From 4aa9b445778e092ee1b5354f4e916c494d22f422 Mon Sep 17 00:00:00 2001 From: eisandbar Date: Tue, 16 Aug 2022 14:58:22 -0400 Subject: [PATCH] fix(option): Having both a TokenSource and Scopes should fail validation If both ds.TokenSource and ds.Scopes are set, then an error will be returned as Scopes will be ignored Fixes #1644 --- internal/settings.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/settings.go b/internal/settings.go index 76efdb22772..97a2dba5e4e 100644 --- a/internal/settings.go +++ b/internal/settings.go @@ -107,6 +107,9 @@ func (ds *DialSettings) Validate() error { if len(ds.Scopes) > 0 && len(ds.Audiences) > 0 { return errors.New("WithScopes is incompatible with WithAudience") } + if len(ds.Scopes) > 0 && ds.TokenSource != nil { + return errors.New("WithScopes is incompatible with WithTokenSource") + } // Accept only one form of credentials, except we allow TokenSource and CredentialsFile for backwards compatibility. if nCreds > 1 && !(nCreds == 2 && ds.TokenSource != nil && ds.CredentialsFile != "") { return errors.New("multiple credential options provided")