fix: improve handling of boolan flags

Bool flags seems to have been broken by a clap upgrade, meaning they
required an argument to be provided in order to work.

Moreover, this PR removes the `--enable-verification` flag, which was no
longer used by the code.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

Author: flavio

src/cli.rs

@@ -1,5 +1,5 @@
 use clap::builder::PossibleValue;
-use clap::{crate_authors, crate_description, crate_name, crate_version, Arg, Command};
+use clap::{crate_authors, crate_description, crate_name, crate_version, Arg, ArgAction, Command};
 use itertools::Itertools;
 use lazy_static::lazy_static;
 use policy_evaluator::burrego;
@@ -49,7 +49,7 @@ pub(crate) fn build_cli() -> Command {
             Arg::new("log-no-color")
                 .long("log-no-color")
                 .env("NO_COLOR")
-                .required(false)
+                .action(ArgAction::SetTrue)
                 .help("Disable colored output for logs"),
             Arg::new("address")
                 .long("addr")
@@ -116,13 +116,8 @@ pub(crate) fn build_cli() -> Command {
             Arg::new("enable-metrics")
                 .long("enable-metrics")
                 .env("KUBEWARDEN_ENABLE_METRICS")
-                .required(false)
+                .action(ArgAction::SetTrue)
                 .help("Enable metrics"),
-            Arg::new("enable-verification")
-                .long("enable-verification")
-                .env("KUBEWARDEN_ENABLE_VERIFICATION")
-                .required(false)
-                .help("Enable Sigstore verification"),
             Arg::new("always-accept-admission-reviews-on-namespace")
                 .long("always-accept-admission-reviews-on-namespace")
                 .value_name("NAMESPACE")
@@ -131,8 +126,8 @@ pub(crate) fn build_cli() -> Command {
                 .help("Always accept AdmissionReviews that target the given namespace"),
             Arg::new("disable-timeout-protection")
                 .long("disable-timeout-protection")
+                .action(ArgAction::SetTrue)
                 .env("KUBEWARDEN_DISABLE_TIMEOUT_PROTECTION")
-                .required(false)
                 .help("Disable policy timeout protection"),
             Arg::new("policy-timeout")
                 .long("policy-timeout")
@@ -143,7 +138,7 @@ pub(crate) fn build_cli() -> Command {
             Arg::new("daemon")
                 .long("daemon")
                 .env("KUBEWARDEN_DAEMON")
-                .required(false)
+                .action(ArgAction::SetTrue)
                 .help("If set, runs policy-server in detached mode as a daemon"),
             Arg::new("daemon-pid-file")
                 .long("daemon-pid-file")
@@ -163,7 +158,7 @@ pub(crate) fn build_cli() -> Command {
             Arg::new("ignore-kubernetes-connection-failure")
                 .long("ignore-kubernetes-connection-failure")
                 .env("KUBEWARDEN_IGNORE_KUBERNETES_CONNECTION_FAILURE")
-                .required(false)
+                .action(ArgAction::SetTrue)
                 .help("Do not exit with an error if the Kubernetes connection fails. This will cause context aware policies to break when there's no connection with Kubernetes."),
     ];
     args.sort_by(|a, b| a.get_id().cmp(b.get_id()));

src/config.rs

@@ -61,7 +61,10 @@ impl Config {
             .get_one::<String>("policies-download-dir")
             .map(PathBuf::from)
             .expect("This should not happen, there's a default value for policies-download-dir");
-        let policy_evaluation_limit_seconds = if matches.contains_id("disable-timeout-protection") {
+        let policy_evaluation_limit_seconds = if *matches
+            .get_one::<bool>("disable-timeout-protection")
+            .expect("clap should have set a default value")
+        {
             None
         } else {
             Some(
@@ -82,16 +85,24 @@ impl Config {
             .get_one::<String>("always-accept-admission-reviews-on-namespace")
             .map(|s| s.to_owned());
 
-        let metrics_enabled = matches.contains_id("enable-metrics");
-        let ignore_kubernetes_connection_failure =
-            matches.contains_id("ignore-kubernetes-connection-failure");
+        let metrics_enabled = matches
+            .get_one::<bool>("enable-metrics")
+            .expect("clap should have set a default value")
+            .to_owned();
+        let ignore_kubernetes_connection_failure = matches
+            .get_one::<bool>("ignore-kubernetes-connection-failure")
+            .expect("clap should have set a default value")
+            .to_owned();
         let verification_config = verification_config(matches)?;
         let sigstore_cache_dir = matches
             .get_one::<String>("sigstore-cache-dir")
             .map(PathBuf::from)
             .expect("This should not happen, there's a default value for sigstore-cache-dir");
 
-        let daemon = matches.contains_id("daemon");
+        let daemon = matches
+            .get_one::<bool>("daemon")
+            .expect("clap should have set a default value")
+            .to_owned();
         let daemon_pid_file = matches
             .get_one::<String>("daemon-pid-file")
             .expect("This should not happen, there's a default value for daemon-pid-file")
@@ -107,7 +118,10 @@ impl Config {
             .get_one::<String>("log-fmt")
             .expect("This should not happen, there's a default value for log-fmt")
             .to_owned();
-        let log_no_color = matches.contains_id("log-no-color");
+        let log_no_color = matches
+            .get_one::<bool>("log-no-color")
+            .expect("clap should have assigned a default value")
+            .to_owned();
         let (cert_file, key_file) = tls_files(matches)?;
         let tls_config = if cert_file.is_empty() {
             None