From 1687f1d6b93d9e104f1dda2183e533646712b2ec Mon Sep 17 00:00:00 2001
From: yusing <yusing.wys@gmail.com>
Date: Tue, 23 Dec 2025 12:23:48 +0800
Subject: [PATCH] refactor(docker): update TLS config validation to require
 both CertFile and KeyFile exists or both empty

---
 internal/types/docker_provider_config.go      |  4 ++--
 internal/types/docker_provider_config_test.go | 18 +++++++++++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/internal/types/docker_provider_config.go b/internal/types/docker_provider_config.go
index e005b2f1..9796f7ab 100644
--- a/internal/types/docker_provider_config.go
+++ b/internal/types/docker_provider_config.go
@@ -27,8 +27,8 @@ type DockerProviderConfigDetailed struct {
 
 type DockerTLSConfig struct {
 	CAFile   string `json:"ca_file,omitempty" validate:"required"`
-	CertFile string `json:"cert_file,omitempty" validate:"required"`
-	KeyFile  string `json:"key_file,omitempty" validate:"required"`
+	CertFile string `json:"cert_file,omitempty" validate:"required_with=KeyFile"`
+	KeyFile  string `json:"key_file,omitempty" validate:"required_with=CertFile"`
 } // @name DockerTLSConfig
 
 func (cfg *DockerProviderConfig) MarshalJSON() ([]byte, error) {
diff --git a/internal/types/docker_provider_config_test.go b/internal/types/docker_provider_config_test.go
index c68b5c37..c74f377c 100644
--- a/internal/types/docker_provider_config_test.go
+++ b/internal/types/docker_provider_config_test.go
@@ -98,13 +98,29 @@ func TestDockerProviderConfigValidation(t *testing.T) {
             cert_file: /etc/ssl/cert.crt
             key_file: /etc/ssl/key.crt
         `, wantErr: false},
-		{name: "invalid tls (missing cert file and key file)", yamlStr: `
+		{name: "valid tls (only ca file)", yamlStr: `
         test:
           scheme: tls
           host: localhost
           port: 2375
           tls:
             ca_file: /etc/ssl/ca.crt
+        `, wantErr: false},
+		{name: "invalid tls (missing cert file)", yamlStr: `
+        test:
+          scheme: tls
+          host: localhost
+          port: 2375
+          tls:
+            key_file: /etc/ssl/key.crt
+        `, wantErr: true},
+		{name: "invalid tls (missing key file)", yamlStr: `
+        test:
+          scheme: tls
+          host: localhost
+          port: 2375
+          tls:
+            cert_file: /etc/ssl/cert.crt
         `, wantErr: true},
 	}