ConductorOne
diff --git a/‎go.sum‎
Lines changed: 72 additions & 0 deletions b/‎go.sum‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎pkg/connector/api_token.go‎
Lines changed: 1 addition & 6 deletions b/‎pkg/connector/api_token.go‎
Lines changed: 1 addition & 6 deletions
diff --git a/‎pkg/connector/connector.go‎
Lines changed: 6 additions & 15 deletions b/‎pkg/connector/connector.go‎
Lines changed: 6 additions & 15 deletions
diff --git a/‎pkg/connector/enterprise_role.go‎
Lines changed: 2 additions & 5 deletions b/‎pkg/connector/enterprise_role.go‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎pkg/connector/helpers.go‎
Lines changed: 22 additions & 0 deletions b/‎pkg/connector/helpers.go‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎pkg/connector/invitation.go‎
Lines changed: 2 additions & 2 deletions b/‎pkg/connector/invitation.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/connector/org.go‎
Lines changed: 22 additions & 33 deletions b/‎pkg/connector/org.go‎
Lines changed: 22 additions & 33 deletions
diff --git a/‎pkg/connector/org_role.go‎
Lines changed: 3 additions & 11 deletions b/‎pkg/connector/org_role.go‎
Lines changed: 3 additions & 11 deletions
@@ -8,9 +8,7 @@ import (
 	"github.com/conductorone/baton-sdk/pkg/annotations"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
 	resourceSdk "github.com/conductorone/baton-sdk/pkg/types/resource"
-	"github.com/conductorone/baton-sdk/pkg/uhttp"
 	"github.com/google/go-github/v69/github"
-	"google.golang.org/grpc/codes"
 )
 
 func apiTokenResource(ctx context.Context, token *github.PersonalAccessToken) (*v2.Resource, error) {
@@ -94,10 +92,7 @@ func (o *apiTokenResourceType) List(
 		},
 	})
 	if err != nil {
-		if isRatelimited(resp) {
-			return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-		}
-		return nil, "", nil, err
+		return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list fine-grained personal access tokens")
 	}
 
 	restApiRateLimit, err := extractRateLimitData(resp)
 
@@ -206,7 +206,7 @@ func (gh *GitHub) Validate(ctx context.Context) (annotations.Annotations, error)
 	if len(gh.enterprises) > 0 {
 		_, _, err := gh.customClient.ListEnterpriseConsumedLicenses(ctx, gh.enterprises[0], 0)
 		if err != nil {
-			return nil, fmt.Errorf("can't list enterprise consumed licenses: %w", err)
+			return nil, uhttp.WrapErrors(codes.PermissionDenied, "github-connector: failed to access enterprise licenses", err)
 		}
 	}
 	return nil, nil
@@ -218,9 +218,9 @@ func (gh *GitHub) validateAppCredentials(ctx context.Context) (annotations.Annot
 		return nil, fmt.Errorf("github-connector: only one org is allowed when using github app")
 	}
 
-	_, _, err := findInstallation(ctx, gh.appClient, orgLogins[0])
+	_, resp, err := findInstallation(ctx, gh.appClient, orgLogins[0])
 	if err != nil {
-		return nil, fmt.Errorf("github-connector: failed to retrieve org: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to retrieve org installation")
 	}
 	return nil, nil
 }
@@ -272,9 +272,9 @@ func New(ctx context.Context, ghc *cfg.Github, appKey string) (*GitHub, error) {
 		if err != nil {
 			return nil, err
 		}
-		installation, _, err := findInstallation(ctx, appClient, ghc.Orgs[0])
+		installation, resp, err := findInstallation(ctx, appClient, ghc.Orgs[0])
 		if err != nil {
-			return nil, err
+			return nil, wrapGitHubError(err, resp, "github-connector: failed to find app installation")
 		}
 
