auth-layer-proxy improvements for envoy configuration configurable #47
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ipt that is run on initialization that creates the actual config file using the template and the env config variables Signed-off-by: Alfredo Gutierrez <[email protected]>
…ipt that is run on initialization that creates the actual config file using the template and the env config variables Signed-off-by: Alfredo Gutierrez <[email protected]>
Wiz Scan Summary
|
AlfredoG87
changed the title
… Scanner on PR review Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
…ssed config in a pretty format. also, fixed the override of the docker-compose.yaml and improvements to the documentation with the latest changes Signed-off-by: Alfredo Gutierrez <[email protected]>
AlfredoG87
added
the
Feature Enhancement
Nana-EC
reviewed
Apr 2, 2024
| echo "ENVOY_ADMIN_PORT: $ENVOY_ADMIN_PORT" | ||
| echo "PROXY_PORT: $PROXY_PORT" | ||
| echo "CLIENT_ID: $CLIENT_ID" | ||
| echo "CLIENT_SECRET: $CLIENT_SECRET" |
There was a problem hiding this comment.
yes, we should not log the secret, maybe we can obfuscate it and only show the last 4 bytes that could be useful for troubleshooting and make sure that the auth-layer-proxy is using the correct configuration values.
There was a problem hiding this comment.
decided to go for the first 4 chars:
it looks something like this:
CLIENT_SECRET: 0cyY******✅ Done! 👍
- alphabeticall ordered when possible the config template - wording improments to README.md - obfuscation of client_secret logs Signed-off-by: Alfredo Gutierrez <[email protected]>
Nana-EC
approved these changes
Apr 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Changed config of envoy to a template, and added a start-envoy.sh script that is run on initialization that creates the actual config file using the template and the env config variables
changes to the
auth-layer-proxyto support configuration on deployment, in preparation for the helm charts./etc/envoy/to keep the standard structure of envoy original image.start-envoy.shscript instead of directly starting the envoy with custom config.docker-compose.ymlwhen running it locallyRelated issue(s):
Fixes #49
Notes for reviewer:
Checklist