add external id sync and optional create for orgs (#2336)

Author: breardon2011

taco/internal/api/internal.go

@@ -56,6 +56,7 @@ func RegisterInternalRoutes(e *echo.Echo, deps Dependencies) {
 
 		// Organization endpoints
 		internal.POST("/orgs", orgHandler.CreateOrganization)
+		internal.POST("/orgs/sync", orgHandler.SyncExternalOrg)
 		internal.GET("/orgs/:orgId", orgHandler.GetOrganization)
 		internal.GET("/orgs", orgHandler.ListOrganizations)
 

taco/internal/api/org_handler.go

@@ -1,10 +1,11 @@
 package api
 
 import (
+	"context"
 	"errors"
 	"log/slog"
 	"net/http"
-	"context"
+	"strings"
 
 	"github.com/diggerhq/digger/opentaco/internal/domain"
 	"github.com/diggerhq/digger/opentaco/internal/rbac"
@@ -29,17 +30,19 @@ func NewOrgHandler(orgRepo domain.OrganizationRepository, userRepo domain.UserRe
 
 // CreateOrgRequest is the request body for creating an organization
 type CreateOrgRequest struct {
-	Name        string `json:"name" validate:"required"`         // Unique identifier (e.g., "acme")
-	DisplayName string `json:"display_name" validate:"required"` // Friendly name (e.g., "Acme Corp")
+	Name          string `json:"name" validate:"required"`         // Unique identifier (e.g., "acme")
+	DisplayName   string `json:"display_name" validate:"required"` // Friendly name (e.g., "Acme Corp")
+	ExternalOrgID string `json:"external_org_id"`                  // External org identifier (optional)
 }
 
 // CreateOrgResponse is the response for creating an organization
 type CreateOrgResponse struct {
-	ID          string `json:"id"`           // UUID
-	Name        string `json:"name"`         // Unique identifier
-	DisplayName string `json:"display_name"` // Friendly name
-	CreatedBy   string `json:"created_by"`
-	CreatedAt   string `json:"created_at"`
+	ID            string `json:"id"`             // UUID
+	Name          string `json:"name"`           // Unique identifier
+	DisplayName   string `json:"display_name"`    // Friendly name
+	ExternalOrgID string `json:"external_org_id"` // External org identifier
+	CreatedBy     string `json:"created_by"`
+	CreatedAt     string `json:"created_at"`
 }
 
 // CreateOrganization handles POST /internal/orgs
@@ -102,7 +105,7 @@ func (h *OrgHandler) CreateOrganization(c echo.Context) error {
 
 	// Create organization in transaction
 	err := h.orgRepo.WithTransaction(ctx, func(ctx context.Context, txRepo domain.OrganizationRepository) error {
-		createdOrg, err := txRepo.Create(ctx, req.Name, req.DisplayName, userIDStr)
+		createdOrg, err := txRepo.Create(ctx, req.Name, req.Name, req.DisplayName, req.ExternalOrgID, userIDStr)
 		if err != nil {
 			return err
 		}
@@ -122,9 +125,17 @@ func (h *OrgHandler) CreateOrganization(c echo.Context) error {
 				"error": err.Error(),
 			})
 		}
+		
+		// Check for external org ID conflict
+		if strings.Contains(err.Error(), "external org ID already exists") {
+			return c.JSON(http.StatusConflict, map[string]string{
+				"error": err.Error(),
+			})
+		}
 
 		slog.Error("Failed to create organization",
 			"name", req.Name,
+			"externalOrgID", req.ExternalOrgID,
 			"error", err,
 		)
 		return c.JSON(http.StatusInternalServerError, map[string]string{
@@ -162,11 +173,148 @@ func (h *OrgHandler) CreateOrganization(c echo.Context) error {
 
