From f731c2cb4c12bce2131a030340cc5a5e3ee596cb Mon Sep 17 00:00:00 2001 From: "Sebastian (Tiedtke) Huckleberry" Date: Fri, 20 Feb 2026 14:14:54 -0800 Subject: [PATCH] Clean up TLS default path logic. Use convention if config isn't present. Move cert/key path defaulting into LoadConfig and remove the redundant fallback from ensureTLSCertificate. Use local constants instead of the deprecated tlsbuilder.CertPEMFile/KeyPEMFile. Nest the two path checks under a single `if tls.Generate` guard. Signed-off-by: Sebastian (Tiedtke) Huckleberry --- pkg/agent/application/app.go | 16 ++++++++++++++++ pkg/agent/cmd/certificate_check.go | 9 --------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/pkg/agent/application/app.go b/pkg/agent/application/app.go index 29b9eab7..bf2dd828 100644 --- a/pkg/agent/application/app.go +++ b/pkg/agent/application/app.go @@ -25,6 +25,11 @@ import ( "github.com/runmedev/runme/v3/pkg/agent/config" ) +const ( + defaultCertFile = "cert.pem" + defaultKeyFile = "key.pem" +) + type App struct { AppName string AppConfig *config.AppConfig @@ -49,6 +54,17 @@ func (a *App) LoadConfig(cmd *cobra.Command) error { return err } cfg := ac.GetConfig() + if cfg.AssistantServer != nil && cfg.AssistantServer.TLSConfig != nil { + tls := cfg.AssistantServer.TLSConfig + if tls.Generate { + if tls.CertFile == "" { + tls.CertFile = filepath.Join(ac.GetConfigDir(), defaultCertFile) + } + if tls.KeyFile == "" { + tls.KeyFile = filepath.Join(ac.GetConfigDir(), defaultKeyFile) + } + } + } if problems := cfg.IsValid(); len(problems) > 0 { _, _ = fmt.Fprintf(os.Stdout, "Invalid configuration; %s\n", strings.Join(problems, "\n")) return fmt.Errorf("invalid configuration; fix the problems and then try again") diff --git a/pkg/agent/cmd/certificate_check.go b/pkg/agent/cmd/certificate_check.go index 1e88ef9e..f2f7ea68 100644 --- a/pkg/agent/cmd/certificate_check.go +++ b/pkg/agent/cmd/certificate_check.go @@ -1,8 +1,6 @@ package cmd import ( - "path/filepath" - "github.com/go-logr/zapr" "github.com/spf13/cobra" "go.uber.org/zap" @@ -21,13 +19,6 @@ func ensureTLSCertificate(app *application.App) error { return nil } - if tlsConfig.KeyFile == "" { - tlsConfig.KeyFile = filepath.Join(app.AppConfig.GetConfigDir(), tlsbuilder.KeyPEMFile) - } - if tlsConfig.CertFile == "" { - tlsConfig.CertFile = filepath.Join(app.AppConfig.GetConfigDir(), tlsbuilder.CertPEMFile) - } - _, err := tlsbuilder.LoadOrGenerateConfig(tlsConfig.CertFile, tlsConfig.KeyFile, zap.L()) return err }