From fffc3e82b27ceb67f96c4c52d806e4ed6bd58b21 Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Mon, 2 Mar 2026 18:07:32 -0800 Subject: [PATCH] refactor(cli): remove global --tls-ca, --tls-cert, --tls-key flags TLS certificates are always resolved automatically from cluster metadata, making the explicit CLI flags unnecessary. The TlsOptions struct and auto-resolution logic remain intact for programmatic and test use. --- crates/navigator-cli/src/bootstrap.rs | 4 ++-- crates/navigator-cli/src/completers.rs | 2 +- crates/navigator-cli/src/main.rs | 14 +------------- 3 files changed, 4 insertions(+), 16 deletions(-) diff --git a/crates/navigator-cli/src/bootstrap.rs b/crates/navigator-cli/src/bootstrap.rs index 5e357f84..c7d390f4 100644 --- a/crates/navigator-cli/src/bootstrap.rs +++ b/crates/navigator-cli/src/bootstrap.rs @@ -24,8 +24,8 @@ const DEFAULT_CLUSTER_NAME: &str = "navigator"; /// Returns `false` for explicit TLS configuration errors, auth failures, and other /// non-connectivity issues. pub fn should_attempt_bootstrap(error: &miette::Report, tls: &TlsOptions) -> bool { - // If the user explicitly provided TLS options and they failed, that's a - // configuration error, not a missing-cluster situation. + // If TLS paths were explicitly provided (e.g. in tests) and they failed, + // that's a configuration error, not a missing-cluster situation. if tls.has_any() { return is_connectivity_error(error); } diff --git a/crates/navigator-cli/src/completers.rs b/crates/navigator-cli/src/completers.rs index d1a1288e..0fcdff7c 100644 --- a/crates/navigator-cli/src/completers.rs +++ b/crates/navigator-cli/src/completers.rs @@ -80,7 +80,7 @@ async fn completion_grpc_client( server: &str, cluster_name: &str, ) -> Option> { - let tls_opts = TlsOptions::new(None, None, None).with_cluster_name(cluster_name); + let tls_opts = TlsOptions::default().with_cluster_name(cluster_name); let materials = require_tls_materials(server, &tls_opts).ok()?; let tls_config = build_tonic_tls_config(&materials); let endpoint = Endpoint::from_shared(server.to_string()) diff --git a/crates/navigator-cli/src/main.rs b/crates/navigator-cli/src/main.rs index a7fbfd32..a66769f8 100644 --- a/crates/navigator-cli/src/main.rs +++ b/crates/navigator-cli/src/main.rs @@ -89,18 +89,6 @@ struct Cli { #[arg(long, short, global = true, env = "NAVIGATOR_CLUSTER")] cluster: Option, - /// Path to TLS CA certificate (PEM). - #[arg(long, env = "NAVIGATOR_TLS_CA", global = true)] - tls_ca: Option, - - /// Path to TLS client certificate (PEM). - #[arg(long, env = "NAVIGATOR_TLS_CERT", global = true)] - tls_cert: Option, - - /// Path to TLS client private key (PEM). - #[arg(long, env = "NAVIGATOR_TLS_KEY", global = true)] - tls_key: Option, - #[command(subcommand)] command: Option, } @@ -814,7 +802,7 @@ async fn main() -> Result<()> { CompleteEnv::with_factory(Cli::command).complete(); let cli = Cli::parse(); - let tls = TlsOptions::new(cli.tls_ca, cli.tls_cert, cli.tls_key); + let tls = TlsOptions::default(); // Set up logging based on verbosity let log_level = match cli.verbose {