Merge pull request #88 from ConductorOne/lauren/remove-unnecessary-requests

remove unecessary requests

Author: laurenleach

pkg/client/projects.go

@@ -25,12 +25,12 @@ func (c *Client) GetProject(ctx context.Context, projectID string) (*jira.Projec
 	return project, nil
 }
 
-func (c *Client) ListProjects(ctx context.Context) ([]*jira.Project, error) {
+func (c *Client) ListProjectsWithDetails(ctx context.Context) ([]*jira.Project, error) {
 	l := ctxzap.Extract(ctx)
 
 	projects, _, err := c.client.Project.GetAll(ctx, nil)
 	if err != nil {
-		l.Error("Error getting projects", zap.Error(err))
+		l.Error("Error getting projects with details", zap.Error(err))
 		return nil, err
 	}
 
@@ -46,6 +46,29 @@ func (c *Client) ListProjects(ctx context.Context) ([]*jira.Project, error) {
 	return ret, nil
 }
 
+func (c *Client) ListProjects(ctx context.Context) ([]*jira.Project, error) {
+	l := ctxzap.Extract(ctx)
+
+	projects, _, err := c.client.Project.GetAll(ctx, nil)
+	if err != nil {
+		l.Error("Error getting projects", zap.Error(err))
+		return nil, err
+	}
+
+	var ret []*jira.Project
+	for _, i := range *projects {
+		p := &jira.Project{
+			Self: i.Self,
+			ID:   i.ID,
+			Key:  i.Key,
+			Name: i.Name,
+		}
+		ret = append(ret, p)
+	}
+
+	return ret, nil
+}
+
 func (c *Client) ListStatuses(ctx context.Context) ([]*jira.Status, error) {
 	l := ctxzap.Extract(ctx)
 

pkg/connector/group.go

@@ -13,6 +13,7 @@ import (
 	sdkResource "github.com/conductorone/baton-sdk/pkg/types/resource"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"go.uber.org/zap"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/conductorone/baton-jira-datacenter/pkg/client"
 )
@@ -27,12 +28,47 @@ func (g *groupBuilder) ResourceType(ctx context.Context) *v2.ResourceType {
 	return groupResourceType
 }
 
+func extractGroupLabelRolesFromGroupProfile(profile *structpb.Struct) []client.Labels {
+	if profile == nil {
+		return nil
+	}
+	field, ok := profile.Fields["group_label_roles"]
+	if !ok || field.GetListValue() == nil {
+		return nil
+	}
+	var actors []client.Labels
+	for _, val := range field.GetListValue().Values {
+		m := val.GetStructValue()
+		if m == nil {
+			continue
+		}
+		gl := client.Labels{
+			Text:  m.Fields["text"].GetStringValue(),
+			Type:  m.Fields["type"].GetStringValue(),
+			Title: m.Fields["title"].GetStringValue(),
+		}
+		actors = append(actors, gl)
+	}
+	return actors
+}
+
 func groupResource(ctx context.Context, group client.Group, parentResourceID *v2.ResourceId) (*v2.Resource, error) {
 	// jira groups does not include ids only names
 	profile := map[string]interface{}{
 		"group_name": group.Name,
 		"group_id":   group.Name,
 	}
+
+	var groupLabelRoles []any
+	for _, gl := range group.Labels {
+		groupLabelRoles = append(groupLabelRoles, map[string]any{
+			"text":  gl.Text,
+			"title": gl.Title,
+			"type":  gl.Type,
+		})
+	}
+	profile["group_label_roles"] = groupLabelRoles
+
 	groupTraitOptions := []sdkResource.GroupTraitOption{sdkResource.WithGroupProfile(profile)}
 	resource, err := sdkResource.NewGroupResource(
 		group.Name,
@@ -71,9 +107,19 @@ func (g *groupBuilder) List(ctx context.Context, parentResourceID *v2.ResourceId
 
 func (g *groupBuilder) Entitlements(ctx context.Context, resource *v2.Resource, _ *pagination.Token) ([]*v2.Entitlement, string, annotations.Annotations, error) {
 	groupId := resource.Id.Resource
-	groupRoles, err := g.client.GetGroupLabelRoles(ctx, groupId)
+
+	groupTrait, err := sdkResource.GetGroupTrait(resource)
 	if err != nil {
-		return nil, "", nil, err
+		return nil, "", nil, fmt.Errorf("list-entitlements: Failed to get group trait from group: %w", err)
+	}
+	groupProfile := groupTrait.GetProfile()
+
+	groupRoles := extractGroupLabelRolesFromGroupProfile(groupProfile)
+	if groupRoles == nil {
+		groupRoles, err = g.client.GetGroupLabelRoles(ctx, groupId)
+		if err != nil {
+			return nil, "", nil, err
+		}
 	}
 
 	rv := make([]*v2.Entitlement, 0, len(groupRoles)+1)
@@ -113,9 +159,18 @@ func (g *groupBuilder) Grants(ctx context.Context, resource *v2.Resource, pToken
 
 	l := ctxzap.Extract(ctx)
 
-	roles, err := g.client.GetGroupLabelRoles(ctx, groupId)
+	groupTrait, err := sdkResource.GetGroupTrait(resource)
 	if err != nil {
-		return nil, "", nil, err
+		return nil, "", nil, fmt.Errorf("list-grants: failed to get group trait from group: %w", err)
+	}
+	groupProfile := groupTrait.GetProfile()
+
+	roles := extractGroupLabelRolesFromGroupProfile(groupProfile)
+	if roles == nil {
+		roles, err = g.client.GetGroupLabelRoles(ctx, groupId)
+		if err != nil {
+			return nil, "", nil, err
+		}
 	}
 
 	for _, member := range groupMembers {

pkg/connector/permission.go

@@ -80,30 +80,19 @@ func (r *permissionBuilder) List(ctx context.Context, parentResourceID *v2.Resou
 func (r *permissionBuilder) Entitlements(ctx context.Context, resource *v2.Resource, _ *pagination.Token) ([]*v2.Entitlement, string, annotations.Annotations, error) {
 	var rv []*v2.Entitlement
 	permissionId := resource.DisplayName
-	permissions, err := r.client.ListAllPermissionScheme(ctx)
-	if err != nil {
-		return nil, "", nil, err
-	}
 
-	for _, permission := range permissions.Permissions {
-		if permissionId != permission.Permission {
-			continue
-		}
-
-		// create entitlements for each project role
-		permissionOptions := []ent.EntitlementOption{
-			ent.WithGrantableTo(userResourceType, groupResourceType),
-			ent.WithDisplayName(fmt.Sprintf("%s Permission %s", resource.DisplayName, permission.Permission)),
-			ent.WithDescription(fmt.Sprintf("%s access to %s permission in Jira DC", titleCase(permission.Permission), resource.DisplayName)),
-		}
-
-		rv = append(rv, ent.NewPermissionEntitlement(
-			resource,
-			permission.Permission,
-			permissionOptions...,
-		))
+	permissionOptions := []ent.EntitlementOption{
+		ent.WithGrantableTo(userResourceType, groupResourceType),
+		ent.WithDisplayName(fmt.Sprintf("%s Permission %s", resource.DisplayName, permissionId)),
+		ent.WithDescription(fmt.Sprintf("%s access to %s permission in Jira DC", titleCase(permissionId), permissionId)),
 	}
 
+	rv = append(rv, ent.NewPermissionEntitlement(
+		resource,
+		permissionId,
+		permissionOptions...,
+	))
+
 	return rv, "", nil, nil
 }
 

pkg/connector/role.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"strconv"
 
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
@@ -16,6 +15,7 @@ import (
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"go.uber.org/zap"
 	"golang.org/x/exp/slices"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/conductorone/baton-jira-datacenter/pkg/client"
 )
@@ -26,23 +26,60 @@ type roleBuilder struct {
 
 const NF = -1
 
+func extractActorsFromRoleProfile(profile *structpb.Struct) []client.Actors {
+	if profile == nil {
+		return nil
+	}
+	field, ok := profile.Fields["actors"]
+	if !ok || field.GetListValue() == nil {
+		return nil
+	}
+	var actors []client.Actors
+	for _, val := range field.GetListValue().Values {
+		m := val.GetStructValue()
+		if m == nil {
+			continue
+		}
+
+		a := client.Actors{
+			ID:          int(m.Fields["id"].GetNumberValue()),
+			DisplayName: m.Fields["displayName"].GetStringValue(),
+			Type:        m.Fields["type"].GetStringValue(),
+			Name:        m.Fields["name"].GetStringValue(),
+		}
+		actors = append(actors, a)
+	}
+	return actors
+}
+
 // Create a new connector resource for a jira role.
 func roleResource(ctx context.Context, role client.RolesAPIData, parentResourceID *v2.ResourceId) (*v2.Resource, error) {
-	profile := map[string]interface{}{
+	profile := map[string]any{
 		"role_id":          role.ID,
 		"role_name":        role.Name,
 		"role_Description": role.Description,
 	}
 
-	groupTraitOptions := []sdkResource.GroupTraitOption{
+	var actorsList []any
+	for _, a := range role.Actors {
+		actorsList = append(actorsList, map[string]any{
+			"id":          a.ID,
+			"displayName": a.DisplayName,
+			"type":        a.Type,
+			"name":        a.Name,
+		})
+	}
+	profile["actors"] = actorsList
+
+	roleTraitOptions := []sdkResource.GroupTraitOption{
 		sdkResource.WithGroupProfile(profile),
 	}
 
 	ret, err := sdkResource.NewGroupResource(
 		role.Name,
 		roleResourceType,
 		role.ID,
-		groupTraitOptions,
+		roleTraitOptions,
 		sdkResource.WithParentResourceID(parentResourceID),
 	)
 	if err != nil {
@@ -61,6 +98,7 @@ func (r *roleBuilder) ResourceType(ctx context.Context) *v2.ResourceType {
 func (r *roleBuilder) List(ctx context.Context, parentResourceID *v2.ResourceId, pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {
 	var ret []*v2.Resource
 	roles, err := r.client.ListAllRoles(ctx)
+
 	if err != nil {
 		return nil, "", nil, err
 	}
@@ -105,57 +143,57 @@ func (r *roleBuilder) Entitlements(ctx context.Context, resource *v2.Resource, _
 
 func (r *roleBuilder) Grants(ctx context.Context, resource *v2.Resource, pToken *pagination.Token) ([]*v2.Grant, string, annotations.Annotations, error) {
 	var rv []*v2.Grant
-	// List roles in general
-	roles, err := r.client.ListAllRoles(ctx)
-	if err != nil {
-		return nil, "", nil, err
-	}
 
-	roleId, err := strconv.Atoi(resource.Id.Resource)
+	l := ctxzap.Extract(ctx)
+
+	roleTrait, err := sdkResource.GetGroupTrait(resource)
 	if err != nil {
-		return nil, "", nil, err
+		return nil, "", nil, fmt.Errorf("list-grants: failed to get group trait from role: %w", err)
 	}
+	roleProfile := roleTrait.GetProfile()
 
-	l := ctxzap.Extract(ctx)
+	roleActors := extractActorsFromRoleProfile(roleProfile)
 
-	for _, role := range roles {
-		if roleId != role.ID {
-			continue
+	if roleActors == nil {
+		role, err := r.client.GetRole(ctx, resource.Id.Resource)
+		if err != nil {
+			return nil, "", nil, err
 		}
-		// An actor can be (users or groups)
-		for _, actor := range role.Actors {
-			switch actor.Type {
-			case userRole:
-				user, err := r.client.GetUser(ctx, actor.Name)
-				if err != nil {
-					if errors.Is(err, client.ErrUserNotFound) {
-						l.Warn("User not found", zap.String("userId", actor.Name))
-						continue
-					}
-					return nil, "", nil, err
-				}
+		roleActors = role.Actors
+	}
 
-				ur, err := userResource(user)
-				if err != nil {
-					return nil, "", nil, err
+	for _, actor := range roleActors {
+		switch actor.Type {
+		case userRole:
+			user, err := r.client.GetUser(ctx, actor.Name)
+			if err != nil {
+				if errors.Is(err, client.ErrUserNotFound) {
+					l.Warn("User not found", zap.String("userId", actor.Name))
+					continue
 				}
+				return nil, "", nil, err
+			}
 
-				membershipGrant := grant.NewGrant(resource, role.Name, ur.Id)
-				rv = append(rv, membershipGrant)
-			case groupRole:
-				group := client.Group{
-					Name: actor.Name,
-				}
-				gr, err := groupResource(ctx, group, nil)
-				if err != nil {
-					return nil, "", nil, err
-				}
+			ur, err := userResource(user)
+			if err != nil {
+				return nil, "", nil, err
+			}
 
-				membershipGrant := grant.NewGrant(resource, role.Name, gr.Id)
-				rv = append(rv, membershipGrant)
-			default:
-				return nil, "", nil, fmt.Errorf("jira(dc)-connector: invalid member resource type: %s", actor.Type)
+			membershipGrant := grant.NewGrant(resource, resource.DisplayName, ur.Id)
+			rv = append(rv, membershipGrant)
+		case groupRole:
+			group := client.Group{
+				Name: actor.Name,
 			}
+			gr, err := groupResource(ctx, group, nil)
+			if err != nil {
+				return nil, "", nil, err
+			}
+
+			membershipGrant := grant.NewGrant(resource, resource.DisplayName, gr.Id)
+			rv = append(rv, membershipGrant)
+		default:
+			return nil, "", nil, fmt.Errorf("jira(dc)-connector: invalid member resource type: %s", actor.Type)
 		}
 	}
 

pkg/connector/tickets.go

@@ -169,7 +169,7 @@ func (d *Connector) ListTicketSchemas(ctx context.Context, pToken *pagination.To
 		projectKeyMap[str] = true
 	}
 
-	projects, err := d.jiraClient.ListProjects(ctx)
+	projects, err := d.jiraClient.ListProjectsWithDetails(ctx)
 	if err != nil {
 		return nil, "", nil, err
 	}