From fbdb857b671e911b625f2523f939df35b06bf685 Mon Sep 17 00:00:00 2001 From: Antonio Date: Thu, 19 Mar 2026 14:11:47 +0100 Subject: [PATCH] networking: add pathTemplate match type to StringMatch Add a new pathTemplate oneof variant to StringMatch to support URI template path matching in VirtualService HTTPMatchRequest. This uses {*} to match a single path segment and {**} to match one or more segments, backed by Envoy's UriTemplateMatchConfig extension. This is consistent with the existing path template support in AuthorizationPolicy (issue #47306). Closes #59533 Signed-off-by: Antonio --- kubernetes/customresourcedefinitions.gen.yaml | 216 ++++++++++++++++++ networking/v1/virtual_service_alias.gen.go | 11 + networking/v1alpha3/virtual_service.pb.go | 31 ++- networking/v1alpha3/virtual_service.pb.html | 15 ++ networking/v1alpha3/virtual_service.proto | 11 + .../v1beta1/virtual_service_alias.gen.go | 11 + 6 files changed, 293 insertions(+), 2 deletions(-) diff --git a/kubernetes/customresourcedefinitions.gen.yaml b/kubernetes/customresourcedefinitions.gen.yaml index dada168ca4..f8f00edc55 100644 --- a/kubernetes/customresourcedefinitions.gen.yaml +++ b/kubernetes/customresourcedefinitions.gen.yaml @@ -10631,15 +10631,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -10854,15 +10863,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -10886,15 +10904,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -10922,15 +10949,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -10957,15 +10993,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -10988,15 +11033,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -11032,15 +11086,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -11058,15 +11121,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -11683,15 +11755,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -11906,15 +11987,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -11938,15 +12028,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -11974,15 +12073,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -12009,15 +12117,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -12040,15 +12157,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -12084,15 +12210,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -12110,15 +12245,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -12735,15 +12879,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -12958,15 +13111,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -12990,15 +13152,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -13026,15 +13197,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -13061,15 +13241,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: @@ -13092,15 +13281,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -13136,15 +13334,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` (matches + one path segment) and `{**}` (matches one or more + path segments) operators. + type: string prefix: type: string regex: @@ -13162,15 +13369,24 @@ spec: - prefix - required: - regex + - required: + - pathTemplate - required: - exact - required: - prefix - required: - regex + - required: + - pathTemplate properties: exact: type: string + pathTemplate: + description: URI template path match using `{*}` + (matches one path segment) and `{**}` (matches + one or more path segments) operators. + type: string prefix: type: string regex: diff --git a/networking/v1/virtual_service_alias.gen.go b/networking/v1/virtual_service_alias.gen.go index 2ce6d25923..8da7c2206e 100644 --- a/networking/v1/virtual_service_alias.gen.go +++ b/networking/v1/virtual_service_alias.gen.go @@ -673,6 +673,17 @@ type StringMatch_Prefix = v1alpha3.StringMatch_Prefix // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. type StringMatch_Regex = v1alpha3.StringMatch_Regex +// URI template path match using `{*}` (matches one path segment) and `{**}` (matches one or more +// path segments) operators. This leverages Envoy's +// [UriTemplateMatchConfig](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/path/match/uri_template/v3/uri_template_match.proto) +// and is more readable and performant than equivalent regex patterns. +// +// Example: `/users/{*}/orders/{**}` matches `/users/alice/orders` and `/users/alice/orders/123/items`. +// +// Note: `{**}` must be the last operator in the path template. Only valid for `uri` matches +// in HTTPMatchRequest. +type StringMatch_PathTemplate = v1alpha3.StringMatch_PathTemplate + // Describes the retry policy to use when a HTTP request fails. For // example, the following rule sets the maximum number of retries to 3 when // calling ratings:v1 service, with a 2s timeout per retry attempt. diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go index d4db2ab0c6..a63ba75474 100644 --- a/networking/v1alpha3/virtual_service.pb.go +++ b/networking/v1alpha3/virtual_service.pb.go @@ -2539,6 +2539,7 @@ type StringMatch struct { // *StringMatch_Exact // *StringMatch_Prefix // *StringMatch_Regex + // *StringMatch_PathTemplate MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -2608,6 +2609,15 @@ func (x *StringMatch) GetRegex() string { return "" } +func (x *StringMatch) GetPathTemplate() string { + if x != nil { + if x, ok := x.MatchType.(*StringMatch_PathTemplate); ok { + return x.PathTemplate + } + } + return "" +} + type isStringMatch_MatchType interface { isStringMatch_MatchType() } @@ -2629,12 +2639,27 @@ type StringMatch_Regex struct { Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"` } +type StringMatch_PathTemplate struct { + // URI template path match using `{*}` (matches one path segment) and `{**}` (matches one or more + // path segments) operators. This leverages Envoy's + // [UriTemplateMatchConfig](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/path/match/uri_template/v3/uri_template_match.proto) + // and is more readable and performant than equivalent regex patterns. + // + // Example: `/users/{*}/orders/{**}` matches `/users/alice/orders` and `/users/alice/orders/123/items`. + // + // Note: `{**}` must be the last operator in the path template. Only valid for `uri` matches + // in HTTPMatchRequest. + PathTemplate string `protobuf:"bytes,4,opt,name=path_template,json=pathTemplate,proto3,oneof"` +} + func (*StringMatch_Exact) isStringMatch_MatchType() {} func (*StringMatch_Prefix) isStringMatch_MatchType() {} func (*StringMatch_Regex) isStringMatch_MatchType() {} +func (*StringMatch_PathTemplate) isStringMatch_MatchType() {} + // Describes the retry policy to use when a HTTP request fails. For // example, the following rule sets the maximum number of retries to 3 when // calling ratings:v1 service, with a 2s timeout per retry attempt. @@ -3648,11 +3673,12 @@ const file_networking_v1alpha3_virtual_service_proto_rawDesc = "" + "\x11uri_regex_rewrite\x18\x03 \x01(\v2'.istio.networking.v1alpha3.RegexRewriteR\x0furiRegexRewrite\">\n" + "\fRegexRewrite\x12\x14\n" + "\x05match\x18\x01 \x01(\tR\x05match\x12\x18\n" + - "\arewrite\x18\x02 \x01(\tR\arewrite\"e\n" + + "\arewrite\x18\x02 \x01(\tR\arewrite\"\x8c\x01\n" + "\vStringMatch\x12\x16\n" + "\x05exact\x18\x01 \x01(\tH\x00R\x05exact\x12\x18\n" + "\x06prefix\x18\x02 \x01(\tH\x00R\x06prefix\x12\x16\n" + - "\x05regex\x18\x03 \x01(\tH\x00R\x05regexB\f\n" + + "\x05regex\x18\x03 \x01(\tH\x00R\x05regex\x12%\n" + + "\rpath_template\x18\x04 \x01(\tH\x00R\fpathTemplateB\f\n" + "\n" + "match_type\"\xe9\x02\n" + "\tHTTPRetry\x12\x1a\n" + @@ -3854,6 +3880,7 @@ func file_networking_v1alpha3_virtual_service_proto_init() { (*StringMatch_Exact)(nil), (*StringMatch_Prefix)(nil), (*StringMatch_Regex)(nil), + (*StringMatch_PathTemplate)(nil), } file_networking_v1alpha3_virtual_service_proto_msgTypes[33].OneofWrappers = []any{ (*HTTPFaultInjection_Delay_FixedDelay)(nil), diff --git a/networking/v1alpha3/virtual_service.pb.html b/networking/v1alpha3/virtual_service.pb.html index 637a497cc1..afef92f536 100644 --- a/networking/v1alpha3/virtual_service.pb.html +++ b/networking/v1alpha3/virtual_service.pb.html @@ -1880,6 +1880,21 @@

