gateway icon indicating copy to clipboard operation
gateway copied to clipboard
verified publisher icon envoyproxy

Add responseHeadersToAdd functionality to btp & httproutefilter

Open ryanhristovski opened this issue 7 months ago • 1 comments

Adds response headers to direct response in btp and httproutefilter

Example BTP:

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
spec:
  responseOverride:
  - match:
      statusCodes:
      - type: Value
        value: 429
      responseHeadersToAdd:
      - append: true
        name: X-Response-Header-Added
        value: "true"
      statusCode: 429
    response:
      body:
		...

Example HTTPRouteFilter:

kind: HTTPRouteFilter
spec:
  directResponse:
    responseHeadersToAdd:
    - append: true
      name: X-Response-Header-Added
      value: "true"
    statusCode: 200
    body:
      ...

Todo in another PR:

ryanhristovski avatar Jun 13 '25 15:06 ryanhristovski

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 71.08%. Comparing base (5274bb5) to head (27ef476). :warning: Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6308      +/-   ##
==========================================
+ Coverage   71.03%   71.08%   +0.04%     
==========================================
  Files         226      226              
  Lines       40098    40136      +38     
==========================================
+ Hits        28485    28529      +44     
+ Misses       9926     9921       -5     
+ Partials     1687     1686       -1

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Jun 13 '25 15:06 codecov[bot]

@ryanhristovski just a quick follow up - is this still being worked on?

rudrakhp avatar Jul 10 '25 05:07 rudrakhp

@rudrakhp yeah hoping to finish this up by EOW, sorry for the delay

ryanhristovski avatar Jul 10 '25 18:07 ryanhristovski

Because im using the existing ResponseHeadersModifier from upstream, the updated generated btp manifest includes remove, but unfortunately the logic is done in LocalResponsePolicy which doesnt support removal of headers, only adding.

I've added a CEL as discussed w @arkodg to explicitly not allow it

ryanhristovski avatar Jul 10 '25 23:07 ryanhristovski

Tests are failing due to a broken link: [CVE-2021-25740]: https://nvd.nist.gov/vuln/detail/CVE-2021-25740 cc: @zhaohuabing

ryanhristovski avatar Jul 11 '25 14:07 ryanhristovski

Tests are failing due to a broken link: [CVE-2021-25740]: https://nvd.nist.gov/vuln/detail/CVE-2021-25740 cc: @zhaohuabing

@ryanhristovski You can add nvd.nist.gov to LINKINATOR_IGNORE if it keeps failing.

zhaohuabing avatar Jul 12 '25 14:07 zhaohuabing

2025-07-11T13:52:39Z DEBUG controller-runtime.test-env installing CRD {"crd": "backendtrafficpolicies.gateway.envoyproxy.io"} panic: Failed to start testenv: unable to install CRDs onto control plane: unable to create CRD instances: unable to create CRD "backendtrafficpolicies.gateway.envoyproxy.io": CustomResourceDefinition.apiextensions.k8s.io "backendtrafficpolicies.gateway.envoyproxy.io" is invalid: spec.validation.openAPIV3Schema.properties[spec].properties[responseOverride].items.properties[response].x-kubernetes-validations[0].rule: Forbidden: estimated rule cost exceeds budget by factor of 1.048576x (try simplifying the rule, or adding maxItems, maxProperties, and maxLength where arrays, maps, and strings are declared)

This may solve it:

!(has(self.responseHeaderModifier) && 
  has(self.responseHeaderModifier.remove) && 
  size(self.responseHeaderModifier.remove) != 0)

zhaohuabing avatar Jul 14 '25 09:07 zhaohuabing

/retest

ryanhristovski avatar Jul 15 '25 16:07 ryanhristovski

Any updates on this? Anything we can do to help?

jgoodall avatar Jul 30 '25 02:07 jgoodall

@jgoodall our team has deprioritized this, but I can try to get it out for next patch release.

There's just a couple API comments here if you're interested in getting it across the line though! The logic is already ready

ryanhristovski avatar Aug 01 '25 19:08 ryanhristovski

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions!

github-actions[bot] avatar Aug 31 '25 20:08 github-actions[bot]

@jgoodall our team has deprioritized this, but I can try to get it out for next patch release.

There's just a couple API comments here if you're interested in getting it across the line though! The logic is already ready

Hi @ryanhristovski I'll take this forward as we need this feature. Really appreciate all the work you've put in!

zhaohuabing avatar Sep 09 '25 05:09 zhaohuabing

@jgoodall our team has deprioritized this, but I can try to get it out for next patch release. There's just a couple API comments here if you're interested in getting it across the line though! The logic is already ready

Hi @ryanhristovski I'll take this forward as we need this feature. Really appreciate all the work you've put in!

Thanks @zhaohuabing ! Actually, for our use case, this PR has superseded: https://github.com/envoyproxy/gateway/pull/6851

jgoodall avatar Sep 09 '25 13:09 jgoodall