From 1975376ebb07c02af4f787a3380fcca4f4799d93 Mon Sep 17 00:00:00 2001
From: Mostyn Bramley-Moore <mostyn@antipode.se>
Date: Thu, 1 Sep 2022 00:47:41 +0200
Subject: [PATCH] [azblobproxy] report an error when client id is required but
 not set

---
 README.md            | 3 ++-
 config/azblob.go     | 6 ++++++
 utils/flags/flags.go | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8b292cd1a..cff734202 100644
--- a/README.md
+++ b/README.md
@@ -327,7 +327,8 @@ OPTIONS:
 
    --azblob.client_id value The Azure blob storage client id to use when
       using azblob proxy backend. Applies to AzBlob auth method(s):
-      client_secret. [$BAZEL_REMOTE_AZBLOB_CLIENT_ID, $AZURE_CLIENT_ID]
+      client_secret, client_certificate. [$BAZEL_REMOTE_AZBLOB_CLIENT_ID,
+      $AZURE_CLIENT_ID]
 
    --azblob.client_secret value The Azure blob storage client secret key to
       use when using azblob proxy backend. Applies to AzBlob auth method(s):
diff --git a/config/azblob.go b/config/azblob.go
index b6aa85f14..e3038f755 100644
--- a/config/azblob.go
+++ b/config/azblob.go
@@ -48,6 +48,9 @@ func (azblobc AzBlobStorageConfig) GetCredentials() (azcore.TokenCredential, err
 		if azblobc.TenantID == "" {
 			return nil, fmt.Errorf("An Azure blob tenant ID is required.")
 		}
+		if azblobc.ClientID == "" {
+			return nil, fmt.Errorf("An Azure blob client ID is required with auth method client_certificate.")
+		}
 
 		return azidentity.NewClientCertificateCredential(azblobc.TenantID, azblobc.ClientID, certs, key, nil)
 	}
@@ -56,6 +59,9 @@ func (azblobc AzBlobStorageConfig) GetCredentials() (azcore.TokenCredential, err
 		if azblobc.TenantID == "" {
 			return nil, fmt.Errorf("An Azure blob tenant ID is required.")
 		}
+		if azblobc.ClientID == "" {
+			return nil, fmt.Errorf("An Azure blob client ID is required with auth method client_secret.")
+		}
 
 		log.Println("AzBlob Credentials: using client secret credentials")
 		return azidentity.NewClientSecretCredential(azblobc.TenantID, azblobc.ClientID, azblobc.ClientSecret, nil)
diff --git a/utils/flags/flags.go b/utils/flags/flags.go
index a04562c67..b24330fb7 100644
--- a/utils/flags/flags.go
+++ b/utils/flags/flags.go
@@ -330,7 +330,7 @@ func GetCliFlags() []cli.Flag {
 		&cli.StringFlag{
 			Name:    "azblob.client_id",
 			Value:   "",
-			Usage:   "The Azure blob storage client id to use when using azblob proxy backend. " + azBlobAuthMsg(azblobproxy.AuthMethodClientSecret),
+			Usage:   "The Azure blob storage client id to use when using azblob proxy backend. " + azBlobAuthMsg(azblobproxy.AuthMethodClientSecret, azblobproxy.AuthMethodClientCertificate),
 			EnvVars: []string{"BAZEL_REMOTE_AZBLOB_CLIENT_ID", "AZURE_CLIENT_ID"},
 		},
 		&cli.StringFlag{