Use appendAction for translated HeaderValueOptions

[inFocus7]

Description

Envoy has deprecated the append field: ref. So we are now translating to the newer field append_action so users can keep the same functionality as before.

There are four append_action fields:

• APPEND_IF_EXISTS_OR_ADD
  • Appends value if the header exists. Else, adds the header with the key and value.
• ADD_IF_ABSENT
  • Adds the header if it doesn’t already exist. Else, no-op.
• OVERWRITE_IF_EXISTS_OR_ADD
  • Overwrites the value if the header already exists. Else, adds the header with the key and value.
• OVERWRITE_IF_EXISTS
  • ⁣Overwrite the header's value, if it exists. Else, no-op.

As of now, since we're just translating our existing append which is a boolean onto the append_action, we are mapping to two fields as follows:

• append: true => append_action: APPEND_IF_EXISTS_OR_ADD
• append: false => append_action: OVERWRITE_IF_EXISTS_OR_ADD

API/Code changes

• append translates to Envoy's append_action

Context

Users ran into issues where the append field was essentially being ignored.
append has been deprecated in favor of append_action

Testing steps

./ci/kind/setup-kind.sh
helm install gloo _test/gloo-1.0.0-ci.tgz

kubectl apply -f - << 'EOF' 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 80
    targetPort: 80
  selector:
    app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/kennethreitz/httpbin
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80
EOF

kubectl apply -f - << 'EOF'
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: default
  namespace: default
spec:
  virtualHost:
    domains:
    - '*'
    options:
      headerManipulation:
        responseHeadersToAdd:
        - header:
           key: X-Frame-Options
           value: SAMEORIGIN
          append: false
    routes:
    - delegateAction:
        selector:
          labels:
            delegate: 'true'
      matchers:
      - prefix: /
EOF

kubectl apply -f - << 'EOF'
apiVersion: gateway.solo.io/v1
kind: RouteTable
metadata:
  labels:
    delegate: 'true'
  name: child
  namespace: default
spec:
  routes:
  - matchers:
    - prefix: /get
    options:
      headerManipulation:
        responseHeadersToAdd:
        - header:
            key: X-Frame-Options
            value: NEWORIGIN
    routeAction:
      single:
        upstream:
          name: default-httpbin-80
          namespace: default
EOF

kubectl port-forward -n gloo-system deploy/gateway-proxy 8080:8080 & proxynormalPortFwdPid=$!

curl http://localhost:8080/get -v

Notice only the VS header (SAMEORIGIN) is in the header.

kubectl port-forward -n gloo-system deploy/gateway-proxy 19000:19000 & proxyAdminPortFwdPid=$!

Go to: http://localhost:19000/config_dump
Notice the append_action: OVERWRITE_IF_EXISTS_OR_ADD in the Vhost.

Note: If append: true, we'll notice both headers in the curl and we may not see append_action as. the true value is the default value.
Note: Setting append: false on the Route adds the append_action: OVERWRITE_IF_EXISTS_OR_ADD in Envoy, but due to the order that header manipulation gets processed, both headers are returned.

Headers are appended to requests/responses in the following order: weighted cluster level headers, route level headers, virtual host level headers and finally global level headers.

• Envoy Docs

Notes for reviewers

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works

[github-actions]

Visit the preview URL for this PR (updated for commit c8eef51):

https://gloo-edge--pr8678-fix-use-append-actio-pswgy3jy.web.app

_{(expires Mon, 25 Sep 2023 14:23:22 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: 77c2b86e287749579b7ff9cadb81e099042ef677}

[sam-heilbron]

Looking great! Some small thoughts for consolidation that I think we can do. As part of this, should we update our docs about this feature to clarify what the current behavior is?

[solo-changelog-bot]

Issues linked to changelog:
#8525