Update connector to use new resource helpers. (#5)

* Update connector to use new resource helpers. Refactor teams to not use normal parent recursion

* Better strategy for setting parent team

* Restore removed methods

* Update flag usage for new BATON prefixed env vars

* Bump sdk to v0.0.12

* Lint fix

Author: jirwin

cmd/config.go

@@ -28,7 +28,7 @@ func validateConfig(ctx context.Context, cfg *config) error {
 
 // cmdFlags sets the cmdFlags required for the connector.
 func cmdFlags(cmd *cobra.Command) {
-	cmd.PersistentFlags().String("token", "", "The GitHub access token used to connect to the Github API. ($C1_TOKEN)")
-	cmd.PersistentFlags().StringSlice("orgs", []string{}, "Limit syncing to specific organizations. ($C1_ORGS)")
-	cmd.PersistentFlags().String("instance-url", "", `The GitHub instance URL to connect to. ($C1_INSTANCE_URL) (default "https://github.com")`)
+	cmd.PersistentFlags().String("token", "", "The GitHub access token used to connect to the Github API. ($BATON_TOKEN)")
+	cmd.PersistentFlags().StringSlice("orgs", []string{}, "Limit syncing to specific organizations. ($BATON_ORGS)")
+	cmd.PersistentFlags().String("instance-url", "", `The GitHub instance URL to connect to. ($BATON_INSTANCE_URL) (default "https://github.com")`)
 }

cmd/main.go

@@ -62,7 +62,7 @@ func run(ctx context.Context, cfg *config) error {
 		return err
 	}
 
-	r, err := sdk.NewConnectorRunner(ctx, c, cfg.C1zPath, sdk.WithSlidingMemoryLimiter(50))
+	r, err := sdk.NewConnectorRunner(ctx, c, cfg.C1zPath)
 	if err != nil {
 		l.Error("error creating connector runner", zap.Error(err))
 		return err

go.mod

@@ -3,7 +3,7 @@ module github.com/conductorone/baton-github
 go 1.19
 
 require (
-	github.com/conductorone/baton-sdk v0.0.10
+	github.com/conductorone/baton-sdk v0.0.12
 	github.com/google/go-github/v41 v41.0.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/spf13/cobra v1.6.1

go.sum

@@ -89,8 +89,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/conductorone/baton-sdk v0.0.10 h1:C+6Z/X4GeycHdj5gMYWbSKSLKEI0eOfYXP+paR2gTMM=
-github.com/conductorone/baton-sdk v0.0.10/go.mod h1:jPdcy08LmTIPzgZcSOo7mviSAG0NUbjavg/1LpCTeOI=
+github.com/conductorone/baton-sdk v0.0.12 h1:hvFzVHr5aeSV4tiNNvn+lqpk16I6HGu77p61nUSJt9Y=
+github.com/conductorone/baton-sdk v0.0.12/go.mod h1:jPdcy08LmTIPzgZcSOo7mviSAG0NUbjavg/1LpCTeOI=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

pkg/connector/connector.go

@@ -3,9 +3,7 @@ package connector
 import (
 	"context"
 	"fmt"
-	"io"
 	"net/http"
-	"net/url"
 	"strings"
 
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
@@ -63,65 +61,6 @@ func (gh *Github) ResourceSyncers(ctx context.Context) []connectorbuilder.Resour
 	}
 }
 
