-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
caddyhttp: Escaping placeholders in CEL, add vars
and vars_regexp
#6594
Conversation
vars
and vars_regexp
ce398db
to
1f4ab6c
Compare
Couple more commits:
|
1fb98c3
to
7178c48
Compare
.github/workflows/ci.yml
Outdated
# To shorten the following lines | ||
ssh_opts="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" | ||
ssh_host="[email protected]" | ||
|
||
# The environment is fresh, so there's no point in keeping accepting and adding the key. | ||
rsync -arz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress --delete --exclude '.git' . "$CI_USER"@ci-s390x.caddyserver.com:/var/tmp/"$short_sha" | ||
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t "$CI_USER"@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; go version; go env; printf "\n\n";CGO_ENABLED=0 go test -p 1 -tags nobadger -v ./..." | ||
rsync -arz -e "ssh $ssh_opts" --progress --delete --exclude '.git' . "$ssh_host":/var/tmp/"$short_sha" | ||
ssh $ssh_opts -t "$ssh_host" bash <<EOF | ||
cd /var/tmp/$short_sha | ||
go version | ||
go env | ||
printf "\n\n" | ||
CGO_ENABLED=0 go test -p 1 -tags nobadger -v ./... | ||
EOF | ||
test_result=$? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this! 😀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, nicer to read it out multiline!
The point of this is I was trying to implement a while
loop to retry the tests (to smooth over the flakiness short-term) but it wasn't working 🤦♂️ just a mess of dealing with the exit code coming through the shell script. I'll paste you what I had in slack if you wanna take a crack at it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM I guess!
Did you still want to shorten things to ph
and req
?
|
0b8461f
to
0bd78f2
Compare
0bd78f2
to
d3384a1
Compare
d3384a1
to
8b685ae
Compare
After a quick chat with Matt on slack, decided to go with |
Related to #6584, prior work in #4715 (comment)
Our current CEL placeholder regexp is too naive. It replaces everything that looks like a placeholder, and offers no good option to opt out if a literal placeholder-looking input is given to some CEL functions as input.
To solve this, we can do the placeholder replacement in two steps.
\
(or start of a line) and replace it and preserving the preceding character which is matched (we now have two capture groups so${1}
has to go to the start)\
, and drop the\
.That gives a way to escape through the
caddyPlaceholder()
replacement and get an input directly to the given matcher.One interesting quirk: CEL itself has its own
\\
escape sequence, so depending on whether we want the placeholder to be replaced by the matcher (e.g.header
matcher does do placeholder replacements on its inputs at runtime) or we want the value to be raw determines how many backslashes we need. The test shows this pretty well I think:header
matcher should take the value as-is and not perform placeholder replacement (because the match value is also placeholder-like), then we need three backslashes, like\\\{foobar}
. This is because the last one of the three is for escapingcaddyPlaceholder()
, then the prior two are collapsed into one by CEL's parsing itself, then the last one is to escape the placeholder replacer, and the result is a clean{foobar}
matching value.header
matcher itself should perform placeholder replacement (not done in the CEL matcher, but deeper in the matcher itself) then a single backslash is used, like\{http.request.uri.path}
(or\{path}
in the Caddyfile). This only escapes past thecaddyPlaceholder()
regexp, but does not escape past the placeholder replacer which runs insideheader
.We'll need to document this, but it's tricky 😅
After doing the above, I decided to also implement
vars
andvars_regexp
support in CEL, which we skipped implementing because of the above placeholder limitations.