When provisioning team or repositories, don't rely on the entitlement slug (#42)

jirwin · web-flow · commit 611c62f01fa9 · 2024-08-09T09:16:10.000-07:00
* When provisioning team or repositories, don't rely on the entitlement slug

* Fix tests
diff --git a/pkg/connector/repository.go b/pkg/connector/repository.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strconv"
+	"strings"
 
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
@@ -263,6 +264,12 @@ func (o *repositoryResourceType) Grant(ctx context.Context, principal *v2.Resour
 		return nil, err
 	}
 
+	enIDParts := strings.Split(en.Id, ":")
+	if len(enIDParts) != 3 {
+		return nil, fmt.Errorf("github-connectorv2: invalid entitlement ID: %s", en.Id)
+	}
+	permission := enIDParts[2]
+
 	switch principal.Id.ResourceType {
 	case resourceTypeUser.Id:
 		user, _, err := o.client.Users.GetByID(ctx, principalID)
@@ -275,8 +282,9 @@ func (o *repositoryResourceType) Grant(ctx context.Context, principal *v2.Resour
 			repo.GetOwner().GetLogin(),
 			repo.GetName(),
 			user.GetLogin(),
-			&github.RepositoryAddCollaboratorOptions{Permission: en.Slug},
+			&github.RepositoryAddCollaboratorOptions{Permission: permission},
 		)
+
 		if e != nil {
 			return nil, fmt.Errorf("github-connectorv2: failed to add user to a repository: %w", e)
 		}
@@ -287,7 +295,7 @@ func (o *repositoryResourceType) Grant(ctx context.Context, principal *v2.Resour
 		}
 
 		_, err = o.client.Teams.AddTeamRepoBySlug(ctx, org.GetLogin(), team.GetSlug(), repo.GetOwner().GetLogin(), repo.GetName(), &github.TeamAddTeamRepoOptions{
-			Permission: en.Slug,
+			Permission: permission,
 		})
 		if err != nil {
 			return nil, fmt.Errorf("github-connectorv2: failed to add team to a repo: %w", err)
diff --git a/pkg/connector/repository_test.go b/pkg/connector/repository_test.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"testing"
 
-	"github.com/conductorone/baton-github/test"
-	"github.com/conductorone/baton-github/test/mocks"
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
+	entitlement2 "github.com/conductorone/baton-sdk/pkg/types/entitlement"
 	"github.com/google/go-github/v63/github"
 	"github.com/stretchr/testify/require"
+
+	"github.com/conductorone/baton-github/test"
+	"github.com/conductorone/baton-github/test/mocks"
 )
 
 func TestRepository(t *testing.T) {
@@ -28,7 +30,10 @@ func TestRepository(t *testing.T) {
 		repository, _ := repositoryResource(ctx, githubRepository, organization.Id)
 		user, _ := userResource(ctx, githubUser, *githubUser.Email, nil)
 
-		entitlement := v2.Entitlement{Resource: repository}
+		entitlement := v2.Entitlement{
+			Id:       entitlement2.NewEntitlementID(repository, "admin"),
+			Resource: repository,
+		}
 
 		grantAnnotations, err := client.Grant(ctx, user, &entitlement)
 		require.Nil(t, err)
diff --git a/pkg/connector/team.go b/pkg/connector/team.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strconv"
+	"strings"
 
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
@@ -266,13 +267,20 @@ func (o *teamResourceType) Grant(ctx context.Context, principal *v2.Resource, en
 		return nil, fmt.Errorf("github-connectorv2: failed to get user %d, err: %w", userId, err)
 	}
 
+	enIDParts := strings.Split(entitlement.Id, ":")
+	if len(enIDParts) != 3 {
+		return nil, fmt.Errorf("github-connectorv2: invalid entitlement ID: %s", entitlement.Id)
+	}
+	permission := enIDParts[2]
+
 	_, _, e := o.client.Teams.AddTeamMembershipByID(
 		ctx,
 		orgId,
 		teamId,
 		user.GetLogin(),
-		&github.TeamAddTeamMembershipOptions{Role: entitlement.Slug},
+		&github.TeamAddTeamMembershipOptions{Role: permission},
 	)
+
 	if e != nil {
 		return nil, fmt.Errorf("github-connectorv2: failed to add user to a team: %w", e)
 	}
diff --git a/pkg/connector/team_test.go b/pkg/connector/team_test.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"testing"
 
-	"github.com/conductorone/baton-github/test"
-	"github.com/conductorone/baton-github/test/mocks"
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
+	entitlement2 "github.com/conductorone/baton-sdk/pkg/types/entitlement"
 	"github.com/google/go-github/v63/github"
 	"github.com/stretchr/testify/require"
+
+	"github.com/conductorone/baton-github/test"
+	"github.com/conductorone/baton-github/test/mocks"
 )
 
 func TestTeam(t *testing.T) {
@@ -28,7 +30,10 @@ func TestTeam(t *testing.T) {
 		team, _ := teamResource(githubTeam, organization.Id)
 		user, _ := userResource(ctx, githubUser, *githubUser.Email, nil)
 
-		entitlement := v2.Entitlement{Resource: team}
+		entitlement := v2.Entitlement{
+			Id:       entitlement2.NewEntitlementID(team, "member"),
+			Resource: team,
+		}
 
 		grantAnnotations, err := client.Grant(ctx, user, &entitlement)
 		require.Nil(t, err)
