Handletimeout errors (#50)

* Handletimeout errors * handle more requests and status * Use unavailable * Add more places * update baton-sdk
ConductorOne · Nov 7, 2024 · c91e7c7 · c91e7c7
1 parent 2885fca
commit c91e7c7
Show file tree

Hide file tree

Showing 44 changed files with 4,681 additions and 1,259 deletions.
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/conductorone/baton-okta
 go 1.22.2
 
 require (
-	github.com/conductorone/baton-sdk v0.2.25
+	github.com/conductorone/baton-sdk v0.2.44
 	github.com/deckarep/golang-set/v2 v2.6.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/okta/okta-sdk-golang/v2 v2.20.0
@@ -94,7 +94,7 @@ require (
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
-	google.golang.org/grpc v1.64.0 // indirect
+	google.golang.org/grpc v1.64.0
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -56,8 +56,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/conductorone/baton-sdk v0.2.25 h1:G4MHVM+c4kXcRxeTbMMG0LSeIBchXHcpuuTgn/vD8oE=
-github.com/conductorone/baton-sdk v0.2.25/go.mod h1:hmd/Oz3DPIKD+9QmkusZaA18ZoiinnTDdrxh2skcdUc=
+github.com/conductorone/baton-sdk v0.2.44 h1:bmPRs+esNsrcZrAd4YWTmyHFO89GwHu+GOp/57keeqY=
+github.com/conductorone/baton-sdk v0.2.44/go.mod h1:hmd/Oz3DPIKD+9QmkusZaA18ZoiinnTDdrxh2skcdUc=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

diff --git a/pkg/connector/app.go b/pkg/connector/app.go
@@ -239,7 +239,7 @@ func listApps(ctx context.Context, client *okta.Client, syncInactiveApps bool, t
 
 	apps, resp, err := client.Application.ListApplications(ctx, qp)
 	if err != nil {
-		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch apps from okta: %w", err)
+		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch apps from okta: %w", handleOktaResponseError(resp, err))
 	}
 
 	reqCtx, err := responseToContext(token, resp)
@@ -258,7 +258,7 @@ func listApps(ctx context.Context, client *okta.Client, syncInactiveApps bool, t
 func listApplicationGroupAssignments(ctx context.Context, client *okta.Client, appID string, token *pagination.Token, qp *query.Params) ([]*okta.ApplicationGroupAssignment, *responseContext, error) {
 	applicationGroupAssignments, resp, err := client.Application.ListApplicationGroupAssignments(ctx, appID, qp)
 	if err != nil {
-		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch app group assignments from okta: %w", err)
+		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch app group assignments from okta: %w", handleOktaResponseError(resp, err))
 	}
 
 	reqCtx, err := responseToContext(token, resp)
@@ -272,7 +272,7 @@ func listApplicationGroupAssignments(ctx context.Context, client *okta.Client, a
 func listApplicationUsers(ctx context.Context, client *okta.Client, appID string, token *pagination.Token, qp *query.Params) ([]*okta.AppUser, *responseContext, error) {
 	applicationUsers, resp, err := client.Application.ListApplicationUsers(ctx, appID, qp)
 	if err != nil {
-		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch app users from okta: %w", err)
+		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch app users from okta: %w", handleOktaResponseError(resp, err))
 	}
 
 	reqCtx, err := responseToContext(token, resp)

diff --git a/pkg/connector/group.go b/pkg/connector/group.go
@@ -164,7 +164,7 @@ func (o *groupResourceType) Grants(
 func (o *groupResourceType) listGroups(ctx context.Context, token *pagination.Token, qp *query.Params) ([]*okta.Group, *responseContext, error) {
 	groups, resp, err := o.connector.client.Group.ListGroups(ctx, qp)
 	if err != nil {
-		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch groups from okta: %w", err)
+		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch groups from okta: %w", handleOktaResponseError(resp, err))
 	}
 
