Hello can someone explain the pros and cons to use glob vs r Ory Community #talk-oathkeeper

Hello can someone explain the pros and cons to use...

worried-school-8617

03/01/2022, 3:31 PM

Hello can someone explain the pros and cons to use glob vs regexp matching strategy as it is not so clear in the current doc ? thanks 😶

magnificent-energy-493

03/01/2022, 4:04 PM

You mean differences between glob / regexp in general ?

worried-school-8617

03/01/2022, 4:21 PM

I mean glob and regexp in the context of oathkeeper rules -> access_rules: matching_strategy: regexp or glob ? is there any limitation (for example : in retreiving variable parts of the incoming REST request as parameter of authorizer ) thanks

damp-sunset-69236

03/01/2022, 6:44 PM

Since oathkeeper is written in Go this makes sense. Usually glob works faster than regexp

damp-sunset-69236

03/01/2022, 6:45 PM

Here you can find a benchmark results

worried-school-8617

03/02/2022, 5:56 AM

my concern is also functional, I experienced that capture groups from the URL matcher to be used in several places, including the ID Token generator or json_remote with format

{{ printIndex .MatchContext.RegexpCaptureGroups 0}}

does return anything when used with glob

worried-school-8617

03/02/2022, 1:41 PM

using here under rule with glob : % curl http://localhost:4455/foo/bar return : X-Capturegroups as empty

Copy code

----- Request Start ----->
Method:          GET
Path:            /foo/bar

Headers:
Accept:          */*
Accept-Encoding: gzip
Host:            localhost:4455
User-Agent:      curl/7.77.0
X-Capturegroups: 
X-Extra:         map[]
X-Forwarded-For: 192.168.96.1
X-Header:        map[Accept:[*/*] User-Agent:[curl/7.77.0]]
X-Method:        GET
X-Url:           <http://localhost:4455/foo/bar>
X-User:          
<----- Request End -----

Copy code

- id: allow-test
  upstream:
    url: <http://host.docker.internal:8080>
    preserve_host: true
  match:
    url: <http://localhost:4455/><{*,*/*}>
    methods:
    - GET
  authenticators:
  - handler: noop
  authorizer:
    handler: allow
  mutators:
  - handler: header
    config:
      headers:
        X-Extra: "{{.Extra }}"
        X-Header: "{{.MatchContext.Header }}"
        X-URL: "{{.MatchContext.URL }}"
        X-Method: "{{.MatchContext.Method }}"
        X-CaptureGroups: "{{ printIndex .MatchContext.RegexpCaptureGroups 0  }}"

5 Views

Open in Slack

Previous Next