 	// Success - org created (and RBAC initialized if available)
 	return c.JSON(http.StatusCreated, CreateOrgResponse{
-		ID:          org.ID,
-		Name:        org.Name,
-		DisplayName: org.DisplayName,
-		CreatedBy:   org.CreatedBy,
-		CreatedAt:   org.CreatedAt.Format("2006-01-02T15:04:05Z07:00"),
+		ID:            org.ID,
+		Name:          org.Name,
+		DisplayName:   org.DisplayName,
+		ExternalOrgID: org.ExternalOrgID,
+		CreatedBy:     org.CreatedBy,
+		CreatedAt:     org.CreatedAt.Format("2006-01-02T15:04:05Z07:00"),
+	})
+}
+
+// SyncExternalOrgRequest is the request body for syncing an external organization
+type SyncExternalOrgRequest struct {
+	Name          string `json:"name" validate:"required"`           // Internal name (e.g., "acme")
+	DisplayName   string `json:"display_name" validate:"required"` // Friendly name (e.g., "Acme Corp")
+	ExternalOrgID string `json:"external_org_id" validate:"required"` // External org identifier
+}
+
+// SyncExternalOrgResponse is the response for syncing an external organization
+type SyncExternalOrgResponse struct {
+	Status       string `json:"status"`        // "created" or "existing"
+	Organization *domain.Organization `json:"organization"`
+}
+
+// SyncExternalOrg handles POST /internal/orgs/sync
+// Creates a new organization with external mapping or returns existing one
+func (h *OrgHandler) SyncExternalOrg(c echo.Context) error {
+	ctx := c.Request().Context()
+
+	// Get user context from webhook middleware
+	userID := c.Get("user_id")
+	email := c.Get("email")
+
+	if userID == nil || email == nil {
+		slog.Error("Missing user context in sync org request")
+		return c.JSON(http.StatusBadRequest, map[string]string{
+			"error": "user context required",
+		})
+	}
+
+	userIDStr, ok := userID.(string)
+	if !ok || userIDStr == "" {
+		slog.Error("Invalid user_id type in context")
+		return c.JSON(http.StatusInternalServerError, map[string]string{
+			"error": "invalid user context - webhook middleware misconfigured",
+		})
+	}
+
+	// Parse request
+	var req SyncExternalOrgRequest
+	if err := c.Bind(&req); err != nil {
+		slog.Error("Failed to bind sync org request", "error", err)
+		return c.JSON(http.StatusBadRequest, map[string]string{
+			"error": "invalid request body",
+		})
+	}
+
+	if req.Name == "" || req.DisplayName == "" || req.ExternalOrgID == "" {
+		return c.JSON(http.StatusBadRequest, map[string]string{
+			"error": "name, display_name, and external_org_id are required",
+		})
+	}
+
+	slog.Info("Syncing external organization",
+		"name", req.Name,
+		"displayName", req.DisplayName,
+		"externalOrgID", req.ExternalOrgID,
+		"createdBy", userIDStr,
+	)
+
+	// Check if external org ID already exists
+	existingOrg, err := h.orgRepo.GetByExternalID(ctx, req.ExternalOrgID)
+	if err == nil {
+		// External org ID exists, return existing org
+		slog.Info("External organization already exists",
+			"externalOrgID", req.ExternalOrgID,
+			"orgID", existingOrg.ID,
+		)
+		return c.JSON(http.StatusOK, SyncExternalOrgResponse{
+			Status:       "existing",
+			Organization: existingOrg,
+		})
+	}
+
+	if err != domain.ErrOrgNotFound {
+		slog.Error("Failed to check existing external org ID",
+			"externalOrgID", req.ExternalOrgID,
+			"error", err,
+		)
+		return c.JSON(http.StatusInternalServerError, map[string]string{
+			"error": "failed to check existing external organization",
+		})
+	}
+
+	// Create new organization with external mapping
+	var org *domain.Organization
+	err = h.orgRepo.WithTransaction(ctx, func(ctx context.Context, txRepo domain.OrganizationRepository) error {
+		createdOrg, err := txRepo.Create(ctx, req.Name, req.Name, req.DisplayName, req.ExternalOrgID, userIDStr)
+		if err != nil {
+			return err
+		}
+		org = createdOrg
+		return nil
+	})
+
+	if err != nil {
+		if errors.Is(err, domain.ErrOrgExists) {
+			return c.JSON(http.StatusConflict, map[string]string{
+				"error": "organization name already exists",
+			})
+		}
+		if errors.Is(err, domain.ErrInvalidOrgID) {
+			return c.JSON(http.StatusBadRequest, map[string]string{
+				"error": err.Error(),
+			})
+		}
+		
+		// Check for external org ID conflict
+		if strings.Contains(err.Error(), "external org ID already exists") {
+			return c.JSON(http.StatusConflict, map[string]string{
+				"error": err.Error(),
+			})
+		}
+
+		slog.Error("Failed to create organization during sync",
+			"name", req.Name,
+			"externalOrgID", req.ExternalOrgID,
+			"error", err,
+		)
+		return c.JSON(http.StatusInternalServerError, map[string]string{
+			"error": "failed to create organization",
+			"detail": err.Error(),
+		})
+	}
+
+	slog.Info("External organization synced successfully",
+		"name", req.Name,
+		"externalOrgID", req.ExternalOrgID,
+		"orgID", org.ID,
+	)
+
+	return c.JSON(http.StatusCreated, SyncExternalOrgResponse{
+		Status:       "created",
+		Organization: org,
 	})
 }
 

taco/internal/domain/organization.go

@@ -24,12 +24,13 @@ var OrgIDPattern = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]$`)
 // Organization represents an organization in the domain layer
 // This is the domain model, separate from database entities
 type Organization struct {
-	ID          string // UUID (primary key, for API)
-	Name        string // Unique identifier (e.g., "acme") - used in CLI and paths
-	DisplayName string // Friendly name (e.g., "Acme Corp") - shown in UI
-	CreatedBy   string
-	CreatedAt   time.Time
-	UpdatedAt   time.Time
+	ID            string // UUID (primary key, for API)
+	Name          string // Unique identifier (e.g., "acme") - used in CLI and paths
+	DisplayName   string // Friendly name (e.g., "Acme Corp") - shown in UI
+	ExternalOrgID string // External org identifier (empty string if not set)
+	CreatedBy     string
+	CreatedAt     time.Time
+	UpdatedAt     time.Time
 }
 
 // ============================================
@@ -39,8 +40,9 @@ type Organization struct {
 // OrganizationRepository defines the interface for organization data access
 // Implementations live in the repositories package
 type OrganizationRepository interface {
-	Create(ctx context.Context, orgID, name, createdBy string) (*Organization, error)
+	Create(ctx context.Context, orgID, name, displayName, externalOrgID, createdBy string) (*Organization, error)
 	Get(ctx context.Context, orgID string) (*Organization, error)
+	GetByExternalID(ctx context.Context, externalOrgID string) (*Organization, error)
 	List(ctx context.Context) ([]*Organization, error)
 	Delete(ctx context.Context, orgID string) error
 

taco/internal/query/types/models.go

@@ -106,12 +106,13 @@ func (rut *RuleUnitTag) BeforeCreate(tx *gorm.DB) error {
 }
 
 type Organization struct {
-	ID          string `gorm:"type:varchar(36);primaryKey"`
-	Name        string `gorm:"type:varchar(255);not null;uniqueIndex"` // Unique identifier (e.g., "acme") - used in CLI and paths
-	DisplayName string `gorm:"type:varchar(255);not null"`             // Friendly name (e.g., "Acme Corp") - shown in UI
-	CreatedBy   string `gorm:"type:varchar(255);not null"`
-	CreatedAt   time.Time
-	UpdatedAt   time.Time
+	ID            string `gorm:"type:varchar(36);primaryKey"`
+	Name          string `gorm:"type:varchar(255);not null;uniqueIndex"` // Unique identifier (e.g., "acme") - used in CLI and paths
+	DisplayName   string `gorm:"type:varchar(255);not null"`             // Friendly name (e.g., "Acme Corp") - shown in UI
+	ExternalOrgID *string `gorm:"type:varchar(500);uniqueIndex"`          // External org identifier (optional, nullable)
+	CreatedBy     string `gorm:"type:varchar(255);not null"`
+	CreatedAt     time.Time
+	UpdatedAt     time.Time
 }
 
 func (o *Organization) BeforeCreate(tx *gorm.DB) error {

taco/internal/repositories/identifier_resolver.go

@@ -36,22 +36,31 @@ func (r *gormIdentifierResolver) ResolveOrganization(ctx context.Context, identi
 		return parsed.UUID, nil
 	}
 
-	// Query by name (organizations.name is the short identifier like "default")
+	// Try to resolve by internal name first
 	var result struct{ ID string }
 	err = r.db.WithContext(ctx).
 		Table("organizations").
 		Select("id").
 		Where("name = ?", parsed.Name).
 		First(&result).Error
 
-	if err != nil {
-		if err == gorm.ErrRecordNotFound {
-			return "", fmt.Errorf("organization not found: %s", parsed.Name)
-		}
-		return "", err
+	if err == nil {
+		return result.ID, nil
 	}
 
-	return result.ID, nil
+	// If not found by name, try external org ID
+	// This handles cases where someone passes an external ID directly
+	err = r.db.WithContext(ctx).
+		Table("organizations").
+		Select("id").
+		Where("external_org_id = ?", parsed.Name).
+		First(&result).Error
+	
+	if err == nil {
+		return result.ID, nil
+	}
+	
+	return "", fmt.Errorf("organization not found: %s", parsed.Name)
 }
 
 // ResolveUnit resolves unit identifier to UUID within an organization