Merge pull request #1 from ConductorOne/jbernal/connector

Jbernal/connector

.github/workflows/ci.yaml

@@ -1,6 +1,9 @@
-name: ci
+name: Test Baton Gitlab Integration
+
 on: pull_request
+
 jobs:
+
   go-lint:
     runs-on: ubuntu-latest
     steps:
@@ -11,94 +14,124 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run linters
-        uses: golangci/golangci-lint-action@v5
+        uses: golangci/golangci-lint-action@v6
         with:
           version: latest
           args: --timeout=3m
-  go-test:
-    strategy:
-      matrix:
-        go-version: [1.22.x]
-        platform: [ubuntu-latest]
-    runs-on: ${{ matrix.platform }}
+
+  test-groups:
+    runs-on: ubuntu-latest
+
+    env:
+      # Logging level for Baton
+      BATON_LOG_LEVEL: debug
+
+      # Connector-specific details
+      CONNECTOR_GRANT: 'group:100021949:Maintainer:user:25334081'
+      CONNECTOR_ENTITLEMENT: 'group:100021949:Maintainer'
+      CONNECTOR_PRINCIPAL: '25334081'
+      CONNECTOR_PRINCIPAL_TYPE: 'user'
+
+      # Secrets for Baton authentication
+      BATON_ACCESS_TOKEN: "${{ secrets.BATON_ACCESS_TOKEN }}"
+
     steps:
+      # Step 1: Set up Go environment
       - name: Install Go
-        if: success()
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ matrix.go-version }}
+          go-version: 1.23.4
       - name: Checkout code
         uses: actions/checkout@v4
-      - name: go tests
-        run: (set -o pipefail && go test -v -covermode=count -json ./... | tee test.json)
-      - name: annotate go tests
-        if: always()
-        uses: guyarb/[email protected]
-        with:
-          test-results: test.json
+      - name: Build baton-gitlab
+        run: go build ./cmd/baton-gitlab
+      - name: Run baton-gitlab
+        run: ./baton-gitlab
+      - name: Install baton
+        run: ./scripts/get-baton.sh && mv baton /usr/local/bin
+
+      - name: Check for grant before revoking
+        run: |
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
+          jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
+
+      - name: Revoke grants
+        run: ./baton-gitlab --revoke-grant="${{ env.CONNECTOR_GRANT }}"
+
+      - name: Check grant was revoked
+        run: |
+          ./baton-gitlab && \
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
+          jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
+
+      - name: Grant entitlement
+        run: |
+          ./baton-gitlab --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
+                          --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
+                          --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"
+
+      - name: Check grant was re-granted
+        run: |
+          ./baton-gitlab && \
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
+          jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
 
-  test:
+
+  test-projects:
     runs-on: ubuntu-latest
-    # Define any services needed for the test suite (or delete this section)
-    # services:
-    #   postgres:
-    #     image: postgres:16
-    #     ports:
-    #       - "5432:5432"
-    #     env:
-    #       POSTGRES_PASSWORD: secretpassword
+
     env:
+      # Logging level for Baton
       BATON_LOG_LEVEL: debug
-      # Add any environment variables needed to run baton-gitlab
-      # BATON_BASE_URL: 'http://localhost:8080'
-      # BATON_ACCESS_TOKEN: 'secret_token'
-      # The following parameters are passed to grant/revoke commands
-      # Change these to the correct IDs for your test data
-      CONNECTOR_GRANT: 'grant:entitlement:group:1234:member:user:9876'
-      CONNECTOR_ENTITLEMENT: 'entitlement:group:1234:member'
-      CONNECTOR_PRINCIPAL: 'user:9876'
+
+      # Connector-specific details
+      CONNECTOR_GRANT: 'project:65850627:Reporter:user:25334081'
+      CONNECTOR_ENTITLEMENT: 'project:65850627:Reporter'
+      CONNECTOR_PRINCIPAL: '25334081'
       CONNECTOR_PRINCIPAL_TYPE: 'user'
+
+      # Secrets for Baton authentication
+      BATON_ACCESS_TOKEN: "${{ secrets.BATON_ACCESS_TOKEN }}"
+
     steps:
+      # Step 1: Set up Go environment
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22.x
+          go-version: 1.23.4
       - name: Checkout code
         uses: actions/checkout@v4
-      # Install any dependencies here (or delete this)
-      # - name: Install postgres client
-      #   run: sudo apt install postgresql-client
-      # Run any fixture setup here (or delete this)
-      # - name: Import sql into postgres
-      #   run: psql -h localhost --user postgres -f environment.sql
-      #   env:
-      #     PGPASSWORD: secretpassword
       - name: Build baton-gitlab
         run: go build ./cmd/baton-gitlab
       - name: Run baton-gitlab
         run: ./baton-gitlab
-
       - name: Install baton
         run: ./scripts/get-baton.sh && mv baton /usr/local/bin
 
+      # tests
       - name: Check for grant before revoking
-
-        run:
-          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
-
+        run: |
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
+          jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
 
       - name: Revoke grants
         run: ./baton-gitlab --revoke-grant="${{ env.CONNECTOR_GRANT }}"
 
       - name: Check grant was revoked
-        run: ./baton-gitlab && baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
+        run: |
+          ./baton-gitlab && \
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
+          jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
 
       - name: Grant entitlement
-        # Change the grant arguments to the correct IDs for your test data
-        run: ./baton-gitlab --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"
+        run: |
+          ./baton-gitlab --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
+                          --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
+                          --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"
 
       - name: Check grant was re-granted
-
-        run:
-          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
+        run: |
+          ./baton-gitlab && \
+          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
+          jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
 

Makefile

@@ -26,3 +26,7 @@ add-dep:
 .PHONY: lint
 lint:
 	golangci-lint run
+
+.PHONY: run
+run:
+	go run ./cmd/baton-gitlab

README.md

@@ -38,6 +38,8 @@ baton resources
 
 `baton-gitlab` will pull down information about the following resources:
 - Users
+- Groups
+- Projects
 
 # Contributing, Support and Issues
 
@@ -65,6 +67,8 @@ Available Commands:
 Flags:
       --client-id string             The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
       --client-secret string         The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
+      --access-token string          The access token used to authenticate with the GitLab API ($BATON_ACCESS_TOKEN)
+      --base-url string              The base URL for the GitLab API ($BATON_BASE_URL) (default "https://gitlab.com/")
   -f, --file string                  The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
   -h, --help                         help for baton-gitlab
       --log-format string            The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")

cmd/baton-gitlab/config.go

@@ -6,10 +6,25 @@ import (
 )
 
 var (
+	AccessToken = field.StringField(
+		"access-token",
+		field.WithDescription("The access token to authenticate with the GitLab API"),
+		field.WithRequired(true),
+	)
+	BaseURL = field.StringField(
+		"base-url",
+		field.WithDescription("The base URL of the GitLab instance"),
+		field.WithDefaultValue("https://gitlab.com/"),
+		field.WithRequired(false),
+	)
+
 	// ConfigurationFields defines the external configuration required for the
 	// connector to run. Note: these fields can be marked as optional or
 	// required.
-	ConfigurationFields = []field.SchemaField{}
+	ConfigurationFields = []field.SchemaField{
+		AccessToken,
+		BaseURL,
+	}
 
 	// FieldRelationships defines relationships between the fields listed in
 	// ConfigurationFields that can be automatically validated. For example, a

cmd/baton-gitlab/main.go

@@ -5,13 +5,13 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/conductorone/baton-gitlab/pkg/connector"
 	"github.com/conductorone/baton-sdk/pkg/config"
 	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
 	"github.com/conductorone/baton-sdk/pkg/field"
 	"github.com/conductorone/baton-sdk/pkg/types"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"github.com/spf13/viper"
-	"github.com/conductorone/baton-gitlab/pkg/connector"
 	"go.uber.org/zap"
 )
 
@@ -48,7 +48,12 @@ func getConnector(ctx context.Context, v *viper.Viper) (types.ConnectorServer, e
 		return nil, err
 	}
 
-	cb, err := connector.New(ctx)
+	cb, err := connector.New(
+		ctx,
+		v.GetString(AccessToken.FieldName),
+		v.GetString(BaseURL.FieldName),
+	)
+
 	if err != nil {
 		l.Error("error creating connector", zap.Error(err))
 		return nil, err

go.mod

@@ -1,11 +1,12 @@
 module github.com/conductorone/baton-gitlab
 
-go 1.22.10
+go 1.23.4
 
 require (
 	github.com/conductorone/baton-sdk v0.2.61
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/spf13/viper v1.19.0
+	gitlab.com/gitlab-org/api/client-go v0.118.0
 	go.uber.org/zap v1.27.0
 )
 
@@ -44,7 +45,10 @@ require (
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -70,7 +74,7 @@ require (
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/testify v1.9.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tklauser/go-sysconf v0.3.14 // indirect
 	github.com/tklauser/numcpus v0.8.0 // indirect
@@ -86,9 +90,10 @@ require (
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae // indirect
 	google.golang.org/grpc v1.63.2 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
+	google.golang.org/protobuf v1.36.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect