envoyproxy
Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher'
I tried to use an IPMatche cutomMatch within the RBAC filter for the IP allow/deny list, but got the following warning:
Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher'
[2024-05-16 16:53:17.258][1][warning][config] [source/extensions/config_subscription/grpc/grpc_subscription_impl.cc:138] gRPC config for type.googleapis.com/envoy.config.route.v3.RouteConfiguration rejected: Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher'
The RouteConfiguration used:
virtualHosts:
- domains:
- www.example.com
name: envoy-gateway/gateway-1/http/www_example_com
routes:
- match:
pathSeparatedPrefix: /bar
name: httproute/default/httproute-2/rule/0/match/0/www_example_com
route:
cluster: httproute/default/httproute-2/rule/0
upgradeConfigs:
- upgradeType: websocket
typedPerFilterConfig:
envoy.filters.http.rbac:
'@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute
rbac:
matcher:
matcherList:
matchers:
- onMatch:
action:
name: action
typedConfig:
'@type': type.googleapis.com/envoy.config.rbac.v3.Action
name: ALLOW
predicate:
singlePredicate:
customMatch:
name: ip-matcher
typedConfig:
'@type': type.googleapis.com/xds.type.matcher.v3.IPMatcher
rangeMatchers:
- onMatch:
action:
name: allow
typedConfig:
'@type': type.googleapis.com/envoy.config.rbac.v3.Action
name: ALLOW
ranges:
- addressPrefix: 10.0.1.0/24
prefixLen: 24
- addressPrefix: 10.0.2.0/24
prefixLen: 24
input:
name: source-ip
typedConfig:
'@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceIPInput
onNoMatch:
action:
name: default
typedConfig:
'@type': type.googleapis.com/envoy.config.rbac.v3.Action
action: DENY
name: DENY
Do I need to turn on some options to enable the 'xds.type.matcher.v3.IPMatcher' ?
Thanks.
I figured out: IPMatcher can only be used within a matcherTree. Is there any way I can match an IP range within a matcherList?
Maybe extensions.matching.input_matchers.ip.v3.Ip would be usable here?
@aguinet ? (Also question about whether we should be consolidating IPMatchers into a common proto.)
I've just seen this now. I see this ticket has been closed: what's the conclusion?
I guess the closing was because extensions.matching.input_matchers.ip.v3.Ip solved for the original problem.
My bonus question about whether xds IPMatcher and envoy matchers.ip.v3.Ip should be consolidated remains open but isn't bothering anyone right now.
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.