config: add support for extended TCP route URLs (#3845)

* config: add support for extended TCP route URLs * nevermind, add duplicate names
2025-08-03 16:59:22 +02:00 · 2022-12-27 12:50:33 -07:00 · 2022-12-27 12:50:33 -07:00 · 271b0787a8
commit 271b0787a8
parent 67e12101fa
8 changed files with 182 additions and 51 deletions
--- a/config/options.go
+++ b/config/options.go
@ -1026,7 +1026,7 @@ func (o *Options) GetAllRouteableGRPCHosts() ([]string, error) {
 			return nil, err
 		}
 		for _, u := range authorizeURLs {
-			hosts.Add(urlutil.GetDomainsForURL(*u)...)
+			hosts.Add(urlutil.GetDomainsForURL(u)...)
 		}
 	} else if IsAuthorize(o.Services) {
 		authorizeURLs, err := o.GetInternalAuthorizeURLs()
@ -1034,7 +1034,7 @@ func (o *Options) GetAllRouteableGRPCHosts() ([]string, error) {
 			return nil, err
 		}
 		for _, u := range authorizeURLs {
-			hosts.Add(urlutil.GetDomainsForURL(*u)...)
+			hosts.Add(urlutil.GetDomainsForURL(u)...)
 		}
 	}

@ -1045,7 +1045,7 @@ func (o *Options) GetAllRouteableGRPCHosts() ([]string, error) {
 			return nil, err
 		}
 		for _, u := range dataBrokerURLs {
-			hosts.Add(urlutil.GetDomainsForURL(*u)...)
+			hosts.Add(urlutil.GetDomainsForURL(u)...)
 		}
 	} else if IsDataBroker(o.Services) {
 		dataBrokerURLs, err := o.GetInternalDataBrokerURLs()
@ -1053,7 +1053,52 @@ func (o *Options) GetAllRouteableGRPCHosts() ([]string, error) {
 			return nil, err
 		}
 		for _, u := range dataBrokerURLs {
-			hosts.Add(urlutil.GetDomainsForURL(*u)...)
+			hosts.Add(urlutil.GetDomainsForURL(u)...)
+		}
+	}
+
+	return hosts.ToSlice(), nil
+}
+
+// GetAllRouteableGRPCServerNames returns all the possible gRPC server names handled by the Pomerium options.
+func (o *Options) GetAllRouteableGRPCServerNames() ([]string, error) {
+	hosts := sets.NewSorted[string]()
+
+	// authorize urls
+	if IsAll(o.Services) {
+		authorizeURLs, err := o.GetAuthorizeURLs()
+		if err != nil {
+			return nil, err
+		}
+		for _, u := range authorizeURLs {
+			hosts.Add(urlutil.GetServerNamesForURL(u)...)
+		}
+	} else if IsAuthorize(o.Services) {
+		authorizeURLs, err := o.GetInternalAuthorizeURLs()
+		if err != nil {
+			return nil, err
+		}
+		for _, u := range authorizeURLs {
+			hosts.Add(urlutil.GetServerNamesForURL(u)...)
+		}
+	}
+
+	// databroker urls
+	if IsAll(o.Services) {
+		dataBrokerURLs, err := o.GetDataBrokerURLs()
+		if err != nil {
+			return nil, err
+		}
+		for _, u := range dataBrokerURLs {
+			hosts.Add(urlutil.GetServerNamesForURL(u)...)
+		}
+	} else if IsDataBroker(o.Services) {
+		dataBrokerURLs, err := o.GetInternalDataBrokerURLs()
+		if err != nil {
+			return nil, err
+		}
+		for _, u := range dataBrokerURLs {
+			hosts.Add(urlutil.GetServerNamesForURL(u)...)
 		}
 	}

@ -1068,22 +1113,22 @@ func (o *Options) GetAllRouteableHTTPHosts() ([]string, error) {
 		if err != nil {
 			return nil, err
 		}
-		hosts.Add(urlutil.GetDomainsForURL(*authenticateURL)...)
+		hosts.Add(urlutil.GetDomainsForURL(authenticateURL)...)

 		authenticateURL, err = o.GetAuthenticateURL()
 		if err != nil {
 			return nil, err
 		}
-		hosts.Add(urlutil.GetDomainsForURL(*authenticateURL)...)
+		hosts.Add(urlutil.GetDomainsForURL(authenticateURL)...)
 	}

 	// policy urls
 	if IsProxy(o.Services) {
 		for _, policy := range o.GetAllPolicies() {
-			hosts.Add(urlutil.GetDomainsForURL(*policy.Source.URL)...)
+			hosts.Add(urlutil.GetDomainsForURL(policy.Source.URL)...)
 			if policy.TLSDownstreamServerName != "" {
 				tlsURL := policy.Source.URL.ResolveReference(&url.URL{Host: policy.TLSDownstreamServerName})
-				hosts.Add(urlutil.GetDomainsForURL(*tlsURL)...)
+				hosts.Add(urlutil.GetDomainsForURL(tlsURL)...)
 			}
 		}
 	}
@ -1091,6 +1136,37 @@ func (o *Options) GetAllRouteableHTTPHosts() ([]string, error) {
 	return hosts.ToSlice(), nil
 }

+// GetAllRouteableHTTPServerNames returns all the possible HTTP server names handled by the Pomerium options.
+func (o *Options) GetAllRouteableHTTPServerNames() ([]string, error) {
+	serverNames := sets.NewSorted[string]()
+	if IsAuthenticate(o.Services) {
+		authenticateURL, err := o.GetInternalAuthenticateURL()
+		if err != nil {
+			return nil, err
+		}
+		serverNames.Add(urlutil.GetServerNamesForURL(authenticateURL)...)
+
+		authenticateURL, err = o.GetAuthenticateURL()
+		if err != nil {
+			return nil, err
+		}
+		serverNames.Add(urlutil.GetServerNamesForURL(authenticateURL)...)
+	}
+
+	// policy urls
+	if IsProxy(o.Services) {
+		for _, policy := range o.GetAllPolicies() {
+			serverNames.Add(urlutil.GetServerNamesForURL(policy.Source.URL)...)
+			if policy.TLSDownstreamServerName != "" {
+				tlsURL := policy.Source.URL.ResolveReference(&url.URL{Host: policy.TLSDownstreamServerName})
+				serverNames.Add(urlutil.GetServerNamesForURL(tlsURL)...)
+			}
+		}
+	}
+
+	return serverNames.ToSlice(), nil
+}
+
 // GetClientSecret gets the client secret.
 func (o *Options) GetClientSecret() (string, error) {
 	if o == nil {