fix(gateway): normalize operation HTTP method case

[mehara-rothila]

Summary

The xDS translator maps an operation's method straight into Envoy's case-sensitive :method exact matcher, so an API declaring a lower or mixed case method (for example get) deployed successfully but returned 404 Not Found for every request, since HTTP clients send uppercase methods. The translator now normalizes the method to uppercase when building the route, so any-case methods route correctly.

Why normalize instead of reject

An earlier revision of this PR rejected non-uppercase methods at validation time. That was changed to normalization because rejecting risks existing deployments: an API already running with a lowercase method would start failing validation on its next update or restart, a new failure it did not have before, while still not routing. Normalizing instead heals those configurations (404 becomes 200) on the next xDS rebuild without a redeploy, and adds no new failure mode for anyone. Uppercasing the method is also consistent with existing handling in the codebase: the on-prem APIM sync already uppercases the method for its verb field.

Notes for reviewers

• Normalization is applied at the source in both REST route builders (createRouteFromRDC and createRoute), so the route name and the :method matcher stay consistent.
• Existing configurations with non-uppercase methods are healed on the next xDS rebuild. No migration or redeploy is required.
• The validator again accepts any letter case (it uppercases before the enum check), matching the router's actual matching once the method is normalized.
• The earlier deploy-time rejection and its unit tests are reverted in this PR.

Test coverage

• New integration tests in gateway/it/features/http-method-case.feature: a lowercase method routes, a mixed-case method routes, and two methods on one path (mixed case) both deploy and route.
• go build and the pkg/config validator unit tests pass locally; the integration scenarios run in CI.

Fixes #2140

[coderabbitai]

📝 Walkthrough

Overview

Fixes HTTP method routing failures (404 Not Found) caused by a mismatch between how the validator and xDS translator handled HTTP method case. The validator was accepting lowercase methods by uppercasing them only for enum validation while leaving the stored value unchanged, which the translator then used directly in Envoy's case-sensitive :method exact matcher.

Changes

Core Translation Logic (translator.go)

• GenerateRouteName: Now uppercases the method parameter before composing the HttpMethod|RoutePath|Vhost route name, ensuring policy keys and route names remain consistent with Envoy's case requirements
• createRouteFromRDC and createRoute: Normalize HTTP methods to uppercase when constructing the Envoy :method exact header matcher

Validation (api_validator_test.go)

• Added test verifying that the validator accepts HTTP methods in any case (lowercase, mixed-case, uppercase) without method-related validation errors

Test Coverage

• Integration tests (http-method-case.feature): Three scenarios validating:
  • Lowercase operation methods route correctly
  • Mixed-case operation methods route correctly
  • Multiple operations with different cases on the same path both route as expected
• Unit tests (translator_test.go): Two new tests covering:
  • :method header matcher normalization in createRouteFromRDC
  • Method uppercasing in GenerateRouteName for route/policy key consistency
• Test suite (suite_test.go): Registered the new integration test feature

Rationale

Normalizing methods at translation time rather than rejecting them heals existing deployments with lowercase methods on their next xDS rebuild without requiring redeploy or migration. The approach is consistent with existing on-prem behavior and adds no new failure modes while fixing the 404 routing issue.

Walkthrough

The xDS translator is updated to normalize HTTP methods to uppercase at three translation call sites: GenerateRouteName uppercases the method before constructing the route name key, createRouteFromRDC uppercases rdcRoute.Method before setting the Envoy :method header matcher, and createRoute uppercases its method parameter at the start of the function, affecting both the matcher value and the generated route name. Unit tests verify that the validator accepts non-uppercase method strings and that the translator correctly outputs uppercase :method matchers and route names. A new integration test feature file adds three scenarios asserting that lowercase (get), mixed-case (gEt), and multiple-method-per-path (get, Post) API configurations are accepted and routed to the correct backend endpoints.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(gateway): normalize operation HTTP method case' directly summarizes the main change: the xDS translator now normalizes HTTP methods to uppercase for correct Envoy routing.
Description check	✅ Passed	The PR description comprehensively addresses Purpose, Goals, Approach, and Test coverage sections from the template. It explains the root cause, rationale for normalization over rejection, implementation details, and test coverage adequately.
Linked Issues check	✅ Passed	All coding requirements from issue #2140 are met: root cause identified and fixed via method normalization in xDS translator functions (createRouteFromRDC, createRoute, GenerateRouteName), 404 failures resolved, existing deployments healed on rebuild, and consistent validator behavior implemented.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing HTTP method case normalization: translator modifications, route naming, validator acceptance logic, and comprehensive test coverage (unit and integration tests) address only the linked issue objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies"

