Modernize opa-envoy-plugin tests

[tjons]

Our envoy-uds tests (https://github.com/open-policy-agent/opa-envoy-plugin/tree/main/examples/envoy-uds) for the opa-envoy-plugin are using a very old version of Envoy Proxy (v1.10.0). We should update this to latest and ensure that everything functions as expected. Unfortunately, just dropping in a newer version of envoy (v1.31.0) fails to start up, so some time will have to be dedicated here to make these tests work correctly.

[srenatus]

FWIW over in EOPA, the plugin code is tested (successfully) with envoyproxy/envoy:v1.31-latest. So I bet it's just a config thing, not a real problem with the code (🤞).

This is opa-envoy-plugins, this is what we use in EOPA:

admin:
  access_log_path: /dev/stdout
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
  - name: listener1
    address:
      socket_address: { address: 0.0.0.0, port_value: 51051 }
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: testsrv
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: testsrv, timeout: { seconds: 60 } }
          http_filters:
          - name: envoy.ext_authz
            typed_config:
              '@type': type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
              transport_api_version: V3
              failure_mode_allow: false
              grpc_service:
                envoy_grpc:
                  cluster_name: opa-envoy
              with_request_body:
                allow_partial_message: true
                max_request_bytes: 1024
                pack_as_bytes: true
          - name: envoy.filters.http.router
            typed_config:
              '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router

  clusters:
  - name: testsrv
    connect_timeout: 1.25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    load_assignment:
      cluster_name: testsrv
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: %[1]s
                port_value: %[3]d
  - name: opa-envoy
    connect_timeout: 1.25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    load_assignment:
      cluster_name: opa-envoy
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: %[1]s
                port_value: %[2]d
layered_runtime:
  layers:
    - name: static_layer_0
      static_layer:
        envoy:
          resource_limits:
            listener:
              example_listener_name:
                connection_limit: 10000
        overload:
          global_downstream_max_connections: 50000

This doesn't test UDS specifically, but maybe it's a starting point for diffing the configs anyways.

[tjons]

@srenatus agreed. I'll work on this soon, but wanted to make a note :)