docs(cli): Create commented config file

The previous `gen-config` output contained no comments and was partly misleading, i.e. the `pre_shared_key` is actually a path and not the key itself. Mark things that are optional. To keep things in sync, add a test that verifies that the configuration is actually valid. While at it, use 127.0.0.1 as peer address instead a fictitious domain which would break the tests. Signed-off-by: Paul Spooren <mail@aparcar.org>
2025-12-18 13:24:38 +03:00 · 2024-11-04 15:08:57 +01:00
parent 2369006342
commit 0745019e10
3 changed files with 63 additions and 28 deletions
--- a/rosenpass/src/cli.rs
+++ b/rosenpass/src/cli.rs
@@ -246,7 +246,7 @@ impl CliArgs {
                    "config file {config_file:?} already exists"
                );

-                config::Rosenpass::example_config().store(config_file)?;
+                std::fs::write(config_file, config::EXAMPLE_CONFIG)?;
            }

            // Deprecated - use gen-keys instead
--- a/rosenpass/src/config.rs
+++ b/rosenpass/src/config.rs
@@ -491,38 +491,31 @@ impl Rosenpass {
    }
 }

-impl Rosenpass {
-    /// Generate an example configuration
-    pub fn example_config() -> Self {
-        let peer = RosenpassPeer {
-            public_key: "/path/to/rp-peer-public-key".into(),
-            endpoint: Some("my-peer.test:9999".into()),
-            key_out: Some("/path/to/rp-key-out.txt".into()),
-            pre_shared_key: Some("additional pre shared key".into()),
-            wg: Some(WireGuard {
-                device: "wirgeguard device e.g. wg0".into(),
-                peer: "wireguard public key".into(),
-                extra_params: vec!["passed to".into(), "wg set".into()],
-            }),
-        };
-
-        Self {
-            keypair: Some(Keypair {
-                public_key: "/path/to/rp-public-key".into(),
-                secret_key: "/path/to/rp-secret-key".into(),
-            }),
-            peers: vec![peer],
-            ..Self::new(None)
-        }
-    }
-}
-
 impl Default for Verbosity {
    fn default() -> Self {
        Self::Quiet
    }
 }

+pub static EXAMPLE_CONFIG: &str = r###"public_key = "/path/to/rp-public-key"
+secret_key = "/path/to/rp-secret-key"
+listen = []
+verbosity = "Verbose"
+
+[[peers]]
+# Commented out fields are optional
+public_key = "/path/to/rp-peer-public-key"
+endpoint = "127.0.0.1:9998"
+# pre_shared_key = "/path/to/preshared-key"
+
+# Choose to store the key in a file via `key_out` or pass it to WireGuard by
+# defining `device` and `peer`. You may choose to do both.
+key_out = "/path/to/rp-key-out.txt" # path to store the key
+# device = "wg0" # WireGuard interface
+#peer = "RULdRAtUw7SFfVfGD..." # WireGuard public key
+# extra_params = [] # passed to WireGuard `wg set`
+"###;
+
 #[cfg(test)]
 mod test {

--- a/rosenpass/tests/integration_test.rs
+++ b/rosenpass/tests/integration_test.rs
@@ -1,3 +1,4 @@
+use std::fs::File;
 use std::{
    fs,
    net::UdpSocket,
@@ -5,9 +6,10 @@ use std::{
    sync::{Arc, Mutex},
    time::Duration,
 };
+use tempfile::tempdir;

 use clap::Parser;
-use rosenpass::{app_server::AppServerTestBuilder, cli::CliArgs};
+use rosenpass::{app_server::AppServerTestBuilder, cli::CliArgs, config::EXAMPLE_CONFIG};
 use rosenpass_secret_memory::{Public, Secret};
 use rosenpass_wireguard_broker::{WireguardBrokerMio, WG_KEY_LEN, WG_PEER_LEN};
 use serial_test::serial;
@@ -134,6 +136,46 @@ fn run_server_client_exchange(
    client_terminate.send(()).unwrap();
 }

+// verify that EXAMPLE_CONFIG is correct
+#[test]
+fn check_example_config() {
+    setup_tests();
+    setup_logging();
+
+    let tmp_dir = tempdir().unwrap();
+    let config_path = tmp_dir.path().join("config.toml");
+    let mut config_file = File::create(config_path.to_owned()).unwrap();
+
+    config_file
+        .write_all(
+            EXAMPLE_CONFIG
+                .replace("/path/to", tmp_dir.path().to_str().unwrap())
+                .as_bytes(),
+        )
+        .unwrap();
+
+    let output = test_bin::get_test_bin(BIN)
+        .args(["gen-keys"])
+        .arg(&config_path)
+        .output()
+        .expect("EXAMPLE_CONFIG not valid");
+
+    fs::copy(
+        tmp_dir.path().join("rp-public-key"),
+        tmp_dir.path().join("rp-peer-public-key"),
+    )
+    .unwrap();
+
+    let output = test_bin::get_test_bin(BIN)
+        .args(["validate"])
+        .arg(&config_path)
+        .output()
+        .expect("EXAMPLE_CONFIG not valid");
+
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    assert!(stderr.contains("has passed all logical checks"));
+}
+
 // check that we can exchange keys
 #[test]
 #[serial]