added org role tests

Author: afalahi

pkg/connector/org_role_test.go

@@ -0,0 +1,94 @@
+package connector
+
+import (
+	"context"
+	"testing"
+
+	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
+	"github.com/conductorone/baton-sdk/pkg/pagination"
+	entitlement2 "github.com/conductorone/baton-sdk/pkg/types/entitlement"
+	"github.com/google/go-github/v63/github"
+	"github.com/stretchr/testify/require"
+
+	"github.com/conductorone/baton-github/test"
+	"github.com/conductorone/baton-github/test/mocks"
+)
+
+func TestOrgRole(t *testing.T) {
+	ctx := context.Background()
+
+	t.Run("should grant and revoke entitlements", func(t *testing.T) {
+		mgh := mocks.NewMockGitHub()
+
+		githubOrganization, _, _, githubUser, _ := mgh.Seed()
+
+		githubClient := github.NewClient(mgh.Server())
+		cache := newOrgNameCache(githubClient)
+		client := orgRoleBuilder(githubClient, cache)
+
+		organization, _ := organizationResource(ctx, githubOrganization, nil)
+		role, _ := orgRoleResource(ctx, &OrganizationRole{
+			ID:          1,
+			Name:        "Test Role",
+			Description: "Test Role Description",
+		}, organization)
+		user, _ := userResource(ctx, githubUser, *githubUser.Email, nil)
+
+		entitlement := v2.Entitlement{
+			Id:       entitlement2.NewEntitlementID(role, "assigned"),
+			Resource: role,
+		}
+
+		grantAnnotations, err := client.Grant(ctx, user, &entitlement)
+		require.Nil(t, err)
+		require.Empty(t, grantAnnotations)
+
+		grants, nextToken, grantsAnnotations, err := client.Grants(ctx, role, &pagination.Token{})
+		require.Nil(t, err)
+		test.AssertNoRatelimitAnnotations(t, grantsAnnotations)
+		require.Equal(t, "", nextToken)
+		require.Len(t, grants, 1)
+
+		grant := v2.Grant{
+			Entitlement: &entitlement,
+			Principal:   user,
+		}
+
+		revokeAnnotations, err := client.Revoke(ctx, &grant)
+		require.Nil(t, err)
+		require.Empty(t, revokeAnnotations)
+	})
+
+	t.Run("should handle permission errors gracefully", func(t *testing.T) {
+		mockGithub := mocks.NewMockGitHub()
+		mockGithub.SimulateOrgRolePermErr = true
+
+		githubOrganization, _, _, _, _ := mockGithub.Seed()
+
+		githubClient := github.NewClient(mockGithub.Server())
+		cache := newOrgNameCache(githubClient)
+		client := orgRoleBuilder(githubClient, cache)
+
+		organization, _ := organizationResource(ctx, githubOrganization, nil)
+
+		// Test List with permission error
+		resources, nextToken, annotations, err := client.List(ctx, organization.Id, &pagination.Token{})
+		require.Nil(t, err)
+		require.Empty(t, resources)
+		require.Empty(t, nextToken)
+		test.AssertNoRatelimitAnnotations(t, annotations)
+
+		// Test Grants with permission error
+		role, _ := orgRoleResource(ctx, &OrganizationRole{
+			ID:          1,
+			Name:        "Test Role",
+			Description: "Test Role Description",
+		}, organization)
+
+		grants, nextToken, grantsAnnotations, err := client.Grants(ctx, role, &pagination.Token{})
+		require.Nil(t, err)
+		require.Empty(t, grants)
+		require.Empty(t, nextToken)
+		test.AssertNoRatelimitAnnotations(t, grantsAnnotations)
+	})
+}

test/mocks/endpointpattern.go

@@ -41,3 +41,29 @@ var GetOrganizationsTeamsMembershipsByTeamIdByUsername = mock.EndpointPattern{
 	Pattern: "/organizations/{org_id}/team/{team_id}/memberships/{username}",
 	Method:  "GET",
 }
+
+// Organization role endpoints
+var GetOrgsRolesByOrg = mock.EndpointPattern{
+	Pattern: "/orgs/{org}/organization-roles",
+	Method:  "GET",
+}
+
+var GetOrgsRolesTeamsByOrgByRoleId = mock.EndpointPattern{
+	Pattern: "/orgs/{org}/organization-roles/{role_id}/teams",
+	Method:  "GET",
+}
+
+var GetOrgsRolesUsersByOrgByRoleId = mock.EndpointPattern{
+	Pattern: "/orgs/{org}/organization-roles/{role_id}/users",
+	Method:  "GET",
+}
+
+var PutOrgsRolesUsersByOrgByRoleIdByUsername = mock.EndpointPattern{
+	Pattern: "/orgs/{org}/organization-roles/users/{username}/{role_id}",
+	Method:  "PUT",
+}
+
+var DeleteOrgsRolesUsersByOrgByRoleIdByUsername = mock.EndpointPattern{
+	Pattern: "/orgs/{org}/organization-roles/users/{username}/{role_id}",
+	Method:  "DELETE",
+}

