Bring back v2 rule matchers

2024-01-23 11:34:05 +01:00 · 2024-01-23 11:34:05 +01:00 · 683e2ee5c6
commit 683e2ee5c6
parent 21da705ec9
54 changed files with 3773 additions and 114 deletions
--- a/docs/content/migration/v2-to-v3.md
+++ b/docs/content/migration/v2-to-v3.md
@ -526,21 +526,16 @@ All Pilot related configuration should be removed from the static configuration.

 ## Dynamic configuration

-### IPWhiteList
+### Router Rule Matchers

-In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. 
+In v3, a new rule matchers syntax has been introduced for HTTP and TCP routers.
+The default rule matchers syntax is now the v3 one, but for backward compatibility this can be configured.
+The v2 rule matchers syntax is deprecated and its support will be removed in the next major version.
+For this reason, we encourage migrating to the new syntax.

-### Deprecated Options Removal
+#### New V3 Syntax Notable Changes

- The `tracing.datadog.globaltag` option has been removed.
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
- The `forceSlash` option of the StripPrefix middleware has been removed.
- The `preferServerCipherSuites` option has been removed.
-
-### Matchers
-
-In v3, the `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
+The `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.

 `PathPrefix` no longer uses regular expressions to match path prefixes.

@ -555,6 +550,87 @@ and should be explicitly combined using logical operators to mimic previous beha

 `HostHeader` has been removed, use `Host` instead.

+#### Remediation
+
+##### Configure the Default Syntax In Static Configuration
+
+The default rule matchers syntax is the expected syntax for any router that is not self opt-out from this default value.
+It can be configured in the static configuration.
+
+??? example "An example configuration for the default rule matchers syntax"
+
+    ```yaml tab="File (YAML)"
+    # static configuration
+    core:
+      defaultRuleSyntax: v2
+    ```
+
+    ```toml tab="File (TOML)"
+    # static configuration
+    [core]
+        defaultRuleSyntax="v2"
+    ```
+
+    ```bash tab="CLI"
+    # static configuration
+    --core.defaultRuleSyntax=v2
+    ```
+
+##### Configure the Syntax Per Router
+
+The rule syntax can also be configured on a per-router basis.
+This allows to have heterogeneous router configurations and ease migration.
+
+??? example "An example router with syntax configuration"
+
+```yaml tab="Docker & Swarm"
+labels:
+  - "traefik.http.routers.test.ruleSyntax=v2"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: test.route
+  namespace: default
+
+spec:
+  routes:
+    - match: PathPrefix(`/foo`, `/bar`)
+      syntax: v2
+      kind: Rule
+```
+
+```yaml tab="Consul Catalog"
+- "traefik.http.routers.test.ruleSyntax=v2"
+```
+
+```yaml tab="File (YAML)"
+http:
+  routers:
+    test:
+      ruleSyntax: v2
+```
+
+```toml tab="File (TOML)"
+[http.routers]
+  [http.routers.test]
+    ruleSyntax = "v2"
+```
+
+### IPWhiteList
+
+In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. 
+
+### Deprecated Options Removal
+
+- The `tracing.datadog.globaltag` option has been removed.
+- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
+- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
+- The `forceSlash` option of the StripPrefix middleware has been removed.
+- The `preferServerCipherSuites` option has been removed.
+
 ### TCP LoadBalancer `terminationDelay` option

