fix(sync): prevent crash on 403 permission errors (#59)

* fix(sync): prevent crash on 403 permission errors

* extend permission error handling to projects

* remove handling error from projects

Author: mateovespConductor

pkg/connector/groups.go

@@ -18,8 +18,6 @@ import (
 	resourceSdk "github.com/conductorone/baton-sdk/pkg/types/resource"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"go.uber.org/zap"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
 )
 
@@ -131,14 +129,13 @@ func (o *groupBuilder) Grants(ctx context.Context, resource *v2.Resource, pToken
 	}
 
 	if err != nil {
-		l := ctxzap.Extract(ctx)
-		l.Warn("Permission denied while listing members for group. Skipping.",
-			zap.String("group_id", resource.Id.Resource),
-		)
-		if status.Code(err) == codes.PermissionDenied || errors.Is(err, client.ErrForbidden) {
-			return nil, "", nil, nil
+		isPermissionError, unhandledErr := handlePermissionError(ctx, err, "group", groupId)
+		if unhandledErr != nil {
+			return nil, "", outputAnnotations, unhandledErr
+		}
+		if isPermissionError {
+			return nil, "", outputAnnotations, nil
 		}
-		return nil, "", outputAnnotations, err
 	}
 
 	for _, user := range users {

pkg/connector/helpers.go

@@ -1,10 +1,16 @@
 package connector
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"strings"
 
 	"github.com/conductorone/baton-gitlab/pkg/connector/client"
+	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
+	"go.uber.org/zap"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 func toGroupResourceId(groupId string) string {
@@ -32,3 +38,20 @@ func parseAccessLevelFromEntitlementID(entitlementID string) (int, error) {
 	}
 	return int(levelValue), nil
 }
+
+func handlePermissionError(ctx context.Context, err error, resourceType, resourceId string) (bool, error) {
+	if err == nil {
+		return false, nil
+	}
+
+	if status.Code(err) == codes.PermissionDenied || errors.Is(err, client.ErrForbidden) {
+		l := ctxzap.Extract(ctx)
+		l.Warn(
+			fmt.Sprintf("Permission denied while listing members for %s. Skipping.", resourceType),
+			zap.String(fmt.Sprintf("%s_id", resourceType), resourceId),
+		)
+		return true, nil
+	}
+
+	return false, err
+}

pkg/connector/users.go

@@ -105,8 +105,15 @@ func (u *userBuilder) listCloudVersion(ctx context.Context, parentResourceID *v2
 			outputAnnotations.WithRateLimiting(rateLimitDescGroupMembers)
 		}
 		if err != nil {
-			return nil, "", outputAnnotations, err
+			isPermissionError, unhandledErr := handlePermissionError(ctx, err, "group", groupId)
+			if unhandledErr != nil {
+				return nil, "", outputAnnotations, unhandledErr
+			}
+			if isPermissionError {
+				return nil, "", outputAnnotations, nil
+			}
 		}
+
 		for _, member := range groupMembers {
 			users = append(users, member)
 		}
@@ -120,6 +127,7 @@ func (u *userBuilder) listCloudVersion(ctx context.Context, parentResourceID *v2
 		if err != nil {
 			return nil, "", outputAnnotations, err
 		}
+
 		for _, member := range projectMembers {
 			users = append(users, member)
 		}