From 091bed01b084d8972a8d11a8a1325ce12646660a Mon Sep 17 00:00:00 2001
From: Julien Pivotto <roidelapluie@inuits.eu>
Date: Sat, 25 Apr 2020 13:42:45 +0200
Subject: [PATCH] Make TLS config consistent with Prometheus (#1685)

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
---
 https/README.md                                       | 11 ++++++-----
 .../tls_config_auth_clientCAs_invalid.bad.yml         |  8 ++++----
 .../tls_config_auth_clientCAs_missing.bad.yml         |  8 ++++----
 https/testdata/tls_config_noAuth.bad.yml              |  8 ++++----
 https/testdata/tls_config_noAuth.good.blocking.yml    | 10 +++++-----
 https/testdata/tls_config_noAuth.good.yml             | 10 +++++-----
 .../testdata/tls_config_noAuth_certPath_empty.bad.yml |  6 +++---
 .../tls_config_noAuth_certPath_invalid.bad.yml        |  6 +++---
 .../tls_config_noAuth_certPath_keyPath_empty.bad.yml  |  6 +++---
 ...tls_config_noAuth_certPath_keyPath_invalid.bad.yml |  6 +++---
 .../testdata/tls_config_noAuth_keyPath_empty.bad.yml  |  6 +++---
 .../tls_config_noAuth_keyPath_invalid.bad.yml         |  6 +++---
 https/tls_config.go                                   | 10 +++++-----
 https/web-config.yml                                  | 11 ++++++-----
 14 files changed, 57 insertions(+), 55 deletions(-)

diff --git a/https/README.md b/https/README.md
index d9cb5643..946f2cf6 100644
--- a/https/README.md
+++ b/https/README.md
@@ -9,16 +9,17 @@ If the config is kept within the https directory.
 The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.
 
