From 442d3de11d1225812eef84f39ec871b43c5f1752 Mon Sep 17 00:00:00 2001
From: Brian Candler <b.candler@pobox.com>
Date: Wed, 20 May 2020 18:00:06 +0000
Subject: [PATCH] Allow the "google" connector to work without a service
 account

Fixes #1718
---
 connector/google/google.go | 10 ++++++++--
 examples/config-dev.yaml   |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/connector/google/google.go b/connector/google/google.go
index 0e823851..37b89edd 100644
--- a/connector/google/google.go
+++ b/connector/google/google.go
@@ -212,7 +212,7 @@ func (c *googleConnector) createIdentity(ctx context.Context, identity connector
 	}
 
 	var groups []string
-	if s.Groups && c.adminEmail != "" && c.serviceAccountFilePath != "" {
+	if s.Groups && c.adminSrv != nil {
 		groups, err = c.getGroups(claims.Email)
 		if err != nil {
 			return identity, fmt.Errorf("google: could not retrieve groups: %v", err)
@@ -251,7 +251,7 @@ func (c *googleConnector) getGroups(email string) ([]string, error) {
 		}
 
 		for _, group := range groupsList.Groups {
-			// TODO (joelspeed): Make desried group key configurable
+			// TODO (joelspeed): Make desired group key configurable
 			userGroups = append(userGroups, group.Email)
 		}
 
@@ -267,6 +267,12 @@ func (c *googleConnector) getGroups(email string) ([]string, error) {
 // sets up super user impersonation and creates an admin client for calling
 // the google admin api
 func createDirectoryService(serviceAccountFilePath string, email string) (*admin.Service, error) {
+	if serviceAccountFilePath == "" && email == "" {
+		return nil, nil
+	}
+	if serviceAccountFilePath == "" || email == "" {
+		return nil, fmt.Errorf("directory service requires both serviceAccountFilePath and adminEmail")
+	}
 	jsonCredentials, err := ioutil.ReadFile(serviceAccountFilePath)
 	if err != nil {
 		return nil, fmt.Errorf("error reading credentials from file: %v", err)
diff --git a/examples/config-dev.yaml b/examples/config-dev.yaml
index 099624f8..b9833fdf 100644
--- a/examples/config-dev.yaml
+++ b/examples/config-dev.yaml
@@ -70,7 +70,7 @@ connectors:
 - type: mockCallback
   id: mock
   name: Example
-# - type: oidc
+# - type: google
 #   id: google
 #   name: Google
 #   config:
-- 
GitLab