Removed dupe checking because json library auto-removes dupes.

Signed-off-by: Brian Sonnenberg <[email protected]>
envoyproxy · Dec 12, 2024 · e16fd5d · e16fd5d
1 parent ed26529
commit e16fd5d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 48 deletions.
diff --git a/source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc b/source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc
@@ -62,12 +62,10 @@ SPIFFEValidator::parseTrustBundles(const std::string& trust_bundle_mapping_str)
       (*trust_domains)
           ->iterate([&spiffe_data, &success](const std::string& domain_name,
                                              const Envoy::Json::Object& domain_object) -> bool {
-            if (spiffe_data->trust_bundle_stores.contains(domain_name)) {
-              ENVOY_LOG(error, "Duplicate domain '{}' in SPIFFE bundle map", domain_name);
-              return (success = false);
-            } else {
-              spiffe_data->trust_bundle_stores[domain_name] = X509StorePtr(X509_STORE_new());
-            }
+            // TODO: Duplicates are currently ignored and only the last value is used.
+            // This is because our json parser auto de-dupes keys in the dict and
+            // only include the last one in this iteration function.
+            spiffe_data->trust_bundle_stores[domain_name] = X509StorePtr(X509_STORE_new());
 
             ENVOY_LOG(info, "Loading domain '{}' from SPIFFE bundle map", domain_name);
 

diff --git a/test/common/tls/test_data/trust_bundles_dupe_domains.json b/test/common/tls/test_data/trust_bundles_dupe_domains.json
diff --git a/test/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator_test.cc b/test/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator_test.cc
@@ -827,16 +827,6 @@ name: envoy.tls.cert_validator.spiffe
   )EOF")),
                               EnvoyException, "Failed to load SPIFFE Bundle map");
   }
-  {
-    EXPECT_THROW_WITH_MESSAGE(initialize(TestEnvironment::substitute(R"EOF(
-name: envoy.tls.cert_validator.spiffe
-typed_config:
-  "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.SPIFFECertValidatorConfig
-  trust_bundles:
-    filename: "{{ test_rundir }}/test/common/tls/test_data/trust_bundles_dupe_domains.json"
-  )EOF")),
-                              EnvoyException, "Failed to load SPIFFE Bundle map");
-  }
 }
 
 TEST_F(TestSPIFFEValidator, TestDoVerifyCertChainMultipleTrustDomainBundleMappingInline) {