Consul Connect: Fix validation with multiple local_bind_socket_paths (#22312)

When a consul connect sidecar service is defined with multiple local_bind_socket_path upstreams, validation would fail due to duplicate socket address bindings on `:0` being detected. Validate local_bind_socket_path sockets separately from IP address sockets.
2026-01-01 16:05:42 +03:00 · 2024-06-04 05:46:24 -07:00
parent 13e1a72325
commit 096c72a2f4
2 changed files with 10 additions and 2 deletions
--- a/.changelog/22312.txt
+++ b/.changelog/22312.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: fix validation with multiple socket paths
+```
--- a/nomad/job_endpoint_hook_connect.go
+++ b/nomad/job_endpoint_hook_connect.go
@@ -569,7 +569,7 @@ func groupConnectValidate(g *structs.TaskGroup) error {
 }

 func groupConnectUpstreamsValidate(g *structs.TaskGroup, services []*structs.Service) error {
-	listeners := make(map[string]string) // address -> service
+	listeners := make(map[string]string) // address or path-> service

 	var connectBlockCount int
 	var hasTproxy bool
@@ -580,7 +580,12 @@ func groupConnectUpstreamsValidate(g *structs.TaskGroup, services []*structs.Ser
 		}
 		if service.Connect.HasSidecar() && service.Connect.SidecarService.Proxy != nil {
 			for _, up := range service.Connect.SidecarService.Proxy.Upstreams {
-				listener := net.JoinHostPort(up.LocalBindAddress, strconv.Itoa(up.LocalBindPort))
+				var listener string
+				if up.LocalBindSocketPath == "" {
+					listener = net.JoinHostPort(up.LocalBindAddress, strconv.Itoa(up.LocalBindPort))
+				} else {
+					listener = up.LocalBindSocketPath
+				}
 				if s, exists := listeners[listener]; exists {
 					return fmt.Errorf(
 						"Consul Connect services %q and %q in group %q using same address for upstreams (%s)",