Skip to content

Commit

Permalink
[azblobproxy] report an error when client id is required but not set
Browse files Browse the repository at this point in the history
  • Loading branch information
@mostynb
mostynb committed Aug 31, 2022
1 parent cf45f0e commit 1975376
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 2 deletions.
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,8 @@ OPTIONS:
--azblob.client_id value The Azure blob storage client id to use when
using azblob proxy backend. Applies to AzBlob auth method(s):
client_secret. [$BAZEL_REMOTE_AZBLOB_CLIENT_ID, $AZURE_CLIENT_ID]
client_secret, client_certificate. [$BAZEL_REMOTE_AZBLOB_CLIENT_ID,
$AZURE_CLIENT_ID]
--azblob.client_secret value The Azure blob storage client secret key to
use when using azblob proxy backend. Applies to AzBlob auth method(s):
Expand Down
6 changes: 6 additions & 0 deletions config/azblob.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ func (azblobc AzBlobStorageConfig) GetCredentials() (azcore.TokenCredential, err
if azblobc.TenantID == "" {
return nil, fmt.Errorf("An Azure blob tenant ID is required.")
}
if azblobc.ClientID == "" {
return nil, fmt.Errorf("An Azure blob client ID is required with auth method client_certificate.")
}

return azidentity.NewClientCertificateCredential(azblobc.TenantID, azblobc.ClientID, certs, key, nil)
}
Expand All @@ -56,6 +59,9 @@ func (azblobc AzBlobStorageConfig) GetCredentials() (azcore.TokenCredential, err
if azblobc.TenantID == "" {
return nil, fmt.Errorf("An Azure blob tenant ID is required.")
}
if azblobc.ClientID == "" {
return nil, fmt.Errorf("An Azure blob client ID is required with auth method client_secret.")
}

log.Println("AzBlob Credentials: using client secret credentials")
return azidentity.NewClientSecretCredential(azblobc.TenantID, azblobc.ClientID, azblobc.ClientSecret, nil)
Expand Down
2 changes: 1 addition & 1 deletion utils/flags/flags.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ func GetCliFlags() []cli.Flag {
&cli.StringFlag{
Name: "azblob.client_id",
Value: "",
Usage: "The Azure blob storage client id to use when using azblob proxy backend. " + azBlobAuthMsg(azblobproxy.AuthMethodClientSecret),
Usage: "The Azure blob storage client id to use when using azblob proxy backend. " + azBlobAuthMsg(azblobproxy.AuthMethodClientSecret, azblobproxy.AuthMethodClientCertificate),
EnvVars: []string{"BAZEL_REMOTE_AZBLOB_CLIENT_ID", "AZURE_CLIENT_ID"},
},
&cli.StringFlag{
Expand Down

0 comments on commit 1975376

Please sign in to comment.