Disallow dangerous parameters in the config file

[mariocynicys]

Right now, the parameters overwrite_key (overwrites* the tower's key and gives it a new identity) and force_update (introduced in #216) are allowed to be set in the configuration file.

Since they are more of a fail-safe and rather dangerous commands, we should assert that the user doesn't set them in the config file and only settable as command line flags.

[sr-gi]

Concept ACK

[anipaul2]

Right now, the parameters overwrite_key (overwrites* the tower's key and gives it a new identity) and force_update (introduced in #216) are allowed to be set in the configuration file.

Since they are more of a fail-safe and rather dangerous commands, we should assert that the user doesn't set them in the config file and only settable as command line flags.

So, removing the parameters from the config file and allowing the user to use it only in cli?

[mariocynicys]

So, removing the command from the config file and allowing the user to use it only in cli?

Yeah something like that. You might only disallow it by sanity checking that it's not set. Not that we have to remove it from the Config struct.

[anipaul2]

So, removing the command from the config file and allowing the user to use it only in cli?

Yeah something like that. You might only disallow it by sanity checking that it's not set. Not that we have to remove it from the Config struct.

Got it. I will raise a pr when it's done.

[mariocynicys]

Just noticed there is actually nothing dangerous here because Config::patch_with_options completely ignores the config file value of overwrite_key & force_update and uses the command line options instead (which default to false).

I think we can just note that in a comment in the template config file so that users don't expect something when setting these ignored parameters to true.

Also, write a comment about it in

rust-teos/teos/src/config.rs

Lines 206 to 207 in 1a89c5d

	self.overwrite_key = options.overwrite_key;
	self.force_update = options.force_update;

since we all missed it xD.

[sr-gi]

Oh damn 😮!

I still think it may be worth reporting this to the user though instead of just commenting this on the config file. In general, if something is not supported, I think the user should be made aware of it explicitly.

Even though I never finished it, a rework of the config to acknowledge where things come from may be good in the long run.

master...sr-gi:rust-teos:config-rework