fix: check for no serviceAccountFilePath and no email (dexidp#2679)

Signed-off-by: Bob Callaway <bcallaway@google.com>
concourse · Sep 28, 2022 · 4947772 · 4947772
1 parent 45b6f49
commit 4947772
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/connector/google/google.go b/connector/google/google.go
@@ -71,10 +71,13 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		scopes = append(scopes, "profile", "email")
 	}
 
-	srv, err := createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger)
-	if err != nil {
-		cancel()
-		return nil, fmt.Errorf("could not create directory service: %v", err)
+	var srv *admin.Service
+	if len(c.Groups) > 0 {
+		srv, err = createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger)
+		if err != nil {
+			cancel()
+			return nil, fmt.Errorf("could not create directory service: %v", err)
+		}
 	}
 
 	clientID := c.ClientID

diff --git a/connector/google/google_test.go b/connector/google/google_test.go
@@ -72,12 +72,22 @@ func TestOpen(t *testing.T) {
 	assert.Nil(t, err)
 
 	for name, reference := range map[string]testCase{
+		"not_requesting_groups": {
+			config: &Config{
+				ClientID:     "testClient",
+				ClientSecret: "testSecret",
+				RedirectURI:  ts.URL + "/callback",
+				Scopes:       []string{"openid"},
+			},
+			expectedErr: "",
+		},
 		"missing_admin_email": {
 			config: &Config{
 				ClientID:     "testClient",
 				ClientSecret: "testSecret",
 				RedirectURI:  ts.URL + "/callback",
 				Scopes:       []string{"openid", "groups"},
+				Groups:       []string{"someGroup"},
 			},
 			expectedErr: "requires adminEmail",
 		},
@@ -89,6 +99,7 @@ func TestOpen(t *testing.T) {
 				Scopes:                 []string{"openid", "groups"},
 				AdminEmail:             "foo@bar.com",
 				ServiceAccountFilePath: "not_found.json",
+				Groups:                 []string{"someGroup"},
 			},
 			expectedErr: "error reading credentials",
 		},
@@ -100,6 +111,7 @@ func TestOpen(t *testing.T) {
 				Scopes:                 []string{"openid", "groups"},
 				AdminEmail:             "foo@bar.com",
 				ServiceAccountFilePath: serviceAccountFilePath,
+				Groups:                 []string{"someGroup"},
 			},
 			expectedErr: "",
 		},
@@ -110,6 +122,7 @@ func TestOpen(t *testing.T) {
 				RedirectURI:  ts.URL + "/callback",
 				Scopes:       []string{"openid", "groups"},
 				AdminEmail:   "foo@bar.com",
+				Groups:       []string{"someGroup"},
 			},
 			adc:         serviceAccountFilePath,
 			expectedErr: "",
@@ -122,6 +135,7 @@ func TestOpen(t *testing.T) {
 				Scopes:                 []string{"openid", "groups"},
 				AdminEmail:             "foo@bar.com",
 				ServiceAccountFilePath: serviceAccountFilePath,
+				Groups:                 []string{"someGroup"},
 			},
 			adc:         "/dev/null",
 			expectedErr: "",