From 49477729ce24448c2895ec8c98f2c61c646de884 Mon Sep 17 00:00:00 2001
From: Bob Callaway <bobcallaway@users.noreply.github.com>
Date: Wed, 28 Sep 2022 13:59:28 -0400
Subject: [PATCH] fix: check for no serviceAccountFilePath and no email (#2679)

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 connector/google/google.go      | 11 +++++++----
 connector/google/google_test.go | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/connector/google/google.go b/connector/google/google.go
index 72cc6a18..313858f6 100644
--- a/connector/google/google.go
+++ b/connector/google/google.go
@@ -71,10 +71,13 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		scopes = append(scopes, "profile", "email")
 	}
 
-	srv, err := createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger)
-	if err != nil {
-		cancel()
-		return nil, fmt.Errorf("could not create directory service: %v", err)
+	var srv *admin.Service
+	if len(c.Groups) > 0 {
+		srv, err = createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger)
+		if err != nil {
+			cancel()
+			return nil, fmt.Errorf("could not create directory service: %v", err)
+		}
 	}
 
 	clientID := c.ClientID
diff --git a/connector/google/google_test.go b/connector/google/google_test.go
index 5cecbec9..26241ab6 100644
--- a/connector/google/google_test.go
+++ b/connector/google/google_test.go
@@ -72,12 +72,22 @@ func TestOpen(t *testing.T) {
 	assert.Nil(t, err)
 
 	for name, reference := range map[string]testCase{
+		"not_requesting_groups": {
+			config: &Config{
+				ClientID:     "testClient",
+				ClientSecret: "testSecret",
+				RedirectURI:  ts.URL + "/callback",
+				Scopes:       []string{"openid"},
+			},
+			expectedErr: "",
+		},
 		"missing_admin_email": {
 			config: &Config{
 				ClientID:     "testClient",
 				ClientSecret: "testSecret",
 				RedirectURI:  ts.URL + "/callback",
 				Scopes:       []string{"openid", "groups"},
+				Groups:       []string{"someGroup"},
 			},
 			expectedErr: "requires adminEmail",
 		},
@@ -89,6 +99,7 @@ func TestOpen(t *testing.T) {
 				Scopes:                 []string{"openid", "groups"},
 				AdminEmail:             "foo@bar.com",
 				ServiceAccountFilePath: "not_found.json",
+				Groups:                 []string{"someGroup"},
 			},
 			expectedErr: "error reading credentials",
 		},
@@ -100,6 +111,7 @@ func TestOpen(t *testing.T) {
 				Scopes:                 []string{"openid", "groups"},
 				AdminEmail:             "foo@bar.com",
 				ServiceAccountFilePath: serviceAccountFilePath,
+				Groups:                 []string{"someGroup"},
 			},
 			expectedErr: "",
 		},
@@ -110,6 +122,7 @@ func TestOpen(t *testing.T) {
 				RedirectURI:  ts.URL + "/callback",
 				Scopes:       []string{"openid", "groups"},
 				AdminEmail:   "foo@bar.com",
+				Groups:       []string{"someGroup"},
 			},
 			adc:         serviceAccountFilePath,
 			expectedErr: "",
@@ -122,6 +135,7 @@ func TestOpen(t *testing.T) {
 				Scopes:                 []string{"openid", "groups"},
 				AdminEmail:             "foo@bar.com",
 				ServiceAccountFilePath: serviceAccountFilePath,
+				Groups:                 []string{"someGroup"},
 			},
 			adc:         "/dev/null",
 			expectedErr: "",