From 20968cee8793b4a0dde5114db3dbe7ce33fb1b94 Mon Sep 17 00:00:00 2001
From: Brenna Hewer-Darroch <21015366+bcmdarroch@users.noreply.github.com>
Date: Tue, 30 Aug 2022 17:40:36 -0400
Subject: [PATCH] add partial credentials validation

---
 config/hcp.go      | 11 +++++++++++
 config/new_test.go |  7 +++++++
 2 files changed, 18 insertions(+)

diff --git a/config/hcp.go b/config/hcp.go
index 9bf0e08a..97a11854 100644
--- a/config/hcp.go
+++ b/config/hcp.go
@@ -110,6 +110,17 @@ func (c *hcpConfig) SCADATLSConfig() *tls.Config {
 
 func (c *hcpConfig) validate() error {
 
+	// Ensure both client credentials provided
+	if (c.clientCredentialsConfig.ClientID == "" && c.clientCredentialsConfig.ClientSecret != "") ||
+		(c.clientCredentialsConfig.ClientID != "" && c.clientCredentialsConfig.ClientSecret == "") {
+		return fmt.Errorf("both client ID and secret must be provided")
+	}
+
+	// Ensure at least one auth method configured
+	if c.clientCredentialsConfig.ClientID == "" && c.clientCredentialsConfig.ClientSecret == "" && c.oauth2Config.ClientID == "" {
+		return fmt.Errorf("either client credentials or oauth2 client ID must be provided")
+	}
+
 	// Ensure the auth URL is valid
 	if c.authURL.Host == "" {
 		return fmt.Errorf("the auth URL has to be non-empty")
diff --git a/config/new_test.go b/config/new_test.go
index 5a7e6664..f7a21b74 100644
--- a/config/new_test.go
+++ b/config/new_test.go
@@ -50,6 +50,13 @@ func TestNew_Invalid(t *testing.T) {
 		options       []HCPConfigOption
 		expectedError string
 	}{
+		{
+			name: "partial credentials",
+			options: []HCPConfigOption{
+				WithClientCredentials("my-client-id", ""),
+			},
+			expectedError: "the configuration is not valid: both client ID and secret must be provided",
+		},
 		{
 			name: "empty portal URL",
 			options: []HCPConfigOption{