connection_reuse,optional" docs:"Disables reusage of connections to the origin."`
Health *Health `hcl:"beta_health,block"`
HTTP2 bool `hcl:"http2,optional" docs:"Enables the HTTP2 support."`
MaxConnections int `` /* 143-byte string literal not displayed */
Name string `hcl:"name,label,optional"`
OpenAPI *OpenAPI `hcl:"openapi,block"`
RateLimits RateLimits `hcl:"beta_rate_limit,block"`
Remain hcl.Body `hcl:",remain"`
}
Backend represents the <Backend> object.
func (Backend) HCLBody ¶
func (b Backend) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (Backend) Inline ¶
func (b Backend) Inline() interface{}
Inline implements the <Inline> interface.
type BackendInitialization ¶ added in v1.9.0
type BackendInitialization interface {
Prepare(backendFunc PrepareBackendFunc) error
}
type BackendReference ¶
type BackendReference interface {
Reference() string
}
BackendReference defines the <BackendReference> interface.
type BasicAuth ¶
type BasicAuth struct {
ErrorHandlerSetter
File string `hcl:"htpasswd_file,optional" docs:"The htpasswd file."`
Name string `hcl:"name,label"`
User string `hcl:"user,optional" docs:"The user name."`
Pass string `hcl:"password,optional" docs:"The corresponding password."`
Realm string `hcl:"realm,optional" docs:"The realm to be sent in a WWW-Authenticate response HTTP header field."`
Remain hcl.Body `hcl:",remain"`
}
BasicAuth represents the "basic_auth" config block
func (*BasicAuth) DefaultErrorHandler ¶
func (b *BasicAuth) DefaultErrorHandler() *ErrorHandler
type CORS ¶
type CORS struct {
AllowedOrigins cty.Value `hcl:"allowed_origins" docs:"An allowed origin or a list of allowed origins."`
AllowCredentials bool `` /* 171-byte string literal not displayed */
Disable bool `hcl:"disable,optional" docs:"Set to {true} to disable the inheritance of CORS from parent context."`
MaxAge string `` /* 191-byte string literal not displayed */
}
CORS represents the <CORS> object.
type Couper ¶
type Couper struct {
Context context.Context
Environment string
Files file.Files
Definitions *Definitions `hcl:"definitions,block"`
Servers Servers `hcl:"server,block"`
Settings *Settings `hcl:"settings,block"`
Defaults *Defaults `hcl:"defaults,block"`
}
Couper represents the <Couper> config object.
type DefaultEnvVars ¶
type Defaults ¶
type Defaults struct {
EnvironmentVariables DefaultEnvVars `hcl:"environment_variables,optional" docs:"One or more environment variable assignments"`
}
type DefaultsBlock ¶
type DefaultsBlock struct {
Defaults *Defaults `hcl:"defaults,block"`
Remain hcl.Body `hcl:",remain"`
}
type Definitions ¶
type Definitions struct {
Backend []*Backend `hcl:"backend,block"`
BasicAuth []*BasicAuth `hcl:"basic_auth,block"`
JWT []*JWT `hcl:"jwt,block"`
JWTSigningProfile []*JWTSigningProfile `hcl:"jwt_signing_profile,block"`
SAML []*SAML `hcl:"saml,block"`
OAuth2AC []*OAuth2AC `hcl:"beta_oauth2,block"`
OIDC []*OIDC `hcl:"oidc,block"`
}
Definitions represents the <Definitions> object.
type Endpoint ¶
type Endpoint struct {
ErrorHandlerSetter
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined access control for this block context."`
AllowedMethods []string `` /* 237-byte string literal not displayed */
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Pattern string `hcl:"pattern,label"`
Proxies Proxies `hcl:"proxy,block"`
Remain hcl.Body `hcl:",remain"`
RequestBodyLimit string `` /* 196-byte string literal not displayed */
Requests Requests `hcl:"request,block"`
Response *Response `hcl:"response,block"`
// internally configured due to multi-label options
RequiredPermission hcl.Expression
Sequences sequence.List
}
Endpoint represents the <Endpoint> object.
func (Endpoint) HCLBody ¶
func (e Endpoint) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
type ErrorHandler ¶
type ErrorHandler struct {
Kinds []string
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Proxies Proxies `hcl:"proxy,block" docs:"[{proxy}](proxy) block definition."`
Remain hcl.Body `hcl:",remain"`
Requests Requests `hcl:"request,block" docs:"[{request}](request) block definition."`
Response *Response `hcl:"response,block" docs:"[{response}](response) block definition."`
}
ErrorHandler represents a subset of Endpoint.
func (ErrorHandler) HCLBody ¶
func (e ErrorHandler) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (ErrorHandler) Inline ¶
func (e ErrorHandler) Inline() interface{}
Inline implements the <Inline> interface.
func (ErrorHandler) Schema ¶
func (e ErrorHandler) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type ErrorHandlerGetter ¶
type ErrorHandlerGetter interface {
DefaultErrorHandler() *ErrorHandler
}
ErrorHandlerGetter defines the <ErrorHandlerGetter> interface.
type ErrorHandlerSetter ¶
type ErrorHandlerSetter struct {
ErrorHandler []*ErrorHandler `hcl:"error_handler,block"`
}
func (*ErrorHandlerSetter) Set ¶
func (ehs *ErrorHandlerSetter) Set(ehConf *ErrorHandler)
type Files ¶
type Files struct {
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined access control for this block context."`
BasePath string `hcl:"base_path,optional" docs:"Configures the path prefix for all requests."`
CORS *CORS `hcl:"cors,block"`
DisableAccessControl []string `hcl:"disable_access_control,optional"`
DocumentRoot string `hcl:"document_root" docs:"Location of the document root (directory)."`
ErrorFile string `hcl:"error_file,optional" docs:"Location of the error file template."`
Name string `hcl:"name,label,optional"`
Remain hcl.Body `hcl:",remain"`
}
Files represents the <Files> object.
type FilesBlocks ¶ added in v1.9.0
type FilesBlocks []*Files
type Health ¶ added in v1.9.0
type Health struct {
FailureThreshold *uint `hcl:"failure_threshold,optional" docs:"failed checks needed to consider backend unhealthy" default:"2"`
Interval string `hcl:"interval,optional" docs:"time interval for recheck" default:"1s"`
Timeout string `hcl:"timeout,optional" docs:"maximum allowed time limit which is bounded by {interval}" default:"1s"`
Path string `hcl:"path,optional" docs:"URL path with query on backend host"`
ExpectedStatus []int `hcl:"expected_status,optional" docs:"one of wanted response status code" default:"[200, 204, 301]"`
ExpectedText string `hcl:"expected_text,optional" docs:"text which the response body must contain"`
Headers Headers `hcl:"headers,optional" docs:"request headers"`
Remain hcl.Body `hcl:",remain"`
}
type HealthCheck ¶ added in v1.9.0
type HealthCheck struct {
Context context.Context
ExpectedStatus map[int]bool
ExpectedText string
FailureThreshold uint
Interval time.Duration
Request *http.Request
RequestUIDFormat string
Timeout time.Duration
}
func NewHealthCheck ¶ added in v1.9.0
func NewHealthCheck(baseURL string, options *Health, conf *Couper) (*HealthCheck, error)
type JWT ¶
type JWT struct {
ErrorHandlerSetter
BackendName string `hcl:"backend,optional" docs:"[{backend} block](backend) reference for enhancing JWKS requests."`
Claims Claims `` /* 166-byte string literal not displayed */
ClaimsRequired []string `hcl:"required_claims,optional" docs:"List of claim names that must be given for a valid token."`
Cookie string `hcl:"cookie,optional" docs:"Read token value from a cookie. Cannot be used together with {header} or {token_value}"`
DisablePrivateCaching bool `` /* 155-byte string literal not displayed */
Header string `` /* 247-byte string literal not displayed */
JWKsURL string `` /* 129-byte string literal not displayed */
JWKsTTL string `hcl:"jwks_ttl,optional" docs:"Time period the JWK set stays valid and may be cached." type:"duration" default:"1h"`
JWKsMaxStale string `` /* 134-byte string literal not displayed */
Key string `hcl:"key,optional" docs:"Public key (in PEM format) for {RS*} and {ES*} variants or the secret for {HS*} algorithm."`
KeyFile string `hcl:"key_file,optional" docs:"Optional file reference instead of {key} usage."`
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
RolesClaim string `` /* 233-byte string literal not displayed */
RolesMap map[string][]string `` /* 144-byte string literal not displayed */
PermissionsClaim string `` /* 216-byte string literal not displayed */
PermissionsMap map[string][]string `` /* 222-byte string literal not displayed */
SignatureAlgorithm string `` /* 135-byte string literal not displayed */
SigningKey string `hcl:"signing_key,optional" docs:"Private key (in PEM format) for {RS*} and {ES*} variants."`
SigningKeyFile string `hcl:"signing_key_file,optional" docs:"Optional file reference instead of {signing_key} usage."`
SigningTTL string `hcl:"signing_ttl,optional" docs:"The token's time-to-live (creates the {exp} claim)." type:"duration"`
TokenValue hcl.Expression `hcl:"token_value,optional" docs:"Expression to obtain the token. Cannot be used together with {cookie} or {header}."`
// Internally used
Backend hcl.Body
}
JWT represents the <JWT> object.
func (*JWT) Prepare ¶ added in v1.9.0
func (j *JWT) Prepare(backendFunc PrepareBackendFunc) (err error)
type JWTSigningProfile ¶
type JWTSigningProfile struct {
Claims Claims `hcl:"claims,optional" docs:"claims for the JWT payload, claim values are evaluated per request"`
Headers hcl.Expression `hcl:"headers,optional" docs:"additional header fields for the JWT, {alg} and {typ} cannot be set"`
Key string `hcl:"key,optional" docs:"private key (in PEM format) for {RS*} and {ES*} variants or the secret for {HS*} algorithms"`
KeyFile string `hcl:"key_file,optional" docs:"optional file reference instead of {key} usage"`
Name string `hcl:"name,label"`
SignatureAlgorithm string `` /* 176-byte string literal not displayed */
TTL string `hcl:"ttl" docs:"The token's time-to-live, creates the {exp} claim"`
// internally used
KeyBytes []byte
}
type OAuth2AC ¶
type OAuth2AC struct {
ErrorHandlerSetter
// AuthorizationEndpoint is used for lib.FnOAuthAuthorizationUrl
AuthorizationEndpoint string `hcl:"authorization_endpoint" docs:"The authorization server endpoint URL used for authorization."`
BackendName string `hcl:"backend,optional" docs:"[{backend} block](backend) reference."`
ClientID string `hcl:"client_id" docs:"The client identifier."`
ClientSecret string `hcl:"client_secret" docs:"The client password."`
GrantType string `hcl:"grant_type" docs:"The grant type. Required, to be set to: {authorization_code}"`
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
Scope *string `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
TokenEndpoint string `hcl:"token_endpoint" docs:"The authorization server endpoint URL used for requesting the token."`
TokenEndpointAuthMethod *string `` /* 337-byte string literal not displayed */
VerifierMethod string `` /* 218-byte string literal not displayed */
// internally used
Backend hcl.Body
}
OAuth2AC represents an oauth2 block for an OAuth2 client using the authorization code flow.
func (*OAuth2AC) ClientAuthenticationRequired ¶ added in v1.10.0
func (*OAuth2AC) GetAuthorizationEndpoint ¶
func (*OAuth2AC) GetClientID ¶
func (*OAuth2AC) GetClientSecret ¶
func (*OAuth2AC) GetGrantType ¶
func (*OAuth2AC) GetTokenEndpoint ¶
func (*OAuth2AC) GetTokenEndpointAuthMethod ¶
func (*OAuth2AC) GetVerifierMethod ¶
GetVerifierMethod retrieves the verifier method (ccm_s256 or state)
func (*OAuth2AC) HCLBody ¶
func (oa *OAuth2AC) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (*OAuth2AC) Inline ¶
func (oa *OAuth2AC) Inline() interface{}
Inline implements the <Inline> interface.
func (*OAuth2AC) Prepare ¶ added in v1.9.0
func (oa *OAuth2AC) Prepare(backendFunc PrepareBackendFunc) (err error)
type OAuth2AcClient ¶
type OAuth2AcClient interface {
OAuth2Client
GetGrantType() string
// GetVerifierMethod retrieves the verifier method (ccm_s256, nonce or state)
GetVerifierMethod() (string, error)
}
OAuth2AcClient represents the client configuration for OAuth2 clients using the authorization code flow.
type OAuth2Authorization ¶
type OAuth2Authorization interface {
Inline
GetAuthorizationEndpoint() (string, error)
GetClientID() string
GetScope() string
GetVerifierMethod() (string, error)
}
OAuth2Authorization represents the configuration for the OAuth2 authorization URL function
type OAuth2Client ¶
type OAuth2Client interface {
Inline
ClientAuthenticationRequired() bool
GetClientID() string
GetClientSecret() string
GetTokenEndpointAuthMethod() *string
}
OAuth2Client represents the client configuration for OAuth2 clients.
type OAuth2ReqAuth ¶
type OAuth2ReqAuth struct {
AssertionExpr hcl.Expression `` /* 147-byte string literal not displayed */
BackendName string `hcl:"backend,optional" docs:"[{backend} block](backend) reference."`
ClientID string `` /* 137-byte string literal not displayed */
ClientSecret string `` /* 139-byte string literal not displayed */
GrantType string `` /* 127-byte string literal not displayed */
Password string `hcl:"password,optional" docs:"The (service account's) password (for password flow). Required if grant_type is {password}."`
Remain hcl.Body `hcl:",remain"`
Retries *uint8 `` /* 169-byte string literal not displayed */
Scope string `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
TokenEndpoint string `hcl:"token_endpoint,optional" docs:"URL of the token endpoint at the authorization server."`
TokenEndpointAuthMethod *string `` /* 147-byte string literal not displayed */
Username string `hcl:"username,optional" docs:"The (service account's) username (for password flow). Required if grant_type is {password}."`
}
OAuth2ReqAuth represents the oauth2 block in a backend block.
func (*OAuth2ReqAuth) ClientAuthenticationRequired ¶ added in v1.10.0
func (oa *OAuth2ReqAuth) ClientAuthenticationRequired() bool
func (*OAuth2ReqAuth) GetClientID ¶
func (oa *OAuth2ReqAuth) GetClientID() string
func (*OAuth2ReqAuth) GetClientSecret ¶
func (oa *OAuth2ReqAuth) GetClientSecret() string
func (*OAuth2ReqAuth) GetTokenEndpoint ¶
func (oa *OAuth2ReqAuth) GetTokenEndpoint() (string, error)
func (*OAuth2ReqAuth) GetTokenEndpointAuthMethod ¶
func (oa *OAuth2ReqAuth) GetTokenEndpointAuthMethod() *string
func (*OAuth2ReqAuth) HCLBody ¶
func (oa *OAuth2ReqAuth) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (*OAuth2ReqAuth) Inline ¶
func (oa *OAuth2ReqAuth) Inline() interface{}
Inline implements the <Inline> interface.
func (*OAuth2ReqAuth) Reference ¶
func (oa *OAuth2ReqAuth) Reference() string
Reference implements the <BackendReference> interface.
func (*OAuth2ReqAuth) Schema ¶
func (oa *OAuth2ReqAuth) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type OIDC ¶
type OIDC struct {
ErrorHandlerSetter
BackendName string `` /* 182-byte string literal not displayed */
ClientID string `hcl:"client_id" docs:"The client identifier."`
ClientSecret string `hcl:"client_secret" docs:"The client password."`
ConfigurationURL string `hcl:"configuration_url" docs:"The OpenID configuration URL."`
JWKsTTL string `hcl:"jwks_ttl,optional" docs:"Time period the JWK set stays valid and may be cached." type:"duration" default:"1h"`
JWKsMaxStale string `` /* 134-byte string literal not displayed */
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
Scope *string `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
TokenEndpointAuthMethod *string `` /* 337-byte string literal not displayed */
ConfigurationTTL string `` /* 147-byte string literal not displayed */
ConfigurationMaxStale string `` /* 151-byte string literal not displayed */
VerifierMethod string `hcl:"verifier_method,optional" docs:"The method to verify the integrity of the authorization code flow."`
// configuration related backends
ConfigurationBackendName string `hcl:"configuration_backend,optional"`
JWKSBackendName string `hcl:"jwks_uri_backend,optional"`
TokenBackendName string `hcl:"token_backend,optional"`
UserinfoBackendName string `hcl:"userinfo_backend,optional"`
// internally used
Backends map[string]hcl.Body
}
OIDC represents an oidc block. The backend block will be used as backend template for all configuration related backends. Backend references along with an anonymous one must match the url with the backend origin definition.
func (*OIDC) ClientAuthenticationRequired ¶ added in v1.10.0
func (*OIDC) GetClientID ¶
func (*OIDC) GetClientSecret ¶
func (*OIDC) GetGrantType ¶
func (*OIDC) GetTokenEndpointAuthMethod ¶
func (*OIDC) Prepare ¶ added in v1.9.0
func (o *OIDC) Prepare(backendFunc PrepareBackendFunc) (err error)
type OpenAPI ¶
type OpenAPI struct {
File string `hcl:"file" docs:"OpenAPI YAML definition file"`
IgnoreRequestViolations bool `hcl:"ignore_request_violations,optional" docs:"logs request validation results, skips error handling"`
IgnoreResponseViolations bool `hcl:"ignore_response_violations,optional" docs:"logs response validation results, skips error handling"`
}
OpenAPI represents the <OpenAPI> object.
type PrepareBackendFunc ¶ added in v1.9.0
type Proxy ¶
type Proxy struct {
BackendName string `hcl:"backend,optional" docs:"backend block reference"`
Name string `hcl:"name,label,optional"`
Remain hcl.Body `hcl:",remain"`
Websockets *bool `` /* 239-byte string literal not displayed */
// internally used
Backend hcl.Body
}
Proxy represents the <Proxy> object.
type RateLimit ¶ added in v1.10.0
type RateLimit struct {
Mode string `` /* 341-byte string literal not displayed */
Period string `hcl:"period" docs:"Defines the rate limit period." type:"duration"`
PerPeriod uint `hcl:"per_period" docs:"Defines the number of allowed backend requests in a period."`
PeriodWindow string `` /* 374-byte string literal not displayed */
}
RateLimit represents the <config.RateLimit> object.
type RateLimits ¶ added in v1.10.0
type RateLimits []*RateLimit
RateLimits represents a list of <config.RateLimits> objects.
type Request ¶
type Request struct {
BackendName string `` /* 168-byte string literal not displayed */
Name string `hcl:"name,label,optional"`
Remain hcl.Body `hcl:",remain"`
// Internally used
Backend hcl.Body
}
Request represents the <Request> object.
func (Request) HCLBody ¶
func (r Request) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (Request) Inline ¶
func (r Request) Inline() interface{}
Inline implements the <Inline> interface.
type Response ¶
type Response struct {
Remain hcl.Body `hcl:",remain"`
}
Response represents the <Response> object.
func (Response) HCLBody ¶
func (r Response) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
type SAML ¶
type SAML struct {
ErrorHandlerSetter
ArrayAttributes []string `` /* 181-byte string literal not displayed */
IdpMetadataFile string `hcl:"idp_metadata_file" docs:"File reference to the Identity Provider metadata XML file."`
Name string `hcl:"name,label"`
Remain hcl.Body `hcl:",remain"`
SpAcsUrl string `` /* 282-byte string literal not displayed */
SpEntityId string `hcl:"sp_entity_id" docs:"The Service Provider's entity ID."`
// internally used
MetadataBytes []byte
}
SAML represents the <SAML> object.
type Server ¶
type Server struct {
AccessControl []string `hcl:"access_control,optional" docs:"[access controls](../access-control) to protect the server. Inherited by nested blocks."`
APIs APIs `hcl:"api,block"`
BasePath string `hcl:"base_path,optional" docs:"the path prefix for all requests"`
CORS *CORS `hcl:"cors,block"`
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"disables access controls by name"`
Endpoints Endpoints `hcl:"endpoint,block"`
ErrorFile string `hcl:"error_file,optional" docs:"location of the error file template"`
Files FilesBlocks `hcl:"files,block"`
Hosts []string `hcl:"hosts,optional" docs:""`
Name string `hcl:"name,label,optional"`
Remain hcl.Body `hcl:",remain"`
SPAs SPAs `hcl:"spa,block"`
}
Server represents the <Server> object.
func (Server) HCLBody ¶
func (s Server) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
type Settings ¶
type Settings struct {
AcceptForwarded *AcceptForwarded
Certificate []byte
CAFile string `` /* 140-byte string literal not displayed */
AcceptForwardedURL []string `` /* 489-byte string literal not displayed */
DefaultPort int `` /* 150-byte string literal not displayed */
Environment string `hcl:"environment,optional" docs:"[environment](../command-line#global-options) Couper is to run in"`
HealthPath string `hcl:"health_path,optional" docs:"Health path for all configured servers and ports" default:"/healthz"`
LogFormat string `hcl:"log_format,optional" docs:"tab/field based colored logs or JSON logs: {\"common\"} or {\"json\"}" default:"common"`
LogLevel string `` /* 154-byte string literal not displayed */
LogPretty bool `hcl:"log_pretty,optional" docs:"global option for {json} log format which pretty prints with basic key coloring"`
NoProxyFromEnv bool `` /* 153-byte string literal not displayed */
PProf bool `hcl:"pprof,optional" docs:"enables profiling (https://github.com/google/pprof/blob/main/doc/README.md#pprof)"`
PProfPort int `hcl:"pprof_port,optional" docs:"Port for profiling interface" default:"6060"`
RequestIDAcceptFromHeader string `` /* 193-byte string literal not displayed */
RequestIDBackendHeader string `` /* 156-byte string literal not displayed */
RequestIDClientHeader string `` /* 154-byte string literal not displayed */
RequestIDFormat string `` /* 174-byte string literal not displayed */
SecureCookies string `` /* 170-byte string literal not displayed */
TLSDevProxy List `` /* 225-byte string literal not displayed */
TelemetryMetrics bool `hcl:"beta_metrics,optional" docs:"enables the Prometheus [metrics](/observation/metrics) exporter"`
TelemetryMetricsEndpoint string `hcl:"beta_metrics_endpoint,optional" docs:"" default:""`
TelemetryMetricsExporter string `hcl:"beta_metrics_exporter,optional" docs:"" default:""`
TelemetryMetricsPort int `hcl:"beta_metrics_port,optional" docs:"Prometheus exporter listen port" default:"9090"`
TelemetryServiceName string `hcl:"beta_service_name,optional" docs:"service name which applies to the {service_name} metric labels" default:"couper"`
TelemetryTraces bool `hcl:"beta_traces,optional" docs:"" default:""`
TelemetryTracesEndpoint string `hcl:"beta_traces_endpoint,optional" docs:"" default:""`
XForwardedHost bool `hcl:"xfh,optional" docs:"whether to use the {X-Forwarded-Host} header as the request host"`
}
Settings represents the <Settings> object.
func (*Settings) AcceptsForwardedHost ¶
func (*Settings) AcceptsForwardedPort ¶
func (*Settings) AcceptsForwardedProtocol ¶
func (*Settings) SetAcceptForwarded ¶
type Spa ¶
type Spa struct {
AccessControl []string `hcl:"access_control,optional" docs:"Sets predefined [access control](../access-control) for {spa} block context."`
BasePath string `hcl:"base_path,optional" docs:"Configures the path prefix for all requests."`
BootstrapFile string `hcl:"bootstrap_file" docs:"Location of the bootstrap file."`
CORS *CORS `hcl:"cors,block" docs:"Configure [CORS](cors) settings."`
DisableAccessControl []string `hcl:"disable_access_control,optional" docs:"Disables access controls by name."`
Name string `hcl:"name,label,optional"`
Paths []string `hcl:"paths" docs:"List of SPA paths that need the bootstrap file."`
Remain hcl.Body `hcl:",remain"`
}
Spa represents the <Spa> object.
type TokenRequest ¶ added in v1.10.0
type TokenRequest struct {
BackendName string `hcl:"backend,optional" docs:"backend block reference is required if no backend block is defined"`
Name string `hcl:"name,label,optional"`
URL string `` /* 142-byte string literal not displayed */
Remain hcl.Body `hcl:",remain"`
// Internally used
Backend hcl.Body
}
func (*TokenRequest) HCLBody ¶ added in v1.10.0
func (t *TokenRequest) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (*TokenRequest) Inline ¶ added in v1.10.0
func (t *TokenRequest) Inline() interface{}
Inline implements the <Inline> interface.
func (*TokenRequest) Reference ¶ added in v1.10.0
func (t *TokenRequest) Reference() string
Reference implements the <BackendReference> interface.
func (*TokenRequest) Schema ¶ added in v1.10.0
func (t *TokenRequest) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
type Websockets ¶
type Websockets struct {
Remain hcl.Body `hcl:",remain"`
}
func (Websockets) HCLBody ¶
func (w Websockets) HCLBody() hcl.Body
HCLBody implements the <Inline> interface.
func (Websockets) Inline ¶
func (w Websockets) Inline() interface{}
Inline implements the <Inline> interface.
func (Websockets) Schema ¶
func (w Websockets) Schema(inline bool) *hcl.BodySchema
Schema implements the <Inline> interface.
Source Files
¶
- ac_basic_auth.go
- ac_jwt.go
- ac_oauth2.go
- ac_oidc.go
- ac_saml.go
- access_control.go
- api.go
- backend.go
- cors.go
- couper.go
- defaults.go
- definitions.go
- duration.go
- endpoint.go
- error_handler.go
- error_handler_setter.go
- field.go
- files.go
- health_check.go
- inline.go
- jwt_signing_profile.go
- oauth2.go
- oauth2ra.go
- openapi.go
- proxy.go
- rate_limit.go
- request.go
- response.go
- server.go
- settings.go
- spa.go
- token_request.go
- websockets.go
Directories
Click to show internal directories.
Click to hide internal directories.