From 2a09768577786c27a88a6c3641bd90349e289fe9 Mon Sep 17 00:00:00 2001
From: Javi <javier.solis@nullplatform.io>
Date: Mon, 19 Jan 2026 13:22:12 -0300
Subject: [PATCH] feat: implement basic scaffold for avp implementation

---
 .../scripts/generate_authorization_policy     |  0
 avp-authorizer/scripts/generate_cedars        |  0
 avp-authorizer/templates/policies.yaml.tpl    | 26 +++++++++++++++++++
 avp-authorizer/workflows/create.yaml          |  9 +++++++
 4 files changed, 35 insertions(+)
 create mode 100644 avp-authorizer/scripts/generate_authorization_policy
 create mode 100644 avp-authorizer/scripts/generate_cedars
 create mode 100644 avp-authorizer/templates/policies.yaml.tpl
 create mode 100644 avp-authorizer/workflows/create.yaml

diff --git a/avp-authorizer/scripts/generate_authorization_policy b/avp-authorizer/scripts/generate_authorization_policy
new file mode 100644
index 0000000..e69de29
diff --git a/avp-authorizer/scripts/generate_cedars b/avp-authorizer/scripts/generate_cedars
new file mode 100644
index 0000000..e69de29
diff --git a/avp-authorizer/templates/policies.yaml.tpl b/avp-authorizer/templates/policies.yaml.tpl
new file mode 100644
index 0000000..044c23e
--- /dev/null
+++ b/avp-authorizer/templates/policies.yaml.tpl
@@ -0,0 +1,26 @@
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+  name: {{ .service_slug }}-{{ .service_id }}-authz
+  namespace: {{ .k8s_namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .service_slug }}
+    nullplatform.com/service-id: "{{ .service_id }}"
+    nullplatform.com/managed-by: endpoint-exposer
+spec:
+  selector:
+    matchLabels:
+      nullplatform: "true"
+  action: CUSTOM
+  provider:
+    name: {{ .provider_name }}
+  rules:
+  - to:
+    - operation:
+        hosts:
+          - {{ .domain }}
+        methods:
+{{ range .methods }}          - {{ . }}
+{{ end }}        paths:
+{{ range .paths }}          - {{ . }}
+{{ end }}
\ No newline at end of file
diff --git a/avp-authorizer/workflows/create.yaml b/avp-authorizer/workflows/create.yaml
new file mode 100644
index 0000000..7471455
--- /dev/null
+++ b/avp-authorizer/workflows/create.yaml
@@ -0,0 +1,9 @@
+steps:
+  - name: generate_cedars
+    type: script
+    file: "$OVERRIDES_PATH/scripts/generate_cedars"
+    before: apply
+  - name: generate_authorization_policy
+    type: script
+    file: "$OVERRIDES_PATH/scripts/generate_authorization_policy"
+    before: apply