Closed mmussomele-rescale closed 9 months ago
You can use ==
instead of matches
for stricter filtering. For example, "/name" == "prod-worker"
will only match prod-worker
.
Closing thanks to @Lukas8342 helpful info above. For more info on Boundary filtering expressions please see our docs here: https://developer.hashicorp.com/boundary/docs/concepts/filtering
Describe the bug When using the feature to filter workers using regex, the resulting filter performs a 'contains' search, not a full match.
The documentation seem to suggest that it is a full match however, as seen by the description of the regex filter. What it does not say is that the given pattern will also match workers with name
not-web-prod-us-east-1
. In fact, the supplied pattern could just beweb-prod-us-east-
and it would still match those workers.Due to the lack of added
^
and$
regexp characters to the filter (here?), any filter you supply is actually surrounded by an implicit.*
(if you were expecting a full match like I was).To be clear, I understand this is correct behavior for regex in general, but I would not expect a filter to behave this way - it should be stricter, or at least have the documentation clarify that
^
and$
must be used to perform an full match.To Reproduce Steps to reproduce the behavior:
prod-worker
andbackup-prod-worker
in them, respectively (exact names not important, important bit is shared suffix)."/name" matches "prod-worker"
boundary connect
will only work when you get lucky and the right worker is selected, since the filter will match both workers.Expected behavior The filter should only match
prod-worker
, or the documentation should be clear about the regex behavior.