Expose most_specific_header_mutations_wins

[inFocus7]

Description

API/Code changes

• Exposed the most_specific_header_mutation_wins in RouteConfigurations.
• Add RouteTableOptions to TestContext's TestClients
• Add tests for most_specific_header_mutations_wins

Docs changes

• Add section in header manipulation docs bringing up this flag and its behavior

Context

• Users want a way to prioritize the mutation done by a route, instead of one done by a vhost. (more information on the issue Expose Envoy's most_specific_header_mutation_wins field #8690)

Testing steps

./ci/kind/setup-kind.sh

helm install gloo _test/gloo-1.0.0-ci.tgz

kubectl apply -f - << 'EOF' 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 80
    targetPort: 80
  selector:
    app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/kennethreitz/httpbin
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80
EOF

kubectl apply -f - << 'EOF'
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: default
  namespace: default
spec:
  virtualHost:
    domains:
    - '*'
    options:
      headerManipulation:
        responseHeadersToAdd:
        - header:
           key: X-Frame-Options
           value: VSORIGIN
          append: false
    routes:
    - delegateAction:
        selector:
          labels:
            delegate: 'true'
      matchers:
      - prefix: /
EOF

kubectl apply -f - << 'EOF'
apiVersion: gateway.solo.io/v1
kind: RouteTable
metadata:
  labels:
    delegate: 'true'
  name: child
  namespace: default
spec:
  routes:
  - matchers:
    - prefix: /get
    options:
      headerManipulation:
        responseHeadersToAdd:
        - header:
            key: X-Frame-Options
            value: RTORIGIN
          append: false
    routeAction:
      single:
        upstream:
          name: default-httpbin-80
          namespace: default
EOF

kubectl port-forward -n gloo-system deploy/gateway-proxy 8080:8080 & proxynormalPortFwdPid=$!

curl http://localhost:8080/get -v

Notice only the VS header (VSORIGIN) is in the header x-frame-options. This is because we have append: false on the header, therefore it is set to overwrite any headers that came before.

Edit the gateway resource to include spec.routeOptions.mostSpecificHeaderMutationsWins: true field.

curl http://localhost:8080/get -v

Notice that now, only the Route header (RTORIGIN) is in the header x-frame-options. This is because our route config is now set to prioritize the most specific header mutation.

Notes for reviewers

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works

[github-actions]

Visit the preview URL for this PR (updated for commit 263d9c2):

https://gloo-edge--pr8692-feat-expose-most-spe-ju7o68iu.web.app

_{(expires Wed, 27 Sep 2023 18:42:14 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: 77c2b86e287749579b7ff9cadb81e099042ef677}

[solo-changelog-bot]

Issues linked to changelog:
#8690

[sam-heilbron]

I think this is a great use case for a set of e2e tests which show how configuration at the route/vs level bheavior differently based on this setting (ie when are heads actually appended vs overwritten). Since this functionality depends on multiple APIs in the data plane, unit tests alone won't be able to verify this.
The test could then be used as the source of truth for our docs.

[sam-heilbron]

Looking good!

[sam-heilbron]

🚀

[sam-heilbron]

Great work! I confirmed that the tests fail when I remove the translation code, and also when I adjust the value of this field