From d0a18983c4d4185e9255180880e84c27098ad112 Mon Sep 17 00:00:00 2001
From: Alfredo Gutierrez <alfredo@swirldslabs.com>
Date: Fri, 29 Mar 2024 20:37:36 -0600
Subject: [PATCH] Changed config of envoy to a template, and added a
 start-envoy.sh script that is run on initialization that creates the actual
 config file using the template and the env config variables

Signed-off-by: Alfredo Gutierrez <alfredo@swirldslabs.com>
---
 .../configs/envoy-auth-template.yaml          | 55 +++++++++++++++++++
 auth-layer-proxy/scripts/start-envoy.sh       |  7 +++
 2 files changed, 62 insertions(+)
 create mode 100644 auth-layer-proxy/configs/envoy-auth-template.yaml
 create mode 100644 auth-layer-proxy/scripts/start-envoy.sh

diff --git a/auth-layer-proxy/configs/envoy-auth-template.yaml b/auth-layer-proxy/configs/envoy-auth-template.yaml
new file mode 100644
index 0000000..aa026ba
--- /dev/null
+++ b/auth-layer-proxy/configs/envoy-auth-template.yaml
@@ -0,0 +1,55 @@
+static_resources:
+  listeners:
+  - name: listener_0
+    address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: ${PROXY_PORT}
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.http_connection_manager
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+          stat_prefix: edge
+          http_filters:
+          - name: envoy.filters.http.lua
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
+              default_source_code: 
+                filename: /etc/envoy/filters/TokenVerificationFilter.lua
+
+          - name: envoy.filters.http.router
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router          
+          route_config:
+            virtual_hosts:
+            - name: all_domains
+              domains: ["*"]
+              routes:
+              - match:
+                  prefix: "/"
+                  headers:
+                    name: ":method"
+                    exact_match: "POST"
+                route:
+                  cluster: upstream_service
+
+  clusters:
+  - name: upstream_service
+    connect_timeout: 5s
+    type: ${SERVICE_TYPE}
+    load_assignment:
+      cluster_name: upstream_service
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: ${SERVICE_ADDRESS}
+                port_value: ${SERVICE_PORT}
+
+admin:
+  address:
+    socket_address:
+      address: 0.0.0.0
+      port_value: ${ENVOY_ADMIN_PORT}
diff --git a/auth-layer-proxy/scripts/start-envoy.sh b/auth-layer-proxy/scripts/start-envoy.sh
new file mode 100644
index 0000000..61d104b
--- /dev/null
+++ b/auth-layer-proxy/scripts/start-envoy.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+# Use envsubst to replace environment variables in the template
+envsubst < /etc/envoy/configs/envoy-auth-template.yaml > /etc/envoy/envoy-config.yaml
+# cat /etc/envoy/envoy-config.yaml
+cat /etc/envoy/envoy-config.yaml
+# Now start Envoy with the processed configuration
+envoy -c /etc/envoy/envoy-config.yaml