Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
3bcdf09
xds: Implementation of Unified Matcher and CEL Integration
shivaspeaks Feb 3, 2026
01c8509
add some unit tests to increase coverage
shivaspeaks Feb 3, 2026
0e9f362
add some more unit tests
shivaspeaks Feb 4, 2026
6be787a
add some more unit tests
shivaspeaks Feb 4, 2026
9267ee4
fix/add tests
shivaspeaks Feb 4, 2026
5b423ed
remove not required tests
shivaspeaks Feb 4, 2026
2f53a30
add tests
shivaspeaks Feb 4, 2026
5c433ce
add tests
shivaspeaks Feb 4, 2026
568bec1
add tests
shivaspeaks Feb 4, 2026
719b90c
add some tests
shivaspeaks Feb 5, 2026
6da8f60
Address comments
shivaspeaks Feb 16, 2026
4d6379d
remove dependency from dev.cel:cel
shivaspeaks Feb 18, 2026
a5f70b1
Refactor StringMatcher parsing logic
shivaspeaks Feb 25, 2026
91de9cd
address comments and create registries
shivaspeaks Feb 27, 2026
23a00d6
address comments
shivaspeaks Mar 2, 2026
f3042e2
add unit tests for exactMatchMap case
shivaspeaks Mar 4, 2026
2f68101
add unit tests
shivaspeaks Mar 4, 2026
0518230
Address Ashesh's comments
shivaspeaks Mar 30, 2026
3f7fc86
use switch in PredicateEvaluator
shivaspeaks Mar 30, 2026
7a6ca94
Address comments on CelStringExtractor
shivaspeaks Apr 20, 2026
5836446
all overloaded methods should be placed together
shivaspeaks Apr 20, 2026
f312c9c
Restore MatchContext and CelMatcherTestHelper additions for Unified M…
shivaspeaks Jun 8, 2026
0af8751
Remove cel.compiler dependency from interop-testing to fix CI
shivaspeaks Jun 9, 2026
d86e0aa
Cache Metadata.Key and BaseEncoding in HeaderMatchInput
shivaspeaks Jun 19, 2026
89b2617
review comments
shivaspeaks Jun 19, 2026
0bbc9e3
Address comments
shivaspeaks Jun 26, 2026
81065a9
rework addressing comments
shivaspeaks Jun 29, 2026
addcfea
resolve comments and add tests
shivaspeaks Jul 1, 2026
5e02211
address nits
shivaspeaks Jul 1, 2026
a31d8d2
add more uncovered branches in tests
shivaspeaks Jul 1, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 34 additions & 1 deletion xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
Original file line number Diff line number Diff line change
Expand Up @@ -90,14 +90,47 @@ public static Matchers.StringMatcher parseStringMatcher(
return Matchers.StringMatcher.forSafeRegEx(
Pattern.compile(proto.getSafeRegex().getRegex()));
case CONTAINS:
return Matchers.StringMatcher.forContains(proto.getContains());
return Matchers.StringMatcher.forContains(proto.getContains(), proto.getIgnoreCase());
case MATCHPATTERN_NOT_SET:
default:
throw new IllegalArgumentException(
"Unknown StringMatcher match pattern: " + proto.getMatchPatternCase());
}
}

/** Translate StringMatcher xDS proto to internal StringMatcher. */
public static Matchers.StringMatcher parseStringMatcher(
com.github.xds.type.matcher.v3.StringMatcher proto) {
Comment thread
shivaspeaks marked this conversation as resolved.
switch (proto.getMatchPatternCase()) {
case EXACT:
return Matchers.StringMatcher.forExact(proto.getExact(), proto.getIgnoreCase());
case PREFIX:
return Matchers.StringMatcher.forPrefix(
checkNonEmpty(proto.getPrefix(), "prefix"), proto.getIgnoreCase());
Comment thread
shivaspeaks marked this conversation as resolved.
case SUFFIX:
return Matchers.StringMatcher.forSuffix(
checkNonEmpty(proto.getSuffix(), "suffix"), proto.getIgnoreCase());
case SAFE_REGEX:
String regex = checkNonEmpty(proto.getSafeRegex().getRegex(), "regex");
return Matchers.StringMatcher.forSafeRegEx(Pattern.compile(regex));
case CONTAINS:
return Matchers.StringMatcher.forContains(
checkNonEmpty(proto.getContains(), "contains"), proto.getIgnoreCase());
case MATCHPATTERN_NOT_SET:
default:
Comment thread
shivaspeaks marked this conversation as resolved.
throw new IllegalArgumentException(
"Unknown StringMatcher match pattern: " + proto.getMatchPatternCase());
}
}

private static String checkNonEmpty(String value, String name) {
if (value.isEmpty()) {
throw new IllegalArgumentException("StringMatcher " + name
+ " (match_pattern) must be non-empty");
}
return value;
}

