[BB-1542] Add license entitlement provisioning

pkg/connector/license.go

@@ -17,9 +17,15 @@ import (
 )
 
 var licences = []string{creator, explorer, viewer, unlicensed}
+var licensesMap = map[string]string{
+	"creator":    creator,
+	"explorer":   explorer,
+	"viewer":     viewer,
+	"unlicensed": unlicensed,
+}
 var RolesPerLicense = map[string][]string{
-	creator:    {siteAdministratorCreator, creator},
-	explorer:   {siteAdministratorExplorer, explorerCanPublish, explorer, readOnly, siteAdministrator},
+	creator:    {creator, siteAdministratorCreator},
+	explorer:   {explorer, siteAdministratorExplorer, explorerCanPublish, readOnly, siteAdministrator},
 	viewer:     {viewer},
 	unlicensed: {unlicensed},
 }
@@ -105,6 +111,34 @@ func (l *licenseResourceType) Grants(ctx context.Context, resource *v2.Resource,
 	return rv, token, nil, nil
 }
 
+func (l *licenseResourceType) Grant(ctx context.Context, principal *v2.Resource, entitlement *v2.Entitlement) (annotations.Annotations, error) {
+	licenseName, ok := licensesMap[entitlement.Resource.Id.Resource]
+	if !ok {
+		return nil, fmt.Errorf("unknown license %s", entitlement.Resource.Id.Resource)
+	}
+	principalID := principal.Id.Resource
+
+	outputAnnotations := annotations.New()
+	err := l.client.UpdateUserSiteRole(ctx, principalID, licenseName)
+	if err != nil {
+		return outputAnnotations, fmt.Errorf("failed to grant %s license to user %s: %w", licenseName, principalID, err)
+	}
+
+	return outputAnnotations, nil
+}
+
+func (l *licenseResourceType) Revoke(ctx context.Context, grant *v2.Grant) (annotations.Annotations, error) {
+	principalID := grant.Principal.Id.Resource
+
+	outputAnnotations := annotations.New()
+	err := l.client.UpdateUserSiteRole(ctx, principalID, unlicensed)
+	if err != nil {
+		return outputAnnotations, fmt.Errorf("failed to revoke license from user %s: %w", principalID, err)
+	}
+
+	return outputAnnotations, nil
+}
+
 func licenseBuilder(client *tableau.Client) *licenseResourceType {
 	return &licenseResourceType{
 		resourceType: resourceTypeLicense,

pkg/connector/site.go

@@ -123,6 +123,43 @@ func (o *siteResourceType) Grants(ctx context.Context, resource *v2.Resource, pt
 	return rv, "", nil, nil
 }
 
+func (o *siteResourceType) Grant(ctx context.Context, principal *v2.Resource, entitlement *v2.Entitlement) (annotations.Annotations, error) {
+	roleName := entitlement.Slug
+	principalID := principal.Id.Resource
+
+	var apiRoleName string
+	for key, value := range roles {
+		if value == roleName {
+			apiRoleName = key
+			break
+		}
+	}
+
+	if apiRoleName == "" {
+		return nil, fmt.Errorf("unknown role: %s", roleName)
+	}
+
+	outputAnnotations := annotations.New()
+	err := o.client.UpdateUserSiteRole(ctx, principalID, apiRoleName)
+	if err != nil {
+		return outputAnnotations, fmt.Errorf("failed to grant %s role to user %s: %w", roleName, principalID, err)
+	}
+
+	return outputAnnotations, nil
+}
+
+func (o *siteResourceType) Revoke(ctx context.Context, grant *v2.Grant) (annotations.Annotations, error) {
+	principalID := grant.Principal.Id.Resource
+
+	outputAnnotations := annotations.New()
+	err := o.client.UpdateUserSiteRole(ctx, principalID, unlicensed)
+	if err != nil {
+		return outputAnnotations, fmt.Errorf("failed to revoke site role from user %s: %w", principalID, err)
+	}
+
+	return outputAnnotations, nil
+}
+
 func siteBuilder(client *tableau.Client) *siteResourceType {
 	return &siteResourceType{
 		resourceType: resourceTypeSite,

pkg/tableau/client.go

@@ -426,3 +426,26 @@ func (c *Client) RemoveUserFromSite(ctx context.Context, userId string) error {
 
 	return nil
 }
+
+func (c *Client) UpdateUserSiteRole(ctx context.Context, userId string, siteRole string) error {
+	url := fmt.Sprint(c.baseUrl, "/sites/", c.siteId, "/users/", userId)
+	var res struct {
+		User User `json:"user"`
+	}
+
+	requestBody, err := json.Marshal(map[string]interface{}{
+		"user": map[string]interface{}{
+			"siteRole": siteRole,
+		},
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if err := c.doRequest(ctx, url, &res, nil, requestBody, http.MethodPut); err != nil {
+		return err
+	}
+
+	return nil
+}