Update HTTPRoute and RuleSet with missing fields

[bramwelt]

This pull request updates the Helm chart for the lfx-v2-query-service, primarily to enhance Gateway API compatibility and improve security settings in HTTP routing and ruleset configurations. The changes focus on explicitly specifying API groups and kinds in Gateway and Service references, and on adding a configuration to disallow encoded slashes in several rules.

Gateway and Service Reference Updates:

• Explicitly set the group and kind fields for Gateway references in httproute.yaml to comply with Gateway API requirements.
• Explicitly set the group and kind fields for Service references in backend definitions in httproute.yaml. [1] [2]

Security and Ruleset Enhancements:

• Added allow_encoded_slashes: "off" to all rules in ruleset.yaml to prevent encoded slashes in URLs, improving security. [1] [2] [3] [4] [5]

Chart Version Update:

• Bumped the chart version from 0.4.6 to 0.4.7 in Chart.yaml.

Issue: LFXV2-511

[coderabbitai]

Walkthrough

Chart version bumped to 0.4.7. HTTPRoute template updated to use explicit group/kind in parentRefs and backendRefs and to add weight: 1 for backends. Ruleset template adds allow_encoded_slashes: "off" to five rules.

Changes

Cohort / File(s)	Summary of changes
Chart version bump charts/lfx-v2-query-service/Chart.yaml	Incremented chart version from 0.4.6 to 0.4.7; appVersion unchanged.
HTTPRoute ref structure & weights charts/lfx-v2-query-service/templates/httproute.yaml	Replaced simple name entries with structured refs: parentRefs now include group: gateway.networking.k8s.io, kind: Gateway, name; backendRefs now include group: "", kind: Service, name and weight: 1 for each backend occurrence.
Ruleset encoded-slash handling charts/lfx-v2-query-service/templates/ruleset.yaml	Added allow_encoded_slashes: "off" to five rules: openapi:get, base service rule, resources-count, org-search, and org-suggest.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Client
  participant GW as Gateway
  participant HR as HTTPRoute
  participant RS as Ruleset
  participant S as Service

  C->>GW: HTTP request
  GW->>HR: Match via parentRefs (group/kind/name)
  HR->>RS: Evaluate rules (incl. allow_encoded_slashes="off")
  alt Encoded slashes disallowed
    RS-->>HR: Deny/match-fail
    HR-->>GW: No route / reject
    GW-->>C: Error response
  else Allowed
    HR->>S: Forward to backendRefs (group="", kind=Service, name, weight:1)
    S-->>HR: Service response
    HR-->>GW: Return response
    GW-->>C: Respond
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• LFXV2-211 - query-service - migrate IngressRoute to the Gateway API HTTPRoute #6 — Related changes to the HTTPRoute manifest (parentRefs/backendRefs structure updates).
• Bump chart version to 0.4.5 #21 — Prior Chart.yaml version bump affecting the same chart version field.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title clearly summarizes the core update of adding missing fields to HTTPRoute and RuleSet resources without extraneous detail.
Linked Issues Check	✅ Passed	The changes add the missing group and kind fields in HTTPRoute definitions and the allow_encoded_slashes setting in the ruleset, directly satisfying the issue requirement to update chart resources for ArgoCD synchronization.
Out of Scope Changes Check	✅ Passed	All modifications in Chart.yaml, httproute.yaml, and ruleset.yaml correspond to the linked issue’s objective of including missing fields and do not introduce unrelated changes.
Description Check	✅ Passed	The pull request description concisely outlines updates to Gateway and Service references, security enhancements in the ruleset, and the chart version bump, all directly reflecting the actual changes.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bramwelt/argocd-diffs

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8f4cbe4 and 9d648f9.

📒 Files selected for processing (1)

• charts/lfx-v2-query-service/templates/httproute.yaml (3 hunks)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR updates the Helm chart for the lfx-v2-query-service to improve Gateway API compliance and security. The changes explicitly specify API groups and kinds for Gateway and Service references, add security configurations to prevent encoded slashes, and update the chart version.

• Added explicit group and kind fields to Gateway and Service references in HTTPRoute configuration
• Enhanced security by adding allow_encoded_slashes: "off" to all ruleset rules
• Incremented chart version from 0.4.6 to 0.4.7

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
charts/lfx-v2-query-service/templates/httproute.yaml	Updated Gateway and Service references with explicit group and kind fields
charts/lfx-v2-query-service/templates/ruleset.yaml	Added allow_encoded_slashes security configuration to all rules
charts/lfx-v2-query-service/Chart.yaml	Bumped chart version to 0.4.7

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}