 		token, err := getInstallationToken(ctx, appClient, installation.GetID())
@@ -453,16 +453,7 @@ func getOrgs(ctx context.Context, client *github.Client, orgs []string) ([]strin
 	for {
 		orgs, resp, err := client.Organizations.List(ctx, "", &github.ListOptions{Page: page, PerPage: maxPageSize})
 		if err != nil {
-			if isRatelimited(resp) {
-				return nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-			}
-			if isAuthError(resp) {
-				return nil, uhttp.WrapErrors(codes.Unauthenticated, "github-connector: failed to retrieve org", err)
-			}
-			if isPermissionError(resp) {
-				return nil, uhttp.WrapErrors(codes.PermissionDenied, "github-connector: failed to retrieve org", err)
-			}
-			return nil, fmt.Errorf("github-connector: failed to retrieve org: %w", err)
+			return nil, wrapGitHubError(err, resp, "github-connector: failed to retrieve organizations")
 		}
 		if resp.StatusCode == http.StatusUnauthorized {
 			return nil, status.Error(codes.Unauthenticated, "github token is not authorized")
 
@@ -60,7 +60,7 @@ func (o *enterpriseRoleResourceType) fillCache(ctx context.Context) error {
 		for continuePagination {
 			consumedLicenses, _, err := o.customClient.ListEnterpriseConsumedLicenses(ctx, enterprise, page)
 			if err != nil {
-				return fmt.Errorf("baton-github: error listing enterprise consumed licenses for %s: %w", enterprise, err)
+				return uhttp.WrapErrors(codes.PermissionDenied, fmt.Sprintf("baton-github: error listing enterprise consumed licenses for %s", enterprise), err)
 			}
 
 			if len(consumedLicenses.Users) == 0 {
@@ -141,10 +141,7 @@ func (o *enterpriseRoleResourceType) Grants(
 	for _, userLogin := range cache[resource.Id.Resource] {
 		user, resp, err := o.client.Users.Get(ctx, userLogin)
 		if err != nil {
-			if isRatelimited(resp) {
-				return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-			}
-			return nil, "", nil, fmt.Errorf("baton-github: error getting user %s: %w", userLogin, err)
+			return nil, "", nil, wrapGitHubError(err, resp, fmt.Sprintf("baton-github: failed to get user %s", userLogin))
 		}
 
 		principalId, err := resourceSdk.NewResourceID(resourceTypeUser, *user.ID)
 
@@ -11,10 +11,12 @@ import (
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
+	"github.com/conductorone/baton-sdk/pkg/uhttp"
 	"github.com/google/go-github/v69/github"
 	"github.com/shurcooL/githubv4"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -249,3 +251,23 @@ func isPermissionError(resp *github.Response) bool {
 	}
 	return resp.StatusCode == http.StatusForbidden
 }
+
+// wrapGitHubError wraps GitHub API errors with appropriate gRPC status codes based on the HTTP response.
+// It handles rate limiting, authentication errors, permission errors, and generic errors.
+// The contextMsg parameter should describe the operation that failed (e.g., "failed to list teams").
+func wrapGitHubError(err error, resp *github.Response, contextMsg string) error {
+	if err == nil {
+		return nil
+	}
+
+	if isRatelimited(resp) {
+		return uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
+	}
+	if isAuthError(resp) {
+		return uhttp.WrapErrors(codes.Unauthenticated, contextMsg, err)
+	}
+	if isPermissionError(resp) {
+		return uhttp.WrapErrors(codes.PermissionDenied, contextMsg, err)
+	}
+	return fmt.Errorf("%s: %w", contextMsg, err)
+}
@@ -74,7 +74,7 @@ func (i *invitationResourceType) List(ctx context.Context, parentID *v2.Resource
 		if isNotFoundError(resp) {
 			return nil, "", nil, nil
 		}
-		return nil, "", nil, fmt.Errorf("github-connector: ListPendingOrgInvitatioins failed: %w", err)
+		return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list pending org invitations")
 	}
 
 	restApiRateLimit, err := extractRateLimitData(resp)
@@ -140,7 +140,7 @@ func (i *invitationResourceType) CreateAccount(
 		Email: params.email,
 	})
 	if err != nil {
-		return nil, nil, nil, fmt.Errorf("github-connectorv2: failed to invite user to org: %w", err)
+		return nil, nil, nil, wrapGitHubError(err, resp, "github-connector: failed to create org invitation")
 	}
 
 	restApiRateLimit, err := extractRateLimitData(resp)
 
@@ -102,10 +102,7 @@ func (o *orgResourceType) List(
 
 	orgs, resp, err := o.client.Organizations.List(ctx, "", opts)
 	if err != nil {
-		if isRatelimited(resp) {
-			return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-		}
-		return nil, "", nil, fmt.Errorf("github-connector: failed to fetch org: %w", err)
+		return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to fetch organizations")
 	}
 
 	nextPage, reqAnnos, err := parseResp(resp)
@@ -129,11 +126,7 @@ func (o *orgResourceType) List(
 				l.Warn("insufficient access to list org membership, skipping org", zap.String("org", org.GetLogin()))
 				continue
 			}
-
-			if isRatelimited(resp) {
-				return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-			}
-			return nil, "", nil, err
+			return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to get org membership")
 		}
 
 		// Only sync orgs that we are an admin for
@@ -227,11 +220,7 @@ func (o *orgResourceType) Grants(
 			if isNotFoundError(resp) {
 				return nil, "", nil, uhttp.WrapErrors(codes.NotFound, fmt.Sprintf("org: %s not found", orgName))
 			}
-			errMsg := "github-connectorv2: failed to list org members"
-			if isRatelimited(resp) {
-				return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-			}
-			return nil, "", nil, fmt.Errorf("%s: %w", errMsg, err)
+			return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list org members")
 		}
 
 		var nextPage string
@@ -294,9 +283,9 @@ func (o *orgResourceType) Grant(ctx context.Context, principal *v2.Resource, en
 		return nil, err
 	}
 
-	user, _, err := o.client.Users.GetByID(ctx, principalID)
+	user, resp, err := o.client.Users.GetByID(ctx, principalID)
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to get user: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to get user")
 	}
 
 	requestedRole := ""
@@ -309,21 +298,21 @@ func (o *orgResourceType) Grant(ctx context.Context, principal *v2.Resource, en
 		return nil, fmt.Errorf("github-connectorv2: invalid entitlement id: %s", en.Id)
 	}
 
-	isMember, _, err := o.client.Organizations.IsMember(ctx, orgName, user.GetLogin())
+	isMember, resp, err := o.client.Organizations.IsMember(ctx, orgName, user.GetLogin())
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to get org membership: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to check org membership")
 	}
 
 	// TODO: check existing invitations. Duplicate invitations aren't allowed, so this will fail with 4xx from github.
 
 	// If user isn't a member, invite them to the org with the requested role
 	if !isMember {
-		_, _, err = o.client.Organizations.CreateOrgInvitation(ctx, orgName, &github.CreateOrgInvitationOptions{
+		_, resp, err = o.client.Organizations.CreateOrgInvitation(ctx, orgName, &github.CreateOrgInvitationOptions{
 			InviteeID: user.ID,
 			Role:      &requestedRole,
 		})
 		if err != nil {
-			return nil, fmt.Errorf("github-connectorv2: failed to invite user to org: %w", err)
+			return nil, wrapGitHubError(err, resp, "github-connector: failed to invite user to org")
 		}
 		return nil, nil
 	}
@@ -334,9 +323,9 @@ func (o *orgResourceType) Grant(ctx context.Context, principal *v2.Resource, en
 	}
 
 	// If the user is a member, check to see what role they have
-	membership, _, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)
+	membership, resp, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to get org membership: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to get org membership")
 	}
 
 	// Skip if user already has requested role
@@ -346,9 +335,9 @@ func (o *orgResourceType) Grant(ctx context.Context, principal *v2.Resource, en
 	}
 
 	// User is a member but grant is for admin, so make them an admin.
-	_, _, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleAdmin)})
+	_, resp, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleAdmin)})
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to make user an admin : %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to make user an admin")
 	}
 
 	return nil, nil
@@ -386,31 +375,31 @@ func (o *orgResourceType) Revoke(ctx context.Context, grant *v2.Grant) (annotati
 		return nil, err
 	}
 
-	user, _, err := o.client.Users.GetByID(ctx, principalID)
+	user, resp, err := o.client.Users.GetByID(ctx, principalID)
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to get user: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to get user")
 	}
 
-	membership, _, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)
+	membership, resp, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to get org membership: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to get org membership")
 	}
 
 	if membership.GetState() != "active" {
 		return nil, fmt.Errorf("github-connectorv2: user is not an active member of the org")
 	}
 
 	if en.Id == memberRoleID {
-		_, err = o.client.Organizations.RemoveOrgMembership(ctx, user.GetLogin(), orgName)
+		resp, err = o.client.Organizations.RemoveOrgMembership(ctx, user.GetLogin(), orgName)
 		if err != nil {
-			return nil, fmt.Errorf("github-connectorv2: failed to revoke org membership from user: %w", err)
+			return nil, wrapGitHubError(err, resp, "github-connector: failed to revoke org membership from user")
 		}
 		return nil, nil
 	}
 
-	_, _, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleMember)})
+	_, resp, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleMember)})
 	if err != nil {
-		return nil, fmt.Errorf("github-connectorv2: failed to revoke org admin from user: %w", err)
+		return nil, wrapGitHubError(err, resp, "github-connector: failed to revoke org admin from user")
 	}
 
 	return nil, nil
@@ -449,7 +438,7 @@ func (o *orgResourceType) listOrganizationsFromAppInstallations(
 	for orgName := range o.orgs {
 		org, resp, err = o.client.Organizations.Get(ctx, orgName)
 		if err != nil {
-			return nil, "", nil, fmt.Errorf("github-connector: failed to fetch organization: %w", err)
+			return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to fetch organization")
 		}
 	}
 
 
@@ -13,11 +13,9 @@ import (
 	"github.com/conductorone/baton-sdk/pkg/types/entitlement"
 	"github.com/conductorone/baton-sdk/pkg/types/grant"
 	"github.com/conductorone/baton-sdk/pkg/types/resource"
-	"github.com/conductorone/baton-sdk/pkg/uhttp"
 	"github.com/google/go-github/v69/github"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"go.uber.org/zap"
-	"google.golang.org/grpc/codes"
 )
 
 type OrganizationRole struct {
@@ -90,10 +88,7 @@ func (o *orgRoleResourceType) List(
 			// Return empty list with no error to indicate we skipped this resource
 			return nil, "", nil, nil
 		}
-		if isRatelimited(resp) {
-			return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-		}
-		return nil, "", nil, fmt.Errorf("failed to list organization roles: %w", err)
+		return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list organization roles")
 	}
 
 	var ret []*v2.Resource
@@ -180,7 +175,7 @@ func (o *orgRoleResourceType) Grants(
 				}
 				return rv, pageToken, nil, nil
 			}
-			return nil, "", nil, fmt.Errorf("failed to list role users: %w", err)
+			return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list users assigned to org role")
 		}
 		nextPage, respAnnos, err := parseResp(resp)
 		if err != nil {
@@ -227,10 +222,7 @@ func (o *orgRoleResourceType) Grants(
 				}
 				return nil, pageToken, nil, nil
 			}
-			if isRatelimited(resp) {
-				return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)
-			}
-			return nil, "", nil, fmt.Errorf("failed to list role teams: %w", err)
+			return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list teams assigned to org role")
 		}
 
