VS withoutHeaders does not work as expected

[hzxuzhonghu]

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vs
spec:
  hosts:
  - {{ .dstSvc }}
  http:
  - match:
    - withoutHeaders:
        end-user:
          regex: \*
    route:
    - destination:
        host: {{ .dstSvc }}
    fault:
      abort:
        percentage:
          value: 100
        httpStatus: 403
  - route:
    - destination:
        host: {{ .dstSvc }}

With the above VS applied, we expect that a request without end-user header to be routed to dstSvc successfully, and any request with end-usershould get 403.

But according to the test https://github.com/istio/istio/pull/49540/files#r1505244888, a request with "end-user", "jason" also get 403.

This is a bug, i haven't know the cause yet.

[wulianglongrd]

i will take a look later.

[wulianglongrd]

I admire the details you notice. Because of my misunderstanding, there is an error in the simulated test case:

regex: "*" (double quotes are required) does not mean "match any string". It is a string with special meaning defined by istio, which will be translated into present_match: true by istio, see #20629. The \* used in my test case means matching the * character itself, so the test result is not as expected.

Here are a few confusing expressions:

• \*: matches the * character itself.
• .*: matches any string.
• "*": as mentioned above, this will be translated into present_match: true.

There is a bug in the PR #49540, that is, present_match (the rule translated by regex: "*") conflicts with treat_missing_header_as_empty: treat_missing_header_as_empty: true will make present_match: true always get true, #49606 fix this bug.