add test for listener with same port

internal/mode/static/manager.go

@@ -314,7 +314,7 @@ func createManager(cfg config.Config, nginxChecker *nginxConfiguredOnStartChecke
 		// Note: when the leadership is lost, the manager will return an error in the Start() method.
 		// However, it will not wait for any Runnable it starts to finish, meaning any in-progress operations
 		// might get terminated half-way.
-		LeaderElection:          false,
+		LeaderElection:          true,
 		LeaderElectionNamespace: cfg.GatewayPodConfig.Namespace,
 		LeaderElectionID:        cfg.LeaderElection.LockName,
 		// We're not enabling LeaderElectionReleaseOnCancel because when the Manager stops gracefully, it waits

internal/mode/static/state/graph/gateway_listener.go

@@ -93,7 +93,7 @@ func newListenerConfiguratorFactory(
 					valErr := field.NotSupported(
 						field.NewPath("protocol"),
 						listener.Protocol,
-						[]string{string(v1.HTTPProtocolType), string(v1.HTTPSProtocolType)},
+						[]string{string(v1.HTTPProtocolType), string(v1.HTTPSProtocolType), string(v1.TLSProtocolType)},
 					)
 					return staticConds.NewListenerUnsupportedProtocol(valErr.Error()), false /* not attachable */
 				},
@@ -130,7 +130,9 @@ func newListenerConfiguratorFactory(
 				validateListenerLabelSelector,
 				validateListenerHostname,
 			},
-			conflictResolvers:          []listenerConflictResolver{},
+			conflictResolvers: []listenerConflictResolver{
+				sharedPortConflictResolver,
+			},
 			externalReferenceResolvers: []listenerExternalReferenceResolver{},
 		},
 	}
@@ -434,8 +436,13 @@ func createHTTPSListenerValidator(protectedPorts ProtectedPorts) listenerValidat
 }
 
 func createPortConflictResolver() listenerConflictResolver {
+	protocolGoups := map[v1.ProtocolType]string{
+		v1.TLSProtocolType:   "Secure",
+		v1.HTTPProtocolType:  "Unsecure",
+		v1.HTTPSProtocolType: "Secure",
+	}
 	conflictedPorts := make(map[v1.PortNumber]bool)
-	portProtocolOwner := make(map[v1.PortNumber]v1.ProtocolType)
+	portProtocolOwner := make(map[v1.PortNumber]string)
 	listenersByPort := make(map[v1.PortNumber][]*Listener)
 
 	format := "Multiple listeners for the same port %d specify incompatible protocols; " +
@@ -458,15 +465,15 @@ func createPortConflictResolver() listenerConflictResolver {
 
 		listenersByPort[port] = append(listenersByPort[port], l)
 
-		protocol, ok := portProtocolOwner[port]
+		protocolGroup, ok := portProtocolOwner[port]
 		if !ok {
-			portProtocolOwner[port] = l.Source.Protocol
+			portProtocolOwner[port] = protocolGoups[l.Source.Protocol]
 			return
 		}
 
 		// if protocol owner doesn't match the listener's protocol we mark the port as conflicted,
 		// and invalidate all listeners we've seen for this port.
-		if protocol != l.Source.Protocol {
+		if protocolGroup != protocolGoups[l.Source.Protocol] {
 			conflictedPorts[port] = true
 			for _, l := range listenersByPort[port] {
 				l.Valid = false

internal/mode/static/state/graph/gateway_test.go

@@ -250,6 +250,9 @@ func TestBuildGateway(t *testing.T) {
 	createTCPListener := func(name, hostname string, port int) v1.Listener {
 		return createListener(name, hostname, port, v1.TCPProtocolType, nil)
 	}
+	createTLSListener := func(name, hostname string, port int) v1.Listener {
+		return createListener(name, hostname, port, v1.TLSProtocolType, nil)
+	}
 	createHTTPSListener := func(name, hostname string, port int, tls *v1.GatewayTLSConfig) v1.Listener {
 		return createListener(name, hostname, port, v1.HTTPSProtocolType, tls)
 	}
@@ -280,6 +283,9 @@ func TestBuildGateway(t *testing.T) {
 		gatewayTLSConfigDiffNs,
 	)
 
+	// tls listeners
+	foo443TLSListener := createTLSListener("foo-443-tls", "foo.example.com", 443)
+
 	// invalid listeners
 	invalidProtocolListener := createTCPListener("invalid-protocol", "bar.example.com", 80)
 	invalidPortListener := createHTTPListener("invalid-port", "invalid-port", 0)
@@ -948,6 +954,42 @@ func TestBuildGateway(t *testing.T) {
 			},
 			name: "nil gatewayclass",
 		},
+		{
+			gateway: createGateway(
+				gatewayCfg{listeners: []v1.Listener{foo443TLSListener, foo443Listener}},
+			),
+			gatewayClass: validGC,
+			expected: &Gateway{
+				Source: getLastCreatedGetaway(),
+				Valid:  true,
+				Listeners: []*Listener{
+					{
+						Name:       "foo-443-tls",
+						Source:     foo443TLSListener,
+						Valid:      false,
+						Attachable: true,
+						Routes:     map[RouteKey]*L7Route{}, L4Routes: map[L4RouteKey]*L4Route{},
+						Conditions: staticConds.NewListenerProtocolConflict(conflict443PortMsg),
+						SupportedKinds: []v1.RouteGroupKind{
+							{Kind: kinds.TLSRoute},
+						},
+					},
+					{
+						Name:       "foo-443",
+						Source:     foo443Listener,
+						Valid:      false,
+						Attachable: true,
+						Routes:     map[RouteKey]*L7Route{}, L4Routes: map[L4RouteKey]*L4Route{},
+						Conditions: staticConds.NewListenerProtocolConflict(conflict443PortMsg),
+						SupportedKinds: []v1.RouteGroupKind{
+							{Kind: kinds.HTTPRoute},
+							{Kind: kinds.GRPCRoute},
+						},
+					},
+				},
+			},
+			name: "http listener and tls listener port conflicting",
+		},
 	}
 
 	secretResolver := newSecretResolver(

internal/mode/static/state/graph/route_common.go

@@ -157,6 +157,10 @@ func CreateRouteKey(obj client.Object) RouteKey {
 	}
 }
 
+// RemoveDuplicateHostnameRoutes will invalidate the older routes with duplicate routes and only keep the latest.
+func RemoveDuplicateHostnameRoutes() {
+}
+
 // CreateRouteKeyL4 takes a client.Object and creates a L4RouteKey.
 func CreateRouteKeyL4(obj client.Object) L4RouteKey {
 	nsName := types.NamespacedName{