xds/rbac: add additional handling for addresses with ports#8990
xds/rbac: add additional handling for addresses with ports#8990mbissa merged 2 commits intogrpc:masterfrom
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #8990 +/- ##
==========================================
- Coverage 83.42% 82.93% -0.49%
==========================================
Files 410 411 +1
Lines 32572 32941 +369
==========================================
+ Hits 27172 27319 +147
- Misses 4030 4209 +179
- Partials 1370 1413 +43
🚀 New features to boost your workflow:
|
| @@ -344,7 +345,15 @@ func newRemoteIPMatcher(cidrRange *v3corepb.CidrRange) (*remoteIPMatcher, error) | |||
| } | |||
|
|
|||
| func (sim *remoteIPMatcher) match(data *rpcData) bool { | |||
There was a problem hiding this comment.
How big of a change would it be to make match return a (bool, error) to enable callers to handle parsing errors?
There was a problem hiding this comment.
There are 11 implementations and each implementation has on an average of 4-5 references. This would need thorough testing and effort. I suggest we merge this and do that as a follow up.
There was a problem hiding this comment.
Sounds good, can you file a buganizer issue for this?
arjan-bal
left a comment
arjan-bal
left a comment
There was a problem hiding this comment.
Can you please update the unit tests to practice the more common case of IP:Port strings while keeping some coverage for the IP-only case?
| @@ -344,7 +345,15 @@ func newRemoteIPMatcher(cidrRange *v3corepb.CidrRange) (*remoteIPMatcher, error) | |||
| } | |||
|
|
|||
| func (sim *remoteIPMatcher) match(data *rpcData) bool { | |||
There was a problem hiding this comment.
Sounds good, can you file a buganizer issue for this?
done. |
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This PR enhances the rbac matcher to handle IP address string with a port attached. The fix introduces the `net.SplitHostPort` utility function, ensuring the port is properly stripped out of the underlying `peerInfo.Addr.String()` and `localAddr.String()` values before parsing them with `netip.ParseAddr`. A fallback mechanism is also included in case `SplitHostPort` fails due to a missing port. RELEASE NOTES: * xds/rbac: Add additional handling for addresses with ports
…9022) Original PR: #8990 Cherry pick commit [f1d1ce5](f1d1ce5) into v1.80.x This PR enhances the rbac matcher to handle IP address string with a port attached. The fix introduces the `net.SplitHostPort` utility function, ensuring the port is properly stripped out of the underlying `peerInfo.Addr.String()` and `localAddr.String()` values before parsing them with `netip.ParseAddr`. A fallback mechanism is also included in case `SplitHostPort` fails due to a missing port. RELEASE NOTES: * xds/rbac: Add additional handling for addresses with ports
2 participants
Fixes: #8913
This PR enhances the rbac matcher to handle IP address string with a port attached.
The fix introduces the
net.SplitHostPortutility function, ensuring the port is properly stripped out of the underlyingpeerInfo.Addr.String()andlocalAddr.String()values before parsing them withnetip.ParseAddr. A fallback mechanism is also included in caseSplitHostPortfails due to a missing port.RELEASE NOTES: