feat: Add support for overriding status code in response overrides

Fixes: envoyproxy#4678

Signed-off-by: Arko Dasgupta <[email protected]>

api/v1alpha1/shared_types.go

@@ -684,7 +684,15 @@ type CustomResponse struct {
 	ContentType *string `json:"contentType,omitempty"`
 
 	// Body of the Custom Response
-	Body CustomResponseBody `json:"body"`
+	//
+	// +optional
+	Body *CustomResponseBody `json:"body,omitempty"`
+
+	// Status Code of the Custom Response
+	// If unset, does not override the status of response.
+	//
+	// +optional
+	StatusCode *int `json:"statusCode,omitempty"`
 }
 
 // ResponseValueType defines the types of values for the response body supported by Envoy Gateway.

charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

@@ -1071,8 +1071,11 @@ spec:
                           description: Content Type of the response. This will be
                             set in the Content-Type header.
                           type: string
-                      required:
-                      - body
+                        statusCode:
+                          description: |-
+                            Status Code of the Custom Response
+                            If unset, does not override the status of response.
+                          type: integer
                       type: object
                   required:
                   - match

internal/cmd/egctl/testdata/translate/in/backend-traffic-policy.yaml

@@ -0,0 +1,115 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: eg
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: eg
+  namespace: default
+spec:
+  gatewayClassName: eg
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: backend
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+  namespace: default
+  labels:
+    app: backend
+    service: backend
+spec:
+  clusterIP: 7.7.7.7
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000
+  selector:
+    app: backend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: backend
+        version: v1
+    spec:
+      serviceAccountName: backend
+      containers:
+        - image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e
+          imagePullPolicy: IfNotPresent
+          name: backend
+          ports:
+            - containerPort: 3000
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: backend
+  namespace: default
+spec:
+  parentRefs:
+    - name: eg
+  hostnames:
+    - "www.example.com"
+  rules:
+    - backendRefs:
+        - group: ""
+          kind: Service
+          name: backend
+          port: 3000
+          weight: 1
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: BackendTrafficPolicy
+metadata:
+  name: active-health-check
+  namespace: default  
+spec:
+  targetRefs:
+  - group: gateway.networking.k8s.io
+    kind: HTTPRoute
+    name: backend
+    namespace: default
+  healthCheck:    
+    active:
+      type: HTTP
+      http:
+        path: "/"
+        method: GET 

