Added logs to start-envoy.sh to print the env values, and the proce…

…ssed config in a pretty format.

also, fixed the override of the docker-compose.yaml

and improvements to the documentation with the latest changes

Signed-off-by: Alfredo Gutierrez <[email protected]>

auth-layer-proxy/README.md

@@ -93,16 +93,14 @@ For instructions on how to set-up the Auth Provider using KeyCloak, refer to the
 ### Build the image
 
 ```bash
-
 docker build -t envoy-auth-proxy .
-
 ```
 
 ### Configure the environment
 
 Add Postgres or Redis credentials to the .env file
 
-```
+```bash
 # EnvoyProxy Configuration
 SERVICE_TYPE=LOGICAL_DNS
 SERVICE_ADDRESS=host.docker.internal
@@ -114,26 +112,39 @@ PROXY_PORT=10000
 CLIENT_ID=<clientId>
 CLIENT_SECRET=<client_secret>
 TOKEN_INTROSPECTION_URL=http://host.docker.internal:8080/realms/HederaTheGraph/protocol/openid-connect/token/introspect
-
 ```
 
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `SERVICE_TYPE` | EnvoyProxy Configuration downstream address type, can be `LOGICAL_DNS` for a FQDN or `STATIC` when using an IP address | `LOGICAL_DNS` |
+| `SERVICE_ADDRESS` | EnvoyProxy Configuration downstream address, can be either a FQDN or an IP | `host.docker.internal` |
+| `SERVICE_PORT` | EnvoyProxy Configuration downstream port, this would be the admin port on TheGraph indexer node | `8020` |
+| `ENVOY_ADMIN_PORT` | EnvoyProxy Configuration admin port | `15000` |
+| `PROXY_PORT` | EnvoyProxy Configuration proxy port | `10000` |
+| `CLIENT_ID` | OAuth Client ID, provided by the auth server | `htg-auth-layer` |
+| `CLIENT_SECRET` | OAuth Client Secret, provided by the auth server | `` |
+| `TOKEN_INTROSPECTION_URL` | OAuth Token Introspection URL, provided by the auth server | `http://host.docker.internal:8080/realms/HederaTheGraph/protocol/openid-connect/token/introspect` |
+
+
 ### Configure the details of the service to be proxied on the envoy.yaml
-Edit `envoy-auth.yaml` file with config needs, by default will be proxying/relaying the request to address: `host.docker.internal` and port `8020`
-
-```yaml
-  clusters:
-  - name: local_service
-    connect_timeout: 5s
-    type: LOGICAL_DNS
-    load_assignment:
-      cluster_name: local_service
-      endpoints:
-      - lb_endpoints:
-        - endpoint:
-            address:
-              socket_address:
-                address: host.docker.internal
-                port_value: 8020
+EnvoyProxy needs a configuration file to run, the configuration will be created or updated on the container start, by the `scripts/start-envoy.sh` script, which will create or replace the `envoy-config.yaml` file using the template `configs/envoy-auth-template.yaml` and the environment variables.
+
+It will also print out the configuration as part of the logs for debugging and verification purposes.
+
+Is important to note that if the downstream service that we are protecting, in this case TheGraph, will be accessed by the proxy using a FQDN, the `SERVICE_TYPE` should be set to `LOGICAL_DNS` and the `SERVICE_ADDRESS` should be set to the FQDN of the service, otherwise, if the downstream service is accessed by the proxy using an IP address, the `SERVICE_TYPE` should be set to `STATIC` and the `SERVICE_ADDRESS` should be set to the IP address of the service.
+
+#### Configuration Environment Variables by using DNS or FQDN for the service to be proxied.
+
+```bash
+SERVICE_TYPE=LOGICAL_DNS
+SERVICE_ADDRESS=host.docker.internal
+```
+
+#### Configuration Environment Variables by using IP Address for the service to be proxied.
+
+```bash
+SERVICE_TYPE=STATIC
+SERVICE_ADDRESS=10.100.1.1
 ```
 
 

auth-layer-proxy/docker-compose.yaml

@@ -6,10 +6,10 @@ services:
     command: ["/etc/envoy/start-envoy.sh"]
     env_file:
       - .env
-    volumes:
-      - ./configs/:/etc/envoy/configs/
-      - ./filters/:/etc/envoy/filters/
-      - ./scripts/start-envoy.sh:/start-envoy.sh
+#    volumes:
+#      - ./configs/:/etc/envoy/configs/
+#      - ./filters/:/etc/envoy/filters/
+#      - ./scripts/start-envoy.sh:/etc/envoy/start-envoy.sh
     ports:      
       - "10000:10000"
       - "15000:15000"

auth-layer-proxy/scripts/start-envoy.sh

@@ -1,7 +1,38 @@
 #!/bin/sh
+
+# Set default values for environment variables if they are not already set
+export SERVICE_TYPE=${SERVICE_TYPE:-LOGICAL_DNS}
+export SERVICE_ADDRESS=${SERVICE_ADDRESS:-host.docker.internal}
+export SERVICE_PORT=${SERVICE_PORT:-8020}
+export ENVOY_ADMIN_PORT=${ENVOY_ADMIN_PORT:-15000}
+export PROXY_PORT=${PROXY_PORT:-10000}
+export CLIENT_ID=${CLIENT_ID:-htg-auth-layer}
+export TOKEN_INTROSPECTION_URL=${TOKEN_INTROSPECTION_URL:-http://host.docker.internal:8080/realms/HederaTheGraph/protocol/openid-connect/token/introspect}
+
+# print the environment variables
+echo "----------------------------------------"
+echo "---  Environment variables:          ---"
+echo "----------------------------------------"
+echo "SERVICE_TYPE: $SERVICE_TYPE"
+echo "SERVICE_ADDRESS: $SERVICE_ADDRESS"
+echo "SERVICE_PORT: $SERVICE_PORT"
+echo "ENVOY_ADMIN_PORT: $ENVOY_ADMIN_PORT"
+echo "PROXY_PORT: $PROXY_PORT"
+echo "CLIENT_ID: $CLIENT_ID"
+echo "CLIENT_SECRET: $CLIENT_SECRET"
+echo "TOKEN_INTROSPECTION_URL: $TOKEN_INTROSPECTION_URL"
+echo "----------------------------------------"
+
+
 # Use envsubst to replace environment variables in the template
 envsubst < /etc/envoy/configs/envoy-auth-template.yaml > /etc/envoy/envoy-config.yaml
-# cat /etc/envoy/envoy-config.yaml
+
+# Print the processed configuration
+echo "----------------------------------------"
+echo "---  Processed Envoy configuration:  ---"
+echo "----------------------------------------"
 cat /etc/envoy/envoy-config.yaml
+echo "----------------------------------------"
+
 # Now start Envoy with the processed configuration
 envoy -c /etc/envoy/envoy-config.yaml