-// validateAssetUrl takes an input URL and validates that it is a URL that we are permitted to fetch assets from/
-// It enforces https and that the URL hostname is.
-func (gh *Github) validateAssetUrl(assetUrl string) error {
-	if assetUrl == "" {
-		return fmt.Errorf("asset url must be set")
-	}
-
-	parsedUrl, err := url.Parse(assetUrl)
-	if err != nil {
-		return err
-	}
-
-	if parsedUrl.Scheme != "https" {
-		return fmt.Errorf("asset url must be https")
-	}
-
-	if gh.instanceURL == "" {
-		for _, domain := range ValidAssetDomains {
-			if strings.HasPrefix(parsedUrl.Hostname(), domain) {
-				return nil
-			}
-		}
-	} else {
-		parsedInstance, err := url.Parse(gh.instanceURL)
-		if err != nil {
-			return err
-		}
-
-		if strings.HasSuffix(parsedUrl.Hostname(), parsedInstance.Hostname()) {
-			return nil
-		}
-	}
-
-	return fmt.Errorf("invalid asset url")
-}
-
-// GetAsset takes an input AssetRef and attempts to fetch it using the connector's authenticated http client
-// It streams a response, always starting with a metadata object, following by chunked payloads for the asset.
-func (gh *Github) Asset(ctx context.Context, asset *v2.AssetRef) (string, io.ReadCloser, error) {
-	if asset == nil {
-		return "", nil, fmt.Errorf("asset must be provided")
-	}
-	err := gh.validateAssetUrl(asset.Id)
-	if err != nil {
-		return "", nil, err
-	}
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, asset.GetId(), nil)
-	if err != nil {
-		return "", nil, err
-	}
-	resp, err := gh.client.Client().Do(req)
-	if err != nil {
-		return "", nil, err
-	}
-
-	return resp.Header.Get("Content-Type"), resp.Body, nil
-}
-
 // Metadata returns metadata about the connector.
 func (gh *Github) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error) {
 	return &v2.ConnectorMetadata{
@@ -207,7 +146,7 @@ func newGithubClient(ctx context.Context, instanceURL string, accessToken string
 	return github.NewClient(tc), nil
 }
 
-// New returns the v2 version of the github connector.
+// New returns the GitHub connector configured to sync against the instance URL.
 func New(ctx context.Context, githubOrgs []string, instanceURL, accessToken string) (*Github, error) {
 	client, err := newGithubClient(ctx, instanceURL, accessToken)
 	if err != nil {

pkg/connector/helpers.go

@@ -1,6 +1,7 @@
 package connector
 
 import (
+	"context"
 	"fmt"
 	"strconv"
 	"strings"
@@ -16,9 +17,18 @@ import (
 
 var titleCaser = cases.Title(language.English)
 
-func getOrgName(rID *v2.ResourceId) string {
-	ret, _, _ := strings.Cut(rID.Resource, ":")
-	return ret
+func getOrgName(ctx context.Context, c *github.Client, orgID *v2.ResourceId) (string, error) {
+	oID, err := strconv.ParseInt(orgID.Resource, 10, 64)
+	if err != nil {
+		return "", err
+	}
+
+	org, _, err := c.Organizations.GetByID(ctx, oID)
+	if err != nil {
+		return "", err
+	}
+
+	return org.GetLogin(), nil
 }
 
 func v1AnnotationsForResourceType(resourceTypeID string) annotations.Annotations {

pkg/connector/org.go

@@ -79,6 +79,11 @@ func (o *orgResourceType) List(
 			continue
 		}
 
+		orgResource, err := sdk.NewResource(org.GetLogin(), resourceTypeOrg, parentResourceID, org.GetID())
+		if err != nil {
+			return nil, "", nil, err
+		}
+
 		var annos annotations.Annotations
 		annos.Append(&v2.ExternalLink{
 			Url: org.GetHTMLURL(),
@@ -90,16 +95,9 @@ func (o *orgResourceType) List(
 		annos.Append(&v2.ChildResourceType{ResourceTypeId: resourceTypeTeam.Id})
 		annos.Append(&v2.ChildResourceType{ResourceTypeId: resourceTypeRepository.Id})
 
-		resourceID, err := sdk.NewResourceID(resourceTypeOrg, parentResourceID, org.GetLogin())
-		if err != nil {
-			return nil, "", nil, err
-		}
+		orgResource.Annotations = annos
 
