Add tests to ssl and clean up errors

Author: lkysow

README.md

@@ -481,7 +481,9 @@ However, if you were to lose the data, all you would need to do is run `atlantis
 
 **Q: How to add SSL to Atlantis server?**
 
-A: Pass the `--ssl` option to enable SSL for incoming connections.  You will need to get a trusted certificate and pass it into Atlantis server with the `--ssl-key-file` and `--ssl-cert-file` options.
+A: First, you'll need to get a public/private key pair to serve over SSL.
+These need to be in a directory accessible by Atlantis. Then start `atlantis server` with the `--ssl-cert-file` and `--ssl-key-file` flags.
+See `atlantis server --help` for more information.
 
 
 ## Contributing

cmd/server.go

@@ -260,23 +260,19 @@ func (s *ServerCmd) validate(config server.Config) error {
 	}
 
 	if (config.SSLKeyFile == "") != (config.SSLCertFile == "") {
-		return fmt.Errorf("%s and %s are required for ssl", SSLKeyFileFlag, SSLCertFileFlag)
+		return fmt.Errorf("--%s and --%s are both required for ssl", SSLKeyFileFlag, SSLCertFileFlag)
 	}
 
 	// The following combinations are valid.
-	// 1. github user and token
-	// 2. gitlab user and token
+	// 1. github user and token set
+	// 2. gitlab user and token set
 	// 3. all 4 set
-	// We validate using contradiction (I think).
 	vcsErr := fmt.Errorf("--%s/--%s or --%s/--%s must be set", GHUserFlag, GHTokenFlag, GitlabUserFlag, GitlabTokenFlag)
-	if config.GithubUser != "" && config.GithubToken == "" || config.GithubToken != "" && config.GithubUser == "" {
-		return vcsErr
-	}
-	if config.GitlabUser != "" && config.GitlabToken == "" || config.GitlabToken != "" && config.GitlabUser == "" {
+	if ((config.GithubUser == "") != (config.GithubToken == "")) || ((config.GitlabUser == "") != (config.GitlabToken == "")) {
 		return vcsErr
 	}
 	// At this point, we know that there can't be a single user/token without
-	// its pair, but we haven't checked if any user/token is set at all.
+	// its partner, but we haven't checked if any user/token is set at all.
 	if config.GithubUser == "" && config.GitlabUser == "" {
 		return vcsErr
 	}

cmd/server_test.go

@@ -102,6 +102,58 @@ func TestExecute_ValidateLogLevel(t *testing.T) {
 	Equals(t, "invalid log level: not one of debug, info, warn, error", err.Error())
 }
 
+func TestExecute_ValidateSSLConfig(t *testing.T) {
+	expErr := "--ssl-key-file and --ssl-cert-file are both required for ssl"
+	cases := []struct {
+		description string
+		flags       map[string]interface{}
+		expectError bool
+	}{
+		{
+			"neither option set",
+			make(map[string]interface{}),
+			false,
+		},
+		{
+			"just ssl-key-file set",
+			map[string]interface{}{
+				cmd.SSLKeyFileFlag: "file",
+			},
+			true,
+		},
+		{
+			"just ssl-cert-file set",
+			map[string]interface{}{
+				cmd.SSLCertFileFlag: "flag",
+			},
+			true,
+		},
+		{
+			"both flags set",
+			map[string]interface{}{
+				cmd.SSLCertFileFlag: "cert",
+				cmd.SSLKeyFileFlag:  "key",
+			},
+			false,
+		},
+	}
+	for _, testCase := range cases {
+		t.Log("Should validate ssl config when " + testCase.description)
+		// Add in required flags.
+		testCase.flags[cmd.GHUserFlag] = "user"
+		testCase.flags[cmd.GHTokenFlag] = "token"
+
+		c := setup(testCase.flags)
+		err := c.Execute()
+		if testCase.expectError {
+			Assert(t, err != nil, "should be an error")
+			Equals(t, expErr, err.Error())
+		} else {
+			Ok(t, err)
+		}
+	}
+}
+
 func TestExecute_ValidateVCSConfig(t *testing.T) {
 	expErr := "--gh-user/--gh-token or --gitlab-user/--gitlab-token must be set"
 	cases := []struct {