Skip to content
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions api/docs/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -65,5 +65,8 @@ proto_library(
"//envoy/service/metrics/v2:metrics_service",
"//envoy/type:percent",
"//envoy/type:range",
"//envoy/type/matchers:metadata",
"//envoy/type/matchers:number",
"//envoy/type/matchers:string",
],
)
4 changes: 2 additions & 2 deletions api/envoy/config/rbac/v2alpha/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ api_proto_library(
deps = [
"//envoy/api/v2/core:address",
"//envoy/api/v2/route",
"//envoy/type:string_match",
"//envoy/type/matchers:metadata",
],
)

Expand All @@ -19,6 +19,6 @@ api_go_proto_library(
deps = [
"//envoy/api/v2/core:address_go_proto",
"//envoy/api/v2/route:route_go_proto",
"//envoy/type:string_match_go_proto",
"//envoy/type/matchers:metadata_go_proto",
],
)
7 changes: 7 additions & 0 deletions api/envoy/config/rbac/v2alpha/rbac.proto
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ syntax = "proto3";
import "validate/validate.proto";
import "envoy/api/v2/core/address.proto";
import "envoy/api/v2/route/route.proto";
import "envoy/type/matchers/metadata.proto";

package envoy.config.rbac.v2alpha;
option go_package = "v2alpha";
Expand Down Expand Up @@ -111,6 +112,9 @@ message Permission {

// A port number that describes the destination port connecting to.
uint32 destination_port = 6 [(validate.rules).uint32.lte = 65535];

// A metadata that describes additional information about the action.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: s/A metadata/Metadata. Same below.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

envoy.type.matchers.MetadataMatcher metadata = 7;
}
}

Expand Down Expand Up @@ -150,5 +154,8 @@ message Principal {

// A header (or psuedo-header such as :path or :method) on the incoming HTTP request.
envoy.api.v2.route.HeaderMatcher header = 6;

// A metadata that describes additional information about the principal.
envoy.type.matchers.MetadataMatcher metadata = 7;
}
}
11 changes: 0 additions & 11 deletions api/envoy/type/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,3 @@ api_go_proto_library(
name = "range",
proto = ":range",
)

api_proto_library(
name = "string_match",
srcs = ["string_match.proto"],
visibility = ["//visibility:public"],
)

api_go_proto_library(
name = "string_match",
proto = ":string_match",
)
50 changes: 50 additions & 0 deletions api/envoy/type/matchers/BUILD
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
load("//bazel:api_build_system.bzl", "api_go_proto_library", "api_proto_library")

licenses(["notice"]) # Apache 2

api_proto_library(
name = "metadata",
srcs = ["metadata.proto"],
visibility = ["//visibility:public"],
deps = [
":number",
":string",
],
)

api_go_proto_library(
name = "metadata",
proto = ":metadata",
deps = [
":number_go_proto",
":string_go_proto",
],
)

api_proto_library(
name = "number",
srcs = ["number.proto"],
visibility = ["//visibility:public"],
deps = [
"//envoy/type:range",
],
)

api_go_proto_library(
name = "number",
proto = ":number",
deps = [
"//envoy/type:range_go_proto",
],
)

api_proto_library(
name = "string",
srcs = ["string.proto"],
visibility = ["//visibility:public"],
)

api_go_proto_library(
name = "string",
proto = ":string",
)
59 changes: 59 additions & 0 deletions api/envoy/type/matchers/metadata.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
syntax = "proto3";

package envoy.type.matchers;

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

envoy.type.matcher (no -s)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

option go_package = "matchers";

import "envoy/type/matchers/string.proto";
import "envoy/type/matchers/number.proto";

import "validate/validate.proto";

// [#protodoc-title: MetadataMatcher]

// MetadataMatcher provides a general interface to check if a given value is matched in
// :ref:`Metadata <envoy_api_msg_core.Metadata>`. It uses `filter` and `path` to retrieve the value
// from the Metadata and then check if it's matched to one of the specified values.
//
// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to
// enforce access control based on dynamic metadata in a request.
message MetadataMatcher {
// Specifies the value to match. Only primitive value is supported. For non-primitive value, the
// result is always not matched.
message Value {
// Specifies how to match a value. Only have effect on primitive value.
oneof match_pattern {
option (validate.required) = true;

// If specified, it's matched if and only if the target value is a NullValue and this field is

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the use case of setting null_match to false? (same for below)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not too much real use case, I make it a bool to simplify the Value design and also feel it's easier to set a bool field for the user.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

// also set to true.
bool null_match = 1;

// If specified, it's matched if and only if the target value is a double value and is matched
// to this field.
DoubleMatcher double_match = 2;

// If specified, it's matched if and only if the target value is a string value and is matched
// to this field.
StringMatcher string_match = 3;

// If specified, it's matched if and only if the target value is a bool value and is equal to
// this field.
bool bool_match = 4;

// If specified, value match will be performed based on whether the path is referring to a
// valid primitive value in the metadata. If the path is referring to a non-primitive value,
// the result is always not matched.
bool present_match = 7;

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: 5

}
}

// Required. The filter name to retrieve the Struct from the Metadata.
string filter = 1 [(validate.rules).string.min_bytes = 1];

// Required. The multi-key path to retrieve the Value from the Struct.
repeated string path = 2 [(validate.rules).repeated .min_items = 1];

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is unclear to me how this works for array, notes?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added comment, it's actually not supported and will just result a not match.


// Required. A set of values to match. The MetadataMatcher is matched if at least one value is
// matched, in other words, it's matched with OR semantics.
repeated Value values = 3 [(validate.rules).repeated .min_items = 1];
}
23 changes: 23 additions & 0 deletions api/envoy/type/matchers/number.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
syntax = "proto3";

package envoy.type.matchers;
option go_package = "matchers";

import "envoy/type/range.proto";

import "validate/validate.proto";

// [#protodoc-title: NumberMatcher]

// Specifies the way to match a double value.
message DoubleMatcher {
oneof match_pattern {
option (validate.required) = true;

// If specified, the input double value must be in the range specified here.
envoy.type.DoubleRange range = 1;

// If specified, the input double value must be equal to the value specified here.
double exact = 2;
}
}
49 changes: 49 additions & 0 deletions api/envoy/type/matchers/string.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
syntax = "proto3";

package envoy.type.matchers;
option go_package = "matchers";

import "validate/validate.proto";

// [#protodoc-title: StringMatcher]

// Specifies the way to match a string.
message StringMatcher {
oneof match_pattern {
option (validate.required) = true;

// The input string must match exactly the string specified here.
//
// Examples:
//
// * *abc* only matches the value *abc*.
string exact = 1;

// The input string must have the prefix specified here.
// Note: empty prefix is not allowed, please use regex instead.
//
// Examples:
//
// * *abc* matches the value *abc.xyz*
string prefix = 2 [(validate.rules).string.min_bytes = 1];

// The input string must have the suffix specified here.
// Note: empty prefix is not allowed, please use regex instead.
//
// Examples:
//
// * *abc* matches the value *xyz.abc*
string suffix = 3 [(validate.rules).string.min_bytes = 1];

// The input string must match the regular expression specified here.
// The regex grammar is defined `here
// <http://en.cppreference.com/w/cpp/regex/ecmascript>`_.
//
// Examples:
//
// * The regex *\d{3}* matches the value *123*
// * The regex *\d{3}* does not match the value *1234*
// * The regex *\d{3}* does not match the value *123.456*
string regex = 4;
}
}
10 changes: 10 additions & 0 deletions api/envoy/type/range.proto
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,13 @@ message Int64Range {
// end of the range (exclusive)
int64 end = 2;
}

// Specifies the double start and end of the range using half-open interval semantics [start,
// end).
message DoubleRange {
// start of the range (inclusive)
double start = 1;

// end of the range (exclusive)
double end = 2;
}
30 changes: 0 additions & 30 deletions api/envoy/type/string_match.proto

This file was deleted.

3 changes: 3 additions & 0 deletions docs/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,9 @@ PROTO_RST="
/envoy/service/auth/v2alpha/external_auth/envoy/service/auth/v2alpha/external_auth.proto.rst
/envoy/type/percent/envoy/type/percent.proto.rst
/envoy/type/range/envoy/type/range.proto.rst
/envoy/type/matchers/metadata/envoy/type/matchers/metadata.proto.rst
/envoy/type/matchers/number/envoy/type/matchers/number.proto.rst
/envoy/type/matchers/string/envoy/type/matchers/string.proto.rst
"

# Dump all the generated RST so they can be added to PROTO_RST easily.
Expand Down
3 changes: 3 additions & 0 deletions docs/root/api-v2/types/types.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@ Types

../type/percent.proto
../type/range.proto
../type/matchers/metadata.proto
../type/matchers/number.proto
../type/matchers/string.proto
14 changes: 14 additions & 0 deletions source/common/common/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,20 @@ envoy_cc_library(
hdrs = ["macros.h"],
)

envoy_cc_library(
name = "matchers_lib",
srcs = ["matchers.cc"],
hdrs = ["matchers.h"],
deps = [
":utility_lib",
"//source/common/config:metadata_lib",
"//source/common/protobuf",
"@envoy_api//envoy/type/matchers:metadata_cc",
"@envoy_api//envoy/type/matchers:number_cc",
"@envoy_api//envoy/type/matchers:string_cc",
],
)

envoy_cc_library(
name = "non_copyable",
hdrs = ["non_copyable.h"],
Expand Down
Loading