[BB-763] baton-github: add account provisioning

Author: Bencheng21

pkg/connector/connector.go

@@ -100,6 +100,47 @@ func (gh *GitHub) ResourceSyncers(ctx context.Context) []connectorbuilder.Resour
 func (gh *GitHub) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error) {
 	return &v2.ConnectorMetadata{
 		DisplayName: "GitHub",
+		AccountCreationSchema: &v2.ConnectorAccountCreationSchema{
+			FieldMap: map[string]*v2.ConnectorAccountCreationSchema_Field{
+				"email": {
+					DisplayName: "Email",
+					Description: "This email will be used as the login for the user.",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "Email",
+					Order:       1,
+				},
+				"role": {
+					DisplayName: "Role Name",
+					Description: "role name in organization",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "role name",
+					Order:       2,
+				},
+				"org": {
+					DisplayName: "Org Name",
+					Required:    true,
+					Description: "organization name",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "organization name",
+					Order:       3,
+				},
+				"userID": {
+					DisplayName: "github user ID",
+					Description: "Github User ID",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "UserID",
+					Order:       4,
+				},
+			},
+		},
 	}, nil
 }
 

pkg/connector/user.go

@@ -10,6 +10,7 @@ import (
 
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
+	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
 	"github.com/conductorone/baton-sdk/pkg/types/resource"
 	"github.com/google/go-github/v69/github"
@@ -19,6 +20,32 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
+func invitationToUserResource(invitation *github.Invitation) (*v2.Resource, error) {
+	login := invitation.GetLogin()
+	if login == "" {
+		login = invitation.GetEmail()
+	}
+
+	ret, err := resource.NewUserResource(
+		login,
+		resourceTypeUser,
+		invitation.GetID(),
+		[]resource.UserTraitOption{
+			resource.WithEmail(invitation.GetEmail(), true),
+			resource.WithUserProfile(map[string]interface{}{
+				"login":   login,
+				"inviter": invitation.GetInviter().GetLogin(),
+			}),
+			resource.WithStatus(v2.UserTrait_Status_STATUS_UNSPECIFIED),
+			resource.WithUserLogin(login),
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+	return ret, nil
+}
+
 // Create a new connector resource for a GitHub user.
 func userResource(ctx context.Context, user *github.User, userEmail string, extraEmails []string) (*v2.Resource, error) {
 	displayName := user.GetName()
@@ -211,6 +238,107 @@ func (o *userResourceType) List(ctx context.Context, parentID *v2.ResourceId, pt
 	return rv, pageToken, annotations, nil
 }
 
+func (o *userResourceType) CreateAccountCapabilityDetails(ctx context.Context) (*v2.CredentialDetailsAccountProvisioning, annotations.Annotations, error) {
+	return &v2.CredentialDetailsAccountProvisioning{
+		SupportedCredentialOptions: []v2.CapabilityDetailCredentialOption{
+			v2.CapabilityDetailCredentialOption_CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD,
+		},
+		PreferredCredentialOption: v2.CapabilityDetailCredentialOption_CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD,
+	}, nil, nil
+}
+
+func (o *userResourceType) CreateAccount(
+	ctx context.Context,
+	accountInfo *v2.AccountInfo,
+	credentialOptions *v2.CredentialOptions,
+) (
+	connectorbuilder.CreateAccountResponse,
+	[]*v2.PlaintextData,
+	annotations.Annotations,
+	error,
+) {
+	params, err := getCreateUserParams(accountInfo)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("github-connectorv2: failed to get CreateUserParams: %w", err)
+	}
+
+	invitation, resp, err := o.client.Organizations.CreateOrgInvitation(ctx, params.org, &github.CreateOrgInvitationOptions{
+		InviteeID: params.userID,
+		Role:      params.role,
+		Email:     params.email,
+	})
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("github-connectorv2: failed to invite user to org: %w", err)
+	}
+
+	restApiRateLimit, err := extractRateLimitData(resp)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	var annotations annotations.Annotations
+	annotations.WithRateLimiting(restApiRateLimit)
+
+	r, err := invitationToUserResource(invitation)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("github-connectorv2: cannot create user resource: %w", err)
+	}
+	return &v2.CreateAccountResponse_SuccessResult{
+		Resource: r,
+	}, nil, nil, nil
+}
+
+type createUserParams struct {
+	org    string
+	email  *string
+	userID *int64
+	role   *string
+}
+
+func getCreateUserParams(accountInfo *v2.AccountInfo) (*createUserParams, error) {
+	var (
+		pMap  = accountInfo.Profile.AsMap()
+		uID   *int64
+		role  *string
+		email *string
+	)
+
+	org, ok := pMap["org"].(string)
+	if !ok || org == "" {
+		return nil, fmt.Errorf("org is required")
+	}
+
+	e, emailExisted := pMap["email"].(string)
+	if e != "" {
+		email = &e
+	}
+
+	userID, userIDExisted := pMap["userID"].(string)
+	if !emailExisted && !userIDExisted {
+		return nil, fmt.Errorf("either email or userID should be provided")
+	}
+
+	if userIDExisted {
+		i, err := strconv.ParseInt(userID, 10, 64)
+		if err != nil {
+			return nil, err
+		}
+		uID = &i
+	}
+
+	r, _ := pMap["role"].(string)
+	if r != "" {
+		role = &r
+	}
+
+	return &createUserParams{
+		org:    org,
+		email:  email,
+		userID: uID,
+		role:   role,
+	}, nil
+}
+
 func isEmail(email string) bool {
 	_, err := mail.ParseAddress(email)
 	return err == nil