diff options
Diffstat (limited to 'bin/envoy.sh')
| -rwxr-xr-x | bin/envoy.sh | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/bin/envoy.sh b/bin/envoy.sh new file mode 100755 index 0000000..a123c62 --- /dev/null +++ b/bin/envoy.sh @@ -0,0 +1,33 @@ +#!/bin/sh +set -e + +[ -n "$DEBUG" ] && set -x + +oidc_scheme=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $1}') +oidc_host=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $4}') +yaml=$(sed -e "s/OAUTH_CLIENT_ID/$OAUTH_CLIENT_ID/" /etc/envoy/envoy.yaml) +yaml=$(echo "$yaml" | sed -e "s,https://example.com,$OIDC_ISSUER,") +yaml=$(echo "$yaml" | sed -e "s/example.com/$oidc_host/") + +# For http://gdk.test:3000 +if [ "$oidc_scheme" = "http" ]; then + yaml=$(echo "$yaml" | sed -e '/transport_socket:/,+4d') + oidc_port=$(echo "$OIDC_ISSUER" | awk -F[/:] '{print $5}') + yaml=$(echo "$yaml" | sed -e "s/port_value: 443/port_value: $oidc_port/") +fi + +# I need an adult with access to vault to set this +if [ -z "$OAUTH_CLIENT_SECRET" ]; then + export OAUTH_CLIENT_SECRET="secret" +fi + +# and this. +if [ -z "$HMAC_SESSION_SECRET" ]; then + export HMAC_SESSION_SECRET="$OAUTH_CLIENT_SECRET" +fi + +echo "[$(date "+%H:%M:%S")] ==> Starting…" +envoy \ + --config-yaml "$yaml" \ + --log-level warn \ + --component-log-level oauth2:trace |