Skip to content

Google without groups seems broken after #2530 #2670

New issue
New issue
Closed
#2679
Closed
Google without groups seems broken after #2530#2670
#2679
@jonkerj

Description

@jonkerj
jonkerj
opened on Sep 19, 2022

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.

Version

2.34.0

Storage Type

Kubernetes

Installation Type

Official Helm chart

Expected Behavior

I've upgraded dex from v2.33.0 to v2.34.0, and expected the Google connector to keep working.

Actual Behavior

Dex was crashlooping, complaining about adminEmail not being set. After setting adminEmail, there was something wrong with default application credentials.

Steps To Reproduce

  1. Install dex 2.34.0, configure Google according to the docs, without groups, serviceAccountFilePath or adminEmail

Additional Information

It is not really clear to me if this is an actual bug introduced by #2530, or a lack of documentation (which could have been part of #2530). The documentation suggest group/svc account is optional, but these errors suggest otherwise.

In other words: is using Google as a provider without group/svc account still supported?

Downgrading to v2.33.0 still works, so I am guessing it might be a bug.

Configuration

connectors:
- adminEmail: re@dact.ed
  config:
    clientID: $GOOGLE_CLIENT_ID
    clientSecret: $GOOGLE_CLIENT_SECRET
    redirectURI: https://re.dact.ed/callback
  hostedDomains:
  - hidden
  id: google
  name: Google
  type: google
issuer: https://dex.red.act.ed
staticClients:
- idEnv: CLIENT_OAUTH2_PROXY_ID
  name: OAuth2 Proxy
  redirectURIs:
  - https://foo.bar.red.act.ed/oauth2/callback
  secretEnv: CLIENT_OAUTH2_PROXY_SECRET
- idEnv: CLIENT_GRAFANA_ID
  name: Grafana
  redirectURIs:
  - https://grafana.red.act.ed/login/generic_oauth
  secretEnv: CLIENT_GRAFANA_SECRET
storage:
  config:
    inCluster: true
  type: kubernetes
web:
  http: 0.0.0.0:5556

Logs

time="2022-09-19T14:09:52Z" level=info msg="Dex Version: v2.34.0-dirty, Go Version: go1.19.1, Go OS/ARCH: linux amd64"
[..]
time="2022-09-19T14:09:52Z" level=info msg="config connector: google"
time="2022-09-19T14:09:52Z" level=info msg="config refresh tokens rotation enabled: true"
failed to initialize server: server: Failed to open connector google: failed to open connector: failed to create connector google: could not create directory service: directory service requires adminEmail

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions