uhv: header validators for H1 and H2 codecs

[ameily]

Commit Message: uhv: header validators for H1 and H2 codecs
Additional Description: This PR builds off the foundation laid in #21974 to add validators for H1 and H2. H3 and path normalization are intentionally out of scope for this PR and will be completed later.
Risk Level: Low
Testing: Build Envoy with --define uhv=enabled, configure a service with UHV enabled, and then test a valid and invalid request.

# config.yml, in the HCM section
typed_header_validation_config:
  name: envoy.http.header_validators.envoy_default
  typed_config:
      "@type": type.googleapis.com/envoy.extensions.http.header_validators.envoy_default.v3.HeaderValidatorConfig
      #
      # UHV configuration
      # uncomment any of the following:
      #
      # restrict_http_methods: true
      # reject_headers_with_underscores: true
      # http1_protocol_options: {allow_chunked_length: true}
      #

# run tests
# valid request
http GET http://localhost:10000 X-Valid:ok
# invalid request
http GET http://localhost:10000 "X Invalid":bad

Fixes #19753
Docs Changes:
Release Notes:
Platform Specific Features:

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @markdroth
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #22537 was opened by ameily.

see: more, trace.

[alyssawilk]

/wait on CI

[ameily]

@alyssawilk Can you rerun the failed CI job? CI is passing for me locally and I think the current failure is because a package couldn't be downloaded.

[alyssawilk]

you should be able to yourself with
/retest

[repokitteh-read-only]

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #22537 (comment) was created by @alyssawilk.

see: more, trace.

[kyessenov]

/assign-from @envoyproxy/api-shepherds

[repokitteh-read-only]

@envoyproxy/api-shepherds assignee is @markdroth

🐱

Caused by: a #22537 (comment) was created by @kyessenov.

see: more, trace.

[yanavlasov]

/wait

[jmarantz]

@yanavlasov @adisuissa this looks ready for another round of review.

[wrowe]

@lizan could you give this an API stamp for the docs update?

[alyssawilk]

Looking great! Sorry for the delay
/wait

[alyssawilk]

Awesome. Thanks for the fantastic addition and all your patience with the review

[wrowe]

@envoyproxy/api-shepherds - This optional validator (default, not enabled) has been approved by Yan, but who is willing to review this for an api stamp of approval?

[yanavlasov]

I'm submitting this PR so we can proceed with follow-up work. If you have any more comments, please open Issues.

[adisuissa]

Thanks, left some API comments.

[adisuissa]

High-level question: do you think there may be a need in the future for action-specific-settings.
For example, will there be something like "REPLACE_UNDERSCORE" that will need the replacement string.
If so, I would suggest using a oneof, and messages for each option.

[yanavlasov]

All these settings are for existing behavior. In the future if people want to modify it, they can add a new extension with their own config.

[lizan]

Does this field need an Envoy build with uhv=enabled to take effect? If so please document.

[yanavlasov]

UHV is enabled in HCM

which is currently marked as hidden.

The uhv=enabled is really a temporary build flag to safely transition to the new verification code. Do you think we need to document it? It will not be added into the generated documentation anyway because of the hidden flag.

[adisuissa]

/lgtm api

[yanavlasov]

Looks like all comments were addressed. If we missed anything, please file an Issue and we will address in a followup PR.