impl: custom error response

[zhaohuabing]

Implement: #4259

Issue: #1400

[codecov]

Codecov Report

Attention: Patch coverage is 74.39516% with 127 lines in your changes missing coverage. Please review.

Project coverage is 65.97%. Comparing base (33ac6ca) to head (6f7d2c1).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/xds/translator/custom_response.go	80.11%	46 Missing and 22 partials ⚠️
internal/provider/kubernetes/controller.go	10.34%	23 Missing and 3 partials ⚠️
internal/provider/kubernetes/indexers.go	10.00%	17 Missing and 1 partial ⚠️
internal/provider/kubernetes/predicates.go	28.57%	6 Missing and 4 partials ⚠️
internal/gatewayapi/backendtrafficpolicy.go	94.44%	5 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4415      +/-   ##
==========================================
+ Coverage   65.85%   65.97%   +0.11%     
==========================================
  Files         202      203       +1     
  Lines       30679    31154     +475     
==========================================
+ Hits        20205    20555     +350     
- Misses       9320     9415      +95     
- Partials     1154     1184      +30     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[arkodg]

is this a ptr, will it work for default ?

[zhaohuabing]

if *ro.Response.Body.Type == egv1a1.ResponseValueTypeValueRef, then ro.Response.Body.ValueRef is not nil, otherwise, it would be a bug in Gateway API translation.

[arkodg]

👀

[arkodg]

trusting the e2e, this API is complex, thanks for implementing this !

[zhaohuabing]

The Envoy CEL matcher API is terrible :-) It's the AST for CEL: response.code >= 501 && response.code <= 511 .

[arkodg]

LGTM ! implementing the feature using the custom response filter doesnt look easy, thanks for building this out

[zirain]

is it possible to override the 429 response if we place custom response filter behind ratelimit filterm should this filter be the first one of http filters?

[zhaohuabing]

Good point. Should we allow users to override the ratelimit response if they added a matching conditing for 429 in the ResponseOrverride? @envoyproxy/gateway-maintainers

[zirain]

it's not just ratelimit, does authz/authn has same problem?

[zhaohuabing]

Yeah, the custom response filter has been added to the last because users may want to override the direct responses generated by other filters, if they explicitly adding these status codes in the matching conditions. For example, to set the response body of a denide request to a message format algined with the style of the reponses of the applications.

If we put it at the first, the users won't be able to override them even if they intend to.

[zirain]

IMO, it's better to put it at the first but no strong option, @arkodg please chime in as API designer.

cc @envoyproxy/gateway-maintainers

[arkodg]

as a user, I would want the custom response to kick in after all filters have finished processing, to unify the way I deal with status code and error pages, so +1 to adding it to the end

[zirain]

we can change the order in the future, maybe we can open a ticket to continue our discussion.

[zhaohuabing]

we can change the order in the future, maybe we can open a ticket to continue our discussion.

Let's keep the custom response filter at the last since there're use cases to override the responses of other filters. Users can change the default order using EnvoyProxy if they want to reorder the filters.

[zirain]

@zhaohuabing can you make CI happy?

[arkodg]

e2es are failing ...