Account creation fixes.

- Have Validate() actually do something.
- Fix discrepancy between account creation schema and actually used values (first name vs name).
- Better error messages in account creation, like mentioning you need to set --account-creation-group.

Author: ggreer

README.md

@@ -62,20 +62,24 @@ Usage:
 Available Commands:
   capabilities       Get connector capabilities
   completion         Generate the autocompletion script for the specified shell
+  config             Get connector config
   help               Help about any command
 
 Flags:
-      --client-id string             The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
-      --client-secret string         The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
-      --access-token string          The access token used to authenticate with the GitLab API ($BATON_ACCESS_TOKEN)
-      --base-url string              The base URL for the GitLab API ($BATON_BASE_URL) (default "https://gitlab.com/")
-  -f, --file string                  The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
-  -h, --help                         help for baton-gitlab
-      --log-format string            The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")
-      --log-level string             The log level: debug, info, warn, error ($BATON_LOG_LEVEL) (default "info")
-  -p, --provisioning                 If this connector supports provisioning, this must be set in order for provisioning actions to be enabled ($BATON_PROVISIONING)
-      --ticketing                    This must be set to enable ticketing support ($BATON_TICKETING)
-  -v, --version                      version for baton-gitlab
+      --access-token string              required: The access token to authenticate with the GitLab API ($BATON_ACCESS_TOKEN)
+      --account-creation-group string    The group indicated will be used as a default group for the new users. Required for account creation capability. ($BATON_ACCOUNT_CREATION_GROUP)
+      --base-url string                  The base URL of the GitLab instance ($BATON_BASE_URL) (default "https://gitlab.com/")
+      --client-id string                 The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
+      --client-secret string             The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
+  -f, --file string                      The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
+  -h, --help                             help for baton-gitlab
+      --log-format string                The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")
+      --log-level string                 The log level: debug, info, warn, error ($BATON_LOG_LEVEL) (default "info")
+      --otel-collector-endpoint string   The endpoint of the OpenTelemetry collector to send observability data to ($BATON_OTEL_COLLECTOR_ENDPOINT)
+  -p, --provisioning                     This must be set in order for provisioning actions to be enabled ($BATON_PROVISIONING)
+      --skip-full-sync                   This must be set to skip a full sync ($BATON_SKIP_FULL_SYNC)
+      --ticketing                        This must be set to enable ticketing support ($BATON_TICKETING)
+  -v, --version                          version for baton-gitlab
 
 Use "baton-gitlab [command] --help" for more information about a command.
 ```

cmd/baton-gitlab/config.go

@@ -19,8 +19,7 @@ var (
 	)
 	AccountCreationGroup = field.StringField(
 		"account-creation-group",
-		field.WithDescription("The group indicated will be used as a default group for the new users"),
-		field.WithDefaultValue(""),
+		field.WithDescription("The group indicated will be used as a default group for the new users. Required for account creation capability."),
 		field.WithRequired(false),
 	)
 

pkg/connector/connector.go

@@ -9,6 +9,7 @@ import (
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
 	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
+	gitlabSDK "gitlab.com/gitlab-org/api/client-go"
 )
 
 type Connector struct {
@@ -37,7 +38,7 @@ func (d *Connector) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error)
 		Description: "GitLab is a web-based Git repository manager with built-in CI/CD pipeline functionality.",
 		AccountCreationSchema: &v2.ConnectorAccountCreationSchema{
 			FieldMap: map[string]*v2.ConnectorAccountCreationSchema_Field{
-				"first_name": {
+				"name": {
 					DisplayName: "Name",
 					Required:    true,
 					Description: "This name will be used for the user.",
@@ -85,6 +86,27 @@ func (d *Connector) Metadata(ctx context.Context) (*v2.ConnectorMetadata, error)
 // Validate is called to ensure that the connector is properly configured. It should exercise any API credentials
 // to be sure that they are valid.
 func (d *Connector) Validate(ctx context.Context) (annotations.Annotations, error) {
+	_, _, err := d.Client.ListGroups(ctx, "")
+	if err != nil {
+		return nil, fmt.Errorf("error listing groups: %w", err)
+	}
+
+	if d.Client.AccountCreationGroup != "" {
+		groupName := d.Client.AccountCreationGroup
+		groups, _, err := d.Client.Groups.ListGroups(&gitlabSDK.ListGroupsOptions{
+			Search: &groupName,
+		},
+			gitlabSDK.WithContext(ctx),
+		)
+		if err != nil {
+			return nil, fmt.Errorf("error getting account creation group: %w", err)
+		}
+
+		if len(groups) == 0 {
+			return nil, fmt.Errorf("account creation group not found")
+		}
+	}
+
 	return nil, nil
 }
 

pkg/connector/users.go

@@ -257,7 +257,7 @@ func newUserBuilder(client *gitlab.Client) *userBuilder {
 
 func (o *userBuilder) getGroupID(ctx context.Context) (string, error) {
 	if o.AccountCreationGroup == "" {
-		return "", fmt.Errorf("a creation group name is required when configuring the connector")
+		return "", fmt.Errorf("account creation group not set. use --account-creation-group when running the connector")
 	}
 
 	groupName := o.AccountCreationGroup
@@ -267,7 +267,7 @@ func (o *userBuilder) getGroupID(ctx context.Context) (string, error) {
 		gitlabSDK.WithContext(ctx),
 	)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("error listing groups: %w", err)
 	}
 
 	for _, group := range groups {
@@ -276,7 +276,7 @@ func (o *userBuilder) getGroupID(ctx context.Context) (string, error) {
 		}
 	}
 
-	return "", fmt.Errorf("group name %s not found", groupName)
+	return "", fmt.Errorf("account creation group %s not found", groupName)
 }
 
 func userResource(user any) (*v2.Resource, error) {