From fbdbe9c86f86062ff45c59cfe2e96385947f0343 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Thu, 27 Jan 2022 09:18:07 -0700
Subject: [PATCH] config: fix TLS config when address and grpc_address are the
 same (#2975)

---
 config/envoyconfig/listeners.go      | 28 +++++++++++++++++++++-------
 config/envoyconfig/listeners_test.go | 19 +++++++++++++++++++
 2 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/config/envoyconfig/listeners.go b/config/envoyconfig/listeners.go
index 30f5ff412..d4d852400 100644
--- a/config/envoyconfig/listeners.go
+++ b/config/envoyconfig/listeners.go
@@ -21,6 +21,7 @@ import (
 	"github.com/golang/protobuf/ptypes"
 	"github.com/golang/protobuf/ptypes/any"
 	"github.com/golang/protobuf/ptypes/wrappers"
+	"github.com/scylladb/go-set"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/emptypb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
@@ -734,15 +735,28 @@ func getRouteableDomainsForTLSDomain(options *config.Options, addr string, tlsDo
 }
 
 func getAllRouteableDomains(options *config.Options, addr string) ([]string, error) {
-	switch addr {
-	case options.Addr:
-		return options.GetAllRouteableHTTPDomains()
-	case options.GetGRPCAddr():
-		return options.GetAllRouteableGRPCDomains()
+	allDomains := set.NewStringSet()
+
+	if addr == options.Addr {
+		domains, err := options.GetAllRouteableHTTPDomains()
+		if err != nil {
+			return nil, err
+		}
+		allDomains.Add(domains...)
 	}
 
-	// no other domains supported
-	return nil, nil
+	if addr == options.GetGRPCAddr() {
+		domains, err := options.GetAllRouteableGRPCDomains()
+		if err != nil {
+			return nil, err
+		}
+		allDomains.Add(domains...)
+	}
+
+	domains := allDomains.List()
+	sort.Strings(domains)
+
+	return domains, nil
 }
 
 func getAllTLSDomains(options *config.Options, addr string) ([]string, error) {
diff --git a/config/envoyconfig/listeners_test.go b/config/envoyconfig/listeners_test.go
index 86c9f5774..3f7cc3286 100644
--- a/config/envoyconfig/listeners_test.go
+++ b/config/envoyconfig/listeners_test.go
@@ -750,6 +750,25 @@ func Test_getAllDomains(t *testing.T) {
 			}
 			assert.Equal(t, expect, actual)
 		})
+		t.Run("both", func(t *testing.T) {
+			newOptions := *options
+			newOptions.GRPCAddr = newOptions.Addr
+			actual, err := getAllRouteableDomains(&newOptions, "127.0.0.1:9000")
+			require.NoError(t, err)
+			expect := []string{
+				"a.example.com",
+				"a.example.com:80",
+				"authenticate.example.com",
+				"authenticate.example.com:443",
+				"authorize.example.com:9001",
+				"b.example.com",
+				"b.example.com:443",
+				"c.example.com",
+				"c.example.com:443",
+				"cache.example.com:9001",
+			}
+			assert.Equal(t, expect, actual)
+		})
 	})
 	t.Run("tls", func(t *testing.T) {
 		t.Run("http", func(t *testing.T) {