Skip to content

Account provisioning support #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bemafisher1 merged 7 commits into from
Mar 26, 2025
Merged

Account provisioning support #40

bemafisher1 merged 7 commits into from
Mar 26, 2025

Conversation

@jirwin
Copy link
Contributor

@jirwin jirwin commented Mar 13, 2025
edited by bemafisher1
Loading

Description

  • Bug fix

  • New feature

  • Add account provisioning support with no password configuration.

Screenshot 2025-03-25 at 11 42 24 AM

Useful links:

jirwin
jirwin commented Mar 13, 2025
View reviewed changes
examples/wordpress.yml Outdated
vars:
username: "input.username"
email: "input.email"
password: "md5(credentials.password)"
Copy link
Contributor Author

@jirwin jirwin Mar 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

md5 isn't actually a valid CEL method here, had this as an example.

mj-palanker
mj-palanker reviewed Mar 25, 2025
View reviewed changes
pkg/bsql/user_syncer.go Outdated
Resource: accountResource,
}

return car, []*v2.PlaintextData{ptd}, nil, nil
Copy link

@mj-palanker mj-palanker Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are performing "no password" we shouldn't return plaintextData here. it can be an empty slice?
https://github.com/ConductorOne/baton-active-directory/blob/c433f970657570145c0e146e3b9ba8e420c21355/pkg/connector/users.go#L118
Here in AD we create an uninitialized var and just return it if we didn't generate it.

Copy link
Contributor

@bemafisher1 bemafisher1 Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I will add something similar and skip everything except no_password option for now

mj-palanker
mj-palanker reviewed Mar 25, 2025
View reviewed changes
pkg/bsql/user_syncer.go Outdated
return nil, nil, nil, err
}

plainTextPassword, err := crypto.GeneratePassword(credentialOptions)
Copy link

@mj-palanker mj-palanker Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to assert that the credentialOptions are infact no password
just until we actually implement it.

mj-palanker
mj-palanker reviewed Mar 25, 2025
View reviewed changes
pkg/bcel/bcel.go
Comment on lines +165 to +171
func (t *Env) AccountProvisioningInputs(inputs map[string]any) (map[string]any, error) {
ret := make(map[string]any)

ret["input"] = inputs

return ret, nil
}
Copy link

@mj-palanker mj-palanker Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's entirely possible that we're missing some functionality here. You can see other functions in this file evaluate some of these inputs as cel expressions. I'm not sure if that's something we want to do here, but this is where we'd do it I think

Copy link
Contributor

@bemafisher1 bemafisher1 Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can skip this altogether because prepareSchemaVars handles the input

mj-palanker
mj-palanker reviewed Mar 25, 2025
View reviewed changes
pkg/bsql/sql_syncer.go Outdated
Comment on lines 45 to 47
if rt.Traits[0] == v2.ResourceType_TRAIT_USER {
rv = newUserSyncer(rt, rtConfig, db, dbEngine, celEnv, c)
} else {
Copy link

@mj-palanker mj-palanker Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the "rtConfig" object is a ResourceType and it should have a AccountProvisioning *AccountProvisioning you can check here. that's probably a better thing to do here

mj-palanker
mj-palanker approved these changes Mar 26, 2025
View reviewed changes
Copy link

@mj-palanker mj-palanker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YAY 🎉

@bemafisher1 bemafisher1 marked this pull request as ready for review March 26, 2025 00:11
@bemafisher1 bemafisher1 merged commit 3f74811 into main Mar 26, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bemafisher1 bemafisher1 bemafisher1 left review comments

@mj-palanker mj-palanker mj-palanker approved these changes

@mstanbCO mstanbCO Awaiting requested review from mstanbCO

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jirwin @bemafisher1 @mj-palanker