test/mocks/github.go

@@ -22,6 +22,8 @@ type MockGitHub struct {
 	repositories            map[int64]github.Repository
 	teams                   map[int64]github.Team
 	users                   map[int64]github.User
+	orgRoles                map[int64]mapset.Set[int64] // Maps role ID to set of user IDs
+	SimulateOrgRolePermErr  bool                        // Simulate permission error for org roles
 }
 
 func NewMockGitHub() *MockGitHub {
@@ -33,6 +35,7 @@ func NewMockGitHub() *MockGitHub {
 		repositories:            map[int64]github.Repository{},
 		teams:                   map[int64]github.Team{},
 		users:                   map[int64]github.User{},
+		orgRoles:                map[int64]mapset.Set[int64]{},
 	}
 }
 
@@ -494,6 +497,104 @@ func (mgh MockGitHub) removeRepositoryCollaborator(
 	)
 }
 
+type OrganizationRole struct {
+	ID          int64  `json:"id"`
+	Name        string `json:"name"`
+	Description string `json:"description"`
+}
+
+type OrganizationRoles struct {
+	CustomRepoRoles []*OrganizationRole `json:"roles"`
+}
+
+func (mgh MockGitHub) getOrgRoles(
+	w http.ResponseWriter,
+	variables map[string]string,
+) {
+	if mgh.SimulateOrgRolePermErr {
+		w.WriteHeader(http.StatusForbidden)
+		return
+	}
+	orgID, _ := getCrossTableId(w, variables, "org")
+	if _, ok := mgh.organizations[orgID]; !ok {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	// Return a mock role
+	role := &OrganizationRole{
+		ID:          1,
+		Name:        "Test Role",
+		Description: "Test Role Description",
+	}
+
+	roles := &OrganizationRoles{
+		CustomRepoRoles: []*OrganizationRole{role},
+	}
+
+	_, _ = w.Write(mock.MustMarshal(roles))
+}
+
+func (mgh MockGitHub) getOrgRoleTeams(
+	w http.ResponseWriter,
+	variables map[string]string,
+) {
+	roleID, _ := getCrossTableId(w, variables, "role_id")
+	if _, ok := mgh.orgRoles[roleID]; !ok {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	// Return empty teams list for now
+	_, _ = w.Write(mock.MustMarshal([]*github.Team{}))
+}
+
+func (mgh MockGitHub) getOrgRoleUsers(
+	w http.ResponseWriter,
+	variables map[string]string,
+) {
+	roleID, _ := getCrossTableId(w, variables, "role_id")
+	memberships, ok := mgh.orgRoles[roleID]
+	if !ok {
+		w.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	users := make([]github.User, 0)
+	for _, userID := range memberships.ToSlice() {
+		if user, ok := mgh.users[userID]; ok {
+			users = append(users, user)
+		}
+	}
+
+	_, _ = w.Write(mock.MustMarshal(users))
+}
+
+func (mgh MockGitHub) addOrgRoleUser(
+	w http.ResponseWriter,
+	variables map[string]string,
+) {
+	roleID, _ := getCrossTableId(w, variables, "role_id")
+	userID, _ := getUserId(w, variables)
+
+	if _, ok := mgh.orgRoles[roleID]; !ok {
+		mgh.orgRoles[roleID] = mapset.NewSet[int64]()
+	}
+	mgh.orgRoles[roleID].Add(userID)
+}
+
+func (mgh MockGitHub) removeOrgRoleUser(
+	w http.ResponseWriter,
+	variables map[string]string,
+) {
+	roleID, _ := getCrossTableId(w, variables, "role_id")
+	userID, _ := getUserId(w, variables)
+
+	if memberships, ok := mgh.orgRoles[roleID]; ok {
+		memberships.Remove(userID)
+	}
+}
+
 type handler = func(w http.ResponseWriter, variables map[string]string)
 
 // addEndpointHandler takes a string interpolation pattern and a handler
@@ -540,6 +641,12 @@ func (mgh MockGitHub) Server() *http.Client {
 		mock.PutReposCollaboratorsByOwnerByRepoByUsername:                   mgh.addRepositoryCollaborator,
 		DeleteOrganizationsTeamsMembershipsByOrganizationByTeamIdByUsername: mgh.removeMembership,
 		PutOrganizationsTeamsMembershipsByOrganizationByTeamIdByUsername:    mgh.addMembership,
+		// Add organization role endpoints
+		GetOrgsRolesByOrg:                           mgh.getOrgRoles,
+		GetOrgsRolesTeamsByOrgByRoleId:              mgh.getOrgRoleTeams,
+		GetOrgsRolesUsersByOrgByRoleId:              mgh.getOrgRoleUsers,
+		PutOrgsRolesUsersByOrgByRoleIdByUsername:    mgh.addOrgRoleUser,
+		DeleteOrgsRolesUsersByOrgByRoleIdByUsername: mgh.removeOrgRoleUser,
 	}
 
 	options := make([]mock.MockBackendOption, 0)