internal/cmd/egctl/testdata/translate/out/backend-traffic-policy.all.yaml

@@ -0,0 +1,222 @@
+xds:
+  default/eg:
+    configs:
+    - '@type': type.googleapis.com/envoy.admin.v3.BootstrapConfigDump
+      bootstrap:
+        admin:
+          accessLog:
+          - name: envoy.access_loggers.file
+            typedConfig:
+              '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+              path: /dev/null
+          address:
+            socketAddress:
+              address: 127.0.0.1
+              portValue: 19000
+        dynamicResources:
+          adsConfig:
+            apiType: DELTA_GRPC
+            grpcServices:
+            - envoyGrpc:
+                clusterName: xds_cluster
+            setNodeOnFirstMessageOnly: true
+            transportApiVersion: V3
+          cdsConfig:
+            ads: {}
+            resourceApiVersion: V3
+          ldsConfig:
+            ads: {}
+            resourceApiVersion: V3
+        layeredRuntime:
+          layers:
+          - name: global_config
+            staticLayer:
+              envoy.restart_features.use_eds_cache_for_ads: true
+              re2.max_program_size.error_level: 4294967295
+              re2.max_program_size.warn_level: 1000
+        staticResources:
+          clusters:
+          - connectTimeout: 0.250s
+            loadAssignment:
+              clusterName: prometheus_stats
+              endpoints:
+              - lbEndpoints:
+                - endpoint:
+                    address:
+                      socketAddress:
+                        address: 127.0.0.1
+                        portValue: 19000
+            name: prometheus_stats
+            type: STATIC
+          - connectTimeout: 10s
+            loadAssignment:
+              clusterName: xds_cluster
+              endpoints:
+              - lbEndpoints:
+                - endpoint:
+                    address:
+                      socketAddress:
+                        address: envoy-gateway
+                        portValue: 18000
+                  loadBalancingWeight: 1
+                loadBalancingWeight: 1
+            name: xds_cluster
+            transportSocket:
+              name: envoy.transport_sockets.tls
+              typedConfig:
+                '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+                commonTlsContext:
+                  tlsCertificateSdsSecretConfigs:
+                  - name: xds_certificate
+                    sdsConfig:
+                      pathConfigSource:
+                        path: /sds/xds-certificate.json
+                      resourceApiVersion: V3
+                  tlsParams:
+                    tlsMaximumProtocolVersion: TLSv1_3
+                  validationContextSdsSecretConfig:
+                    name: xds_trusted_ca
+                    sdsConfig:
+                      pathConfigSource:
+                        path: /sds/xds-trusted-ca.json
+                      resourceApiVersion: V3
+            type: STRICT_DNS
+            typedExtensionProtocolOptions:
+              envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+                '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+                explicitHttpConfig:
+                  http2ProtocolOptions:
+                    connectionKeepalive:
+                      interval: 30s
+                      timeout: 5s
+          listeners:
+          - address:
+              socketAddress:
+                address: 0.0.0.0
+                portValue: 19001
+            filterChains:
+            - filters:
+              - name: envoy.filters.network.http_connection_manager
+                typedConfig:
+                  '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                  httpFilters:
+                  - name: envoy.filters.http.health_check
+                    typedConfig:
+                      '@type': type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
+                      headers:
+                      - name: :path
+                        stringMatch:
+                          exact: /ready
+                      passThroughMode: false
+                  - name: envoy.filters.http.router
+                    typedConfig:
+                      '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+                  routeConfig:
+                    name: local_route
+                    virtualHosts:
+                    - domains:
+                      - '*'
+                      name: prometheus_stats
+                      routes:
+                      - match:
+                          prefix: /stats/prometheus
+                        route:
+                          cluster: prometheus_stats
+                  statPrefix: eg-ready-http
+            name: envoy-gateway-proxy-ready-0.0.0.0-19001
+    - '@type': type.googleapis.com/envoy.admin.v3.EndpointsConfigDump
+    - '@type': type.googleapis.com/envoy.admin.v3.ClustersConfigDump
+      dynamicActiveClusters:
+      - cluster:
+          '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster
+          connectTimeout: 10s
+          http2ProtocolOptions: {}
+          loadAssignment:
+            clusterName: rate-limit-cluster
+            endpoints:
+            - lbEndpoints:
+              - endpoint:
+                  address:
+                    socketAddress:
+                      address: ratelimit.svc.cluster.local
+                      portValue: 8081
+          name: rate-limit-cluster
+          type: STRICT_DNS
+    - '@type': type.googleapis.com/envoy.admin.v3.ListenersConfigDump
+      dynamicListeners:
+      - activeState:
+          listener:
+            '@type': type.googleapis.com/envoy.config.listener.v3.Listener
+            accessLog:
+            - filter:
+                responseFlagFilter:
+                  flags:
+                  - NR
+              name: envoy.access_loggers.file
+              typedConfig:
+                '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+                logFormat:
+                  textFormatSource:
+                    inlineString: |
+                      {"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
+                path: /dev/stdout
+            address:
+              socketAddress:
+                address: 0.0.0.0
+                portValue: 10080
+            defaultFilterChain:
+              filters:
+              - name: envoy.filters.network.http_connection_manager
+                typedConfig:
+                  '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                  accessLog:
+                  - name: envoy.access_loggers.file
+                    typedConfig:
+                      '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+                      logFormat:
+                        textFormatSource:
+                          inlineString: |
+                            {"start_time":"%START_TIME%","method":"%REQ(:METHOD)%","x-envoy-origin-path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","response_code_details":"%RESPONSE_CODE_DETAILS%","connection_termination_details":"%CONNECTION_TERMINATION_DETAILS%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","duration":"%DURATION%","x-envoy-upstream-service-time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","x-forwarded-for":"%REQ(X-FORWARDED-FOR)%","user-agent":"%REQ(USER-AGENT)%","x-request-id":"%REQ(X-REQUEST-ID)%",":authority":"%REQ(:AUTHORITY)%","upstream_host":"%UPSTREAM_HOST%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","requested_server_name":"%REQUESTED_SERVER_NAME%","route_name":"%ROUTE_NAME%"}
+                      path: /dev/stdout
+                  commonHttpProtocolOptions:
+                    headersWithUnderscoresAction: REJECT_REQUEST
+                  http2ProtocolOptions:
+                    initialConnectionWindowSize: 1048576
+                    initialStreamWindowSize: 65536
+                    maxConcurrentStreams: 100
+                  httpFilters:
+                  - name: envoy.filters.http.ratelimit
+                    typedConfig:
+                      '@type': type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
+                      domain: eag-ratelimit
+                      failureModeDeny: true
+                      rateLimitService:
+                        grpcService:
+                          envoyGrpc:
+                            clusterName: rate-limit-cluster
+                        transportApiVersion: V3
+                      timeout: 1s
+                  - name: envoy.filters.http.router
+                    typedConfig:
+                      '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+                      suppressEnvoyHeaders: true
+                  mergeSlashes: true
+                  normalizePath: true
+                  pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+                  rds:
+                    configSource:
+                      ads: {}
+                      resourceApiVersion: V3
+                    routeConfigName: default/eg/http
+                  serverHeaderTransformation: PASS_THROUGH
+                  statPrefix: http
+                  useRemoteAddress: true
+            drainType: MODIFY_ONLY
+            name: default/eg/http
+            perConnectionBufferLimitBytes: 32768
+    - '@type': type.googleapis.com/envoy.admin.v3.RoutesConfigDump
+      dynamicRouteConfigs:
+      - routeConfig:
+          '@type': type.googleapis.com/envoy.config.route.v3.RouteConfiguration
+          ignorePortInHostMatching: true
+          name: default/eg/http