Merge pull request #84 from ConductorOne/BB763

Bencheng21 · web-flow · commit eb6a06c04359 · 2025-06-17T09:53:14.000-07:00
[BB-763] baton-github: add account provisioning
diff --git a/pkg/connector/connector.go b/pkg/connector/connector.go
@@ -56,6 +56,14 @@ var (
 		},
 		Annotations: v1AnnotationsForResourceType("user"),
 	}
+	resourceTypeInvitation = &v2.ResourceType{
+		Id:          "invitation",
+		DisplayName: "Invitation",
+		Traits: []v2.ResourceType_Trait{
+			v2.ResourceType_TRAIT_USER,
+		},
+		Annotations: v1AnnotationsForResourceType("invitation"),
+	}
 	resourceTypeApiToken = &v2.ResourceType{
 		Id:          "api-key",
 		DisplayName: "API Key",
@@ -100,6 +108,30 @@ func (gh *GitHub) ResourceSyncers(ctx context.Context) []connectorbuilder.Resour
 func (gh *GitHub) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error) {
 	return &v2.ConnectorMetadata{
 		DisplayName: "GitHub",
+		AccountCreationSchema: &v2.ConnectorAccountCreationSchema{
+			FieldMap: map[string]*v2.ConnectorAccountCreationSchema_Field{
+				"email": {
+					DisplayName: "Email",
+					Required:    true,
+					Description: "This email will be used as the login for the user.",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "Email",
+					Order:       1,
+				},
+				"org": {
+					DisplayName: "Org Name",
+					Required:    true,
+					Description: "organization name",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "organization name",
+					Order:       2,
+				},
+			},
+		},
 	}, nil
 }
 
diff --git a/pkg/connector/user.go b/pkg/connector/user.go
@@ -10,6 +10,7 @@ import (
 
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
+	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
 	"github.com/conductorone/baton-sdk/pkg/types/resource"
 	"github.com/google/go-github/v69/github"
@@ -19,6 +20,32 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
+func invitationToUserResource(invitation *github.Invitation) (*v2.Resource, error) {
+	login := invitation.GetLogin()
+	if login == "" {
+		login = invitation.GetEmail()
+	}
+
+	ret, err := resource.NewUserResource(
+		login,
+		resourceTypeInvitation,
+		invitation.GetID(),
+		[]resource.UserTraitOption{
+			resource.WithEmail(invitation.GetEmail(), true),
+			resource.WithUserProfile(map[string]interface{}{
+				"login":   login,
+				"inviter": invitation.GetInviter().GetLogin(),
+			}),
+			resource.WithStatus(v2.UserTrait_Status_STATUS_UNSPECIFIED),
+			resource.WithUserLogin(login),
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+	return ret, nil
+}
+
 // Create a new connector resource for a GitHub user.
 func userResource(ctx context.Context, user *github.User, userEmail string, extraEmails []string) (*v2.Resource, error) {
 	displayName := user.GetName()
@@ -211,6 +238,77 @@ func (o *userResourceType) List(ctx context.Context, parentID *v2.ResourceId, pt
 	return rv, pageToken, annotations, nil
 }
 
+func (o *userResourceType) CreateAccountCapabilityDetails(ctx context.Context) (*v2.CredentialDetailsAccountProvisioning, annotations.Annotations, error) {
+	return &v2.CredentialDetailsAccountProvisioning{
+		SupportedCredentialOptions: []v2.CapabilityDetailCredentialOption{
+			v2.CapabilityDetailCredentialOption_CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD,
+		},
+		PreferredCredentialOption: v2.CapabilityDetailCredentialOption_CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD,
+	}, nil, nil
+}
+
+func (o *userResourceType) CreateAccount(
+	ctx context.Context,
+	accountInfo *v2.AccountInfo,
+	credentialOptions *v2.CredentialOptions,
+) (
+	connectorbuilder.CreateAccountResponse,
+	[]*v2.PlaintextData,
+	annotations.Annotations,
+	error,
+) {
+	params, err := getCreateUserParams(accountInfo)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("github-connectorv2: failed to get CreateUserParams: %w", err)
+	}
+
+	invitation, resp, err := o.client.Organizations.CreateOrgInvitation(ctx, params.org, &github.CreateOrgInvitationOptions{
+		Email: params.email,
+	})
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("github-connectorv2: failed to invite user to org: %w", err)
+	}
+
+	restApiRateLimit, err := extractRateLimitData(resp)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	var annotations annotations.Annotations
+	annotations.WithRateLimiting(restApiRateLimit)
+
+	r, err := invitationToUserResource(invitation)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("github-connectorv2: cannot create user resource: %w", err)
+	}
+	return &v2.CreateAccountResponse_SuccessResult{
+		Resource: r,
+	}, nil, nil, nil
+}
+
+type createUserParams struct {
+	org   string
+	email *string
+}
+
+func getCreateUserParams(accountInfo *v2.AccountInfo) (*createUserParams, error) {
+	pMap := accountInfo.Profile.AsMap()
+	org, ok := pMap["org"].(string)
+	if !ok || org == "" {
+		return nil, fmt.Errorf("org is required")
+	}
+
+	e, emailExisted := pMap["email"].(string)
+	if !emailExisted || e == "" {
+		return nil, fmt.Errorf("email is required")
+	}
+
+	return &createUserParams{
+		org:   org,
+		email: &e,
+	}, nil
+}
+
 func isEmail(email string) bool {
 	_, err := mail.ParseAddress(email)
 	return err == nil
