Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update header matcher to use v3 string_match api #5648

Closed
wants to merge 1 commit into from
Closed

Update header matcher to use v3 string_match api #5648

wants to merge 1 commit into from

Conversation

jacob-delgado
Copy link

@jacob-delgado jacob-delgado commented Sep 9, 2022
edited
Loading

Fixes #5649

Envoy v3 api introduced the string_match api for HeaderMatcher. See envoyproxy/envoy#9694

The former api is deprecated, but has not been removed. Add support for it.

Due to a unit test setting up a proxyless XDS server I am not able to merge in istio/istio#40886 as I get the following error.

2022-09-09T00:05:31.979790Z	info	[xds] [xds-server-listener 0xc001003c00] Received error for resource "xds.istio.io/grpc/lds/inbound/[::]:46069": network filters {[]} had invalid server side HTTP Filters {[name:"envoy.filters.http.rbac.DENY"  typed_config:{[type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC]:{rules:{action:DENY  policies:{key:"test-echo-rbac-mtls-0"  value:{permissions:{and_rules:{rules:{any:true}}}  principals:{and_ids:{ids:{or_ids:{ids:{header:{name:"echo"  string_match:{exact:"block"}}}}}}}}}}}} name:"envoy.filters.http.rbac"  typed_config:{[type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC]:{rules:{policies:{key:"test-echo-rbac-mtls-allow-0"  value:{permissions:{and_rules:{rules:{any:true}}}  principals:{and_ids:{ids:{or_ids:{ids:{header:{name:"echo"  string_match:{exact:"allow"}}}}}}}}}}}} name:"envoy.filters.http.router"  typed_config:{[type.googleapis.com/envoy.extensions.filters.http.router.v3.Router]:{}}]}: error parsing config for filter "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC": rbac: error constructing matching engine: unknown header matcher type, xDS client nodeID: sidecar~127.0.1.1~echo-rbac-mtls.test~test.svc.cluster.local

RELEASE NOTES:

  • Support the string_match api in HeaderMatcher for xds grpc.

@jacob-delgado
Update header matches to use v3
72e4144 
Envoy v3 api introduced the string_match api for HeaderMatcher.
See envoyproxy/envoy#9694

The former api is deprecated, but has not been removed. Add support for
it.
@linux-foundation-easycla
Copy link

CLA Not Signed

@jacob-delgado jacob-delgado mentioned this pull request Sep 9, 2022
Closed
@zasweq zasweq self-requested a review September 9, 2022 16:02
@easwars
Copy link
Contributor

easwars commented Sep 13, 2022

@jacob-delgado : Could you please sign the CLA before we start reviewing the PR. Thanks.

@easwars easwars added the Type: Feature New features or improvements in behavior label Sep 13, 2022
@easwars easwars added this to the 1.50 Release milestone Sep 13, 2022
@zasweq
Copy link
Contributor

zasweq commented Sep 20, 2022

Hello, thank you so much for the PR :D. This is something we want, however we want a gRFC first to officially document this so it can be kept consistent across different gRPC languages. Until then, I will go ahead and close this, and when the gRFC comes out, we can go ahead and review this.

@zasweq zasweq closed this Sep 20, 2022
@jacob-delgado jacob-delgado deleted the update-envoy-match-api branch September 29, 2022 15:56
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zasweq zasweq Awaiting requested review from zasweq

Assignees

@zasweq zasweq

Labels
Type: Feature New features or improvements in behavior
Projects
None yet
Milestone
1.50 Release
Development

Successfully merging this pull request may close these issues.

Support XDS HeaderMatcher string_match api (v3)
3 participants
@jacob-delgado @easwars @zasweq