-		ret = append(ret, &v2.Resource{
-			Id:          resourceID,
-			DisplayName: org.GetLogin(),
-			Annotations: annos,
-		})
+		ret = append(ret, orgResource)
 	}
 
 	return ret, pageToken, reqAnnos, nil
@@ -116,16 +114,13 @@ func (o *orgResourceType) Entitlements(
 		annos.Append(&v2.V1Identifier{
 			Id: fmt.Sprintf("org:%s:role:%s", resource.Id, level),
 		})
-		rv = append(rv, &v2.Entitlement{
-			Id:          sdk.NewEntitlementID(resource, level),
-			Resource:    resource,
-			DisplayName: fmt.Sprintf("%s Org %s", resource.DisplayName, titleCaser.String(level)),
-			Description: fmt.Sprintf("Access to %s org in Github", resource.DisplayName),
-			Annotations: annos,
-			GrantableTo: []*v2.ResourceType{resourceTypeUser},
-			Purpose:     v2.Entitlement_PURPOSE_VALUE_PERMISSION,
-			Slug:        level,
-		})
+
+		en := sdk.NewPermissionEntitlement(resource, level, resourceTypeUser)
+		en.DisplayName = fmt.Sprintf("%s Org %s", resource.DisplayName, titleCaser.String(level))
+		en.Description = fmt.Sprintf("Access to %s org in Github", resource.DisplayName)
+		en.Annotations = annos
+
+		rv = append(rv, en)
 	}
 
 	return rv, "", nil, nil
@@ -148,7 +143,10 @@ func (o *orgResourceType) Grants(
 		},
 	}
 
-	orgName := getOrgName(resource.Id)
+	orgName, err := getOrgName(ctx, o.client, resource.Id)
+	if err != nil {
+		return nil, "", nil, err
+	}
 
 	users, resp, err := o.client.Organizations.ListMembers(ctx, orgName, &opts)
 	if err != nil {
@@ -188,17 +186,9 @@ func (o *orgResourceType) Grants(
 				Id: fmt.Sprintf("org-grant:%s:%d:%s", resource.Id.Resource, user.GetID(), roleName),
 			})
 
-			en := &v2.Entitlement{
-				Id:       sdk.NewEntitlementID(resource, roleName),
-				Resource: resource,
-			}
-
-			rv = append(rv, &v2.Grant{
-				Id:          sdk.NewGrantID(en, ur),
-				Entitlement: en,
-				Annotations: annos,
-				Principal:   ur,
-			})
+			grant := sdk.NewGrant(resource, roleName, ur.Id)
+			grant.Annotations = annos
+			rv = append(rv, grant)
 		default:
 			ctxzap.Extract(ctx).Warn("Unknown Github Role Name",
 				zap.String("role_name", roleName),

pkg/connector/repository.go

@@ -29,7 +29,7 @@ var repoAccessLevels = []string{
 }
 
 // repositoryResource returns a new connector resource for a Github repository.
-func repositoryResource(ctx context.Context, orgName string, repo *github.Repository, parentResourceID *v2.ResourceId) (*v2.Resource, error) {
+func repositoryResource(ctx context.Context, repo *github.Repository, parentResourceID *v2.ResourceId) (*v2.Resource, error) {
 	var annos annotations.Annotations
 	annos.Append(&v2.ExternalLink{
 		Url: repo.GetHTMLURL(),
@@ -38,17 +38,14 @@ func repositoryResource(ctx context.Context, orgName string, repo *github.Reposi
 		Id: fmt.Sprintf("repo:%d", repo.GetID()),
 	})
 
-	resourceID, err := sdk.NewResourceID(resourceTypeRepository, parentResourceID, repo.GetID())
+	ret, err := sdk.NewResource(repo.GetName(), resourceTypeRepository, parentResourceID, repo.GetID())
 	if err != nil {
 		return nil, err
 	}
 
-	return &v2.Resource{
-		Id:               resourceID,
-		DisplayName:      repo.GetName(),
-		ParentResourceId: parentResourceID,
-		Annotations:      annos,
-	}, nil
+	ret.Annotations = annos
+
+	return ret, nil
 }
 
 type repositoryResourceType struct {
@@ -70,7 +67,10 @@ func (o *repositoryResourceType) List(ctx context.Context, parentID *v2.Resource
 		return nil, "", nil, err
 	}
 