/** Translates envoy proto FractionalPercent to internal FractionMatcher. */
public static Matchers.FractionMatcher parseFractionMatcher(
io.envoyproxy.envoy.type.v3.FractionalPercent proto) {
Expand Down
13 changes: 10 additions & 3 deletions xds/src/main/java/io/grpc/xds/internal/Matchers.java
Original file line number Diff line number Diff line change
Expand Up @@ -257,10 +257,15 @@ public static StringMatcher forSafeRegEx(Pattern regEx) {
}

/** The input string should contain this substring. */
public static StringMatcher forContains(String contains) {
public static StringMatcher forContains(String contains, boolean ignoreCase) {
checkNotNull(contains, "contains");
return StringMatcher.create(null, null, null, null, contains,
false/* doesn't matter */);
ignoreCase);
}

/** The input string should contain this substring. */
public static StringMatcher forContains(String contains) {
return forContains(contains, false);
}

/** Returns the matching result for this string. */
Expand All @@ -281,7 +286,9 @@ public boolean matches(String args) {
? args.toLowerCase(Locale.ROOT).endsWith(suffix().toLowerCase(Locale.ROOT))
: args.endsWith(suffix());
} else if (contains() != null) {
return args.contains(contains());
return ignoreCase()
? args.toLowerCase(Locale.ROOT).contains(contains().toLowerCase(Locale.ROOT))
: args.contains(contains());
}
return regEx().matches(args);
}
Expand Down
71 changes: 71 additions & 0 deletions xds/src/main/java/io/grpc/xds/internal/matcher/CelMatcher.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
/*
* Copyright 2026 The gRPC Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.grpc.xds.internal.matcher;

import dev.cel.common.CelAbstractSyntaxTree;
import dev.cel.common.types.SimpleType;
import dev.cel.runtime.CelEvaluationException;
import dev.cel.runtime.CelRuntime;
import dev.cel.runtime.CelVariableResolver;

/**
* Executes compiled CEL expressions.
*/
final class CelMatcher {
private final CelRuntime.Program program;

private CelMatcher(CelRuntime.Program program) {
this.program = program;
}

/**
* Compiles the AST into a CelMatcher.
* Throws an Exception if evaluation fails during compilation setup.
*/
static CelMatcher compile(CelAbstractSyntaxTree ast)
throws CelEvaluationException {
// CelEvaluationException -> inside cel-runtime -> Allowed in production signatures
// CelValidationException -> inside cel-compiler -> Forbidden in production signatures
if (ast.getResultType() != SimpleType.BOOL) {
throw new IllegalArgumentException(
"CEL expression must evaluate to boolean, got: " + ast.getResultType());
}
CelCommon.checkAllowedReferences(ast);
CelRuntime.Program program = CelCommon.RUNTIME.createProgram(ast);
return new CelMatcher(program);
}

/**
* Evaluates the CEL expression against the input activation.
*/
boolean match(Object input) throws CelEvaluationException {
Object result;
if (input instanceof CelVariableResolver) {
result = program.eval((CelVariableResolver) input);
} else {
throw new CelEvaluationException(
"Unsupported input type for CEL evaluation: "
+ (input == null ? "null" : input.getClass().getName()));
}

if (result instanceof Boolean) {
return (Boolean) result;
}
throw new CelEvaluationException(
"CEL expression must evaluate to boolean, got: " + result.getClass().getName());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
/*
* Copyright 2026 The gRPC Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.grpc.xds.internal.matcher;

import com.github.xds.core.v3.TypedExtensionConfig;
import com.github.xds.type.v3.CelExpression;
import dev.cel.common.CelAbstractSyntaxTree;
import dev.cel.common.CelProtoAbstractSyntaxTree;
import dev.cel.runtime.CelEvaluationException;

/**
* Matcher for CEL expressions handling xDS CEL Matcher extension.
*/
final class CelStateMatcher implements Matcher {
private final CelMatcher compiledEndpoint;
static final String TYPE_URL = "type.googleapis.com/xds.type.matcher.v3.CelMatcher";

CelStateMatcher(CelMatcher compiledEndpoint) {
this.compiledEndpoint = compiledEndpoint;
}

@Override
public boolean match(Object value) {
try {
return compiledEndpoint.match(value);
} catch (CelEvaluationException e) {
return false;
}
}

@Override
public Class<?> inputType() {
return GrpcCelEnvironment.class;
}

static final class Provider implements MatcherProvider {
@Override
public CelStateMatcher getMatcher(TypedExtensionConfig config) {
try {
com.github.xds.type.matcher.v3.CelMatcher celProto = config.getTypedConfig()
Comment thread
shivaspeaks marked this conversation as resolved.
.unpack(com.github.xds.type.matcher.v3.CelMatcher.class);
if (!celProto.hasExprMatch()) {
throw new IllegalArgumentException("CelMatcher must have expr_match");
}
CelExpression expr = celProto.getExprMatch();
if (!expr.hasCelExprChecked()) {
throw new IllegalArgumentException("CelMatcher must have cel_expr_checked");
}
CelAbstractSyntaxTree ast =
CelProtoAbstractSyntaxTree.fromCheckedExpr(
expr.getCelExprChecked()).getAst();
CelMatcher compiled = CelMatcher.compile(ast);

return new CelStateMatcher(compiled);
} catch (Exception e) {
throw new IllegalArgumentException("Invalid CelMatcher config", e);
}
}

