feat(dgw): emit a warning alert when TLS is not configured and credentials are pushed

For instance, proxy-based credentials injection for RDP requires a TLS
certificate and private key to be configured.

Author: CBenoit

devolutions-gateway/src/api/preflight.rs

@@ -124,6 +124,8 @@ pub(crate) enum PreflightAlertStatus {
     GeneralFailure,
     #[serde(rename = "info")]
     Info,
+    #[serde(rename = "warn")]
+    Warn,
     #[serde(rename = "unsupported-operation")]
     UnsupportedOperation,
     #[serde(rename = "invalid-parameters")]
@@ -340,6 +342,17 @@ async fn handle_operation(
                 });
             }
 
+            if conf.tls.is_none() && operation.kind.as_str() == OP_PROVISION_CREDENTIALS {
+                outputs.push(PreflightOutput {
+                    operation_id: operation.id,
+                    kind: PreflightOutputKind::Alert {
+                        status: PreflightAlertStatus::Warn,
+                        message: "no TLS certificate configured, this may cause problems with credentials injection"
+                            .to_owned(),
+                    },
+                });
+            }
+
             outputs.push(PreflightOutput {
                 operation_id: operation.id,
                 kind: PreflightOutputKind::Ack,

devolutions-gateway/tests/preflight.rs

@@ -87,9 +87,9 @@ async fn test_provision_credentials_success() -> anyhow::Result<()> {
 
     let body = response.into_body().collect().await?.to_bytes();
     let body: serde_json::Value = serde_json::from_slice(&body)?;
-    assert_eq!(body.as_array().expect("an array").len(), 1);
-    assert_eq!(body[0]["operation_id"], op_id.to_string());
-    assert_eq!(body[0]["kind"], "ack", "{:?}", body[0]);
+    assert_eq!(body.as_array().expect("an array").len(), 2);
+    assert_eq!(body[1]["operation_id"], op_id.to_string());
+    assert_eq!(body[1]["kind"], "ack", "{:?}", body[1]);
 
     let entry = state.credential_store.get(token_id).expect("the provisioned entry");
     assert_eq!(entry.token, token);