From 4ff48db4d0ed3ef76ad32360d64a3108b1e7f2cd Mon Sep 17 00:00:00 2001
From: Michal Budzyn <michalbudzyn@gmail.com>
Date: Sun, 31 May 2020 10:51:28 +0200
Subject: [PATCH] Rename flag same-client-cert-enable to
 tls-same-client-cert-enable

---
 .gitignore                     | 4 +---
 README.md                      | 4 ++--
 cmd/kafka-proxy/server.go      | 4 ++--
 cmd/kafka-proxy/server_test.go | 8 ++++----
 4 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1642ac4b..72400b99 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ dist/
 # Intellij
 .idea/
 out/
+*.iml
 
 # Binaries for programs and plugins
 *.exe
@@ -64,6 +65,3 @@ Session.vim
 # Auto-generated tag files
 tags
 
-#IntelliJ
-kafka-proxy.iml
-vendor/
diff --git a/README.md b/README.md
index fb131ff6..7cfd3d2a 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ See:
           --tls-client-key-password string                 Password to decrypt rsa private key
           --tls-enable                                     Whether or not to use TLS when connecting to the broker
           --tls-insecure-skip-verify                       It controls whether a client verifies the server's certificate chain and host name
-          --same-client-cert-enable                        Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate matches brokers client cert (tls-client-cert-file)
+          --tls-same-client-cert-enable                    Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate exactly matches brokers client cert (tls-client-cert-file)
 
 ### Usage example
 	
@@ -229,7 +229,7 @@ Validate that client certificate used by proxy client is exactly the same as cli
        --proxy-listener-cert-file server.crt \
        --proxy-listener-key-password changeit \
        --proxy-listener-ca-chain-cert-file ca.crt \
-       --same-client-cert-enable
+       --tls-same-client-cert-enable
 
 ### Kafka Gateway example
 
diff --git a/cmd/kafka-proxy/server.go b/cmd/kafka-proxy/server.go
index 957f121b..a53098be 100644
--- a/cmd/kafka-proxy/server.go
+++ b/cmd/kafka-proxy/server.go
@@ -149,8 +149,8 @@ func initFlags() {
 	Server.Flags().StringVar(&c.Kafka.TLS.ClientKeyPassword, "tls-client-key-password", "", "Password to decrypt rsa private key")
 	Server.Flags().StringVar(&c.Kafka.TLS.CAChainCertFile, "tls-ca-chain-cert-file", "", "PEM encoded CA's certificate file")
 
-	//Same TLS client cert
-	Server.Flags().BoolVar(&c.Kafka.TLS.SameClientCertEnable, "same-client-cert-enable", false, "Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate matches brokers client cert (tls-client-cert-file)")
+	//Same TLS client cert tls-same-client-cert-enable
+	Server.Flags().BoolVar(&c.Kafka.TLS.SameClientCertEnable, "tls-same-client-cert-enable", false, "Use only when mutual TLS is enabled on proxy and broker. It controls whether a proxy validates if proxy client certificate exactly matches brokers client cert (tls-client-cert-file)")
 
 	// SASL by Proxy
 	Server.Flags().BoolVar(&c.Kafka.SASL.Enable, "sasl-enable", false, "Connect using SASL")
diff --git a/cmd/kafka-proxy/server_test.go b/cmd/kafka-proxy/server_test.go
index 0737522d..e34d9bca 100644
--- a/cmd/kafka-proxy/server_test.go
+++ b/cmd/kafka-proxy/server_test.go
@@ -157,7 +157,7 @@ func TestSameClientCertEnabledWithRequiredFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--proxy-listener-tls-enable", "",
 		"--tls-enable", "",
 		"--tls-client-cert-file", "client.crt",
@@ -182,7 +182,7 @@ func TestSameClientCertEnabledWithMissingFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--tls-enable", "",
 		"--tls-client-cert-file", "client.crt",
 		//other necessary tls arguments
@@ -195,7 +195,7 @@ func TestSameClientCertEnabledWithMissingFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--proxy-listener-tls-enable", "",
 		//other necessary tls arguments
 		"--proxy-listener-key-file", "server.pem",
@@ -207,7 +207,7 @@ func TestSameClientCertEnabledWithMissingFlags(t *testing.T) {
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32402",
 		"--bootstrap-server-mapping", "192.168.99.100:32402,0.0.0.0:32403",
 		//same client enabled attributes
-		"--same-client-cert-enable", "",
+		"--tls-same-client-cert-enable", "",
 		"--proxy-listener-tls-enable", "",
 		"--tls-enable", "",
 		//other necessary tls arguments