internal: add HTTProxy CORS support

[aberasarte]

Closes #437

[codecov]

Codecov Report

Merging #2890 into main will increase coverage by 0.26%.
The diff coverage is 93.82%.

@@            Coverage Diff             @@
##             main    #2890      +/-   ##
==========================================
+ Coverage   74.91%   75.18%   +0.26%     
==========================================
  Files          87       87              
  Lines        5604     5677      +73     
==========================================
+ Hits         4198     4268      +70     
- Misses       1315     1316       +1     
- Partials       91       93       +2     

Impacted Files	Coverage Δ
internal/dag/dag.go	96.84% <ø> (ø)
internal/contour/v2/route.go	91.37% <83.33%> (-1.89%)	⬇️
internal/dag/httpproxy_processor.go	94.08% <91.66%> (-0.16%)	⬇️
internal/envoy/v2/listener.go	97.02% <100.00%> (+0.03%)	⬆️
internal/envoy/v2/route.go	100.00% <100.00%> (ø)
internal/timeout/timeout.go	100.00% <100.00%> (ø)
internal/dag/cache.go	96.13% <0.00%> (+0.77%)	⬆️

[skriss]

Thanks for the PR @aberasarte! I added a few initial comments.

[skriss]

Do you want to support disabling this setting? Per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age, the value -1 disables the timeout.

If so, the standard for other Contour timeouts is that the input string infinity disables the timeout. The timeout.Parse function already handles parsing this.

[jpeach]

In most other contexts "disables the timeout" means that the operation can (in principle) take forever, but -1 here means that the max age never applies, so max-age of "infinity" seems misleading. For practical purposes, a max-age of -1 and 0 seem like they would be treated similarly?

[aberasarte]

For practical purposes, a max-age of -1 and 0 seem like they would be treated similarly?

Both 0 and -1 mean disable caching for the preflight request but I decided to support just the 0 value. I found tricky to handle the -1 taking into account that the durations are expressed in the Go duration format. If we wanted to support -1 how would we do that? -1s disables caching but -1h is an invalid value? I'd rather allow negative values and assume that all of them disable the cache.

[skriss]

If you want to support disabling MaxAge (see other comment), then you'd also want to check for cp.MaxAge.IsDisabled() here, and if true, pass a value of -1 to Envoy.

[jpeach]

yeh, -1 here means an immediate timeout, not no timeout.

[aberasarte]

Now I'm doing that but for the 0 value.

[jpeach]

This looks like it's in pretty good shape to me. I have a few comments. I'll be out of office for a couple of weeks, so happy to defer to @skriss on reviewing subsequent iterations.

Thanks @aberasarte :)

[jpeach]

Since MaxAge is parsed by timeout.Setting, please include the boilerplate format description (this will be consolidated into validation regex in the future):

// MaAge durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).
// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
// The string "infinity" is also a valid input and specifies no timeout.
// A value of "0s" will be treated as if the field were not set, i.e. by using Envoy's default behavior.

[aberasarte]

done!

[jpeach]

These strings end up being joined with , and passed directly to one envoy filter, so we should add validation. Here's what I suggest (the pattern approximates the tchar spec from RFC 7230 sec 3.2.6):

// +kubebuilder:validation:Pattern=[a-zA-Z0-9!#$%&'*+.^_`|~-]+
type CorsHeaderValue string

type CorsPolicy struct {
    AllowOrigin []CORSHeaderValue
    AllowMethods []CORSHeaderValue
    AllowHeaders []CORSHeaderValue
    ExposeHeaders []CORSHeaderValue
}

```

[aberasarte]

We can't apply this validation pattern for the AllowOrigin header as URLs like http://example.com are valid values. @skriss should I apply it for the rest of the headers and leave AllowOrigin as a []string?

[jpeach]

In most other contexts "disables the timeout" means that the operation can (in principle) take forever, but -1 here means that the max age never applies, so max-age of "infinity" seems misleading. For practical purposes, a max-age of -1 and 0 seem like they would be treated similarly?

[jpeach]

Reading the envoy docs, it's not clear to me whether simply adding the filter activates CORS. The filter_enabled field says:

If neither enabled, filter_enabled, nor shadow_enabled are specified, the CORS filter will be enabled for 100% of the requests.

So does that mean that when CORS policy is omitted, we need to generate a CorsPolicy_Enabled message with Enabled=false?

[aberasarte]

After testing it, I think that if we don't set the EnabledSpecifier property of &envoy_api_v2_route.CorsPolicy, the CORS filter will be enabled by default. When CORS configuration is omitted, we are not setting any CORS policy to the VirtualHost therefore, the filter is disabled.

[jpeach]

Rather than enable this a fractional 100%, would it be simpler to do:

EnabledSpecified: &CorsPolicy_Enabled {
    Enabled: protobuf.Bool(true),
}

[aberasarte]

I think that we should keep using filter_enabled as enabled only applies to routes and according to the docs, it is deprecated:

enabled
(BoolValue) Specifies if the CORS filter is enabled. Defaults to true. Only effective on route.
Attention
This field is deprecated. Set the filter_enabled field instead.

[aberasarte]

I've ended up leaving the EnabledSpecified property unset as the CORS filter is enabled by default (see my comment above).

[jpeach]

yeh, -1 here means an immediate timeout, not no timeout.

[aberasarte]

I think that all the comments have been addressed so it should be ready for a second review, PTAL @skriss . If everything looks good, I'll rebase the main branch bringing the latest changes.

[skriss]

@aberasarte I'll take another look through this afternoon; thanks for the updates!

[skriss]

@aberasarte this is looking pretty good, I just had a few more comments. Feel free to rebase when you're ready.

I am taking one more look at the MaxAge field just to make sure we have reasonable/consistent API semantics, I'll add another comment on that shortly.

[skriss]

It's worth a comment here about that since it's non-obvious.

[youngnick]

@aberasarte, this seems pretty close! If you can get this merged in the next 7 days, we should be able to get it into Contour 1.9. Seems like it just needs a rebase and the MaxAge fix? @skriss is that the only todo left?

[skriss]

I had a few other comments that still need to be addressed, but it was nothing major. Agree that we should be able to get this into 1.9!

[aberasarte]

All comments addressed and main rebased. PTAL.

[skriss]

Just one minor thing, plus it looks like one more rebase is needed (sorry, we've been merging a lot of big changes lately).

[skriss]

No further comments, LGTM! @stevesloka or @youngnick it'd be great if you could take a look as well.

I have filed #2943 as a followup issue to add some more documentation on this new feature, it'd be great if we could get this in by mid-next week in order to have it in the upcoming 1.9 release.

[stevesloka]

Just a small nit, but otherwise lgtm! Thanks for the work here @aberasarte!! 🎉

[stevesloka]

nit: /possitive/positive/

[aberasarte]

done!

[youngnick]

Sorry @aberasarte, one more rebase and that nit, and I'll merge this for you. Yay!

[aberasarte]

It should be ready for merge now 🤞 .

[skriss]

integration tests flaking on SNI. Merging.

[glerchundi]

I cannot believe this have been finally merged. Titanic work @aberasarte, thanks for pushing this forward and for being very responsive throughout all the design & impl process. Also thanks to all the reviewers for the time you dedicated here. 👏🏻👏🏻👏🏻