feat: support custom redirects (envoyproxy#6295)

Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

Author: rudrakhp

api/v1alpha1/shared_types.go

@@ -820,8 +820,10 @@ type CustomRedirect struct {
 	// Path defines parameters used to modify the path of the incoming request.
 	// The modified path is then used to construct the `Location` header. When
 	// empty, the request path is used as-is.
+	// Only ReplaceFullPath path modifier is supported currently.
 	//
 	// +optional
+	// +kubebuilder:validation:XValidation:message="only ReplaceFullPath is supported for path.type",rule="self.type == 'ReplaceFullPath'"
 	Path *gwapiv1.HTTPPathModifier `json:"path,omitempty"`
 
 	// Port is the port to be used in the value of the `Location`

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

@@ -1342,6 +1342,7 @@ spec:
                             Path defines parameters used to modify the path of the incoming request.
                             The modified path is then used to construct the `Location` header. When
                             empty, the request path is used as-is.
+                            Only ReplaceFullPath path modifier is supported currently.
                           properties:
                             replaceFullPath:
                               description: |-
@@ -1388,6 +1389,8 @@ spec:
                           - type
                           type: object
                           x-kubernetes-validations:
+                          - message: only ReplaceFullPath is supported for path.type
+                            rule: self.type == 'ReplaceFullPath'
                           - message: replaceFullPath must be specified when type is
                               set to 'ReplaceFullPath'
                             rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)

charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

@@ -1341,6 +1341,7 @@ spec:
                             Path defines parameters used to modify the path of the incoming request.
                             The modified path is then used to construct the `Location` header. When
                             empty, the request path is used as-is.
+                            Only ReplaceFullPath path modifier is supported currently.
                           properties:
                             replaceFullPath:
                               description: |-
@@ -1387,6 +1388,8 @@ spec:
                           - type
                           type: object
                           x-kubernetes-validations:
+                          - message: only ReplaceFullPath is supported for path.type
+                            rule: self.type == 'ReplaceFullPath'
                           - message: replaceFullPath must be specified when type is
                               set to 'ReplaceFullPath'
                             rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)

internal/gatewayapi/backendtrafficpolicy.go

@@ -1051,25 +1051,52 @@ func buildResponseOverride(policy *egv1a1.BackendTrafficPolicy, resources *resou
 			}
 		}
 
-		response := ir.CustomResponse{
-			ContentType: ro.Response.ContentType,
-		}
+		if ro.Redirect != nil {
+			redirect := &ir.Redirect{
+				Scheme: ro.Redirect.Scheme,
+			}
+			if ro.Redirect.Path != nil {
+				redirect.Path = &ir.HTTPPathModifier{
+					FullReplace:        ro.Redirect.Path.ReplaceFullPath,
+					PrefixMatchReplace: ro.Redirect.Path.ReplacePrefixMatch,
+				}
+			}
+			if ro.Redirect.Hostname != nil {
+				redirect.Hostname = ptr.To(string(*ro.Redirect.Hostname))
+			}
+			if ro.Redirect.Port != nil {
+				redirect.Port = ptr.To(uint32(*ro.Redirect.Port))
+			}
+			if ro.Redirect.StatusCode != nil {
+				redirect.StatusCode = ptr.To(int32(*ro.Redirect.StatusCode))
+			}
 
-		if ro.Response.StatusCode != nil {
-			response.StatusCode = ptr.To(uint32(*ro.Response.StatusCode))
-		}
+			rules = append(rules, ir.ResponseOverrideRule{
+				Name:     defaultResponseOverrideRuleName(policy, index),
+				Match:    match,
+				Redirect: redirect,
+			})
+		} else {
+			response := &ir.CustomResponse{
+				ContentType: ro.Response.ContentType,
+			}
 
-		var err error
-		response.Body, err = getCustomResponseBody(ro.Response.Body, resources, policy.Namespace)
-		if err != nil {
-			return nil, err
-		}
+			if ro.Response.StatusCode != nil {
+				response.StatusCode = ptr.To(uint32(*ro.Response.StatusCode))
+			}
 
