From 3a5b454a45847addb170d2a07efe5f532e49266c Mon Sep 17 00:00:00 2001
From: Nathaniel Irons <nirons@methanesat.org>
Date: Thu, 28 Mar 2024 13:44:20 -0700
Subject: [PATCH 1/2] Strip reference to never-merged Workload Identity support

Signed-off-by: Nathaniel Irons <nirons@methanesat.org>
---
 content/docs/connectors/google.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/content/docs/connectors/google.md b/content/docs/connectors/google.md
index afa6ec7..14b6bdc 100644
--- a/content/docs/connectors/google.md
+++ b/content/docs/connectors/google.md
@@ -67,7 +67,4 @@ To get group fetching set up:
 2. Enable the [Admin SDK](https://console.developers.google.com/apis/library/admin.googleapis.com/)
 3. Add the `serviceAccountFilePath` and `domainToAdminEmail` configuration options to your Dex config.
   - `serviceAccountFilePath` should point to the location of the service account JSON key file
-
-## GKE Workload Identity
-When operating DEX on GKE or GCE, it's possible and better to use the service account derived from [metadata](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) to retrieve groups. The google service account must have the Service Account Token Creator role (`roles/iam.serviceAccountTokenCreator`). If this is the case, it becomes unnecessary to specify the `serviceAccountFilePath` configuration option.
   - `domainToAdminEmail` should be mapping between the base domain and the email of a Google Workspace user with a minimum of the `Groups Reader (BETA)` Role assigned. The service account you created earlier will impersonate this user when making calls to the admin API. A valid user should be able to retrieve a list of groups when [testing the API](https://developers.google.com/admin-sdk/directory/v1/reference/groups/list#try-it).

From 03c5db5ead1cecc2eef0d26695940aa3990b29fe Mon Sep 17 00:00:00 2001
From: Nathaniel Irons <nirons@methanesat.org>
Date: Thu, 28 Mar 2024 13:44:28 -0700
Subject: [PATCH 2/2] Fix passive voice

Signed-off-by: Nathaniel Irons <nirons@methanesat.org>
---
 content/docs/connectors/google.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/connectors/google.md b/content/docs/connectors/google.md
index 14b6bdc..95ce412 100644
--- a/content/docs/connectors/google.md
+++ b/content/docs/connectors/google.md
@@ -67,4 +67,4 @@ To get group fetching set up:
 2. Enable the [Admin SDK](https://console.developers.google.com/apis/library/admin.googleapis.com/)
 3. Add the `serviceAccountFilePath` and `domainToAdminEmail` configuration options to your Dex config.
   - `serviceAccountFilePath` should point to the location of the service account JSON key file
-  - `domainToAdminEmail` should be mapping between the base domain and the email of a Google Workspace user with a minimum of the `Groups Reader (BETA)` Role assigned. The service account you created earlier will impersonate this user when making calls to the admin API. A valid user should be able to retrieve a list of groups when [testing the API](https://developers.google.com/admin-sdk/directory/v1/reference/groups/list#try-it).
+  - `domainToAdminEmail` should map the base domain to the email address of a Google Workspace user with a minimum of the `Groups Reader (BETA)` Role assigned. The service account you created earlier will impersonate this user when making calls to the admin API. A valid user should be able to retrieve a list of groups when [testing the API](https://developers.google.com/admin-sdk/directory/v1/reference/groups/list#try-it).