search

kyma-project / api-gateway

Apache License 2.0
4 stars 26 forks source link

[ADR] Support setting up custom headers in APIRule requests and responses #894

Open Ressetkk opened 5 months ago

Ressetkk commented 5 months ago

Support setting up custom headers in APIRule

Status

Proposed

Context

Users request feature for APIRule to support setting up custom headers in the CR based on the VirtualService Headers section. Users use application configuration where upstream connectivity requires some values to be passed as headers in a request. See discussion in https://github.com/kyma-project/api-gateway/issues/808#issuecomment-1959121650

Decision

  1. APIRule definition is extended with headers section.
  2. Headers section lets user manipulate headers on request and response level.
  3. Headers section lets user set additional labels that will be present in request or response.
  4. If user-provided key in APIRule is already present in the request/response, value is overridden with user-provided data.

APIRule extension

kind: APIRule
metadata:
    name: rule
    namespace: default
spec:
    gateway: kyma-system/kyma-gateway
    headers:
        request:
            set:
                X-CLIENT-SSL-CN: "%DOWNSTREAM_PEER_SUBJECT%"
                X-CLIENT-SSL-SAN: "%DOWNSTREAM_PEER_URI_SAN%"
                X-CLIENT-SSL-ISSUER: "%DOWNSTREAM_PEER_ISSUER%"
(...)

The APIRuleSpec struct is extended with a variable of type HeadersConfig:

type APIRuleSpec {
    // Headers contains information about header manipulation in APIRule
    Headers HeadersConfig
}

type HeadersConfig struct {
    // Request defines header manipulation options for all requests passing through an APIRule
    Request HeaderOptions
    // Response defines header manipulation options for all responses passing through an APIRule
    Response HeaderOptions
}

type HeaderOptions {
    // Set contains key/value pair map containing headers that are set in APIRule
    Set map[string]string
}

Consequences

gefersonhess commented 2 weeks ago

This proposal accepts headers at Spec level, hence I'm assuming it should be set to all routes in the VirtualService created by the APIRule.

However, istio supports headers at route level

Should something like this be supported too:

kind: APIRule
metadata:
  name: rule
spec:
  headers:
    request:
      set:
         MY-HEADER: "header-applied-to-all-request-routes"
  gateway: kyma-gateway
  host: httpbinbeta.local.kyma.dev
  rules:
  - path: /status
    accessStrategies:
      - handler: no_auth
    methods:
    - GET
    service:
      name: service
      port: 8000
    headers:
      request:
        set:
          STATUS-HEADER : "header-applied-only-to-status-route"
 ...

Where in a request to /status both headers should be set (MY-HEADER and STATUS-HEADER).

An request to another route (not showed here), only MY-HEADER will be set?