diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go index d8252d7cabc90..c42305cda0229 100644 --- a/agent/xds/rbac.go +++ b/agent/xds/rbac.go @@ -1106,10 +1106,8 @@ func parseXFCCToDynamicMetaHTTPFilter() (*envoy_http_v3.HttpFilter, error) { Key: f.name, RegexValueRewrite: &envoy_matcher_v3.RegexMatchAndSubstitute{ Pattern: &envoy_matcher_v3.RegexMatcher{ - Regex: downstreamServiceIdentityMatcher, - EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{ - GoogleRe2: &envoy_matcher_v3.RegexMatcher_GoogleRE2{}, - }, + Regex: downstreamServiceIdentityMatcher, + EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{}, }, Substitution: f.sub, }, @@ -1310,8 +1308,12 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss eh := &envoy_route_v3.HeaderMatcher{ Name: ":method", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ - SafeRegexMatch: response.MakeEnvoyRegexMatch(methodHeaderRegex), + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: response.MakeEnvoyRegexMatch(methodHeaderRegex), + }, + }, }, } diff --git a/agent/xds/response/response.go b/agent/xds/response/response.go index 91ce6d7397386..ff585a1af916d 100644 --- a/agent/xds/response/response.go +++ b/agent/xds/response/response.go @@ -75,9 +75,7 @@ func MakeBoolValue(n bool) *wrapperspb.BoolValue { func MakeEnvoyRegexMatch(patt string) *envoy_matcher_v3.RegexMatcher { return &envoy_matcher_v3.RegexMatcher{ - EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{ - GoogleRe2: &envoy_matcher_v3.RegexMatcher_GoogleRE2{}, - }, - Regex: patt, + EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{}, + Regex: patt, } } diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 3cc3ec351080c..dfc5bc474e8dc 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -926,8 +926,12 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en eh := &envoy_route_v3.HeaderMatcher{ Name: ":method", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ - SafeRegexMatch: response.MakeEnvoyRegexMatch(methodHeaderRegex), + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: response.MakeEnvoyRegexMatch(methodHeaderRegex), + }, + }, }, } diff --git a/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden index c2e9504c390c0..a664243a610f6 100644 --- a/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden @@ -48,9 +48,11 @@ { "header": { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|HEAD|OPTIONS" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" + } } } } @@ -191,9 +193,11 @@ { "header": { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|HEAD|OPTIONS" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" + } } } } diff --git a/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden index e745e5278f366..572133ed46c0d 100644 --- a/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden @@ -47,9 +47,11 @@ { "header": { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|HEAD|OPTIONS" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" + } } } } @@ -190,9 +192,11 @@ { "header": { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|HEAD|OPTIONS" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" + } } } } diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden index 958709e3477e8..d5fc09a78fabf 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden @@ -140,9 +140,11 @@ "headers": [ { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], @@ -163,9 +165,11 @@ }, { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden index 2a55ed3395002..59007cb9eedc3 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden @@ -179,9 +179,11 @@ "headers": [ { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], @@ -202,9 +204,11 @@ }, { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden index dac7fbcf0f281..adb5eb91cfac5 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden @@ -141,9 +141,11 @@ "headers": [ { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], @@ -164,9 +166,11 @@ }, { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], diff --git a/agent/xds/testdata/routes/xds-fetch-timeout-ms-ingress-with-router.latest.golden b/agent/xds/testdata/routes/xds-fetch-timeout-ms-ingress-with-router.latest.golden index dac7fbcf0f281..adb5eb91cfac5 100644 --- a/agent/xds/testdata/routes/xds-fetch-timeout-ms-ingress-with-router.latest.golden +++ b/agent/xds/testdata/routes/xds-fetch-timeout-ms-ingress-with-router.latest.golden @@ -141,9 +141,11 @@ "headers": [ { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], @@ -164,9 +166,11 @@ }, { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], diff --git a/agent/xds/testdata/routes/xds-fetch-timeout-ms-sidecar.latest.golden b/agent/xds/testdata/routes/xds-fetch-timeout-ms-sidecar.latest.golden index 958709e3477e8..d5fc09a78fabf 100644 --- a/agent/xds/testdata/routes/xds-fetch-timeout-ms-sidecar.latest.golden +++ b/agent/xds/testdata/routes/xds-fetch-timeout-ms-sidecar.latest.golden @@ -140,9 +140,11 @@ "headers": [ { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], @@ -163,9 +165,11 @@ }, { "name": ":method", - "safeRegexMatch": { - "googleRe2": {}, - "regex": "GET|PUT" + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "GET|PUT" + } } } ], diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go index 073b89d22ca87..f1896e5e80650 100644 --- a/agent/xdsv2/route_resources.go +++ b/agent/xdsv2/route_resources.go @@ -111,8 +111,12 @@ func makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteMatch *pbproxystate.Rout eh := &envoy_route_v3.HeaderMatcher{ Name: ":method", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ - SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex), + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: response.MakeEnvoyRegexMatch(methodHeaderRegex), + }, + }, }, }