 The TCP LoadBalancer `terminationDelay` option has been removed.
--- a/docs/content/reference/dynamic-configuration/docker-labels.yml
+++ b/docs/content/reference/dynamic-configuration/docker-labels.yml
@ -132,6 +132,7 @@
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.priority=42"
 - "traefik.http.routers.router0.rule=foobar"
+- "traefik.http.routers.router0.rulesyntax=foobar"
 - "traefik.http.routers.router0.service=foobar"
 - "traefik.http.routers.router0.tls=true"
 - "traefik.http.routers.router0.tls.certresolver=foobar"
@ -144,6 +145,7 @@
 - "traefik.http.routers.router1.middlewares=foobar, foobar"
 - "traefik.http.routers.router1.priority=42"
 - "traefik.http.routers.router1.rule=foobar"
+- "traefik.http.routers.router1.rulesyntax=foobar"
 - "traefik.http.routers.router1.service=foobar"
 - "traefik.http.routers.router1.tls=true"
 - "traefik.http.routers.router1.tls.certresolver=foobar"
@ -183,6 +185,7 @@
 - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
 - "traefik.tcp.routers.tcprouter0.priority=42"
 - "traefik.tcp.routers.tcprouter0.rule=foobar"
+- "traefik.tcp.routers.tcprouter0.rulesyntax=foobar"
 - "traefik.tcp.routers.tcprouter0.service=foobar"
 - "traefik.tcp.routers.tcprouter0.tls=true"
 - "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
@ -196,6 +199,7 @@
 - "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
 - "traefik.tcp.routers.tcprouter1.priority=42"
 - "traefik.tcp.routers.tcprouter1.rule=foobar"
+- "traefik.tcp.routers.tcprouter1.rulesyntax=foobar"
 - "traefik.tcp.routers.tcprouter1.service=foobar"
 - "traefik.tcp.routers.tcprouter1.tls=true"
 - "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@ -7,6 +7,7 @@
      middlewares = ["foobar", "foobar"]
      service = "foobar"
      rule = "foobar"
+      ruleSyntax = "foobar"
      priority = 42
      [http.routers.Router0.tls]
        options = "foobar"
@ -24,6 +25,7 @@
      middlewares = ["foobar", "foobar"]
      service = "foobar"
      rule = "foobar"
+      ruleSyntax = "foobar"
      priority = 42
      [http.routers.Router1.tls]
        options = "foobar"
@ -353,6 +355,7 @@
      middlewares = ["foobar", "foobar"]
      service = "foobar"
      rule = "foobar"
+      ruleSyntax = "foobar"
      priority = 42
      [tcp.routers.TCPRouter0.tls]
        passthrough = true
@ -371,6 +374,7 @@
      middlewares = ["foobar", "foobar"]
      service = "foobar"
      rule = "foobar"
+      ruleSyntax = "foobar"
      priority = 42
      [tcp.routers.TCPRouter1.tls]
        passthrough = true
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@ -11,6 +11,7 @@ http:
        - foobar
      service: foobar
      rule: foobar
+      ruleSyntax: foobar
      priority: 42
      tls:
        options: foobar
@ -33,6 +34,7 @@ http:
        - foobar
      service: foobar
      rule: foobar
+      ruleSyntax: foobar
      priority: 42
      tls:
        options: foobar
@ -409,6 +411,7 @@ tcp:
        - foobar
      service: foobar
      rule: foobar
+      ruleSyntax: foobar
      priority: 42
      tls:
        passthrough: true
@ -432,6 +435,7 @@ tcp:
        - foobar
      service: foobar
      rule: foobar
+      ruleSyntax: foobar
      priority: 42
      tls:
        passthrough: true
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@ -195,6 +195,10 @@ spec:
                        - name
                        type: object
                      type: array
+                    syntax:
+                      description: 'Syntax defines the router''s rule syntax. More
+                        info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax'
+                      type: string
                  required:
                  - kind
                  - match
@ -402,6 +406,10 @@ spec:
                        - port
                        type: object
                      type: array
+                    syntax:
+                      description: 'Syntax defines the router''s rule syntax. More
+                        info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1'
+                      type: string
                  required:
                  - match
                  type: object
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@ -158,6 +158,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/routers/Router0/middlewares/1` | `foobar` |
 | `traefik/http/routers/Router0/priority` | `42` |
 | `traefik/http/routers/Router0/rule` | `foobar` |
+| `traefik/http/routers/Router0/ruleSyntax` | `foobar` |
 | `traefik/http/routers/Router0/service` | `foobar` |
 | `traefik/http/routers/Router0/tls/certResolver` | `foobar` |
 | `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` |
@ -173,6 +174,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/routers/Router1/middlewares/1` | `foobar` |
 | `traefik/http/routers/Router1/priority` | `42` |
 | `traefik/http/routers/Router1/rule` | `foobar` |
+| `traefik/http/routers/Router1/ruleSyntax` | `foobar` |
 | `traefik/http/routers/Router1/service` | `foobar` |
 | `traefik/http/routers/Router1/tls/certResolver` | `foobar` |
 | `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` |
@ -273,6 +275,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/priority` | `42` |
 | `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
+| `traefik/tcp/routers/TCPRouter0/ruleSyntax` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` |
@ -289,6 +292,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` |
 | `traefik/tcp/routers/TCPRouter1/priority` | `42` |
 | `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
+| `traefik/tcp/routers/TCPRouter1/ruleSyntax` | `foobar` |
 | `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
 | `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |
 | `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` |
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
@ -195,6 +195,10 @@ spec:
                        - name
                        type: object
                      type: array
+                    syntax:
+                      description: 'Syntax defines the router''s rule syntax. More
+                        info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax'
+                      type: string
                  required:
                  - kind
                  - match
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
@ -129,6 +129,10 @@ spec:
                        - port
                        type: object
                      type: array
+                    syntax:
+                      description: 'Syntax defines the router''s rule syntax. More
+                        info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1'
+                      type: string
                  required:
                  - match
                  type: object
--- a/docs/content/reference/static-configuration/cli-ref.md
+++ b/docs/content/reference/static-configuration/cli-ref.md
@ -105,6 +105,9 @@ Activate TLS-ALPN-01 Challenge. (Default: ```true```)
 `--certificatesresolvers.<name>.tailscale`:  
 Enables Tailscale certificate resolution. (Default: ```true```)

