fix: prevent configuring requestMirror filter and directResponse/RequestRedirect filter together

[zhaohuabing]

Fixes #7473
Release Notes: Yes

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.32%. Comparing base (343aeb3) to head (7abab91).
⚠️ Report is 470 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7474      +/-   ##
==========================================
- Coverage   72.42%   72.32%   -0.10%     
==========================================
  Files         234      234              
  Lines       34538    34550      +12     
==========================================
- Hits        25013    24988      -25     
- Misses       7737     7768      +31     
- Partials     1788     1794       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cnvergence]

/retest

[arkodg]

can we add a mixed rule case, where one rule is valid and one isnt, to make sure the valid rule is not impacted

[zhaohuabing]

According to the Gateway API specific, The HTTPRouteAccepted condition should be set to false with IncompatibleFilters reason when there are incompatible filters present on a route rule.

https://github.com/kubernetes-sigs/gateway-api/blob/f24f3a61f398c65ab629da1843cb65fd5ec9419f/apis/v1/shared_types.go#L384-L387

And EG skips the HTTPRoutes with Accepted status as False, which is reasonable as the entire HTTPRoute has been rejected.

gateway/internal/gatewayapi/route.go

Lines 147 to 149 in 36a23a6

	if parentRef.HasCondition(httpRoute, gwapiv1.RouteConditionAccepted, metav1.ConditionFalse) {
	continue
	}

[zhaohuabing]

Checked the Gateway API spec again, it seems that we should set Accepted as true as long as at least one rule is valid and implemented, even if some other rules in the same HTTPRoute are invalid.

// A Route MUST be considered "Accepted" if at least one of the Route's
// rules is implemented by the Gateway.

Changing this behavior would require a global update and could affect other cases as well. We'd better handle it in a separate PR. If we agree on this, I can raise a PR to address it first.

[arkodg]

yeah can we tackle this as part of #7545 and then start adding more fail fast cases

[zhaohuabing]

@arkodg the translation for mixed valid and invalid rules has been addressed in #7625, and this one is ready for review whenever you have a moment.

[arkodg]

worth adding a release note around breaking change, something like

  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /foo
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 302
    - type: ResponseHeaderModifier
      responseHeaderModifier:
        add:
        - name: X-Bad
          value: "bad\nvalue"   # invalid per HeaderValueRegexp

will no longer work

[zhaohuabing]

worth adding a release note around breaking change, something like

  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /foo
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 302
    - type: ResponseHeaderModifier
      responseHeaderModifier:
        add:
        - name: X-Bad
          value: "bad\nvalue"   # invalid per HeaderValueRegexp

will no longer work

I might be missing somthing, but this PR doesn't touch the code for responseHeaderModifier validation logic.

There is already a release note for the breaking change introduced in this PR:

 Set HTTPRoute Accepted status to False when RequestMirror filter is used together with DirectResponse or RequestRedirect filters.