Merge pull request #41 from ConductorOne/lauren/generate-role-grants-in-user-grants-method

store user role on user profile/move role grants to user grants method

Author: laurenleach

pkg/connector/connector.go

@@ -17,7 +17,6 @@ var (
 		Traits: []v2.ResourceType_Trait{
 			v2.ResourceType_TRAIT_USER,
 		},
-		Annotations: annotationsForUserResourceType(),
 	}
 	resourceTypeTeam = &v2.ResourceType{
 		Id:          "team",

pkg/connector/helpers.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/conductorone/baton-linear/pkg/linear"
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
-	"github.com/conductorone/baton-sdk/pkg/annotations"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
@@ -71,9 +70,3 @@ func parseMultipleTokens(token *pagination.Token) (linear.PaginationVars, error)
 
 	return paginationOptions, nil
 }
-
-func annotationsForUserResourceType() annotations.Annotations {
-	annos := annotations.Annotations{}
-	annos.Update(&v2.SkipEntitlementsAndGrants{})
-	return annos
-}

pkg/connector/role.go

@@ -9,7 +9,6 @@ import (
 	"github.com/conductorone/baton-sdk/pkg/annotations"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
 	ent "github.com/conductorone/baton-sdk/pkg/types/entitlement"
-	grant "github.com/conductorone/baton-sdk/pkg/types/grant"
 	resource "github.com/conductorone/baton-sdk/pkg/types/resource"
 )
 
@@ -92,49 +91,7 @@ func (o *roleResourceType) Entitlements(_ context.Context, resource *v2.Resource
 }
 
 func (o *roleResourceType) Grants(ctx context.Context, resource *v2.Resource, token *pagination.Token) ([]*v2.Grant, string, annotations.Annotations, error) {
-	var annotations annotations.Annotations
-	bag, err := parsePageToken(token.Token, &v2.ResourceId{ResourceType: resourceTypeUser.Id})
-	if err != nil {
-		return nil, "", nil, err
-	}
-
-	allUsers, nextToken, _, rlData, err := o.client.GetUsers(ctx, linear.GetResourcesVars{First: resourcePageSize, After: bag.PageToken()})
-	annotations.WithRateLimiting(rlData)
-	if err != nil {
-		return nil, "", annotations, fmt.Errorf("linear-connector: failed to list users: %w", err)
-	}
-
-	pageToken, err := bag.NextToken(nextToken)
-	if err != nil {
-		return nil, "", annotations, err
-	}
-
-	var userRole string
-	var rv []*v2.Grant
-
-	for _, user := range allUsers {
-		switch {
-		case user.Admin:
-			userRole = roleAdmin
-		case user.Guest:
-			userRole = roleGuest
-		default:
-			userRole = roleUser
-		}
-
-		if resource.Id.Resource == userRole {
-			userCopy := user
-			ur, err := userResource(ctx, &userCopy, resource.Id)
-			if err != nil {
-				return nil, "", annotations, err
-			}
-
-			gr := grant.NewGrant(resource, membership, ur.Id)
-			rv = append(rv, gr)
-		}
-	}
-
-	return rv, pageToken, annotations, nil
+	return nil, "", nil, nil
 }
 
 func roleBuilder(client *linear.Client) *roleResourceType {

pkg/connector/user.go

@@ -9,9 +9,12 @@ import (
 	v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2"
 	"github.com/conductorone/baton-sdk/pkg/annotations"
 	"github.com/conductorone/baton-sdk/pkg/pagination"
-	resource "github.com/conductorone/baton-sdk/pkg/types/resource"
+	"github.com/conductorone/baton-sdk/pkg/types/grant"
+	sdkResource "github.com/conductorone/baton-sdk/pkg/types/resource"
 )
 
+const userRoleProfileKey = "user_role"
+
 type userResourceType struct {
 	resourceType *v2.ResourceType
 	client       *linear.Client
@@ -33,25 +36,36 @@ func userResource(ctx context.Context, user *linear.User, parentResourceID *v2.R
 		lastName = names[1]
 	}
 
+	var userRole string
+	switch {
+	case user.Admin:
+		userRole = roleAdmin
+	case user.Guest:
+		userRole = roleGuest
+	default:
+		userRole = roleUser
+	}
+
 	profile := map[string]interface{}{
-		"first_name": firstName,
-		"last_name":  lastName,
-		"login":      user.Email,
-		"user_id":    user.ID,
+		"first_name":       firstName,
+		"last_name":        lastName,
+		"login":            user.Email,
+		"user_id":          user.ID,
+		userRoleProfileKey: userRole,
 	}
 
-	userTraitOptions := []resource.UserTraitOption{
-		resource.WithUserProfile(profile),
-		resource.WithEmail(user.Email, true),
-		resource.WithStatus(v2.UserTrait_Status_STATUS_ENABLED),
+	userTraitOptions := []sdkResource.UserTraitOption{
+		sdkResource.WithUserProfile(profile),
+		sdkResource.WithEmail(user.Email, true),
+		sdkResource.WithStatus(v2.UserTrait_Status_STATUS_ENABLED),
 	}
 
-	ret, err := resource.NewUserResource(
+	ret, err := sdkResource.NewUserResource(
 		user.Name,
 		resourceTypeUser,
 		user.ID,
 		userTraitOptions,
-		resource.WithParentResourceID(parentResourceID),
+		sdkResource.WithParentResourceID(parentResourceID),
 	)
 	if err != nil {
 		return nil, err
@@ -99,8 +113,25 @@ func (o *userResourceType) Entitlements(_ context.Context, _ *v2.Resource, _ *pa
 	return nil, "", nil, nil
 }
 
-func (o *userResourceType) Grants(_ context.Context, _ *v2.Resource, _ *pagination.Token) ([]*v2.Grant, string, annotations.Annotations, error) {
-	return nil, "", nil, nil
+func (o *userResourceType) Grants(ctx context.Context, resource *v2.Resource, pt *pagination.Token) ([]*v2.Grant, string, annotations.Annotations, error) {
+	var rv []*v2.Grant
+	userTrait, err := sdkResource.GetUserTrait(resource)
+	if err != nil {
+		return nil, "", nil, fmt.Errorf("list-grants: Failed to get user trait from user: %w", err)
+	}
+	userProfile := userTrait.GetProfile()
+	userRole, present := sdkResource.GetProfileStringValue(userProfile, userRoleProfileKey)
+	if !present {
+		return nil, "", nil, fmt.Errorf("list-grants: user role was not present on profile")
+	}
+	rr, err := roleResource(ctx, userRole, resource.ParentResourceId)
+	if err != nil {
+		return nil, "", nil, err
+	}
+	gr := grant.NewGrant(rr, membership, resource.Id)
+
+	rv = append(rv, gr)
+	return rv, "", nil, nil
 }
 
 func userBuilder(client *linear.Client) *userResourceType {