 ## Sample Config
+
 ```
-tlsConfig :
+tls_config:
   # Certificate and key files for server to use to authenticate to client
-  tlsCertPath : <filename>
-  tlsKeyPath : <filename>
+  cert_file: <filename>
+  key_file: <filename>
 
   # Server policy for client authentication. Maps to ClientAuth Policies
   # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
-  [ clientAuth : <string> | default = "NoClientCert" ]
+  [ client_auth_type: <string> | default = "NoClientCert" ]
 
   # CA certificate for client certificate authentication to the server
-  [ clientCAs : <filename> ]
+  [ client_ca_file: <filename> ]
 ```
diff --git a/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml b/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml
index c34cc4fe..742889fb 100644
--- a/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml
+++ b/https/testdata/tls_config_auth_clientCAs_invalid.bad.yml
@@ -1,4 +1,4 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.crt"
-  tlsKeyPath : "testdata/server.key"
-  clientCAs : "somefile"
\ No newline at end of file
+tls_config :
+  cert_file : "testdata/server.crt"
+  key_file : "testdata/server.key"
+  client_ca_file : "somefile"
\ No newline at end of file
diff --git a/https/testdata/tls_config_auth_clientCAs_missing.bad.yml b/https/testdata/tls_config_auth_clientCAs_missing.bad.yml
index fc92932c..5f172a96 100644
--- a/https/testdata/tls_config_auth_clientCAs_missing.bad.yml
+++ b/https/testdata/tls_config_auth_clientCAs_missing.bad.yml
@@ -1,4 +1,4 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.crt"
-  tlsKeyPath : "testdata/server.key"
-  clientAuth : "RequireAndVerifyClientCert"
\ No newline at end of file
+tls_config :
+  cert_file : "testdata/server.crt"
+  key_file : "testdata/server.key"
+  client_auth_type : "RequireAndVerifyClientCert"
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth.bad.yml b/https/testdata/tls_config_noAuth.bad.yml
index f0dd2288..afba2771 100644
--- a/https/testdata/tls_config_noAuth.bad.yml
+++ b/https/testdata/tls_config_noAuth.bad.yml
@@ -1,4 +1,4 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.crt"
-  tlsKeyPath : "testdata/server.key"
-  clientCAs : "testdata/tls-ca-chain.pem" 
+tls_config :
+  cert_file : "testdata/server.crt"
+  key_file : "testdata/server.key"
+  client_ca_file : "testdata/tls-ca-chain.pem" 
diff --git a/https/testdata/tls_config_noAuth.good.blocking.yml b/https/testdata/tls_config_noAuth.good.blocking.yml
index f567693b..3a214242 100644
--- a/https/testdata/tls_config_noAuth.good.blocking.yml
+++ b/https/testdata/tls_config_noAuth.good.blocking.yml
@@ -1,5 +1,5 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.crt"
-  tlsKeyPath : "testdata/server.key"
-  clientAuth : "RequireAndVerifyClientCert"
-  clientCAs: "testdata/tls-ca-chain.pem"
\ No newline at end of file
+tls_config :
+  cert_file : "testdata/server.crt"
+  key_file : "testdata/server.key"
+  client_auth_type : "RequireAndVerifyClientCert"
+  client_ca_file: "testdata/tls-ca-chain.pem"
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth.good.yml b/https/testdata/tls_config_noAuth.good.yml
index 76e46cf4..d762d8e6 100644
--- a/https/testdata/tls_config_noAuth.good.yml
+++ b/https/testdata/tls_config_noAuth.good.yml
@@ -1,5 +1,5 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.crt"
-  tlsKeyPath : "testdata/server.key"
-  clientAuth : "VerifyClientCertIfGiven"
-  clientCAs : "testdata/tls-ca-chain.pem"
+tls_config :
+  cert_file : "testdata/server.crt"
+  key_file : "testdata/server.key"
+  client_auth_type : "VerifyClientCertIfGiven"
+  client_ca_file : "testdata/tls-ca-chain.pem"
diff --git a/https/testdata/tls_config_noAuth_certPath_empty.bad.yml b/https/testdata/tls_config_noAuth_certPath_empty.bad.yml
index 39c7abd2..f7aaa942 100644
--- a/https/testdata/tls_config_noAuth_certPath_empty.bad.yml
+++ b/https/testdata/tls_config_noAuth_certPath_empty.bad.yml
@@ -1,3 +1,3 @@
-tlsConfig :
-  tlsCertPath : ""
-  tlsKeyPath : "testdata/server.key"
\ No newline at end of file
+tls_config :
+  cert_file : ""
+  key_file : "testdata/server.key"
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml b/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml
index 5bdbd1a7..09344f94 100644
--- a/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml
+++ b/https/testdata/tls_config_noAuth_certPath_invalid.bad.yml
@@ -1,3 +1,3 @@
-tlsConfig :
-  tlsCertPath : "somefile"
-  tlsKeyPath : "testdata/server.key"
\ No newline at end of file
+tls_config :
+  cert_file : "somefile"
+  key_file : "testdata/server.key"
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml b/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml
index 938e5d6d..2ed91953 100644
--- a/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml
+++ b/https/testdata/tls_config_noAuth_certPath_keyPath_empty.bad.yml
@@ -1,3 +1,3 @@
-tlsConfig :
-  tlsCertPath : ""
-  tlsKeyPath : ""
\ No newline at end of file
+tls_config :
+  cert_file : ""
+  key_file : ""
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml b/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml
index b93ffd69..972e4574 100644
--- a/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml
+++ b/https/testdata/tls_config_noAuth_certPath_keyPath_invalid.bad.yml
@@ -1,3 +1,3 @@
-tlsConfig :
-  tlsCertPath : "somefile"
-  tlsKeyPath : "somefile"
\ No newline at end of file
+tls_config :
+  cert_file : "somefile"
+  key_file : "somefile"
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml b/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml
index 424f92f1..87a52652 100644
--- a/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml
+++ b/https/testdata/tls_config_noAuth_keyPath_empty.bad.yml
@@ -1,3 +1,3 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.crt"
-  tlsKeyPath : ""
\ No newline at end of file
+tls_config :
+  cert_file : "testdata/server.crt"
+  key_file : ""
\ No newline at end of file
diff --git a/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml b/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml
index 2625074b..b3985f37 100644
--- a/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml
+++ b/https/testdata/tls_config_noAuth_keyPath_invalid.bad.yml
@@ -1,3 +1,3 @@
-tlsConfig :
-  tlsCertPath : "testdata/server.cert"
-  tlsKeyPath : "somefile"
\ No newline at end of file
+tls_config :
+  cert_file : "testdata/server.cert"
+  key_file : "somefile"
\ No newline at end of file
diff --git a/https/tls_config.go b/https/tls_config.go
index 423c2678..7d381b84 100644
--- a/https/tls_config.go
+++ b/https/tls_config.go
@@ -25,14 +25,14 @@ import (
 )
 
 type Config struct {
-	TLSConfig TLSStruct `yaml:"tlsConfig"`
+	TLSConfig TLSStruct `yaml:"tls_config"`
 }
 
 type TLSStruct struct {
-	TLSCertPath string `yaml:"tlsCertPath"`
-	TLSKeyPath  string `yaml:"tlsKeyPath"`
-	ClientAuth  string `yaml:"clientAuth"`
-	ClientCAs   string `yaml:"clientCAs"`
+	TLSCertPath string `yaml:"cert_file"`
+	TLSKeyPath  string `yaml:"key_file"`
+	ClientAuth  string `yaml:"client_auth_type"`
+	ClientCAs   string `yaml:"client_ca_file"`
 }
 
 func getTLSConfig(configPath string) (*tls.Config, error) {
diff --git a/https/web-config.yml b/https/web-config.yml
index 0f439dac..9937291c 100644
--- a/https/web-config.yml
+++ b/https/web-config.yml
@@ -1,10 +1,11 @@
-tlsConfig :
+tls_config:
   # Certificate and key files for server to use to authenticate to client
-  tlsCertPath : <filename>
-  tlsKeyPath : <filename>
+  cert_file: <filename>
+  key_file: <filename>
 
   # Server policy for client authentication. Maps to ClientAuth Policies
-  [ clientAuth : <string> ]
+  # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
+  [ client_auth_type: <string> | default = "NoClientCert" ]
 
   # CA certificate for client certificate authentication to the server
-  [ clientCAs : <filename> ]
+  [ client_ca_file: <filename> ]