Add capabilities generation and CI to github workflows. (#13)

Upgrade baton-sdk.

Author: ggreer

.github/workflows/capabilities.yaml

@@ -0,0 +1,39 @@
+name: Generate connector capabilities
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  calculate-capabilities:
+    env:
+      BATON_DSN: server=127.0.0.1;user id=sa;password=devP@ssw0rd;port=1433
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.RELENG_GITHUB_TOKEN }}
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Build
+        run: go build -o connector ./cmd/baton-sql-server
+
+      - name: Run Docker Compose as a Daemon (to start sql server)
+        run: docker-compose -f ./docker-compose.yml up --detach
+
+      - name: Run and save output
+        run: ./connector capabilities > baton_capabilities.json
+
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          default_author: github_actions
+          message: 'Updating baton capabilities.'
+          add: 'baton_capabilities.json'

.github/workflows/ci.yaml

@@ -5,11 +5,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.22.x
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Run linters
         uses: golangci/golangci-lint-action@v3
         with:
@@ -24,15 +24,61 @@ jobs:
     steps:
       - name: Install Go
         if: success()
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go-version }}
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: go tests
         run: go test -v -covermode=count -json ./... > test.json
       - name: annotate go tests
         if: always()
         uses: guyarb/[email protected]
         with:
-          test-results: test.json
+          test-results: test.json
+  test:
+    runs-on: ubuntu-latest
+    env:
+      BATON_LOG_LEVEL: debug
+      # Add any environment variables needed to run baton-sql-server
+      BATON_DSN: server=127.0.0.1;user id=sa;password=devP@ssw0rd;port=1433
+      # The following parameters are passed to grant/revoke commands
+      CONNECTOR_GRANT: 'database-role:msdb:6:member:user:257'
+      CONNECTOR_ENTITLEMENT: 'database-role:msdb:6:member'
+      CONNECTOR_PRINCIPAL_TYPE: 'user'
+      CONNECTOR_PRINCIPAL: '257'
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Run Docker Compose as a Daemon (to start sql server)
+        run: docker-compose -f ./docker-compose.yml up --detach
+      - name: Install baton
+        run: ./scripts/get-baton.sh && mv baton /usr/local/bin
+      - name: Build baton-sql-server
+        run: go build ./cmd/baton-sql-server
+      - name: Run baton-sql-server
+        run: ./baton-sql-server
+      - name: Check for grant before revoking
+        run: |
+          ./baton-sql-server
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
+      # - name: Revoke grants
+      #   run: |
+      #     ./baton-sql-server
+      #     ./baton-sql-server --revoke-grant ${{ env.CONNECTOR_GRANT }}
+      # - name: Check grant was revoked
+      #   run: |
+      #      ./baton-sql-server
+      #      baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
+      # - name: Grant entitlement
+      #   run: |
+      #     ./baton-sql-server
+      #     ./baton-sql-server --grant-entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --grant-principal-type ${{ env.CONNECTOR_PRINCIPAL_TYPE }} --grant-principal ${{ env.CONNECTOR_PRINCIPAL }}  --provisioning
+      # - name: Check grant was re-granted
+      #   run: |
+      #     ./baton-sql-server
+      #     baton grants --entitlement ${{ env.CONNECTOR_ENTITLEMENT }} --output-format=json | jq -e ".grants | any(.principal.id.resource ==\"${{ env.CONNECTOR_PRINCIPAL }}\")"

.github/workflows/main.yaml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.22.x
       - name: Checkout code
@@ -27,7 +27,7 @@ jobs:
     steps:
       - name: Install Go
         if: success()
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go-version }}
       - name: Checkout code

.github/workflows/release.yaml

@@ -14,7 +14,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.22.x
       - name: Set up Gon
@@ -41,7 +41,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.22.x
       - name: Docker Login

cmd/baton-sql-server/config.go

@@ -14,6 +14,10 @@ var (
 		field.WithRequired(true))
 )
 
+var cfg = field.Configuration{
+	Fields: []field.SchemaField{dsn},
+}
+
 // validateConfig is run after the configuration is loaded, and should return an error if it isn't valid.
 func validateConfig(_ context.Context, v *viper.Viper) error {
 	if v.GetString(dsn.FieldName) == "" {

cmd/baton-sql-server/main.go

@@ -7,7 +7,6 @@ import (
 
 	config "github.com/conductorone/baton-sdk/pkg/config"
 	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
-	"github.com/conductorone/baton-sdk/pkg/field"
 	"github.com/conductorone/baton-sdk/pkg/types"
 	"github.com/conductorone/baton-sql-server/pkg/connector"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
@@ -20,7 +19,7 @@ var version = "dev"
 func main() {
 	ctx := context.Background()
 
-	_, cmd, err := config.DefineConfiguration(ctx, "baton-sql-server", getConnector, []field.SchemaField{dsn}, nil)
+	_, cmd, err := config.DefineConfiguration(ctx, "baton-sql-server", getConnector, cfg)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err.Error())
 		os.Exit(1)

go.mod

@@ -3,7 +3,7 @@ module github.com/conductorone/baton-sql-server
 go 1.21
 
 require (
-	github.com/conductorone/baton-sdk v0.2.1
+	github.com/conductorone/baton-sdk v0.2.7
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/jmoiron/sqlx v1.3.5
 	github.com/microsoft/go-mssqldb v1.3.0

go.sum

@@ -54,8 +54,8 @@ github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/conductorone/baton-sdk v0.2.1 h1:Ft46eoVFO3q3Op/G65dcqubZe2pw/44GcpD+KnaVyq8=
-github.com/conductorone/baton-sdk v0.2.1/go.mod h1:cg5FyUcJnD7xK5SPbHe/KNpwUVVlpHJ9rnmd3UwxSkU=
+github.com/conductorone/baton-sdk v0.2.7 h1:mzp7H0zVeZLMvdGj3Yx31mpzM6ytNKI6QmpzRuiPlVE=
+github.com/conductorone/baton-sdk v0.2.7/go.mod h1:cg5FyUcJnD7xK5SPbHe/KNpwUVVlpHJ9rnmd3UwxSkU=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

scripts/get-baton.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+if [ "${ARCH}" = "x86_64" ]; then
+  ARCH="amd64"
+fi
+
+RELEASES_URL="https://api.github.com/repos/conductorone/baton/releases/latest"
+BASE_URL="https://github.com/conductorone/baton/releases/download"
+
+DOWNLOAD_URL=$(curl "${RELEASES_URL}" | jq --raw-output ".assets[].browser_download_url | match(\"${BASE_URL}/v[.0-9]+/baton-v[.0-9]+-${OS}-${ARCH}.*\"; \"i\").string")
+
+FILENAME=$(basename ${DOWNLOAD_URL})
+
+curl -LO ${DOWNLOAD_URL}
+tar xzf ${FILENAME}