Simulates the use of nginx auth_request to defer the authorization decision for each request to the PEP. The flows are as follows...
The scenario is simulated through the following endpoints that are instantiated through docker-compose, see docker-compose.yml...
- nginx
Nginx instance configured through this nginx.conf, exposed to the host on port 80 - pep
Instance of test programpeptestin mode'-auth', which provides theauth_requestendpoint and mocks the PEP logic.
To aid testing, the PEP uses the integer value of the Bearer token to determine the result of the authorization decision, i.e. the http status code to be returned. - ades
Instance of test programpeptestin mode'-resource', which provides the Resource Server endpoint and mocks the ADES
The nginx instance uses the configuration file nginx/nginx.conf, which can be summarised as follows...
- location /ades
Proxies to the 'ades' service.
Specifiesauth_requestdirective using the/authcheckinternal endpoint. - location /authcheck
Specifies the handling of theauth_requestdirective to be deferred to the 'pep' endpoint.
Requires docker-compose. The services are started by running...
$ ./run.shThe peptest image is built, services are up'd, and docker logs runs to see the stdout of the services.
The file requests/requests.http provides sample requests for the various cases - which can be executed, for example, with the vscode REST Client extension - humao.rest-client.
Alternatively, the directory requests/ contains shell scripts to execute equivalent curl commands.
The scenario is stopped by running...
$ ./stop.sh