+`--core.defaultrulesyntax`:  
+Defines the rule parser default syntax (v2 or v3) (Default: ```v3```)
+
 `--entrypoints.<name>`:  
 Entry points definition. (Default: ```false```)

--- a/docs/content/reference/static-configuration/env-ref.md
+++ b/docs/content/reference/static-configuration/env-ref.md
@ -105,6 +105,9 @@ Activate TLS-ALPN-01 Challenge. (Default: ```true```)
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_TAILSCALE`:  
 Enables Tailscale certificate resolution. (Default: ```true```)

+`TRAEFIK_CORE_DEFAULTRULESYNTAX`:  
+Defines the rule parser default syntax (v2 or v3) (Default: ```v3```)
+
 `TRAEFIK_ENTRYPOINTS_<NAME>`:  
 Entry points definition. (Default: ```false```)

--- a/docs/content/reference/static-configuration/file.toml
+++ b/docs/content/reference/static-configuration/file.toml
@ -453,5 +453,8 @@
    [experimental.localPlugins.LocalDescriptor1]
      moduleName = "foobar"

+[core]
+  defaultRuleSyntax = "foobar"
+
 [spiffe]
  workloadAPIAddr = "foobar"
--- a/docs/content/reference/static-configuration/file.yaml
+++ b/docs/content/reference/static-configuration/file.yaml
@ -486,5 +486,7 @@ experimental:
    LocalDescriptor1:
      moduleName: foobar
  kubernetesGateway: true
+core:
+  defaultRuleSyntax: foobar
 spiffe:
  workloadAPIAddr: foobar
--- a/docs/content/routing/routers/index.md
+++ b/docs/content/routing/routers/index.md
@ -515,6 +515,60 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul

    In this configuration, the priority is configured to allow `Router-2` to handle requests with the `foobar.traefik.com` host.