 		nextPage, respAnnos, err := parseResp(resp)
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ func (i invitationResourceType) List(ctx context.Context, parentID v2.Resource`
`74`	`74`	`if isNotFoundError(resp) {`
`75`	`75`	`return nil, "", nil, nil`
`76`	`76`	`}`
`77`		`- return nil, "", nil, fmt.Errorf("github-connector: ListPendingOrgInvitatioins failed: %w", err)`
	`77`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list pending org invitations")`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`restApiRateLimit, err := extractRateLimitData(resp)`
`@@ -140,7 +140,7 @@ func (i *invitationResourceType) CreateAccount(`
`140`	`140`	`Email: params.email,`
`141`	`141`	`})`
`142`	`142`	`if err != nil {`
`143`		`- return nil, nil, nil, fmt.Errorf("github-connectorv2: failed to invite user to org: %w", err)`
	`143`	`+ return nil, nil, nil, wrapGitHubError(err, resp, "github-connector: failed to create org invitation")`
`144`	`144`	`}`
`145`	`145`
`146`	`146`	`restApiRateLimit, err := extractRateLimitData(resp)`
Original file line number	Diff line number	Diff line change
`@@ -102,10 +102,7 @@ func (o *orgResourceType) List(`
`102`	`102`
`103`	`103`	`orgs, resp, err := o.client.Organizations.List(ctx, "", opts)`
`104`	`104`	`if err != nil {`
`105`		`- if isRatelimited(resp) {`
`106`		`- return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)`
`107`		`- }`
`108`		`- return nil, "", nil, fmt.Errorf("github-connector: failed to fetch org: %w", err)`
	`105`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to fetch organizations")`
`109`	`106`	`}`
`110`	`107`
`111`	`108`	`nextPage, reqAnnos, err := parseResp(resp)`
`@@ -129,11 +126,7 @@ func (o *orgResourceType) List(`
`129`	`126`	`l.Warn("insufficient access to list org membership, skipping org", zap.String("org", org.GetLogin()))`
`130`	`127`	`continue`
`131`	`128`	`}`
`132`		`-`
`133`		`- if isRatelimited(resp) {`
`134`		`- return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)`
`135`		`- }`
`136`		`- return nil, "", nil, err`
	`129`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to get org membership")`
`137`	`130`	`}`
`138`	`131`
`139`	`132`	`// Only sync orgs that we are an admin for`
`@@ -227,11 +220,7 @@ func (o *orgResourceType) Grants(`
`227`	`220`	`if isNotFoundError(resp) {`
`228`	`221`	`return nil, "", nil, uhttp.WrapErrors(codes.NotFound, fmt.Sprintf("org: %s not found", orgName))`
`229`	`222`	`}`
`230`		`- errMsg := "github-connectorv2: failed to list org members"`
`231`		`- if isRatelimited(resp) {`
`232`		`- return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)`
`233`		`- }`
`234`		`- return nil, "", nil, fmt.Errorf("%s: %w", errMsg, err)`
	`223`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list org members")`
`235`	`224`	`}`
`236`	`225`
`237`	`226`	`var nextPage string`
`@@ -294,9 +283,9 @@ func (o orgResourceType) Grant(ctx context.Context, principal v2.Resource, en`
`294`	`283`	`return nil, err`
`295`	`284`	`}`
`296`	`285`
`297`		`- user, _, err := o.client.Users.GetByID(ctx, principalID)`
	`286`	`+ user, resp, err := o.client.Users.GetByID(ctx, principalID)`
`298`	`287`	`if err != nil {`
`299`		`- return nil, fmt.Errorf("github-connectorv2: failed to get user: %w", err)`
	`288`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to get user")`
`300`	`289`	`}`
`301`	`290`
`302`	`291`	`requestedRole := ""`
`@@ -309,21 +298,21 @@ func (o orgResourceType) Grant(ctx context.Context, principal v2.Resource, en`
`309`	`298`	`return nil, fmt.Errorf("github-connectorv2: invalid entitlement id: %s", en.Id)`
`310`	`299`	`}`
`311`	`300`
`312`		`- isMember, _, err := o.client.Organizations.IsMember(ctx, orgName, user.GetLogin())`
