Rename flag same-client-cert-enable to tls-same-client-cert-enable

grepplabs · May 31, 2020 · 4ff48db · 4ff48db
1 parent 251c596
commit 4ff48db
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 11 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,6 +10,7 @@ dist/
 # Intellij
 .idea/
 out/
+*.iml
 
 # Binaries for programs and plugins
 *.exe
@@ -64,6 +65,3 @@ Session.vim
 # Auto-generated tag files
 tags
 
-#IntelliJ
-kafka-proxy.iml
-vendor/
diff --git a/README.md b/README.md
@@ -137,7 +137,7 @@ See:
           --tls-client-key-password string                 Password to decrypt rsa private key
           --tls-enable                                     Whether or not to use TLS when connecting to the broker
           --tls-insecure-skip-verify                       It controls whether a client verifies the server's certificate chain and host name
-          --same-client-cert-enable                        Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate matches brokers client cert (tls-client-cert-file)
+          --tls-same-client-cert-enable                    Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate exactly matches brokers client cert (tls-client-cert-file)
 
 ### Usage example
 	
@@ -229,7 +229,7 @@ Validate that client certificate used by proxy client is exactly the same as cli
        --proxy-listener-cert-file server.crt \
        --proxy-listener-key-password changeit \
        --proxy-listener-ca-chain-cert-file ca.crt \
-       --same-client-cert-enable
+       --tls-same-client-cert-enable
 
 ### Kafka Gateway example
 

diff --git a/cmd/kafka-proxy/server.go b/cmd/kafka-proxy/server.go
@@ -149,8 +149,8 @@ func initFlags() {
 	Server.Flags().StringVar(&c.Kafka.TLS.ClientKeyPassword, "tls-client-key-password", "", "Password to decrypt rsa private key")
 	Server.Flags().StringVar(&c.Kafka.TLS.CAChainCertFile, "tls-ca-chain-cert-file", "", "PEM encoded CA's certificate file")
 
-	//Same TLS client cert
-	Server.Flags().BoolVar(&c.Kafka.TLS.SameClientCertEnable, "same-client-cert-enable", false, "Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate matches brokers client cert (tls-client-cert-file)")
+	//Same TLS client cert tls-same-client-cert-enable
+	Server.Flags().BoolVar(&c.Kafka.TLS.SameClientCertEnable, "tls-same-client-cert-enable", false, "Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate exactly matches brokers client cert (tls-client-cert-file)")
 
 	// SASL by Proxy
 	Server.Flags().BoolVar(&c.Kafka.SASL.Enable, "sasl-enable", false, "Connect using SASL")

diff --git a/cmd/kafka-proxy/server_test.go b/cmd/kafka-proxy/server_test.go
@@ -157,7 +157,7 @@ func TestSameClientCertEnabledWithRequiredFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--proxy-listener-tls-enable", "",
 		"--tls-enable", "",
 		"--tls-client-cert-file", "client.crt",
@@ -182,7 +182,7 @@ func TestSameClientCertEnabledWithMissingFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--tls-enable", "",
 		"--tls-client-cert-file", "client.crt",
 		//other necessary tls arguments
@@ -195,7 +195,7 @@ func TestSameClientCertEnabledWithMissingFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--proxy-listener-tls-enable", "",
 		//other necessary tls arguments
 		"--proxy-listener-key-file", "server.pem",
@@ -207,7 +207,7 @@ func TestSameClientCertEnabledWithMissingFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--proxy-listener-tls-enable", "",
 		"--tls-enable", "",
 		//other necessary tls arguments