operator/ingress: Add Forwarded header policy

This commit implements NE-317.

https://issues.redhat.com/browse/NE-317

* operator/v1/types_ingress.go (IngressControllerSpec): Add HTTPHeaders
field with the new IngressControllerHTTPHeaders type.
(IngressControllerHTTPHeaderPolicy): New type.
(AppendHTTPHeaderPolicy, ReplaceHTTPHeaderPolicy, IfNoneHTTPHeaderPolicy)
(NeverHTTPHeaderPolicy): New constants.
(IngressControllerHTTPForwardedHeaderPolicy): New type.  Describe policy
for handling the HTTP Forwarded header and related headers, using the new
IngressControllerHTTPHeaderPolicy type.
(IngressControllerHTTPHeaders): New type.  Describe policy for handling
HTTP headers.  For now, the only field is Forwarded, with the new
IngressControllerHTTPForwardedHeaderPolicy type.
* operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml:
Regenerate.

operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml

@@ -149,6 +149,36 @@ spec:
               required:
               - type
               type: object
+            httpHeaders:
+              description: "httpHeaders defines policy for HTTP headers. \n If this
+                field is empty, the default values are used."
+              properties:
+                forwarded:
+                  description: "forwarded describes how the Forwarded HTTP header
+                    and related headers are handled. \n If this field is empty, the
+                    default values are used."
+                  properties:
+                    policy:
+                      description: "policy specifies when and how the IngressController
+                        sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port,
+                        X-Forwarded-Proto, and X-Forwarded-Proto-Version headers.
+                        \ The value may be one of the following: \n * \"append\",
+                        which specifies that the IngressController appends the   headers,
+                        preserving existing headers. \n * \"replace\", which specifies
+                        that the IngressController sets the   headers, replacing any
+                        existing Forwarded or X-Forwarded-* headers. \n * \"if-none\",
+                        which specifies that the IngressController sets the   headers
+                        if they are not already set. \n * \"never\", which specifies
+                        that the IngressController never sets the   headers, preserving
+                        any existing headers. \n By default, the policy is \"append\"."
+                      enum:
+                      - append
+                      - replace
+                      - if-none
+                      - never
+                      type: string
+                  type: object
+              type: object
             logging:
               description: logging defines parameters for what should be logged where.  If
                 this field is empty, operational logs are enabled but access logs

operator/v1/types_ingress.go

@@ -162,6 +162,13 @@ type IngressControllerSpec struct {
 	//
 	// +optional
 	Logging *IngressControllerLogging `json:"logging,omitempty"`
+
+	// httpHeaders defines policy for HTTP headers.
+	//
+	// If this field is empty, the default values are used.
+	//
+	// +optional
+	HTTPHeaders *IngressControllerHTTPHeaders `json:"httpHeaders,omitempty"`
 }
 
 // NodePlacement describes node scheduling configuration for an ingress
@@ -513,6 +520,61 @@ type IngressControllerLogging struct {
 	Access *AccessLogging `json:"access,omitempty"`
 }
 
+// IngressControllerHTTPHeaderPolicy is a policy for setting HTTP headers.
+//
+// +kubebuilder:validation:Enum=append;replace;if-none;never
+type IngressControllerHTTPHeaderPolicy string
+
+const (
+	// AppendHTTPHeaderPolicy appends the header, preserving any existing header.
+	AppendHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "append"
+	// ReplaceHTTPHeaderPolicy sets the header, removing any existing header.
+	ReplaceHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "replace"
+	// IfNoneHTTPHeaderPolicy sets the header if it is not already set.
+	IfNoneHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "if-none"
+	// NeverHTTPHeaderPolicy never sets the header, preserving any existing
+	// header.
+	NeverHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "never"
+)
+
+// IngressControllerHTTPForwardedHeaderPolicy describes how the HTTP Forwarded
+// header and related headers are handled.
+type IngressControllerHTTPForwardedHeaderPolicy struct {
+	// policy specifies when and how the IngressController sets the
+	// Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port,
+	// X-Forwarded-Proto, and X-Forwarded-Proto-Version headers.  The value
+	// may be one of the following:
+	//
+	// * "append", which specifies that the IngressController appends the
+	//   headers, preserving existing headers.
+	//
+	// * "replace", which specifies that the IngressController sets the
+	//   headers, replacing any existing Forwarded or X-Forwarded-* headers.
+	//
+	// * "if-none", which specifies that the IngressController sets the
+	//   headers if they are not already set.
+	//
+	// * "never", which specifies that the IngressController never sets the
+	//   headers, preserving any existing headers.
+	//
+	// By default, the policy is "append".
+	//
+	// +optional
+	Policy IngressControllerHTTPHeaderPolicy `json:"policy,omitempty"`
+}
+
+// IngressControllerHTTPHeaders specifies how the IngressController handles
+// certain HTTP headers.
+type IngressControllerHTTPHeaders struct {
+	// forwarded describes how the Forwarded HTTP header and related headers
+	// are handled.
+	//
+	// If this field is empty, the default values are used.
+	//
+	// +optional
+	Forwarded *IngressControllerHTTPForwardedHeaderPolicy `json:"forwarded,omitempty"`
+}
+
 var (
 	// Available indicates the ingress controller deployment is available.
 	IngressControllerAvailableConditionType = "Available"