From f6e32892dce120b6958b30c41e64860683abdba7 Mon Sep 17 00:00:00 2001
From: Freddy <freddygv@users.noreply.github.com>
Date: Mon, 14 Jun 2021 14:04:11 -0600
Subject: [PATCH] Relax validation for expose.paths config (#10394)

Previously we would return an error if duplicate paths were specified.
This could lead to problems in cases where a user has the same path,
say /healthz, on two different ports.

This validation was added to signal a potential misconfiguration.
Instead we will only check for duplicate listener ports, since that is
what would lead to ambiguity issues when generating xDS config.

In the future we could look into using a single listener and creating
distinct filter chains for each path/port.
---
 .changelog/10394.txt          |  3 +++
 agent/structs/structs.go      |  7 +------
 agent/structs/structs_test.go | 36 +++++++++++++++++------------------
 3 files changed, 22 insertions(+), 24 deletions(-)
 create mode 100644 .changelog/10394.txt

diff --git a/.changelog/10394.txt b/.changelog/10394.txt
new file mode 100644
index 0000000000..b3513e68ec
--- /dev/null
+++ b/.changelog/10394.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: allow exposing duplicate HTTP paths through a proxy instance.
+```
\ No newline at end of file
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index 3855e06ff9..337a35e2f7 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -1205,18 +1205,13 @@ func (s *NodeService) Validate() error {
 			}
 			bindAddrs[addr] = struct{}{}
 		}
-		var knownPaths = make(map[string]bool)
+
 		var knownListeners = make(map[int]bool)
 		for _, path := range s.Proxy.Expose.Paths {
 			if path.Path == "" {
 				result = multierror.Append(result, fmt.Errorf("expose.paths: empty path exposed"))
 			}
 
-			if seen := knownPaths[path.Path]; seen {
-				result = multierror.Append(result, fmt.Errorf("expose.paths: duplicate paths exposed"))
-			}
-			knownPaths[path.Path] = true
-
 			if seen := knownListeners[path.ListenerPort]; seen {
 				result = multierror.Append(result, fmt.Errorf("expose.paths: duplicate listener ports exposed"))
 			}
diff --git a/agent/structs/structs_test.go b/agent/structs/structs_test.go
index 8c36368031..b5a0d0b7df 100644
--- a/agent/structs/structs_test.go
+++ b/agent/structs/structs_test.go
@@ -574,38 +574,38 @@ func TestStructs_NodeService_ValidateExposeConfig(t *testing.T) {
 	}
 	cases := map[string]testCase{
 		"valid": {
-			func(x *NodeService) {},
-			"",
+			Modify: func(x *NodeService) {},
+			Err:    "",
 		},
 		"empty path": {
-			func(x *NodeService) { x.Proxy.Expose.Paths[0].Path = "" },
-			"empty path exposed",
+			Modify: func(x *NodeService) { x.Proxy.Expose.Paths[0].Path = "" },
+			Err:    "empty path exposed",
 		},
 		"invalid port negative": {
-			func(x *NodeService) { x.Proxy.Expose.Paths[0].ListenerPort = -1 },
-			"invalid listener port",
+			Modify: func(x *NodeService) { x.Proxy.Expose.Paths[0].ListenerPort = -1 },
+			Err:    "invalid listener port",
 		},
 		"invalid port too large": {
-			func(x *NodeService) { x.Proxy.Expose.Paths[0].ListenerPort = 65536 },
-			"invalid listener port",
+			Modify: func(x *NodeService) { x.Proxy.Expose.Paths[0].ListenerPort = 65536 },
+			Err:    "invalid listener port",
 		},
-		"duplicate paths": {
-			func(x *NodeService) {
-				x.Proxy.Expose.Paths[0].Path = "/metrics"
-				x.Proxy.Expose.Paths[1].Path = "/metrics"
+		"duplicate paths are allowed": {
+			Modify: func(x *NodeService) {
+				x.Proxy.Expose.Paths[0].Path = "/healthz"
+				x.Proxy.Expose.Paths[1].Path = "/healthz"
 			},
-			"duplicate paths exposed",
+			Err: "",
 		},
-		"duplicate ports": {
-			func(x *NodeService) {
+		"duplicate listener ports are not allowed": {
+			Modify: func(x *NodeService) {
 				x.Proxy.Expose.Paths[0].ListenerPort = 21600
 				x.Proxy.Expose.Paths[1].ListenerPort = 21600
 			},
-			"duplicate listener ports exposed",
+			Err: "duplicate listener ports exposed",
 		},
 		"protocol not supported": {
-			func(x *NodeService) { x.Proxy.Expose.Paths[0].Protocol = "foo" },
-			"protocol 'foo' not supported for path",
+			Modify: func(x *NodeService) { x.Proxy.Expose.Paths[0].Protocol = "foo" },
+			Err:    "protocol 'foo' not supported for path",
 		},
 	}