1 files changed, 37 insertions, 0 deletions

diff --git a/bin/envoy-shim b/bin/envoy-shim
new file mode 100755
index 0000000..f358631
--- /dev/null
+++ b/bin/envoy-shim
@@ -0,0 +1,37 @@
+#!/bin/sh
+set -e
+
+[ -n "$DEBUG" ] && set -x
+cd "$(dirname "$0")/.."
+
+oidc_scheme=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $1}')
+oidc_host=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $4}')
+yaml=$(sed -e "s/OAUTH_CLIENT_ID/$OAUTH_CLIENT_ID/" etc/envoy/envoy.yaml)
+yaml=$(echo "$yaml" | sed -e "s,https://example.com,$OIDC_ISSUER,")
+yaml=$(echo "$yaml" | sed -e "s/example.com/$oidc_host/")
+
+# For http://gdk.test:3000
+if [ "$oidc_scheme" = "http" ]; then
+  yaml=$(echo "$yaml" | sed -e '/transport_socket:/,+4d')
+  oidc_port=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $5}')
+  yaml=$(echo "$yaml" | sed -e "s/port_value: 443/port_value: $oidc_port/")
+fi
+
+if [ -z "$OAUTH_CLIENT_SECRET" ]; then
+  export OAUTH_CLIENT_SECRET="secret"
+fi
+if [ -z "$HMAC_SESSION_SECRET" ]; then
+  export HMAC_SESSION_SECRET="$OAUTH_CLIENT_SECRET"
+fi
+
+if ! command -v envoy > /dev/null 2>&1; then
+  echo "envoy could not be found: https://www.envoyproxy.io/docs/envoy/latest/start/install"
+  exit 1
+fi
+
+# https://github.com/envoyproxy/envoy/blob/48f93b68232aba15b5b14743a134691926749122//source/common/common/logger.h#L36
+exec envoy \
+  --base-id 0 \
+  --config-yaml "$yaml" \
+  --log-level warn \
+  --component-log-level admin:warn,connection:warn,ext_authz:info,grpc:info,health_checker:warn,http:warn,http2:warn,jwt:warn,oauth2:warn,router:warn,secret:warn,upstream:warn