@Override
public String typeUrl() {
return TYPE_URL;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
/**
* Executes compiled CEL expressions that extract a string.
*/
public final class CelStringExtractor {
final class CelStringExtractor {
private final CelRuntime.Program program;
@Nullable
private final String defaultValue;
Expand All @@ -40,7 +40,7 @@ private CelStringExtractor(CelRuntime.Program program, @Nullable String defaultV
* Compiles the AST into a CelStringExtractor with an optional default value.
* Throws an Exception if evaluation fails during compilation setup.
*/
public static CelStringExtractor compile(CelAbstractSyntaxTree ast, @Nullable String defaultValue)
static CelStringExtractor compile(CelAbstractSyntaxTree ast, @Nullable String defaultValue)
throws CelEvaluationException {
if (ast.getResultType() != SimpleType.STRING && ast.getResultType() != SimpleType.DYN) {
throw new IllegalArgumentException(
Expand All @@ -55,7 +55,7 @@ public static CelStringExtractor compile(CelAbstractSyntaxTree ast, @Nullable St
* Compiles the AST into a CelStringExtractor with no default value.
* Throws an Exception if evaluation fails during compilation setup.
*/
public static CelStringExtractor compile(CelAbstractSyntaxTree ast)
static CelStringExtractor compile(CelAbstractSyntaxTree ast)
throws CelEvaluationException {
return compile(ast, null);
}
Expand All @@ -65,7 +65,7 @@ public static CelStringExtractor compile(CelAbstractSyntaxTree ast)
* Returns the default value if the result is not a string or if evaluation
* fails.
*/
public String extract(Object input) throws CelEvaluationException {
String extract(Object input) throws CelEvaluationException {
if (input instanceof CelVariableResolver) {
try {
Object result = program.eval((CelVariableResolver) input);
Expand Down
114 changes: 114 additions & 0 deletions xds/src/main/java/io/grpc/xds/internal/matcher/HeaderMatchInput.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
/*
* Copyright 2026 The gRPC Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.grpc.xds.internal.matcher;

import static com.google.common.base.Preconditions.checkNotNull;

import com.github.xds.core.v3.TypedExtensionConfig;
import com.google.common.io.BaseEncoding;
import com.google.protobuf.InvalidProtocolBufferException;
import io.envoyproxy.envoy.type.matcher.v3.HttpRequestHeaderMatchInput;
import io.grpc.Metadata;
import java.util.Locale;

/**
* MatchInput for extracting HTTP headers.
*/
final class HeaderMatchInput implements MatchInput {
private static final BaseEncoding BASE64 = BaseEncoding.base64();
private final String headerName;
private final Metadata.Key<byte[]> binaryKey;
private final Metadata.Key<String> stringKey;

static final String TYPE_URL =
"type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput";

HeaderMatchInput(String headerName) {
this.headerName = checkNotNull(headerName, "headerName");
if (headerName.isEmpty() || headerName.length() >= 16384) {
throw new IllegalArgumentException(
"Header name length must be in range [1, 16384): " + headerName.length());
}
if (!headerName.equals(headerName.toLowerCase(Locale.ROOT))) {
throw new IllegalArgumentException("Header name must be lowercase: " + headerName);
}
try {
if (headerName.endsWith(Metadata.BINARY_HEADER_SUFFIX)) {
this.binaryKey = Metadata.Key.of(headerName, Metadata.BINARY_BYTE_MARSHALLER);
this.stringKey = null;
} else {
this.binaryKey = null;
this.stringKey = Metadata.Key.of(headerName, Metadata.ASCII_STRING_MARSHALLER);
}
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException("Invalid header name: " + headerName, e);
}
}

@Override
public String apply(MatchContext context) {
if ("te".equals(headerName)) {
return null;
}
if (binaryKey != null) {
Iterable<byte[]> values = context.getMetadata().getAll(binaryKey);
if (values == null) {
return null;
}
StringBuilder sb = new StringBuilder();
boolean first = true;
for (byte[] value : values) {
if (!first) {
sb.append(",");
}
first = false;
sb.append(BASE64.encode(value));
}
return sb.toString();
}
Metadata metadata = context.getMetadata();
Iterable<String> values = metadata.getAll(stringKey);
if (values == null) {
return null;
}
return String.join(",", values);
}

@Override
public Class<?> outputType() {
return String.class;
}

static final class Provider implements MatchInputProvider {
@Override
public HeaderMatchInput getInput(TypedExtensionConfig config) {
try {
HttpRequestHeaderMatchInput proto = config.getTypedConfig()
.unpack(HttpRequestHeaderMatchInput.class);
return new HeaderMatchInput(proto.getHeaderName());
} catch (InvalidProtocolBufferException e) {
throw new IllegalArgumentException(
"Invalid input config: " + config.getTypedConfig().getTypeUrl(), e);
}
}

@Override
public String typeUrl() {
return TYPE_URL;
}
}
}
Loading
Loading