feat: default group name is required when creating new users. New user is added to that group when created

Author: JavierCarnelli-ConductorOne

pkg/connector/connector.go

@@ -67,6 +67,16 @@ func (d *Connector) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error)
 					Placeholder: "Username",
 					Order:       3,
 				},
+				"group_name": {
+					DisplayName: "Group Name",
+					Required:    true,
+					Description: "The group indicated will be used assigned to the user.",
+					Field: &v2.ConnectorAccountCreationSchema_Field_StringField{
+						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
+					},
+					Placeholder: "Group Name",
+					Order:       4,
+				},
 				"group_id_for_saml": {
 					DisplayName: "Group ID for SAML",
 					Required:    false,
@@ -75,7 +85,7 @@ func (d *Connector) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error)
 						StringField: &v2.ConnectorAccountCreationSchema_StringField{},
 					},
 					Placeholder: "Group ID for SAML",
-					Order:       4,
+					Order:       5,
 				},
 			},
 		},

pkg/connector/gitlab/client.go

@@ -2,9 +2,6 @@ package gitlab
 
 import (
 	"context"
-	"net/http"
-	"strconv"
-
 	"github.com/conductorone/baton-sdk/pkg/uhttp"
 	gitlabSDK "gitlab.com/gitlab-org/api/client-go"
 )
@@ -31,39 +28,3 @@ func NewClient(ctx context.Context, accessToken, baseURL string) (*Client, error
 		Client: client,
 	}, nil
 }
-
-// GetAllUsers retrieves the whole list of Users of the GitLab instance.
-// Endpoint: /api/v4/users.
-func (c *Client) GetAllUsers(ctx context.Context, nextPageToken string) ([]gitlabSDK.User, *gitlabSDK.Response, error) {
-	var nextPage int
-	var err error
-
-	if nextPageToken != "" {
-		nextPage, err = strconv.Atoi(nextPageToken)
-		if err != nil {
-			return nil, nil, err
-		}
-	}
-
-	usersPath := "users"
-	opt := &gitlabSDK.ListGroupsOptions{
-		ListOptions: gitlabSDK.ListOptions{
-			Page: nextPage,
-		},
-	}
-	var options []gitlabSDK.RequestOptionFunc
-	options = append(options, gitlabSDK.WithContext(ctx))
-
-	req, err := c.NewRequest(http.MethodGet, usersPath, opt, options)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var users []gitlabSDK.User
-	resp, err := c.Do(req, &users)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return users, resp, nil
-}

pkg/connector/groups.go

@@ -57,6 +57,7 @@ func groupResource(group *gitlabSDK.Group, parentResourceID *v2.ResourceId) (*v2
 		resourceSdk.WithAnnotation(
 			&v2.ChildResourceType{ResourceTypeId: projectResourceType.Id},
 			&v2.ChildResourceType{ResourceTypeId: groupResourceType.Id},
+			&v2.ChildResourceType{ResourceTypeId: userResourceType.Id},
 		),
 		resourceSdk.WithParentResourceID(parentResourceID),
 	)

pkg/connector/projects.go

@@ -38,6 +38,7 @@ func projectResource(project *gitlabSDK.Project, parentResourceID *v2.ResourceId
 				},
 			),
 		},
+		resourceSdk.WithAnnotation(&v2.ChildResourceType{ResourceTypeId: userResourceType.Id}),
 		resourceSdk.WithParentResourceID(parentResourceID),
 	)
 }

pkg/connector/users.go

@@ -24,31 +24,6 @@ func (o *userBuilder) ResourceType(ctx context.Context) *v2.ResourceType {
 	return userResourceType
 }
 
-func userResource(user gitlabSDK.User, parentResourceID *v2.ResourceId) (*v2.Resource, error) {
-	profile := map[string]interface{}{
-		"id":         user.ID,
-		"first_name": user.Name,
-		"username":   user.Username,
-		"email":      user.Email,
-		"state":      user.State,
-	}
-
-	userTraitOptions := []resourceSdk.UserTraitOption{
-		resourceSdk.WithEmail(user.Email, true),
-		resourceSdk.WithStatus(v2.UserTrait_Status_STATUS_ENABLED),
-		resourceSdk.WithUserProfile(profile),
-		resourceSdk.WithUserLogin(user.Email),
-	}
-
-	return resourceSdk.NewUserResource(
-		user.Name,
-		userResourceType,
-		user.ID,
-		userTraitOptions,
-		resourceSdk.WithParentResourceID(parentResourceID),
-	)
-}
-
 func (o *userBuilder) setEmailsGroupMembers(ctx context.Context, users []*gitlabSDK.GroupMember) []*gitlabSDK.GroupMember {
 	for i, user := range users {
 		details, _, err := o.Users.GetUser(user.ID, gitlabSDK.GetUsersOptions{}, gitlabSDK.WithContext(ctx))
@@ -82,35 +57,67 @@ func (o *userBuilder) setEmailsProjectMembers(ctx context.Context, users []*gitl
 // List returns all the users from the database as resource objects.
 // Users include a UserTrait because they are the 'shape' of a standard user.
 func (o *userBuilder) List(ctx context.Context, parentResourceID *v2.ResourceId, pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {
-	var (
-		users     []gitlabSDK.User
-		res       *gitlabSDK.Response
-		pageToken string
-		err       error
-	)
+	var users []any
+	var res *gitlabSDK.Response
+	var groupId string
+	var err error
+
+	// If the parent resource is nil, this function will exit, the users will be request based on the Groups and Projects received on the arguments.
+	if parentResourceID == nil {
+		return nil, "", nil, nil
+	}
 
