config: check for empty cluster TLS client config

[TheMeier]

Pull Request Checklist

Please check all the applicable boxes.

• Please list all open issue(s) discussed with maintainers related to this change
  • Fixes segfault when loading file for cluster.tls-config #5110
• Is this a bugfix?
  • I have added tests that can reproduce the bug which pass with this bugfix applied
• I have signed-off my commits
• I will follow best practices for contributing to this project

Which user-facing changes does this PR introduce?

[FIX] CONFIG: Improve validation of cluster mTLS config

Summary by CodeRabbit

• Bug Fixes
  • Enhanced TLS configuration validation to provide clearer error messages when required configuration entries are missing.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 60c9baa0-db1a-4983-9e7b-cb46b9174dc8

📥 Commits

Reviewing files that changed from the base of the PR and between 19e792f and d7ba1c8.

📒 Files selected for processing (2)

• cluster/tls_config.go
• cluster/tls_transport_test.go

---

📝 Walkthrough

Walkthrough

Added explicit validation in TLS configuration parsing to check if tls_client_config is present, returning an error instead of allowing null pointer dereference. Corresponding test case validates the error handling for missing configuration entries.

Changes

Cohort / File(s)	Summary
TLS Configuration Validation cluster/tls_config.go	Added nil check for tls_client_config after YAML unmarshalling to prevent null pointer dereference, returning explicit error message when the entry is missing.
TLS Transport Tests cluster/tls_transport_test.go	Added test case for testdata/tls_config_with_null_client.yml to verify proper error handling when tls_client_config is absent from the configuration file.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A null that lurked in config deep,
Made the daemon crash in sleep.
A check! A guard! A test so keen,
Now validation stands between.
No more segfaults shall arise,
When config's missing—we'll advise! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding validation for empty cluster TLS client config, which directly addresses the issue.
Description check	✅ Passed	The description is substantially complete, following the template with applicable checklist items marked, linked issue specified, bugfix confirmed with tests, and release notes provided.
Linked Issues check	✅ Passed	The code changes directly address issue #5110 by adding validation that checks for nil tls_client_config and returns an explicit error instead of allowing a nil pointer dereference that caused the segfault.
Out of Scope Changes check	✅ Passed	All changes are in-scope: modifications to tls_config.go add the required validation check, and test additions in tls_transport_test.go directly test the new validation behavior required to fix the segfault.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}