inaiat/auth-service-envoy-filter.yaml

## auth-service-envoy-filter.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: api-key-filter
  namespace: foo
spec:
  workloadLabels:
    app: echoserver
  filters:
    - listenerMatch:
        portNumber: 80
        listenerType: SIDECAR_INBOUND
        listenerProtocol: HTTP
      filterName: envoy.lua
      filterType: HTTP
      filterConfig:
        inlineCode: |
          function envoy_on_request(request_handle)
            request_handle:logWarn("envoy request: api key validation")

            local auth_host = "auth-service.default.svc.cluster.local"
            local cluster = "outbound|80||auth-service.default.svc.cluster.local"
            local auth = request_handle:headers():get("authorization")

            local request_headers = {
              [":method"] = "GET",
              [":path"] = "/apikey/validate",
              [":authority"] = auth_host,
              ["authority"] = request_handle:headers():get(":authority"),
              ["path"] = request_handle:headers():get("x-envoy-original-path"),
              ["method"] = request_handle:headers():get(":method"),
              ["authorization"] = auth
              }

            local request_body = ""
            local timeout = 5000 --ms

            local response_headers, response_body = request_handle:httpCall(
                cluster,
                request_headers,
                request_body,
                timeout
                )

            if tonumber(response_headers[":status"]) == 401 then
              request_handle:logWarn("Unauthorized Request");
              request_handle:respond({[":status"] = response_headers[":status"]}, response_body)
            end

          end
---
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: api-key-filter
	namespace: foo
	spec:
	workloadLabels:
	app: echoserver
	filters:
	- listenerMatch:
	portNumber: 80
	listenerType: SIDECAR_INBOUND
	listenerProtocol: HTTP
	filterName: envoy.lua
	filterType: HTTP
	filterConfig:
	inlineCode: \|
	function envoy_on_request(request_handle)
	request_handle:logWarn("envoy request: api key validation")

	local auth_host = "auth-service.default.svc.cluster.local"
	local cluster = "outbound\|80\|\|auth-service.default.svc.cluster.local"
	local auth = request_handle:headers():get("authorization")

	local request_headers = {
	[":method"] = "GET",
	[":path"] = "/apikey/validate",
	[":authority"] = auth_host,
	["authority"] = request_handle:headers():get(":authority"),
	["path"] = request_handle:headers():get("x-envoy-original-path"),
	["method"] = request_handle:headers():get(":method"),
	["authorization"] = auth
	}

	local request_body = ""
	local timeout = 5000 --ms

	local response_headers, response_body = request_handle:httpCall(
	cluster,
	request_headers,
	request_body,
	timeout
	)

	if tonumber(response_headers[":status"]) == 401 then
	request_handle:logWarn("Unauthorized Request");
	request_handle:respond({[":status"] = response_headers[":status"]}, response_body)
	end

	end
	---