Update AuthenticationFilter proposal

[shaun-nx]

Proposed changes

This change updates the AuthenticationFilter proposal.

Changes made:

• Update API validation
• Removal of OnFailure configuration
• Add additional details on functional testing

Details related to AuthFailure are captured in the Stretch Goals section

Closes #4423

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.19%. Comparing base (89aee48) to head (0ca1e03).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4424      +/-   ##
==========================================
- Coverage   86.24%   86.19%   -0.05%     
==========================================
  Files         132      132              
  Lines       14566    14566              
  Branches       35       35              
==========================================
- Hits        12562    12555       -7     
- Misses       1791     1795       +4     
- Partials      213      216       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR updates the AuthenticationFilter proposal by refining the API design, removing the OnFailure configuration from the main spec, and enhancing documentation quality. The changes move AuthFailure customization to stretch goals while improving clarity throughout the proposal.

Key Changes:

• Removed OnFailure configuration from BasicAuth and JWTAuth specs, relocating it to stretch goals
• Enhanced functional testing section with detailed test case scenarios
• Fixed numerous spelling and grammatical errors throughout the document

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tataruty]

i see invalid functional tests for authentication as Authentication failed, and Authentication passed - for valid, means we get a response from the route behind auth filter.
Don't we do this full check in functional tests?

[sjberman]

With our other functional tests, we also verify that the nginx configuration is correct.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tataruty]

still cannot understand what is invalid AuthFilter. What do we expect as a result of test? Because i see it as invalid configuration, that to me should be a unit tests and not functional. And as mentioned before i expect here validation of passing/not passing auth while trying to get response

[shaun-nx]

The first line of this section says "This section covers deployment scenarios that are considered invalid"

So for the first test cases, we have a user deploying an HTTP/GRPCroute with a single route rule that is referencing an AuthenticationFilter that is invalid.

In this case, we don't care "how" the AuthenticationFilter that is invalid, we just case that it is invalid, and we are trying to use it. Does that make sense?

[shaun-nx]

The test cases should cover the expected outcomes for each one now. Let me know what you think.