StringMatch

RE2 style regex-based match.

Example: (?i)^aaa$ can be used to case-insensitive match a string consisting of three a’s.

+ + + +
pathTemplate
+
string (oneof)
+
+ +

URI template path match using {*} (matches one path segment) and {**} (matches one or more +path segments) operators. This leverages Envoy’s +UriTemplateMatchConfig +and is more readable and performant than equivalent regex patterns.

+

Example: /users/{*}/orders/{**} matches /users/alice/orders and /users/alice/orders/123/items.

+

Note: {**} must be the last operator in the path template. Only valid for uri matches +in HTTPMatchRequest.

+ diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto index d81ad2d72c..5c628cbfb3 100644 --- a/networking/v1alpha3/virtual_service.proto +++ b/networking/v1alpha3/virtual_service.proto @@ -1270,6 +1270,17 @@ message StringMatch { // // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. string regex = 3; + + // URI template path match using `{*}` (matches one path segment) and `{**}` (matches one or more + // path segments) operators. This leverages Envoy's + // [UriTemplateMatchConfig](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/path/match/uri_template/v3/uri_template_match.proto) + // and is more readable and performant than equivalent regex patterns. + // + // Example: `/users/{*}/orders/{**}` matches `/users/alice/orders` and `/users/alice/orders/123/items`. + // + // Note: `{**}` must be the last operator in the path template. Only valid for `uri` matches + // in HTTPMatchRequest. + string path_template = 4; } } diff --git a/networking/v1beta1/virtual_service_alias.gen.go b/networking/v1beta1/virtual_service_alias.gen.go index 530098b3e5..08ae2eecc6 100644 --- a/networking/v1beta1/virtual_service_alias.gen.go +++ b/networking/v1beta1/virtual_service_alias.gen.go @@ -673,6 +673,17 @@ type StringMatch_Prefix = v1alpha3.StringMatch_Prefix // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. type StringMatch_Regex = v1alpha3.StringMatch_Regex +// URI template path match using `{*}` (matches one path segment) and `{**}` (matches one or more +// path segments) operators. This leverages Envoy's +// [UriTemplateMatchConfig](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/path/match/uri_template/v3/uri_template_match.proto) +// and is more readable and performant than equivalent regex patterns. +// +// Example: `/users/{*}/orders/{**}` matches `/users/alice/orders` and `/users/alice/orders/123/items`. +// +// Note: `{**}` must be the last operator in the path template. Only valid for `uri` matches +// in HTTPMatchRequest. +type StringMatch_PathTemplate = v1alpha3.StringMatch_PathTemplate + // Describes the retry policy to use when a HTTP request fails. For // example, the following rule sets the maximum number of retries to 3 when // calling ratings:v1 service, with a 2s timeout per retry attempt.