Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher' #34210

Open
zhaohuabing opened this issue May 16, 2024 · 5 comments
Open

Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher' #34210

zhaohuabing opened this issue May 16, 2024 · 5 comments
Labels
area/matching question Questions that are neither investigations, bugs, nor enhancements

Comments

@zhaohuabing
Copy link
Member

zhaohuabing commented May 16, 2024
edited

I tried to use an IPMatche cutomMatch within the RBAC filter for the IP allow/deny list, but got the following warning:

Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher'

[2024-05-16 16:53:17.258][1][warning][config] [source/extensions/config_subscription/grpc/grpc_subscription_impl.cc:138] gRPC config for type.googleapis.com/envoy.config.route.v3.RouteConfiguration rejected: Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher'

The RouteConfiguration used:

  virtualHosts:
  - domains:
    - www.example.com
    name: envoy-gateway/gateway-1/http/www_example_com
    routes:
    - match:
        pathSeparatedPrefix: /bar
      name: httproute/default/httproute-2/rule/0/match/0/www_example_com
      route:
        cluster: httproute/default/httproute-2/rule/0
        upgradeConfigs:
        - upgradeType: websocket
      typedPerFilterConfig:
        envoy.filters.http.rbac:
          '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute
          rbac:
            matcher:
              matcherList:
                matchers:
                - onMatch:
                    action:
                      name: action
                      typedConfig:
                        '@type': type.googleapis.com/envoy.config.rbac.v3.Action
                        name: ALLOW
                  predicate:
                    singlePredicate:
                      customMatch:
                        name: ip-matcher
                        typedConfig:
                          '@type': type.googleapis.com/xds.type.matcher.v3.IPMatcher
                          rangeMatchers:
                          - onMatch:
                              action:
                                name: allow
                                typedConfig:
                                  '@type': type.googleapis.com/envoy.config.rbac.v3.Action
                                  name: ALLOW
                            ranges:
                            - addressPrefix: 10.0.1.0/24
                              prefixLen: 24
                            - addressPrefix: 10.0.2.0/24
                              prefixLen: 24
                      input:
                        name: source-ip
                        typedConfig:
                          '@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceIPInput
              onNoMatch:
                action:
                  name: default
                  typedConfig:
                    '@type': type.googleapis.com/envoy.config.rbac.v3.Action
                    action: DENY
                    name: DENY

Do I need to turn on some options to enable the 'xds.type.matcher.v3.IPMatcher' ?

Thanks.
@zhaohuabing zhaohuabing added bug triage Issue requires triage labels May 16, 2024
@zhaohuabing
Copy link
Member Author

zhaohuabing commented May 16, 2024
edited

I figured out: IPMatcher can only be used within a matcherTree. Is there any way I can match an IP range within a matcherList?

@ravenblackx
Copy link
Contributor

Maybe extensions.matching.input_matchers.ip.v3.Ip would be usable here?

@aguinet ? (Also question about whether we should be consolidating IPMatchers into a common proto.)

@ravenblackx ravenblackx added question Questions that are neither investigations, bugs, nor enhancements area/matching and removed bug triage Issue requires triage labels May 16, 2024
@aguinet
Copy link
Contributor

aguinet commented May 20, 2024

I've just seen this now. I see this ticket has been closed: what's the conclusion?

@ravenblackx
Copy link
Contributor

I guess the closing was because extensions.matching.input_matchers.ip.v3.Ip solved for the original problem.

My bonus question about whether xds IPMatcher and envoy matchers.ip.v3.Ip should be consolidated remains open but isn't bothering anyone right now.

@zhaohuabing zhaohuabing reopened this May 21, 2024
@zhaohuabing
Copy link
Member Author

@ravenblackx reopened this one to track it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/matching question Questions that are neither investigations, bugs, nor enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zhaohuabing @aguinet @ravenblackx