From a1275c6e7d026625e34ac4fa9205f652f1f263fb Mon Sep 17 00:00:00 2001
From: Matt Keeler <mjkeeler7@gmail.com>
Date: Fri, 26 Jun 2020 15:13:54 -0400
Subject: [PATCH] Use the DNS and IP SANs from the auto config stanza when set

---
 agent/auto-config/auto_config.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/agent/auto-config/auto_config.go b/agent/auto-config/auto_config.go
index 8a8565b23..8ee879123 100644
--- a/agent/auto-config/auto_config.go
+++ b/agent/auto-config/auto_config.go
@@ -392,6 +392,20 @@ func (ac *AutoConfig) resolveHost(hostPort string) []net.TCPAddr {
 // This will persist the configuration to disk (unless in dev mode running without
 // a data dir) and will reload the configuration.
 func (ac *AutoConfig) recordAutoConfigReply(reply *agentpb.AutoConfigResponse) error {
+	// overwrite the auto encrypt DNS SANs with the ones specified in the auto_config stanza
+	if len(ac.config.AutoConfig.DNSSANs) > 0 && reply.Config.AutoEncrypt != nil {
+		reply.Config.AutoEncrypt.DNSSAN = ac.config.AutoConfig.DNSSANs
+	}
+
+	// overwrite the auto encrypt IP SANs with the ones specified in the auto_config stanza
+	if len(ac.config.AutoConfig.IPSANs) > 0 && reply.Config.AutoEncrypt != nil {
+		var ips []string
+		for _, ip := range ac.config.AutoConfig.IPSANs {
+			ips = append(ips, ip.String())
+		}
+		reply.Config.AutoEncrypt.IPSAN = ips
+	}
+
 	conf, err := json.Marshal(translateConfig(reply.Config))
 	if err != nil {
 		return fmt.Errorf("failed to encode auto-config configuration as JSON: %w", err)