-	if pToken != nil {
-		pageToken = pToken.Token
+	var groupMembers []*gitlabSDK.GroupMember
+	if parentResourceID.ResourceType == groupResourceType.Id {
+		groupId, _, err = fromGroupResourceId(parentResourceID.Resource)
+		if err != nil {
+			return nil, "", nil, fmt.Errorf("error parsing group resource id: %w", err)
+		}
+		if pToken.Token == "" {
+			groupMembers, res, err = o.ListGroupMembers(ctx, groupId)
+		} else {
+			groupMembers, res, err = o.ListGroupMembersPaginate(ctx, groupId, pToken.Token)
+		}
+	}
+	if err != nil {
+		return nil, "", nil, err
+	}
+
+	groupMembers = o.setEmailsGroupMembers(ctx, groupMembers)
+	for _, member := range groupMembers {
+		users = append(users, member)
+	}
+
+	var projectMembers []*gitlabSDK.ProjectMember
+	if parentResourceID.ResourceType == projectResourceType.Id {
+		if pToken.Token == "" {
+			projectMembers, res, err = o.ListProjectMembers(ctx, parentResourceID.Resource)
+		} else {
+			projectMembers, res, err = o.ListProjectMembersPaginate(ctx, parentResourceID.Resource, pToken.Token)
+		}
 	}
-	users, res, err = o.Client.GetAllUsers(ctx, pageToken)
 	if err != nil {
 		return nil, "", nil, err
 	}
 
+	projectMembers = o.setEmailsProjectMembers(ctx, projectMembers)
+	for _, member := range projectMembers {
+		users = append(users, member)
+	}
+
 	outResources := make([]*v2.Resource, 0, len(users))
 	for _, user := range users {
-		resource, err := userResource(user, parentResourceID)
+		resource, err := userResource(user)
 		if err != nil {
 			return nil, "", nil, err
 		}
 		outResources = append(outResources, resource)
 	}
 
 	var nextPage string
-	if res.NextPage != 0 {
+	if res != nil && res.NextPage != 0 {
 		nextPage = strconv.Itoa(res.NextPage)
 	}
-
 	return outResources, nextPage, nil, nil
 }
 
@@ -149,12 +156,23 @@ func (o *userBuilder) CreateAccount(
 		return nil, nil, nil, err
 	}
 
+	groupID, err := o.validateUserGroup(ctx, accountInfo)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
 	user, _, err := o.Users.CreateUser(createUserOpts)
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
-	userResource, err := userResource(*user, nil)
+	accessLevelValue := AccessLevel("Guest")
+	err = o.AddGroupMember(ctx, groupID, user.ID, accessLevelValue)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	userResource, err := userResource(user)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@@ -236,3 +254,87 @@ func newUserBuilder(client *gitlab.Client) *userBuilder {
 		Client: client,
 	}
 }
+
+func (o *userBuilder) validateUserGroup(ctx context.Context, accountInfo *v2.AccountInfo) (string, error) {
+	pMap := accountInfo.Profile.AsMap()
+	groupName, ok := pMap["group_name"].(string)
+	if !ok || groupName == "" {
+		return "", fmt.Errorf("group_name is required")
+	}
+
+	groups, _, err := o.Groups.ListGroups(&gitlabSDK.ListGroupsOptions{
+		Search: &groupName,
+	},
+		gitlabSDK.WithContext(ctx),
+	)
+	if err != nil {
+		return "", err
+	}
+
+	for _, group := range groups {
+		if group.Name == groupName {
+			return strconv.Itoa(group.ID), nil
+		}
+	}
+
+	return "", fmt.Errorf("group name %s not found", groupName)
+}
+
+func userResource(user any) (*v2.Resource, error) {
+	var id int
+	// NOTE: The email attribute is only visible to group owners for enterprise users of the group when an API request is sent to the group itself, or that group's subgroups or projects.
+	// https://docs.gitlab.com/ee/api/members.html#known-issues
+	var email string
+	var username string
+	var name string
+	var state string
+	var accessLevel int
+
+	switch user := user.(type) {
+	case *gitlabSDK.GroupMember:
+		id = user.ID
+		email = user.Email
+		state = user.State
+		name = user.Name
+		username = user.Username
+		accessLevel = int(user.AccessLevel)
+	case *gitlabSDK.ProjectMember:
+		id = user.ID
+		email = user.Email
+		state = user.State
+		name = user.Name
+		username = user.Username
+		accessLevel = int(user.AccessLevel)
+	case *gitlabSDK.User:
+		id = user.ID
+		email = user.Email
+		state = user.State
+		name = user.Name
+		username = user.Username
+	default:
+		return nil, fmt.Errorf("unknown user type: %T", user)
+	}
+
+	profile := map[string]interface{}{
+		"first_name":   name,
+		"username":     username,
+		"email":        email,
+		"state":        state,
+		"access_level": accessLevel,
+		"id":           id,
+	}
+
+	userTraitOptions := []resourceSdk.UserTraitOption{
+		resourceSdk.WithEmail(email, true),
+		resourceSdk.WithStatus(v2.UserTrait_Status_STATUS_ENABLED),
+		resourceSdk.WithUserProfile(profile),
+		resourceSdk.WithUserLogin(email),
+	}
+
+	return resourceSdk.NewUserResource(
+		name,
+		userResourceType,
+		id,
+		userTraitOptions,
+	)
+}