Add more input validation for passing in an empty id, or an invalid enum value. (#5924)

* Add more input validation for passing in an empty id, or an invalid enum value. * Fix typo in exception message.
2024-08-19 10:35:07 -07:00 · 2024-08-19 10:35:07 -07:00 · 042d2ed734
commit 042d2ed734
parent d74b08f8b3
3 changed files with 26 additions and 0 deletions
--- a/sdk/identity/azure-identity/inc/azure/identity/managed_identity_credential.hpp
+++ b/sdk/identity/azure-identity/inc/azure/identity/managed_identity_credential.hpp
@ -98,6 +98,16 @@ namespace Azure { namespace Identity {
            "There is no need to provide an ID (such as client, object, or resource ID) if you are "
            "using system-assigned managed identity.");
      }
+
+      if (id.empty()
+          && (idType == ManagedIdentityIdType::ClientId || idType == ManagedIdentityIdType::ObjectId
+              || idType == ManagedIdentityIdType::ResourceId))
+      {
+        throw std::invalid_argument(
+            "Provide the value of the client, object, or resource ID corresponding to the "
+            "ManagedIdentityIdType specified. The provided ID should not be empty in the case of "
+            "user-assigned managed identity.");
+      }
    }

    /**
--- a/sdk/identity/azure-identity/src/managed_identity_credential.cpp
+++ b/sdk/identity/azure-identity/src/managed_identity_credential.cpp
@ -78,6 +78,10 @@ ManagedIdentityCredential::ManagedIdentityCredential(
      m_managedIdentitySource = CreateManagedIdentitySource(
          GetCredentialName(), {}, {}, options.IdentityType.GetId(), options);
      break;
+    default:
+      throw std::invalid_argument(
+          "The ManagedIdentityIdType in the options is not set to one of the valid values.");
+      break;
  }
 }

--- a/sdk/identity/azure-identity/test/ut/managed_identity_credential_test.cpp
+++ b/sdk/identity/azure-identity/test/ut/managed_identity_credential_test.cpp
@ -77,6 +77,18 @@ TEST(ManagedIdentityType, Invalid)
  EXPECT_THROW(
      ManagedIdentityType(ManagedIdentityIdType::SystemAssigned, "clientId"),
      std::invalid_argument);
+
+  EXPECT_THROW(ManagedIdentityType(ManagedIdentityIdType::ClientId, ""), std::invalid_argument);
+  EXPECT_THROW(ManagedIdentityType(ManagedIdentityIdType::ObjectId, ""), std::invalid_argument);
+  EXPECT_THROW(ManagedIdentityType(ManagedIdentityIdType::ResourceId, ""), std::invalid_argument);
+
+  ManagedIdentityCredentialOptions options;
+  options.IdentityType = ManagedIdentityType(static_cast<ManagedIdentityIdType>(99), "");
+  std::unique_ptr<ManagedIdentityCredential const> managedIdentityCredentialWithInvalidOptions;
+  EXPECT_THROW(
+      managedIdentityCredentialWithInvalidOptions
+      = std::make_unique<ManagedIdentityCredential>(options),
+      std::invalid_argument);
 }

 TEST(ManagedIdentityCredential, GetCredentialName)