	`301`	`+ isMember, resp, err := o.client.Organizations.IsMember(ctx, orgName, user.GetLogin())`
`313`	`302`	`if err != nil {`
`314`		`- return nil, fmt.Errorf("github-connectorv2: failed to get org membership: %w", err)`
	`303`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to check org membership")`
`315`	`304`	`}`
`316`	`305`
`317`	`306`	`// TODO: check existing invitations. Duplicate invitations aren't allowed, so this will fail with 4xx from github.`
`318`	`307`
`319`	`308`	`// If user isn't a member, invite them to the org with the requested role`
`320`	`309`	`if !isMember {`
`321`		`- _, _, err = o.client.Organizations.CreateOrgInvitation(ctx, orgName, &github.CreateOrgInvitationOptions{`
	`310`	`+ _, resp, err = o.client.Organizations.CreateOrgInvitation(ctx, orgName, &github.CreateOrgInvitationOptions{`
`322`	`311`	`InviteeID: user.ID,`
`323`	`312`	`Role: &requestedRole,`
`324`	`313`	`})`
`325`	`314`	`if err != nil {`
`326`		`- return nil, fmt.Errorf("github-connectorv2: failed to invite user to org: %w", err)`
	`315`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to invite user to org")`
`327`	`316`	`}`
`328`	`317`	`return nil, nil`
`329`	`318`	`}`
`@@ -334,9 +323,9 @@ func (o orgResourceType) Grant(ctx context.Context, principal v2.Resource, en`
`334`	`323`	`}`
`335`	`324`
`336`	`325`	`// If the user is a member, check to see what role they have`
`337`		`- membership, _, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)`
	`326`	`+ membership, resp, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)`
`338`	`327`	`if err != nil {`
`339`		`- return nil, fmt.Errorf("github-connectorv2: failed to get org membership: %w", err)`
	`328`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to get org membership")`
`340`	`329`	`}`
`341`	`330`
`342`	`331`	`// Skip if user already has requested role`
`@@ -346,9 +335,9 @@ func (o orgResourceType) Grant(ctx context.Context, principal v2.Resource, en`
`346`	`335`	`}`
`347`	`336`
`348`	`337`	`// User is a member but grant is for admin, so make them an admin.`
`349`		`- _, _, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleAdmin)})`
	`338`	`+ _, resp, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleAdmin)})`
`350`	`339`	`if err != nil {`
`351`		`- return nil, fmt.Errorf("github-connectorv2: failed to make user an admin : %w", err)`
	`340`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to make user an admin")`
`352`	`341`	`}`
`353`	`342`
`354`	`343`	`return nil, nil`
`@@ -386,31 +375,31 @@ func (o orgResourceType) Revoke(ctx context.Context, grant v2.Grant) (annotati`
`386`	`375`	`return nil, err`
`387`	`376`	`}`
`388`	`377`
`389`		`- user, _, err := o.client.Users.GetByID(ctx, principalID)`
	`378`	`+ user, resp, err := o.client.Users.GetByID(ctx, principalID)`
`390`	`379`	`if err != nil {`
`391`		`- return nil, fmt.Errorf("github-connectorv2: failed to get user: %w", err)`
	`380`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to get user")`
`392`	`381`	`}`
`393`	`382`
`394`		`- membership, _, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)`
	`383`	`+ membership, resp, err := o.client.Organizations.GetOrgMembership(ctx, user.GetLogin(), orgName)`
`395`	`384`	`if err != nil {`
`396`		`- return nil, fmt.Errorf("github-connectorv2: failed to get org membership: %w", err)`
	`385`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to get org membership")`
`397`	`386`	`}`
`398`	`387`
`399`	`388`	`if membership.GetState() != "active" {`
`400`	`389`	`return nil, fmt.Errorf("github-connectorv2: user is not an active member of the org")`
`401`	`390`	`}`
`402`	`391`
