Skip to content

Commit

Permalink
dekaf: Fix CERTIFICATE_FILE/CERTIFICATE_KEY_FILE not being optional
Browse files Browse the repository at this point in the history
  • Loading branch information
@jshearer
jshearer committed Sep 9, 2024
1 parent 641a7fb commit efe6e06
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 21 deletions.
12 changes: 0 additions & 12 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 9 additions & 9 deletions crates/dekaf/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,16 +74,16 @@ pub struct Cli {
}

#[derive(Args, Debug, serde::Serialize)]
#[group(required = true)]
#[group(required = false)]
struct TlsArgs {
/// The certificate file used to serve TLS connections. If provided, Dekaf must not be
/// behind a TLS-terminating proxy and instead be directly exposed.
#[arg(long, env = "CERTIFICATE_FILE")]
certificate_file: PathBuf,
#[arg(long, env = "CERTIFICATE_FILE", requires="certificate_key_file")]
certificate_file: Option<PathBuf>,
/// The key file used to serve TLS connections. If provided, Dekaf must not be
/// behind a TLS-terminating proxy and instead be directly exposed.
#[arg(long, env = "CERTIFICATE_FILE")]
certificate_key_file: PathBuf,
#[arg(long, env = "CERTIFICATE_KEY_FILE", requires = "certificate_file")]
certificate_key_file: Option<PathBuf>,
}

#[tokio::main]
Expand Down Expand Up @@ -153,8 +153,8 @@ async fn main() -> anyhow::Result<()> {
let metrics_router = dekaf::metrics::build_router(app.clone());
if let Some(tls_cfg) = cli.tls {
let axum_rustls_config = RustlsConfig::from_pem_file(
tls_cfg.certificate_file.clone(),
tls_cfg.certificate_key_file.clone(),
tls_cfg.certificate_file.clone().unwrap(),
tls_cfg.certificate_key_file.clone().unwrap(),
)
.await?;

Expand All @@ -163,8 +163,8 @@ async fn main() -> anyhow::Result<()> {
let metrics_server_task = axum_server::bind_rustls(metrics_addr, axum_rustls_config)
.serve(metrics_router.into_make_service());

let certs = load_certs(&tls_cfg.certificate_file)?;
let key = load_key(&tls_cfg.certificate_key_file)?;
let certs = load_certs(&tls_cfg.certificate_file.unwrap())?;
let key = load_key(&tls_cfg.certificate_key_file.unwrap())?;
let config = rustls::ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(certs, key)
Expand Down

0 comments on commit efe6e06

Please sign in to comment.