+### RuleSyntax
+
+In Traefik v3 a new rule syntax has been introduced ([migration guide](../../migration/v2-to-v3.md#router-rule-matchers)).
+`ruleSyntax` option allows to configure the rule syntax to be used for parsing the rule on a per-router basis.
+This allows to have heterogeneous router configurations and ease migration.
+
+??? example "Set rule syntax -- using the [File Provider](../../providers/file.md)"
+
+    ```yaml tab="File (YAML)"
+    ## Dynamic configuration
+    http:
+      routers:
+        Router-v3:
+          rule: HostRegexp(`[a-z]+\\.traefik\\.com`)
+          ruleSyntax: v3
+        Router-v2:
+          rule: HostRegexp(`{subdomain:[a-z]+}.traefik.com`)
+          ruleSyntax: v2
+    ```
+
+    ```toml tab="File (TOML)"
+    ## Dynamic configuration
+    [http.routers]
+      [http.routers.Router-v3]
+        rule = "HostRegexp(`[a-z]+\\.traefik\\.com`)"
+        ruleSyntax = v3
+      [http.routers.Router-v2]
+        rule = "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)"
+        ruleSyntax = v2
+    ```
+
+    ```yaml tab="Kubernetes traefik.io/v1alpha1"
+    apiVersion: traefik.io/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: test.route
+      namespace: default
+    
+    spec:
+      routes:
+        # route v3
+        - match: HostRegexp(`[a-z]+\\.traefik\\.com`)
+          syntax: v3
+          kind: Rule
+
+        # route v2
+        - match: HostRegexp(`{subdomain:[a-z]+}.traefik.com`)
+          syntax: v2
+          kind: Rule
+    ```
+
+    In this configuration, the ruleSyntax is configured to allow `Router-v2` to use v2 syntax,
+    while for `Router-v3` it is configured to use v3 syntax.
+
 ### Middlewares

 You can attach a list of [middlewares](../../middlewares/overview.md) to each HTTP router.
@ -1161,6 +1215,60 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul

    In this configuration, the priority is configured so that `Router-1` will handle requests from `192.168.0.12`.

+### RuleSyntax
+
+In Traefik v3 a new rule syntax has been introduced ([migration guide](../../migration/v2-to-v3.md#router-rule-matchers)).
+`ruleSyntax` option allows to configure the rule syntax to be used for parsing the rule on a per-router basis.
+This allows to have heterogeneous router configurations and ease migration.
+
+??? example "Set rule syntax -- using the [File Provider](../../providers/file.md)"
+
+    ```yaml tab="File (YAML)"
+    ## Dynamic configuration
+    tcp:
+      routers:
+        Router-v3:
+          rule: ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)
+          ruleSyntax: v3
+        Router-v2:
+          rule: ClientIP(`192.168.0.11`, `192.168.0.12`)
+          ruleSyntax: v2
+    ```
+
+    ```toml tab="File (TOML)"
+    ## Dynamic configuration
+    [tcp.routers]
+      [tcp.routers.Router-v3]
+        rule = "ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)"
+        ruleSyntax = v3
+      [tcp.routers.Router-v2]
+        rule = "ClientIP(`192.168.0.11`, `192.168.0.12`)"
+        ruleSyntax = v2
+    ```
+
+    ```yaml tab="Kubernetes traefik.io/v1alpha1"
+    apiVersion: traefik.io/v1alpha1
+    kind: IngressRouteTCP
+    metadata:
+      name: test.route
+      namespace: default
+    
+    spec:
+      routes:
+        # route v3
+        - match: ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)
+          syntax: v3
+          kind: Rule
+
+        # route v2
+        - match: ClientIP(`192.168.0.11`, `192.168.0.12`)
+          syntax: v2
+          kind: Rule
+    ```
+
+    In this configuration, the ruleSyntax is configured to allow `Router-v2` to use v2 syntax,
+    while for `Router-v3` it is configured to use v3 syntax.
+
 ### Middlewares

 You can attach a list of [middlewares](../../middlewares/overview.md) to each TCP router.