3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: fix TLS config when address and grpc_address are the same (#2975)

Browse source
This commit is contained in:
Caleb Doxsey 2022-01-27 09:18:07 -07:00 committed by GitHub
parent 7fbf0e522c
commit fbdbe9c86f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
config/envoyconfig/listeners.go
View file

@ -21,6 +21,7 @@ import (
"github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes"
"github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/any"
"github.com/golang/protobuf/ptypes/wrappers" "github.com/golang/protobuf/ptypes/wrappers"
"github.com/scylladb/go-set"
"google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/durationpb"
"google.golang.org/protobuf/types/known/emptypb" "google.golang.org/protobuf/types/known/emptypb"
"google.golang.org/protobuf/types/known/wrapperspb" "google.golang.org/protobuf/types/known/wrapperspb"
@ -734,15 +735,28 @@ func getRouteableDomainsForTLSDomain(options *config.Options, addr string, tlsDo
} }
func getAllRouteableDomains(options *config.Options, addr string) ([]string, error) { func getAllRouteableDomains(options *config.Options, addr string) ([]string, error) {
switch addr { allDomains := set.NewStringSet()
case options.Addr:
return options.GetAllRouteableHTTPDomains() if addr == options.Addr {
case options.GetGRPCAddr(): domains, err := options.GetAllRouteableHTTPDomains()
return options.GetAllRouteableGRPCDomains() if err != nil {
return nil, err
}
allDomains.Add(domains...)
} }
// no other domains supported if addr == options.GetGRPCAddr() {
return nil, nil domains, err := options.GetAllRouteableGRPCDomains()
if err != nil {
return nil, err
}
allDomains.Add(domains...)
}
domains := allDomains.List()
sort.Strings(domains)
return domains, nil
} }
func getAllTLSDomains(options *config.Options, addr string) ([]string, error) { func getAllTLSDomains(options *config.Options, addr string) ([]string, error) {

19
config/envoyconfig/listeners_test.go
View file

@ -750,6 +750,25 @@ func Test_getAllDomains(t *testing.T) {
} }
assert.Equal(t, expect, actual) assert.Equal(t, expect, actual)
}) })
t.Run("both", func(t *testing.T) {
newOptions := *options
newOptions.GRPCAddr = newOptions.Addr
actual, err := getAllRouteableDomains(&newOptions, "127.0.0.1:9000")
require.NoError(t, err)
expect := []string{
"a.example.com",
"a.example.com:80",
"authenticate.example.com",
"authenticate.example.com:443",
"authorize.example.com:9001",
"b.example.com",
"b.example.com:443",
"c.example.com",
"c.example.com:443",
"cache.example.com:9001",
}
assert.Equal(t, expect, actual)
})
}) })
t.Run("tls", func(t *testing.T) { t.Run("tls", func(t *testing.T) {
t.Run("http", func(t *testing.T) { t.Run("http", func(t *testing.T) {