error if tls.key_file or cert_file are missing (#2020)

pkg/apiserver/apiserver.go

@@ -320,7 +320,13 @@ func (s *APIServer) Run(apiReady chan bool) error {
 		go func() {
 			apiReady <- true
 			log.Infof("CrowdSec Local API listening on %s", s.URL)
-			if s.TLS != nil && s.TLS.CertFilePath != "" && s.TLS.KeyFilePath != "" {
+			if s.TLS != nil && (s.TLS.CertFilePath != "" || s.TLS.KeyFilePath != "") {
+				if s.TLS.KeyFilePath == "" {
+					log.Fatalf("while serving local API: %v", errors.New("missing TLS key file"))
+				} else if s.TLS.CertFilePath == "" {
+					log.Fatalf("while serving local API: %v", errors.New("missing TLS cert file"))
+				}
+
 				if err := s.httpServer.ListenAndServeTLS(s.TLS.CertFilePath, s.TLS.KeyFilePath); err != nil {
 					log.Fatalf("while serving local API: %v", err)
 				}

tests/bats/30_machines_tls.bats

@@ -62,6 +62,14 @@ teardown_file() {
 
 setup() {
     load "../lib/setup.sh"
+    config_set '
+        .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
+        .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
+        .api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
+        .api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" | 
+        .api.server.tls.agents_allowed_ou=["agent-ou"]
+    '
+
 }
 
 teardown() {
@@ -70,6 +78,20 @@ teardown() {
 
 #----------
 
+@test "missing key_file" {
+    config_set '.api.server.tls.key_file=""'
+
+    rune -1 timeout 2s "${CROWDSEC}"
+    assert_stderr --partial "missing TLS key file"
+}
+
+@test "missing cert_file" {
+    config_set '.api.server.tls.cert_file=""'
+
+    rune -1 timeout 2s "${CROWDSEC}"
+    assert_stderr --partial "missing TLS cert file"
+}
+
 @test "invalid OU for agent" {
     config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
         .ca_cert_path=strenv(tmpdir) + "/bundle.pem" |