[BB-1013] Add permissions support#23
Conversation
pkg/connector/roles.go
Outdated
| bag.Push(pagination.PageState{ | ||
| Token: client.GetNextToken(page, limit, total), | ||
| ResourceTypeID: userResourceType.Id, | ||
| }) | ||
|
|
||
| nextToken, err := bag.Marshal() | ||
| if err != nil { | ||
| return nil, "", nil, err |
There was a problem hiding this comment.
nit: I think you can do bag.Next for this. It will keep the current resource type
There was a problem hiding this comment.
In this case I can't use it, since I use pop before.
The api for bag is ambiguous since it can leak so many usages; it does not enforce one usage
pkg/connector/roles.go
Outdated
| state := bag.Pop() | ||
| if state == nil { | ||
| bag.Push(pagination.PageState{ | ||
| Token: "", | ||
| ResourceTypeID: userResourceType.Id, | ||
| }) | ||
|
|
||
| if len(users) == 0 { | ||
| return nil, "", outputAnnotations, nil | ||
| if o.syncPermissions { | ||
| bag.Push(pagination.PageState{ | ||
| Token: "", | ||
| ResourceTypeID: scopeResourceType.Id, | ||
| }) | ||
| } | ||
|
|
||
| nextToken, err := bag.Marshal() | ||
| if err != nil { | ||
| return nil, "", nil, err | ||
| } | ||
|
|
||
| return nil, nextToken, nil, nil |
There was a problem hiding this comment.
nit: we usually do this like
https://github.com/ConductorOne/baton-okta/blob/cf6fb6902c12a47349328033e3b5e280aa139278/pkg/connector/aws_account.go#L225-L243
which I think is cleaner
| SyncPermissions = field.BoolField( | ||
| "sync-permissions", | ||
| field.WithDescription("Sync permissions"), | ||
| ) |
There was a problem hiding this comment.
Just an FYI, this is new, but @mindymo has indicated we should create a Jira issue for the public docs project whenever we add a new capability. https://conductorone.atlassian.net/jira/core/projects/DOCS/board?filter=&groupBy=status
There was a problem hiding this comment.
Created DOCS-370
| apiPathUsersForRole = "/api/v2/roles/%s/users" | ||
| apiPathGetResourceServers = "/api/v2/resource-servers" | ||
| apiPathResourceServers = "/api/v2/resource-servers/%s" | ||
| apiPathRolePermissions = "/api/v2/roles/%s/permissions" |
There was a problem hiding this comment.
if any of these new endpoints require additional new permissions that we aren't currently documenting we will need to include this in the documentation jira we need to create
There was a problem hiding this comment.
resource servers will required read:resource_servers
The role it's good since we already use read:role before
3 participants
Description
Upgrade baton-sdk
Upgrade golanglint-ci
Add support for permissions, scope and Resource servers
Useful links: