Skip to content

Latest commit

 

History

History
47 lines (32 loc) · 2.04 KB

README.md

File metadata and controls

47 lines (32 loc) · 2.04 KB

peptest

Simulates the use of nginx auth_request to defer the authorization decision for each request to the PEP. The flows are as follows...

Nginx auth_request

The scenario is simulated through the following endpoints that are instantiated through docker-compose, see docker-compose.yml...

  • nginx
    Nginx instance configured through this nginx.conf, exposed to the host on port 80
  • pep
    Instance of test program peptest in mode '-auth', which provides the auth_request endpoint and mocks the PEP logic.
    To aid testing, the PEP uses the integer value of the Bearer token to determine the result of the authorization decision, i.e. the http status code to be returned.
  • ades
    Instance of test program peptest in mode '-resource', which provides the Resource Server endpoint and mocks the ADES

nginx.conf

The nginx instance uses the configuration file nginx/nginx.conf, which can be summarised as follows...

  • location /ades
    Proxies to the 'ades' service.
    Specifies auth_request directive using the /authcheck internal endpoint.
  • location /authcheck
    Specifies the handling of the auth_request directive to be deferred to the 'pep' endpoint.

Running the services

Requires docker-compose. The services are started by running...

$ ./run.sh

The peptest image is built, services are up'd, and docker logs runs to see the stdout of the services.

Testing the endpoints

The file requests/requests.http provides sample requests for the various cases - which can be executed, for example, with the vscode REST Client extension - humao.rest-client.

Alternatively, the directory requests/ contains shell scripts to execute equivalent curl commands.

Stopping the services

The scenario is stopped by running...

$ ./stop.sh