Worker filter regexp is a 'contains' search, not a full match

[mmussomele-rescale]

Describe the bug When using the feature to filter workers using regex, the resulting filter performs a 'contains' search, not a full match.

The documentation seem to suggest that it is a full match however, as seen by the description of the regex filter. What it does not say is that the given pattern will also match workers with name not-web-prod-us-east-1. In fact, the supplied pattern could just be web-prod-us-east- and it would still match those workers.

Due to the lack of added ^ and $ regexp characters to the filter (here?), any filter you supply is actually surrounded by an implicit .* (if you were expecting a full match like I was).

To be clear, I understand this is correct behavior for regex in general, but I would not expect a filter to behave this way - it should be stricter, or at least have the documentation clarify that ^ and $ must be used to perform an full match.

To Reproduce Steps to reproduce the behavior:

1. Have 2 private networks, with worker prod-worker and backup-prod-worker in them, respectively (exact names not important, important bit is shared suffix).
2. Set up a target that only exists in the first network with worker filter "/name" matches "prod-worker"
3. boundary connect will only work when you get lucky and the right worker is selected, since the filter will match both workers.

Expected behavior The filter should only match prod-worker, or the documentation should be clear about the regex behavior.

[Lukas8342]

You can use == instead of matches for stricter filtering. For example, "/name" == "prod-worker" will only match prod-worker.

[covetocove]

Closing thanks to @Lukas8342 helpful info above. For more info on Boundary filtering expressions please see our docs here: https://developer.hashicorp.com/boundary/docs/concepts/filtering