-		rules = append(rules, ir.ResponseOverrideRule{
-			Name:     defaultResponseOverrideRuleName(policy, index),
-			Match:    match,
-			Response: response,
-		})
+			var err error
+			response.Body, err = getCustomResponseBody(ro.Response.Body, resources, policy.Namespace)
+			if err != nil {
+				return nil, err
+			}
+
+			rules = append(rules, ir.ResponseOverrideRule{
+				Name:     defaultResponseOverrideRuleName(policy, index),
+				Match:    match,
+				Response: response,
+			})
+		}
 	}
 	return &ir.ResponseOverride{
 		Name:  irConfigName(policy),

internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.in.yaml

@@ -81,6 +81,25 @@ httpRoutes:
           backendRefs:
             - name: service-1
               port: 8080
+  - apiVersion: gateway.networking.k8s.io/v1
+    kind: HTTPRoute
+    metadata:
+      namespace: default
+      name: httproute-3
+    spec:
+      hostnames:
+        - bar.envoyproxy.io
+      parentRefs:
+        - namespace: default
+          name: gateway-2
+          sectionName: http
+      rules:
+        - matches:
+            - path:
+                value: "/"
+          backendRefs:
+            - name: service-1
+              port: 8080
 configMaps:
   - apiVersion: v1
     kind: ConfigMap
@@ -178,3 +197,25 @@ backendTrafficPolicies:
               - value: 403
           response:
             statusCode: 401
+  - apiVersion: gateway.envoyproxy.io/v1alpha1
+    kind: BackendTrafficPolicy
+    metadata:
+      namespace: default
+      name: policy-for-route-3
+    spec:
+      targetRef:
+        group: gateway.networking.k8s.io
+        kind: HTTPRoute
+        name: httproute-3
+      responseOverride:
+        - match:
+            statusCodes:
+              - value: 200
+          redirect:
+            scheme: https
+            hostname: www.redirect.com
+            port: 8443
+            statusCode: 301
+            path:
+              type: ReplaceFullPath
+              replaceFullPath: /redirect/path

internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml

@@ -84,6 +84,45 @@ backendTrafficPolicies:
         status: "True"
         type: Accepted
       controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    creationTimestamp: null
+    name: policy-for-route-3
+    namespace: default
+  spec:
+    responseOverride:
+    - match:
+        statusCodes:
+        - type: null
+          value: 200
+      redirect:
+        hostname: www.redirect.com
+        path:
+          replaceFullPath: /redirect/path
+          type: ReplaceFullPath
+        port: 8443
+        scheme: https
+        statusCode: 301
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: httproute-3
+  status:
+    ancestors:
+    - ancestorRef:
+        group: gateway.networking.k8s.io
+        kind: Gateway
+        name: gateway-2
+        namespace: default
+        sectionName: http
+      conditions:
+      - lastTransitionTime: null
+        message: Policy has been accepted.
+        reason: Accepted
+        status: "True"
+        type: Accepted
+      controllerName: gateway.envoyproxy.io/gatewayclass-controller
 - apiVersion: gateway.envoyproxy.io/v1alpha1
   kind: BackendTrafficPolicy
   metadata:
@@ -193,7 +232,7 @@ gateways:
       protocol: HTTP
   status:
     listeners:
-    - attachedRoutes: 2
+    - attachedRoutes: 3
       conditions:
       - lastTransitionTime: null
         message: Sending translated listener configuration to the data plane
@@ -327,6 +366,44 @@ httpRoutes:
         name: gateway-2
         namespace: default
         sectionName: http
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: HTTPRoute
+  metadata:
+    creationTimestamp: null
+    name: httproute-3
+    namespace: default
+  spec:
+    hostnames:
+    - bar.envoyproxy.io
+    parentRefs:
+    - name: gateway-2
+      namespace: default
+      sectionName: http
+    rules:
+    - backendRefs:
+      - name: service-1
+        port: 8080
+      matches:
+      - path:
+          value: /
+  status:
+    parents:
+    - conditions:
+      - lastTransitionTime: null
+        message: Route is accepted
+        reason: Accepted
+        status: "True"
+        type: Accepted
+      - lastTransitionTime: null
+        message: Resolved all the Object references for the Route
+        reason: ResolvedRefs
+        status: "True"
+        type: ResolvedRefs
+      controllerName: gateway.envoyproxy.io/gatewayclass-controller
+      parentRef:
+        name: gateway-2
+        namespace: default
+        sectionName: http
 infraIR:
   default/gateway-1:
     proxy:
@@ -553,6 +630,51 @@ xdsIR:
               name: backendtrafficpolicy/default/policy-for-route-2/responseoverride/rule/0
               response:
                 statusCode: 401
+      - destination:
+          metadata:
+            kind: HTTPRoute
+            name: httproute-3
+            namespace: default
+          name: httproute/default/httproute-3/rule/0
+          settings:
+          - addressType: IP
+            endpoints:
+            - host: 7.7.7.7
+              port: 8080
+            metadata:
+              name: service-1
+              namespace: default
+              sectionName: "8080"
+            name: httproute/default/httproute-3/rule/0/backend/0
+            protocol: HTTP
+            weight: 1
+        hostname: bar.envoyproxy.io
+        isHTTP2: false
+        metadata:
+          kind: HTTPRoute
+          name: httproute-3
+          namespace: default
+        name: httproute/default/httproute-3/rule/0/match/0/bar_envoyproxy_io
+        pathMatch:
+          distinct: false
+          name: ""
+          prefix: /
+        traffic:
+          responseOverride:
+            name: backendtrafficpolicy/default/policy-for-route-3
+            rules:
+            - match:
+                statusCodes:
+                - value: 200
+              name: backendtrafficpolicy/default/policy-for-route-3/responseoverride/rule/0
+              redirect:
+                hostname: www.redirect.com
+                path:
+                  fullReplace: /redirect/path
+                  prefixMatchReplace: null
+                port: 8443
+                scheme: https
+                statusCode: 301
     readyListener:
       address: 0.0.0.0
       ipFamily: IPv4

internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml

@@ -137,7 +137,6 @@ xdsIR:
           name: ""
           prefix: /
         redirect:
-          hostname: null
           path:
             fullReplace: /redirected
             prefixMatchReplace: null

internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml

@@ -136,7 +136,6 @@ xdsIR:
           prefix: /
         redirect:
           hostname: redirected.com
-          path: null
           port: 443
           scheme: https
           statusCode: 301

internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml

@@ -138,7 +138,6 @@ xdsIR:
           name: ""
           prefix: /
         redirect:
-          hostname: null
           path:
             fullReplace: null
             prefixMatchReplace: /redirected

internal/ir/xds.go

@@ -591,7 +591,9 @@ type ResponseOverrideRule struct {
 	// Match configuration.
 	Match CustomResponseMatch `json:"match"`
 	// Response configuration.
-	Response CustomResponse `json:"response"`
+	Response *CustomResponse `json:"response,omitempty"`
+	// Redirect configuration
+	Redirect *Redirect `json:"redirect,omitempty"`
 }
 
 // CustomResponseMatch defines the configuration for matching a user response to return a custom one.
@@ -1741,15 +1743,15 @@ func (r URLRewrite) Validate() error {
 // +k8s:deepcopy-gen=true
 type Redirect struct {
 	// Scheme configures the replacement of the request's scheme.
-	Scheme *string `json:"scheme" yaml:"scheme"`
+	Scheme *string `json:"scheme,omitempty" yaml:"scheme,omitempty"`
 	// Hostname configures the replacement of the request's hostname.
-	Hostname *string `json:"hostname" yaml:"hostname"`
+	Hostname *string `json:"hostname,omitempty" yaml:"hostname,omitempty"`
 	// Path contains config for rewriting the path of the request.
-	Path *HTTPPathModifier `json:"path" yaml:"path"`
+	Path *HTTPPathModifier `json:"path,omitempty" yaml:"path,omitempty"`
 	// Port configures the replacement of the request's port.
-	Port *uint32 `json:"port" yaml:"port"`
+	Port *uint32 `json:"port,omitempty" yaml:"port,omitempty"`
 	// Status code configures the redirection response's status code.
-	StatusCode *int32 `json:"statusCode" yaml:"statusCode"`
+	StatusCode *int32 `json:"statusCode,omitempty" yaml:"statusCode,omitempty"`
 }
 
 // Validate the fields within the Redirect structure