`403`	`392`	`if en.Id == memberRoleID {`
`404`		`- _, err = o.client.Organizations.RemoveOrgMembership(ctx, user.GetLogin(), orgName)`
	`393`	`+ resp, err = o.client.Organizations.RemoveOrgMembership(ctx, user.GetLogin(), orgName)`
`405`	`394`	`if err != nil {`
`406`		`- return nil, fmt.Errorf("github-connectorv2: failed to revoke org membership from user: %w", err)`
	`395`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to revoke org membership from user")`
`407`	`396`	`}`
`408`	`397`	`return nil, nil`
`409`	`398`	`}`
`410`	`399`
`411`		`- _, _, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleMember)})`
	`400`	`+ _, resp, err = o.client.Organizations.EditOrgMembership(ctx, user.GetLogin(), orgName, &github.Membership{Role: github.Ptr(orgRoleMember)})`
`412`	`401`	`if err != nil {`
`413`		`- return nil, fmt.Errorf("github-connectorv2: failed to revoke org admin from user: %w", err)`
	`402`	`+ return nil, wrapGitHubError(err, resp, "github-connector: failed to revoke org admin from user")`
`414`	`403`	`}`
`415`	`404`
`416`	`405`	`return nil, nil`
`@@ -449,7 +438,7 @@ func (o *orgResourceType) listOrganizationsFromAppInstallations(`
`449`	`438`	`for orgName := range o.orgs {`
`450`	`439`	`org, resp, err = o.client.Organizations.Get(ctx, orgName)`
`451`	`440`	`if err != nil {`
`452`		`- return nil, "", nil, fmt.Errorf("github-connector: failed to fetch organization: %w", err)`
	`441`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to fetch organization")`
`453`	`442`	`}`
`454`	`443`	`}`
`455`	`444`
Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,9 @@ import (`
`13`	`13`	`"github.com/conductorone/baton-sdk/pkg/types/entitlement"`
`14`	`14`	`"github.com/conductorone/baton-sdk/pkg/types/grant"`
`15`	`15`	`"github.com/conductorone/baton-sdk/pkg/types/resource"`
`16`		`- "github.com/conductorone/baton-sdk/pkg/uhttp"`
`17`	`16`	`"github.com/google/go-github/v69/github"`
`18`	`17`	`"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"`
`19`	`18`	`"go.uber.org/zap"`
`20`		`- "google.golang.org/grpc/codes"`
`21`	`19`	`)`
`22`	`20`
`23`	`21`	`type OrganizationRole struct {`
`@@ -90,10 +88,7 @@ func (o *orgRoleResourceType) List(`
`90`	`88`	`// Return empty list with no error to indicate we skipped this resource`
`91`	`89`	`return nil, "", nil, nil`
`92`	`90`	`}`
`93`		`- if isRatelimited(resp) {`
`94`		`- return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)`
`95`		`- }`
`96`		`- return nil, "", nil, fmt.Errorf("failed to list organization roles: %w", err)`
	`91`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list organization roles")`
`97`	`92`	`}`
`98`	`93`
`99`	`94`	`var ret []*v2.Resource`
`@@ -180,7 +175,7 @@ func (o *orgRoleResourceType) Grants(`
`180`	`175`	`}`
`181`	`176`	`return rv, pageToken, nil, nil`
`182`	`177`	`}`
`183`		`- return nil, "", nil, fmt.Errorf("failed to list role users: %w", err)`
	`178`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list users assigned to org role")`
`184`	`179`	`}`
`185`	`180`	`nextPage, respAnnos, err := parseResp(resp)`
`186`	`181`	`if err != nil {`
`@@ -227,10 +222,7 @@ func (o *orgRoleResourceType) Grants(`
`227`	`222`	`}`
`228`	`223`	`return nil, pageToken, nil, nil`
`229`	`224`	`}`
`230`		`- if isRatelimited(resp) {`
`231`		`- return nil, "", nil, uhttp.WrapErrors(codes.Unavailable, "too many requests", err)`
`232`		`- }`
`233`		`- return nil, "", nil, fmt.Errorf("failed to list role teams: %w", err)`
	`225`	`+ return nil, "", nil, wrapGitHubError(err, resp, "github-connector: failed to list teams assigned to org role")`
`234`	`226`	`}`
`235`	`227`
`236`	`228`	`nextPage, respAnnos, err := parseResp(resp)`