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mehara-rothila]

@coderabbitai full review

[coderabbitai]

✅ Action performed

Full review finished.

[mehara-rothila]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[mehara-rothila]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

gateway/it/features/http-method-case.feature (1)

88-118: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Scenario intent and assertions are incomplete for dual-method routing.

This scenario defines both get and Post on the same path, but only validates GET. Add a POST request assertion so the test fully validates the stated behavior.

Suggested patch

   Scenario: Two methods on one path, mixed case, each routes
@@
     When I clear all headers
     And I set request host to "method-case.local"
     And I send a GET request to "http://localhost:8080/method-multi/v1.0/resource"
     Then the response should be successful
     And the JSON response field "path" should be "/resource"
+
+    When I clear all headers
+    And I set request host to "method-case.local"
+    And I send a POST request to "http://localhost:8080/method-multi/v1.0/resource"
+    Then the response should be successful
+    And the JSON response field "path" should be "/resource"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@gateway/it/features/http-method-case.feature` around lines 88 - 118, The
scenario "Two methods on one path, mixed case, each routes" defines two
operations (get and Post) on the same path but only validates the GET request
behavior. Add a POST request test after the existing GET request assertions to
complete the test coverage. The new test should send a POST request to the same
endpoint "http://localhost:8080/method-multi/v1.0/resource" with the same host
header, assert that the response is successful, and verify that the JSON
response field "path" matches "/resource", mirroring the validation structure
used for the GET request.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@gateway/it/features/http-method-case.feature`:
- Around line 88-118: The scenario "Two methods on one path, mixed case, each
routes" defines two operations (get and Post) on the same path but only
validates the GET request behavior. Add a POST request test after the existing
GET request assertions to complete the test coverage. The new test should send a
POST request to the same endpoint
"http://localhost:8080/method-multi/v1.0/resource" with the same host header,
assert that the response is successful, and verify that the JSON response field
"path" matches "/resource", mirroring the validation structure used for the GET
request.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4771dd88-27f7-47c2-a869-849a03c2bbda

📥 Commits

Reviewing files that changed from the base of the PR and between a47d1c8 and f4ef624.

📒 Files selected for processing (2)

• gateway/gateway-controller/pkg/xds/translator.go
• gateway/it/features/http-method-case.feature

[mehara-rothila]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[mehara-rothila]

@coderabbitai does uppercasing the method only in the translator cover every route path, or could a method still reach Envoy un-normalized (policies, request transformation, route name)?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read the full translator file
cat gateway/gateway-controller/pkg/xds/translator.go

Length of output: 106005

---

🏁 Script executed:

#!/bin/bash
# Search for any other places in the codebase where HTTP methods are used for Envoy route/header matching
rg -n --type go 'method\b' gateway/gateway-controller/pkg/xds/ -C 3

Length of output: 20115

---

🏁 Script executed:

#!/bin/bash
# Check if there are policy-related or request-transformation files that use HTTP methods
rg -rn --type go '\.Method\b' gateway/gateway-controller/pkg/ -C 3

Length of output: 44706

---

🏁 Script executed:

#!/bin/bash
# Find all route name generation patterns
rg -rn --type go 'routeName\|route_name\|RouteName' gateway/gateway-controller/pkg/xds/ -C 3

Length of output: 389

---

🏁 Script executed:

#!/bin/bash
# Check if policies or interceptors also use the HTTP method for matching
rg -rn --type go 'method.*header\|header.*method\|:method\|HeaderMatcher' gateway/gateway-controller/pkg/ -C 4

