bugfix: oidc should not be used when required fields are missing (#536)

* bugfix: when oidc failed, the provider should try other auth methods * Revert "bugfix: when oidc failed, the provider should try other auth methods" This reverts commit cf4bc7b. * bugfix: oidc should not be used when required fields are missing * Update internal/provider/provider.go Co-authored-by: Zhenhua Hu <[email protected]> --------- Co-authored-by: Zhenhua Hu <[email protected]>
Azure · Jun 24, 2024 · 3f70d44 · 3f70d44
1 parent e918063
commit 3f70d44
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ BUG FIXES:
 - Fix a bug that `azapi_resource` will crash when the `location` in GET response is null.
 - Fix a bug that schema validation fails to validate unknown string values.
 - Fix a bug that `azapi_resource` only supports extension resource on a resource group scoped resource.
+- Fix a bug that OIDC authentication should not be used when required fields are missing.
 
 ## v1.13.1
 

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -832,6 +832,9 @@ func buildOidcCredential(model providerData, options azidentity.DefaultAzureCred
 	if err != nil {
 		return nil, err
 	}
+	if model.OIDCToken.ValueString() == "" && model.GetOIDCTokenFilePath() == "" && (model.OIDCRequestToken.ValueString() == "" || model.OIDCRequestURL.ValueString() == "") {
+		return nil, fmt.Errorf("missing required OIDC configuration")
+	}
 	o := &OidcCredentialOptions{
 		ClientOptions: azcore.ClientOptions{
 			Cloud: options.Cloud,