Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.14] Expose most_specific_header_mutations wins and use append_action #8705

Merged
merged 8 commits into from
Sep 21, 2023
Merged

[1.14] Expose most_specific_header_mutations wins and use append_action #8705

merged 8 commits into from
Sep 21, 2023

Conversation

inFocus7
Copy link
Contributor

@inFocus7 inFocus7 commented Sep 20, 2023
edited
Loading

backport of #8678 + #8692

Description

API/Code changes

  • Exposed the most_specific_header_mutation_wins in RouteConfigurations.
  • Add RouteTableOptions to TestContext's TestClients
  • Add tests for most_specific_header_mutations_wins
  • append translates to Envoy's append_action
    • append: true => append_action: APPEND_IF_EXISTS_OR_ADD
    • append: false => append_action: OVERWRITE_IF_EXISTS_OR_ADD

Docs changes

  • Update header manipulation docs information.
  • Add section in header manipulation docs bringing up this flag and its behavior

Context

  • Users want a way to prioritize the mutation done by a route, instead of one done by a vhost.

Testing steps

./ci/kind/setup-kind.sh
helm install gloo _test/gloo-1.0.0-ci.tgz
kubectl apply -f - << 'EOF' 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 80
    targetPort: 80
  selector:
    app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/kennethreitz/httpbin
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80
EOF
kubectl apply -f - << 'EOF'
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: default
  namespace: default
spec:
  virtualHost:
    domains:
    - '*'
    options:
      headerManipulation:
        responseHeadersToAdd:
        - header:
           key: X-Frame-Options
           value: VSORIGIN
          append: false
    routes:
    - delegateAction:
        selector:
          labels:
            delegate: 'true'
      matchers:
      - prefix: /
EOF
kubectl apply -f - << 'EOF'
apiVersion: gateway.solo.io/v1
kind: RouteTable
metadata:
  labels:
    delegate: 'true'
  name: child
  namespace: default
spec:
  routes:
  - matchers:
    - prefix: /get
    options:
      headerManipulation:
        responseHeadersToAdd:
        - header:
            key: X-Frame-Options
            value: RTORIGIN
          append: false
    routeAction:
      single:
        upstream:
          name: default-httpbin-80
          namespace: default
EOF
kubectl port-forward -n gloo-system deploy/gateway-proxy 8080:8080 & proxynormalPortFwdPid=$!

curl http://localhost:8080/get -v

Notice only the VS header (VSORIGIN) is in the header x-frame-options. This is because we have append: false on the header, therefore it is set to overwrite any headers that came before.

Edit the gateway resource to include spec.routeOptions.mostSpecificHeaderMutationsWins: true field.

curl http://localhost:8080/get -v

Notice that now, only the Route header (RTORIGIN) is in the header x-frame-options. This is because our route config is now set to prioritize the most specific header mutation.

Notes for reviewers

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

inFocus7 and others added 2 commits September 20, 2023 14:18
@inFocus7 @soloio-bulldozer @artberger
Use appendAction for translated HeaderValueOptions (#8678)
97478fe 
* update header value options to convert append to envoy v3's append action

* update tests to expect appendAction

* remove focused test

* Update append description

* add changelog

* add extra informatnion on header append/removal docs

* Apply suggestions from code review

Co-authored-by: Art <artberger@users.noreply.github.com>

* Update docs/content/guides/traffic_management/request_processing/append_remove_headers/_index.md

Co-authored-by: Art <artberger@users.noreply.github.com>

* Update docs/content/guides/traffic_management/request_processing/append_remove_headers/_index.md

Co-authored-by: Art <artberger@users.noreply.github.com>

---------

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: Art <artberger@users.noreply.github.com>
@inFocus7
update changelog
76b84b6
@inFocus7 inFocus7 added the work in progress signals bulldozer to keep pr open (don't auto-merge) label Sep 20, 2023
@inFocus7 inFocus7 requested a review from a team as a code owner September 20, 2023 18:19
@github-actions github-actions bot added the keep pr updated signals bulldozer to keep pr up to date with base branch label Sep 20, 2023
@solo-changelog-bot
Copy link

Issues linked to changelog:
#8525
#8690

inFocus7 and others added 3 commits September 21, 2023 11:18
@inFocus7 @soloio-bulldozer @artberger
Expose most_specific_header_mutations_wins (#8692)
c94241e 
* add most_specific_header_mutations_wins route config option

* translate and add MostSpecificHeaderMutationsWins to translator_test

* add changelog

* add skipCI-kube-tests:true directive

* add header manipulation order e2e tests and expose routeTable in testContext's testClients

* codegen

* Add section in docs to include mostSpecificHeaderMutationsWins

* remove skipCI-kube-tests:true directive

* review comment updates

* Apply suggestions from code review

Co-authored-by: Art <artberger@users.noreply.github.com>

* review comment updates pt 2

---------

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: Art <artberger@users.noreply.github.com>
@inFocus7
codegen
8828d7b
@inFocus7
remove ContainHeaderKeys from header tests
95764d8
inFocus7
inFocus7 commented Sep 21, 2023
View reviewed changes
changelog/v1.14.20/append-action-and-most-specific-header-mutations-wins.yaml
description: >-
Translate header manipulation's `append` to Envoy's `append_action`, the newer non-deprecated field.
skipCI-kube-tests:true
- type: FIX
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FIX, as it's a backport so we can't use NEW_FEATURE, but want this change to be visible to users.

@inFocus7 inFocus7 removed the work in progress signals bulldozer to keep pr open (don't auto-merge) label Sep 21, 2023
@soloio-bulldozer soloio-bulldozer bot merged commit 57f3dac into v1.14.x Sep 21, 2023
14 checks passed
@soloio-bulldozer soloio-bulldozer bot deleted the 1.14-most-specific-header-mutations-wins-and-append-action branch September 21, 2023 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidjumani davidjumani davidjumani approved these changes

@artberger artberger artberger approved these changes

Assignees
No one assigned
Labels
keep pr updated signals bulldozer to keep pr up to date with base branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@inFocus7 @davidjumani @artberger