Length of output: 439

---

---

@mehara-rothila Good question. The two translator entry points (createRoute and createRouteFromRDC) correctly normalize the :method matcher, but there are two places where a lowercase method can still leak through:

---

1. Policy engine route key mismatch (legacy path)

In createRoute (legacy REST path), method is uppercased before GenerateRouteName is called:

// translator.go – createRoute
method = strings.ToUpper(method)         // ← normalized
routeName := GenerateRouteName(method, context, "", path, vhost)  // e.g. "GET|/path|vhost"

But in the policy builder the method is not uppercased:

// policy/builder.go
RouteKey: xds.GenerateRouteName(string(op.Method), apiData.Context, apiData.Version, op.Path, vhost),
//                              ^^^^^^^^^^^^^^^^^ original case, e.g. "get"

For a lowercase-method API on the legacy path, Envoy's route name is "GET|/path|vhost" but the policy engine's chain key is "get|/path|vhost" — they don't match, so the policy chain is never applied to that route.

---

2. Envoy route name retains original case (transformer path)

In the transformer path, transform/restapi.go builds the map key (which becomes r.Name) without uppercasing:

// transform/restapi.go
routeKey := xds.GenerateRouteName(string(op.Method), ...)   // e.g. "get|/path|vhost"
rdc.Routes[routeKey] = &models.Route{Method: string(op.Method), ...}

createRouteFromRDC then uses routeKey verbatim as r.Name. The :method matcher is normalized (this PR's fix), but the Envoy route name string keeps the original lowercase. The policy builder also uses string(op.Method) here, so keys are consistent between the two — but they're both lowercase. Any diagnostic tooling or future code that expects METHOD|PATH|VHOST with an uppercase method in the name will be surprised.

---

Summary table

Location	:method matcher	Route name / policy key
createRoute (legacy)	✅ uppercased by this PR	✅ uppercased (but policy builder is not → mismatch)
createRouteFromRDC (transformer)	✅ uppercased by this PR	⚠️ original case from restapi.go key
policy/builder.go	n/a	⚠️ original case, not normalized

The recommended fix is to uppercase in the two missing spots:

// transform/restapi.go
routeKey := xds.GenerateRouteName(strings.ToUpper(string(op.Method)), ...)
rdc.Routes[routeKey] = &models.Route{Method: strings.ToUpper(string(op.Method)), ...}

// policy/builder.go
RouteKey: xds.GenerateRouteName(strings.ToUpper(string(op.Method)), apiData.Context, apiData.Version, op.Path, vhost),

Or, normalize once in GenerateRouteName itself so all callers get consistent behavior by default.

[mehara-rothila]

@coderabbitai good catch. Addressed by normalizing the method inside GenerateRouteName, the single function that builds both the Envoy route name and the policy-engine key (per its own doc comment). Route names and policy keys are now uppercased consistently with the :method matcher across all paths (createRoute, the RDC transform path, and policy/builder.go), so the policy chain binds for lowercase/mixed-case methods too. Added TestGenerateRouteName_UppercasesMethod. Fixed in 53e9692.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify GenerateRouteName implementation
ast-grep --pattern 'func GenerateRouteName($$$) $_ {
  $$$
}'

# Also check for the test
rg -n "TestGenerateRouteName_UppercasesMethod" --type go -C 5

Length of output: 1250

---

🏁 Script executed:

#!/bin/bash
rg -n "GenerateRouteName" gateway/gateway-controller/pkg/xds/ -C 5

Length of output: 7388

---

---

@mehara-rothila Confirmed. GenerateRouteName now uppercases the method before building the key (Line 154), so all callers — createRoute, createRouteFromRDC, createRoutePerTopic, and policy/builder.go — produce consistent uppercase route names and policy keys automatically. TestGenerateRouteName_UppercasesMethod covers lowercase, mixed-case, and already-uppercase inputs. The fix is complete.

---

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!

[mehara-rothila]

@coderabbitai please do a full review of the latest commits and tell us whether the HTTP method normalization fix is now complete, or if anything else is still needed. Specifically check: the :method matcher, route names and policy keys (GenerateRouteName), request transformation, and whether the unit + integration tests are sufficient.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read the GenerateRouteName function and surrounding context
rg -n "GenerateRouteName" gateway/gateway-controller/pkg/xds/ --type go -C 8

# Read the test for GenerateRouteName
rg -n "TestGenerateRouteName" gateway/gateway-controller/pkg/xds/ --type go -A 30

Length of output: 16025

---

🏁 Script executed:

#!/bin/bash
# Read the createRouteFromRDC and createRoute functions (method-related parts)
rg -n "strings.ToUpper\|ToUpper\|\.Method\b" gateway/gateway-controller/pkg/xds/translator.go -C 5

Length of output: 432

---

🏁 Script executed:

#!/bin/bash
# Check policy builder for method usage
rg -n "GenerateRouteName\|\.Method\b\|op\.Method\|strings\.ToUpper" gateway/gateway-controller/pkg/policy/ --type go -C 5

# Check transform/restapi.go for method usage
rg -n "GenerateRouteName\|\.Method\b\|op\.Method\|strings\.ToUpper" gateway/gateway-controller/pkg/transform/ --type go -C 5

Length of output: 588

---

🏁 Script executed:

#!/bin/bash
# Read the integration test feature file
cat gateway/it/features/http-method-case.feature

# Check if there are any other places that build :method headers directly
rg -n '":method"\|header.*[Mm]ethod\|[Mm]ethod.*header' gateway/gateway-controller/ --type go -C 4

Length of output: 4989

---

🏁 Script executed:

#!/bin/bash
# Check the :method matcher construction in createRoute and createRouteFromRDC
grep -n "method\|:method\|ToUpper" gateway/gateway-controller/pkg/xds/translator.go | head -80

Length of output: 1481

---

🏁 Script executed:

#!/bin/bash
# Check policy builder
find gateway/gateway-controller/pkg/policy -name "*.go" | xargs grep -n "GenerateRouteName\|Method\|ToUpper" 2>/dev/null | head -60

# Check transform
find gateway/gateway-controller/pkg/transform -name "*.go" | xargs grep -n "GenerateRouteName\|Method\|ToUpper" 2>/dev/null | head -60

Length of output: 2064

---

🏁 Script executed:

#!/bin/bash
# Look at createRoutePerTopic :method matcher - does it normalize the method value in the header matcher?
sed -n '1927,1970p' gateway/gateway-controller/pkg/xds/translator.go

# Also look at createRouteFromRDC method handling
grep -n "rdcRoute.Method\|strings.ToUpper\|:method" gateway/gateway-controller/pkg/xds/translator.go

Length of output: 2125

---

---

@mehara-rothila Here is the full assessment across each area you asked about.

---

:method matcher

Both REST route builders normalize before the Envoy header matcher is written:

• createRouteFromRDC — Line 223–224: method := strings.ToUpper(rdcRoute.Method) → used at Line 299 for the :method exact match. ✅
• createRoute — Line 1745–1746: method = strings.ToUpper(method) → used at Line 1850. ✅
• createRoutePerTopic — hardcodes Exact: "POST" at Line 1934, which is correct for async/WebSocket topics (always a POST upgrade). Not a case-sensitivity concern.

---

Route names and policy keys (GenerateRouteName)

GenerateRouteName (Line 154) now uppercases the method once, at the canonical source:

• transform/restapi.go Line 162 calls xds.GenerateRouteName(string(op.Method), ...) → route map key is uppercase. ✅
• policy/builder.go Line 194 calls xds.GenerateRouteName(string(op.Method), ...) → policy chain key is uppercase. ✅
• Both keys are derived from the same function, so they are guaranteed to match.

---

Request transformation (transform/restapi.go)

One minor cosmetic inconsistency remains: transform/restapi.go Line 166 stores the original-case string into the RDC Route.Method field:

Method: string(op.Method),  // e.g. "get" or "gEt" — original case retained

This does not affect Envoy config because createRouteFromRDC re-uppercases via strings.ToUpper(rdcRoute.Method) at read time. However, any logging, diagnostics, or future code that reads rdcRoute.Method directly (outside the translator) will see the original case. Consider normalizing here too:

Method: strings.ToUpper(string(op.Method)),

This is a low-priority cleanup, not a routing correctness issue.

---

Unit tests

Test	Coverage
TestGenerateRouteName_UppercasesMethod (translator_test.go)	lowercase, mixed-case, already-uppercase inputs → ✅
:method matcher assertion (translator_test.go Line 779)	verifies Envoy header matcher value is uppercase → ✅
TestGenerateRouteName (xds_test.go)	only uppercase inputs; not a gap since translator_test.go covers the normalization cases

---

Integration tests

Three scenarios in http-method-case.feature cover:

1. Lowercase get → routes via GET. ✅
2. Mixed-case gEt → routes via GET. ✅
3. Two operations on the same path with get and Post → both route independently. ✅

One scenario to consider adding: verify that an operation-level policy bound to a lowercase-method operation is applied correctly (i.e., the policy chain actually fires), since the previous gap was specifically a policy key mismatch. This would catch any regression at the policy binding layer.

---

Summary

The fix is functionally complete. The :method matcher, route names, and policy keys are all consistently uppercase. The only remaining item is:

1. Minor: Normalize Method in transform/restapi.go Line 166 to avoid storing original-case strings in the RDC model.
2. Optional: Add an integration test scenario that exercises a policy attached to a lowercase-method operation to confirm the policy chain binds correctly end-to-end.

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

[coderabbitai]

🧹 Nitpick comments (1)

gateway/gateway-controller/pkg/xds/translator_test.go (1)

741-803: ⚡ Quick win

Consider adding test coverage for createRoute method normalization.

The tests verify method uppercasing in createRouteFromRDC (line 741) and GenerateRouteName (line 785). According to the PR objectives, createRoute also normalizes the method when building the :method matcher, but no test explicitly verifies this behavior. Adding a test case that calls createRoute with a lowercase method and asserts the :method matcher is uppercased would ensure both translation paths are covered.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@gateway/gateway-controller/pkg/xds/translator_test.go` around lines 741 -
803, Add a new test function to verify that the createRoute method normalizes
HTTP methods to uppercase in the :method matcher, similar to the existing
TestTranslator_NormalizesMethodCase test but specifically targeting the
createRoute method instead of createRouteFromRDC. The test should call
createRoute with various lowercase and mixed-case method values (like "get",
"pOsT", etc.) and assert that the resulting route's :method matcher header
contains the uppercased method name (GET, POST, etc.), ensuring both translation
paths for method normalization are covered by explicit test cases.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@gateway/gateway-controller/pkg/xds/translator_test.go`:
- Around line 741-803: Add a new test function to verify that the createRoute
method normalizes HTTP methods to uppercase in the :method matcher, similar to
the existing TestTranslator_NormalizesMethodCase test but specifically targeting
the createRoute method instead of createRouteFromRDC. The test should call
createRoute with various lowercase and mixed-case method values (like "get",
"pOsT", etc.) and assert that the resulting route's :method matcher header
contains the uppercased method name (GET, POST, etc.), ensuring both translation
paths for method normalization are covered by explicit test cases.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 69470b0d-8daa-406f-8260-613756a5afaf

📥 Commits

Reviewing files that changed from the base of the PR and between f4ef624 and 6594fba.

📒 Files selected for processing (5)

• gateway/gateway-controller/pkg/config/api_validator_test.go
• gateway/gateway-controller/pkg/xds/translator.go
• gateway/gateway-controller/pkg/xds/translator_test.go
• gateway/it/features/http-method-case.feature
• gateway/it/suite_test.go

✅ Files skipped from review due to trivial changes (1)

• gateway/it/suite_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

• gateway/it/features/http-method-case.feature
• gateway/gateway-controller/pkg/xds/translator.go