xds: Add header mutations library

[sauravzg]

This PR sits on top of #12690, so only the last commit + any fixups need to be reviewed.

This commit introduces a library for handling header mutations as specified by the xDS protocol. This library provides the core functionality for modifying request and response headers based on a set of rules.

The main components of this library are:

• HeaderMutator: Applies header mutations to Metadata objects.
• HeaderMutationFilter: Filters header mutations based on a set of configurable rules, such as disallowing mutations of system headers.
• HeaderMutations: A value class that represents the set of mutations to be applied to request and response headers.
• HeaderMutationDisallowedException: An exception that is thrown when a disallowed header mutation is attempted.

This commit also includes comprehensive unit tests for the new library.

• [] xds: Add configuration objects for ExtAuthz, GrpcService and Bootstrap changes for GrpcService #12492
• [] xds: Implement channel caching utility for GrpcService channels for ext_authz and ext_proc #12690

[sauravzg]

@kannanjgithub PTAL, if the implementation mutation meets the spec for ext proc. You need to TAL at the last two commits only.
I'll eventually move it down the PR chain later to ensure that the dependencies for ext_proc are merged earlier.

[kannanjgithub]

Sending comments for headermutations.

[kannanjgithub]

Reviewed rest of the PR.

[sauravzg]

@kannanjgithub I've resolved or clarified the comments as applicable. PTAL

[sauravzg]

@kannanjgithub Addressed the comments. PTAL.

[sauravzg]

/gemini review

[sauravzg]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces the core infrastructure for xDS external authorization (ext_authz), including parsers for ExtAuthz and GrpcService configurations, a CachedChannelManager for authorization service connections, and a comprehensive header mutation system. Feedback focuses on HeaderMutator.java, specifically identifying a bug where the keepEmptyValue logic does not correctly align with Envoy's behavior for the APPEND action, which could lead to incorrect header persistence. Additionally, it is recommended to refactor duplicated Metadata.Key creation logic into a helper method to improve maintainability.

[sauravzg]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a CachedChannelManager to manage gRPC channels based on service configurations, alongside a new framework for processing xDS header mutations. The mutation framework includes components for filtering, applying, and validating header changes. Review feedback highlights the need to align the mutation order with the xDS specification, correct the logic for header allowance expressions, optimize performance by pre-calculating metadata keys, and improve error reporting with more descriptive exception messages.

[sauravzg]

/gemini review - Please don't repeat previously addressed comments.

[gemini-code-assist]

Code Review

This pull request introduces a CachedChannelManager for managing gRPC channels and a framework for xDS header mutations, including filtering and application logic. Key feedback includes aligning the order of header operations in HeaderMutator with Envoy by processing removals before additions and caching Metadata.Key objects to optimize performance. Furthermore, the filtering logic in HeaderMutationFilter needs adjustment to ensure disallowed headers properly trigger exceptions when strict validation is active.

[kannanjgithub]

Some unit tests are missing.

[kannanjgithub]

nit: Remove extra empty line.

[kannanjgithub]

nit: Remove unnecessary blank line.

[kannanjgithub]

The commit b9caa47 refactored how keepEmptyValue is handled in HeaderMutator.java, moving the check from a post-action cleanup (checkAndRemoveEmpty) to a pre-action filter. The following
cases are not covered by the existing tests:

1. Binary Headers: No tests exist for binary headers with empty values (empty ByteString) when keepEmptyValue is either true or false.
2. Specific Actions: The OVERWRITE_IF_EXISTS and ADD_IF_ABSENT actions are not tested with empty values and keepEmptyValue=false.
3. Behavior Change Verification: The new implementation skips the updateHeader call entirely if the value is empty and keepEmptyValue is false. This means existing values are preserved during an OVERWRITE action, whereas the old implementation would have removed them. This deliberate change in behavior needs explicit verification.

[kannanjgithub]

The commit 9640f87 updated HeaderMutationFilter.java to match Envoy's implementation, where headers that are either "ignored" (system headers like :path or grpc-*) or "disallowed" (by custom
rules) trigger a HeaderMutationDisallowedException when disallowIsError is enabled. Previously, ignored headers were skipped silently even if disallowIsError was true.

The following scenarios are missing coverage:

1. DisallowIsError = False: No test verifies that disallowed/ignored headers are still silently skipped when disallowIsError is false.
2. Rule-based Disallowance: No tests verify that headers disallowed by custom regex (disallowExpression) or disallowAll trigger the exception when disallowIsError is true.
3. Rule-based Allowance Override: No test verifies that allowExpression correctly overrides disallowAll even when disallowIsError is true.
4. System Header Rejection: While some tests were added in the commit for system headers, they don't cover the full range of HeaderValueValidationUtils logic (e.g., uppercase keys).