From 214ca9a668793a8e878952e6d8efe5e3ab4dc7c8 Mon Sep 17 00:00:00 2001
From: Todd <github@quaddi.com>
Date: Wed, 15 Jun 2022 16:26:08 -0700
Subject: [PATCH] Check that WorkerAuthKms is not nil before trying to decrypt
 with it (#2205)

---
 internal/daemon/controller/worker_tls_config.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/internal/daemon/controller/worker_tls_config.go b/internal/daemon/controller/worker_tls_config.go
index 703e75f600..d7460e6cf0 100644
--- a/internal/daemon/controller/worker_tls_config.go
+++ b/internal/daemon/controller/worker_tls_config.go
@@ -84,6 +84,9 @@ func (c Controller) v1WorkerAuthConfig(protos []string) (*tls.Config, *base.Work
 	if err := proto.Unmarshal(marshaledEncInfo, encInfo); err != nil {
 		return nil, nil, err
 	}
+	if isNil(c.conf.WorkerAuthKms) {
+		return nil, nil, errors.New("worker auth kms not set")
+	}
 	marshaledInfo, err := c.conf.WorkerAuthKms.Decrypt(context.Background(), encInfo)
 	if err != nil {
 		return nil, nil, err