Add hop_by_hop_headers_to_filter property (#331)

Add `router.hop_by_hop_headers_to_filter` property to `gorouter` job

with default values set to:
 - X-Forwarded-For
 - X-Forwarded-Proto
 - B3
 - X-B3
 - X-B3-SpanID
 - X-B3-TraceID
 - X-Request-Start
 - X-Forwarded-Client-Cert

Associated `gorouter` PR: 
- cloudfoundry/gorouter#356

[#185767952](https://www.pivotaltracker.com/story/show/185767952)

Co-authored-by: Josh Russett <[email protected]>

Author: winkingturtle-vmw

jobs/gorouter/spec

@@ -282,6 +282,27 @@ properties:
     example:
     - name: X-Vcap-Request-Id
     - name: Accept-Ranges
+  router.hop_by_hop_headers_to_filter:
+    description: |
+        (optional, array value) List of HTTP Headers that are filtered for
+        Hop-By-Hop Connection header.
+        When clients make requests to the gorouter and the gorouter proxies
+        their request, these HTTP Headers will be automatically be removed from
+        the request's Connection header and sent as normal headers to the
+        target backend. This list *also* specificies the Headers that can be
+        returned by the backend; i.e. if a client attempts to send one of these
+        Headers in their Connection Header to gorouter and it's *NOT* filtered,
+        the header will *NOT* be returned to client properly after proxying the
+        request.
+    default:
+    - X-Forwarded-For
+    - X-Forwarded-Proto
+    - B3
+    - X-B3
+    - X-B3-SpanID
+    - X-B3-TraceID
+    - X-Request-Start
+    - X-Forwarded-Client-Cert
   router.frontend_idle_timeout:
     description: |
       (optional, integer) Duration in seconds to maintain an open connection when client supports keep-alive.

jobs/gorouter/templates/gorouter.yml.erb

@@ -106,6 +106,7 @@ params = {
   'enable_proxy' => p('router.enable_proxy'),
   'force_forwarded_proto_https' => p('router.force_forwarded_proto_https'),
   'sanitize_forwarded_proto' => p('router.sanitize_forwarded_proto'),
+  'hop_by_hop_headers_to_filter' => p('router.hop_by_hop_headers_to_filter'),
   'pid_file' => '/var/vcap/sys/run/gorouter/gorouter.pid',
   'ip_local_port_range' => p('router.ip_local_port_range'),
   'empty_pool_response_code_503' => p('for_backwards_compatibility_only.empty_pool_response_code_503'), # backwards compatibility only section

spec/gorouter_templates_spec.rb

@@ -173,6 +173,7 @@
           'enable_proxy' => false,
           'force_forwarded_proto_https' => false,
           'sanitize_forwarded_proto' => false,
+          'hop_by_hop_headers_to_filter' => ["X-ME", "X-Foo"],
           'suspend_pruning_if_nats_unavailable' => false,
           'max_idle_connections' => 100,
           'keep_alive_probe_interval' => '1s',
@@ -368,6 +369,12 @@
         end
       end
 
+      describe 'hop_by_hop_headers_to_filter' do
+        it 'should set hop_by_hop_headers_to_filter' do
+          expect(parsed_yaml['hop_by_hop_headers_to_filter']).to eq(["X-ME","X-Foo"])
+        end
+      end
+
       context 'route_services_internal_lookup' do
         it 'defaults to false' do
           expect(parsed_yaml['route_services_hairpinning']).to eq(false)