Open rshriram opened 6 months ago
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
/nostale
I think we should do a prior research in Cloud Armor and k8s validator for a similar function. One potential issue is the cost complexity of the extension function, which if > linear can cause a policy denial of service.
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
Currently, Envoy's CEL functions are essentially what the mainline CEL repo provides. However, as more use cases pile up, it may be worthwhile to add some additional convenience functions (where sensible) to make configuration & processing faster in Envoy.
In the case of this issue, the function being requested is
inIpRange()
. We have attributes that contain IP data (source.address, destination.address, etc.). Often times, a user wants to check if the IP is in a range. Its clunky and error prone to do this with string matches. So the request is to add aninIpRange()
CEL function to Envoy whose semantics are likeinIpRange(source.address, '9.9.9.0/24')
cc @kyessenov @tyxia