Move auth config into a separate structure

This way we cannot have halfway-configured authentication. Signed-off-by: Grzegorz Nosek <root@localdomain.pl>
falcosecurity · Mar 5, 2020 · 78fd89d · 78fd89d
1 parent bc07cef
commit 78fd89d
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 19 deletions.
diff --git a/src/client.rs b/src/client.rs
@@ -15,12 +15,10 @@ pub struct FalcoConnect {
 
 impl Connect for FalcoConnect {
     fn connect(env: Arc<Environment>, config: config::Config) -> Result<grpcio::Channel> {
-        if let (Some(ca_path), Some(cert_path), Some(key_path)) =
-            (&config.ca, &config.cert, &config.key)
-        {
-            let root_cert = certs::load_pem_file(ca_path.as_ref())?;
-            let client_cert = certs::load_pem_file(cert_path.as_ref())?;
-            let client_key = certs::load_pem_file(key_path.as_ref())?;
+        if let Some(auth) = &config.auth {
+            let root_cert = certs::load_pem_file(auth.ca.as_ref())?;
+            let client_cert = certs::load_pem_file(auth.cert.as_ref())?;
+            let client_key = certs::load_pem_file(auth.key.as_ref())?;
 
             let credentials = ChannelCredentialsBuilder::new()
                 // Set the PEM encoded server root cert to verify server's identity
@@ -33,7 +31,7 @@ impl Connect for FalcoConnect {
             Ok(ChannelBuilder::new(env).secure_connect(config.endpoint.as_str(), credentials))
         } else {
             Err(Error::internal_error(
-                "something wrong during client configuration",
+                "unencrypted connections are not supported",
             ))
         }
     }

diff --git a/src/config.rs b/src/config.rs
@@ -2,14 +2,20 @@ use serde_derive::{Deserialize, Serialize};
 use std::default::Default;
 use std::path::PathBuf;
 
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
+pub struct AuthConfig {
+    pub(crate) ca: PathBuf,
+    pub(crate) cert: PathBuf,
+    pub(crate) key: PathBuf,
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
 #[serde(default)]
 #[serde(rename_all = "kebab-case")]
 pub struct Config {
     pub(crate) endpoint: String,
-    pub(crate) ca: Option<PathBuf>,
-    pub(crate) cert: Option<PathBuf>,
-    pub(crate) key: Option<PathBuf>,
+    #[serde(flatten)]
+    pub(crate) auth: Option<AuthConfig>,
 }
 
 impl Config {
@@ -22,9 +28,7 @@ impl Config {
     pub fn new(endpoint: &str) -> Self {
         Config {
             endpoint: endpoint.into(),
-            ca: None,
-            cert: None,
-            key: None,
+            auth: None,
         }
     }
 
@@ -43,9 +47,11 @@ impl Config {
         cert: impl Into<PathBuf>,
         key: impl Into<PathBuf>,
     ) -> Self {
-        self.ca = Some(ca.into());
-        self.cert = Some(cert.into());
-        self.key = Some(key.into());
+        self.auth = Some(AuthConfig {
+            ca: ca.into(),
+            cert: cert.into(),
+            key: key.into(),
+        });
         self
     }
 }
@@ -54,9 +60,11 @@ impl Default for Config {
     fn default() -> Self {
         Config {
             endpoint: "localhost:5060".to_owned(),
-            ca: Option::from(PathBuf::from("/tmp/certs/ca.crt")),
-            cert: Option::from(PathBuf::from("/etc/certs/client.crt")),
-            key: Option::from(PathBuf::from("/etc/certs/client.key")),
+            auth: Some(AuthConfig {
+                ca: PathBuf::from("/tmp/certs/ca.crt"),
+                cert: PathBuf::from("/etc/certs/client.crt"),
+                key: PathBuf::from("/etc/certs/client.key"),
+            }),
         }
     }
 }