-	orgName := getOrgName(parentID)
+	orgName, err := getOrgName(ctx, o.client, parentID)
+	if err != nil {
+		return nil, "", nil, err
+	}
 
 	opts := &github.RepositoryListByOrgOptions{
 		ListOptions: github.ListOptions{
@@ -96,7 +96,7 @@ func (o *repositoryResourceType) List(ctx context.Context, parentID *v2.Resource
 
 	rv := make([]*v2.Resource, 0, len(repos))
 	for _, repo := range repos {
-		rr, err := repositoryResource(ctx, orgName, repo, parentID)
+		rr, err := repositoryResource(ctx, repo, parentID)
 		if err != nil {
 			return nil, "", nil, err
 		}
@@ -113,16 +113,13 @@ func (o *repositoryResourceType) Entitlements(_ context.Context, resource *v2.Re
 		annos.Append(&v2.V1Identifier{
 			Id: fmt.Sprintf("repo:%s:role:%s", resource.Id, level),
 		})
-		rv = append(rv, &v2.Entitlement{
-			Id:          sdk.NewEntitlementID(resource, level),
-			Resource:    resource,
-			DisplayName: fmt.Sprintf("%s Repo %s", resource.DisplayName, titleCaser.String(level)),
-			Description: fmt.Sprintf("Access to %s repository in Github", resource.DisplayName),
-			Annotations: annos,
-			GrantableTo: []*v2.ResourceType{resourceTypeUser, resourceTypeTeam},
-			Purpose:     v2.Entitlement_PURPOSE_VALUE_PERMISSION,
-			Slug:        level,
-		})
+
+		en := sdk.NewPermissionEntitlement(resource, level, resourceTypeUser, resourceTypeTeam)
+		en.DisplayName = fmt.Sprintf("%s Repo %s", resource.DisplayName, titleCaser.String(level))
+		en.Description = fmt.Sprintf("Access to %s repository in Github", resource.DisplayName)
+		en.Annotations = annos
+
+		rv = append(rv, en)
 	}
 
 	return rv, "", nil, nil
@@ -138,7 +135,10 @@ func (o *repositoryResourceType) Grants(
 		return nil, "", nil, err
 	}
 
-	orgName := getOrgName(resource.Id)
+	orgName, err := getOrgName(ctx, o.client, resource.ParentResourceId)
+	if err != nil {
+		return nil, "", nil, err
+	}
 
 	var rv []*v2.Grant
 	var reqAnnos annotations.Annotations
@@ -191,17 +191,10 @@ func (o *repositoryResourceType) Grants(
 					return nil, "", nil, err
 				}
 
-				en := &v2.Entitlement{
-					Id:       sdk.NewEntitlementID(resource, permission),
-					Resource: resource,
-				}
+				grant := sdk.NewGrant(resource, permission, ur.Id)
+				grant.Annotations = annos
 
-				rv = append(rv, &v2.Grant{
-					Entitlement: en,
-					Id:          sdk.NewGrantID(en, ur),
-					Principal:   ur,
-					Annotations: annos,
-				})
+				rv = append(rv, grant)
 			}
 		}
 
@@ -237,22 +230,15 @@ func (o *repositoryResourceType) Grants(
 					Id: fmt.Sprintf("repo-grant:%s:%d:%s", resource.Id.Resource, team.GetID(), permission),
 				})
 
-				tr, err := teamResource(ctx, orgName, team, resource.ParentResourceId)
+				tr, err := teamResource(team, resource.ParentResourceId)
 				if err != nil {
 					return nil, "", nil, err
 				}
 
-				en := &v2.Entitlement{
-					Id:       sdk.NewEntitlementID(resource, permission),
-					Resource: resource,
-				}
+				grant := sdk.NewGrant(resource, permission, tr.Id)
+				grant.Annotations = annos
 
-				rv = append(rv, &v2.Grant{
-					Entitlement: en,
-					Id:          sdk.NewGrantID(en, tr),
-					Principal:   tr,
-					Annotations: annos,
-				})
+				rv = append(rv, grant)
 			}
 		}
 	default: