Set client options in a backwards compatible way (#733)

* Set client options in a backwards compatible way * Fix default validation in SSHD
azimuth-cloud · Oct 15, 2024 · 3183a42 · 3183a42
1 parent 984994a
commit 3183a42
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/client/zenith/client/tunnel.py b/client/zenith/client/tunnel.py
@@ -92,9 +92,11 @@ def configure_tunnel(ssh_proc, config):
             )
             if config.read_timeout:
                 tunnel_config.update(read_timeout = config.read_timeout)
-            tunnel_config.update(internal = config.internal)
-            tunnel_config.update(skip_auth = config.skip_auth)
-            if not config.skip_auth:
+            if config.internal:
+                tunnel_config.update(internal = config.internal)
+            if config.skip_auth:
+                tunnel_config.update(skip_auth = config.skip_auth)
+            else:
                 if config.auth_oidc_issuer:
                     tunnel_config.update(auth_oidc_issuer = config.auth_oidc_issuer)
                 if config.auth_oidc_client_id:
@@ -105,12 +107,12 @@ def configure_tunnel(ssh_proc, config):
                     tunnel_config.update(auth_oidc_allowed_groups = config.auth_oidc_allowed_groups)
                 if config.auth_external_params:
                     tunnel_config.update(auth_external_params = config.auth_external_params)
-            if config.tls_cert_file:
+            if config.tls_cert_data:
                 tunnel_config.update(
                     tls_cert = config.tls_cert_data,
                     tls_key = config.tls_key_data
                 )
-            if config.tls_client_ca_file:
+            if config.tls_client_ca_data:
                 tunnel_config.update(tls_client_ca = config.tls_client_ca_data)
             if config.liveness_path:
                 tunnel_config.update(

diff --git a/sshd/zenith/sshd/models.py b/sshd/zenith/sshd/models.py
@@ -53,9 +53,9 @@ class ClientConfig(BaseModel, extra = "forbid"):
     #: The read timeout for the service (in seconds)
     read_timeout: typing.Optional[conint(gt = 0)] = None
     #: Indicates whether the service is internal, i.e. without ingress
-    internal: bool = False
+    internal: bool = Field(False, validate_default = True)
     #: Indicates whether the proxy authentication should be skipped
-    skip_auth: bool = False
+    skip_auth: bool = Field(False, validate_default = True)
     #: The URL of the OIDC issuer to use
     auth_oidc_issuer: typing.Optional[AnyHttpUrl] = None
     #: The OIDC client ID to use