ext_authz: allows multiple headers of same name in Denied response

[cfryanr]

Description:

Enhance the ext_authz filter to allow multiple Set-Cookie
headers to be added by a Denied Check response.

Previously, when the Check response contained multiple
headers of the same name, only the last one would be applied
in the http response. Please see full description of problem
in #8649.

Risk Level: Low
Testing: Unit test
Docs Changes: N/A
Release Notes: N/A

Fixes #8649

[repokitteh-read-only]

🤷‍♀️ nothing to rebuild.

🐱

Caused by: a #8668 (comment) was created by @peterhaochen47.

see: more, trace.

[repokitteh-read-only]

🤷‍♀️ nothing to rebuild.

🐱

Caused by: a #8668 (comment) was created by @peterhaochen47.

see: more, trace.

[dio]

/azp run envoy-linux

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[azure-pipelines]

Commenter does not have sufficient privileges for PR 8668 in repo envoyproxy/envoy

[srwaggon]

@dio, we believe the test failures might be unrelated to our changeset.

Could you re-run the test or give us some feedback about why these tests might be failing?

[peterhaochen47]

@lizan We believe the test failures are unrelated. Could you take a look as well?

[dio]

@srwaggon @peterhaochen47 can you try to merge master? Thanks!

[srwaggon]

@dio Thanks for the advice 😄 That did it! This PR looks like it can be merged now with an approval!

[dio]

Looks good, a request for comments.

[dio]

@gsagula could you help to verify this as well? Thanks!

[cfryanr]

Hi @dio and @gsagula,

Thanks for reviewing the PR. Is it ready to be accepted? Is there anything else that we can do to help it get accepted?

I ask because it is blocking the initial release of the new istio-ecosystem authservice project, which needs to be able to set and delete multiple cookies.

Thanks!

[dio]

@cfryanr seems like you need to merge master again. Sorry.

[mattklein123]

/wait

[cfryanr]

Hi @dio. Thanks. I merged master into the fork. There were no merge conflicts.