Merge pull request #85 from ConductorOne/bugfix/user_provisioning

[BB-858] fix user provisioning existing user

Author: btipling

pkg/client/client.go

@@ -298,6 +298,7 @@ func (client *Client) ListAllRoles(ctx context.Context) ([]RolesAPIData, error)
 // GetUser
 // Returns specific users.
 func (client *Client) GetUser(ctx context.Context, userName string) (jira.User, error) {
+	l := ctxzap.Extract(ctx)
 	var usersAPIData []UsersAPIData
 	req, err := getRequest(ctx, client, allUsersV2, Query{
 		"username": userName,
@@ -308,16 +309,27 @@ func (client *Client) GetUser(ctx context.Context, userName string) (jira.User,
 
 	resp, err := client.httpClient.Do(req, uhttp.WithJSONResponse(&usersAPIData))
 	if err != nil {
+		l.Debug("error fetching user", zap.String("username", userName), zap.Error(err))
 		return jira.User{}, err
 	}
 
 	defer resp.Body.Close()
 
 	if len(usersAPIData) == 0 {
+		l.Debug("user not found error", zap.String("username", userName))
 		return jira.User{}, fmt.Errorf("%w: %s", ErrUserNotFound, userName)
 	}
 
+	if len(usersAPIData) > 1 {
+		l.Debug("multiple users found for username", zap.String("username", userName))
+		return jira.User{}, fmt.Errorf("%w: more than one result for %s", ErrUserNotFound, userName)
+	}
+
 	user := usersAPIData[0]
+	if user.Name != userName && user.EmailAddress != userName {
+		l.Debug("user not found error, no exact match for username", zap.String("username", userName))
+		return jira.User{}, fmt.Errorf("%w: no exact match for username %s", ErrUserNotFound, userName)
+	}
 
 	return jira.User{
 		Self:         user.Self,
@@ -374,6 +386,27 @@ func (client *Client) GetProjectRoles(ctx context.Context, projectId string) (ma
 	return projectRolesAPIData, err
 }
 
+func (client *Client) GetProjectRoleDetailsById(ctx context.Context, projectId string, roleId string) (*RolesAPIData, error) {
+	var projectRoleDetailsAPIData RolesAPIData
+	endpointUrl, err := url.JoinPath(allProjects, projectId, "role", roleId)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := getRequest(ctx, client, endpointUrl, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := client.httpClient.Do(req, uhttp.WithJSONResponse(&projectRoleDetailsAPIData))
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	return &projectRoleDetailsAPIData, err
+}
+
 // GetProjectRoleDetails
 // Returns all role details that are present in specific project.
 func (client *Client) GetProjectRoleDetails(ctx context.Context, urlApi string) (RolesAPIData, error) {

pkg/connector/project.go

@@ -213,6 +213,22 @@ func (p *projectBuilder) Grant(ctx context.Context, principal *v2.Resource, enti
 			return nil, err
 		}
 
+		// // Verify the user is not already a member of the project role
+		roleDetails, err := p.client.GetProjectRoleDetailsById(ctx, projectId, roleId)
+		if err != nil {
+			return nil, fmt.Errorf("failed to fetch role details, %w", err)
+		}
+		for _, actor := range roleDetails.Actors {
+			if actor.Name == userName {
+				l.Debug("Project Membership already exists.",
+					zap.String("userName", userName),
+					zap.String("projectId", projectId),
+					zap.String("roleId", roleId),
+				)
+				return annotations.New(&v2.GrantAlreadyExists{}), nil
+			}
+		}
+
 		body := client.BodyActors{
 			User: []string{
 				userName,

pkg/connector/users.go

@@ -165,7 +165,18 @@ func (u *userBuilder) CreateAccount(
 		username = email
 	}
 
-	if existingUser, err := u.client.GetUser(ctx, email); err == nil {
+	existingUser, err := u.client.GetUser(ctx, username)
+	if err != nil && username != email {
+		// If the username is not found, try to get the user by email
+		l.Debug("username not found, attempting to get user by email",
+			zap.String("username", username),
+			zap.String("email", email),
+			zap.Error(err),
+		)
+		existingUser, err = u.client.GetUser(ctx, email)
+	}
+
+	if err == nil {
 		l.Info("user already exists in Jira DC, returning existing user resource",
 			zap.String("email", email),
 			zap.String("user_id", existingUser.Key),
@@ -177,6 +188,11 @@ func (u *userBuilder) CreateAccount(
 		createdAccount = false
 		username = existingUser.Name
 	} else {
+		l.Debug("user does not exist in Jira DC, creating new user",
+			zap.String("email", email),
+			zap.String("username", username),
+			zap.Error(err),
+		)
 		firstName, _ := profile["first_name"].(string)
 		lastName, _ := profile["last_name"].(string)