 	reqCtx, err := responseToContext(token, resp)
@@ -258,7 +258,7 @@ func parseAccountIDAndRoleFromGroupName(ctx context.Context, roleRegex string, g
 func (o *groupResourceType) listGroupUsers(ctx context.Context, groupID string, token *pagination.Token, qp *query.Params) ([]*okta.User, *responseContext, error) {
 	users, resp, err := o.connector.client.Group.ListGroupUsers(ctx, groupID, qp)
 	if err != nil {
-		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch group users from okta: %w", err)
+		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch group users from okta: %w", handleOktaResponseError(resp, err))
 	}
 
 	reqCtx, err := responseToContext(token, resp)
@@ -272,7 +272,7 @@ func (o *groupResourceType) listGroupUsers(ctx context.Context, groupID string,
 func listUsersGroupsClient(ctx context.Context, client *okta.Client, userId string) ([]*okta.Group, *responseContext, error) {
 	users, resp, err := client.User.ListUserGroups(ctx, userId)
 	if err != nil {
-		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch group users from okta: %w", err)
+		return nil, nil, fmt.Errorf("okta-connectorv2: failed to fetch group users from okta: %w", handleOktaResponseError(resp, err))
 	}
 
 	reqCtx, err := responseToContext(&pagination.Token{}, resp)
@@ -359,7 +359,7 @@ func (g *groupResourceType) Grant(ctx context.Context, principal *v2.Resource, e
 
 	response, err := g.connector.client.Group.AddUserToGroup(ctx, groupId, userId)
 	if err != nil {
-		return nil, err
+		return nil, handleOktaResponseError(response, err)
 	}
 
 	l.Debug("Membership has been created",
@@ -387,7 +387,7 @@ func (g *groupResourceType) Revoke(ctx context.Context, grant *v2.Grant) (annota
 
 	response, err := g.connector.client.Group.RemoveUserFromGroup(ctx, groupId, userId)
 	if err != nil {
-		return nil, err
+		return nil, handleOktaResponseError(response, err)
 	}
 
 	l.Warn("Membership has been revoked",

diff --git a/pkg/connector/helpers.go b/pkg/connector/helpers.go
@@ -1,7 +1,9 @@
 package connector
 
 import (
+	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/url"
@@ -12,6 +14,8 @@ import (
 	"github.com/conductorone/baton-sdk/pkg/pagination"
 	"github.com/okta/okta-sdk-golang/v2/okta"
 	"github.com/okta/okta-sdk-golang/v2/okta/query"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 const (
@@ -117,6 +121,22 @@ func getError(response *okta.Response) (okta.Error, error) {
 	return errOkta, nil
 }
 
+func handleOktaResponseError(resp *okta.Response, err error) error {
+	var urlErr *url.Error
+	if errors.As(err, &urlErr) {
+		if urlErr.Timeout() {
+			return status.Error(codes.DeadlineExceeded, fmt.Sprintf("request timeout: %v", urlErr.URL))
+		}
+	}
+	if errors.Is(err, context.DeadlineExceeded) {
+		return status.Error(codes.DeadlineExceeded, "request timeout")
+	}
+	if resp != nil && resp.StatusCode >= 500 {
+		return status.Error(codes.Unavailable, "server error")
+	}
+	return err
+}
+
 func unmarshalSkipToken(token *pagination.Token) (int32, *pagination.Bag, error) {
 	b := &pagination.Bag{}
 	err := b.Unmarshal(token.Token)

diff --git a/pkg/connector/role.go b/pkg/connector/role.go
@@ -204,9 +204,9 @@ func (o *roleResourceType) Grants(
 
 			for _, user := range users {
 				userId := user.Id
-				roles, _, err := o.client.User.ListAssignedRolesForUser(ctx, userId, nil)
+				roles, resp, err := o.client.User.ListAssignedRolesForUser(ctx, userId, nil)
 				if err != nil {
-					return nil, "", nil, err
+					return nil, "", nil, handleOktaResponseError(resp, err)
 				}
 
 				for _, role := range roles {
@@ -363,7 +363,7 @@ func listOktaIamCustomRoles(
 func getOrgSettings(ctx context.Context, client *okta.Client, token *pagination.Token) (*okta.OrgSetting, *responseContext, error) {
 	orgSettings, resp, err := client.OrgSetting.GetOrgSettings(ctx)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, handleOktaResponseError(resp, err)
 	}
 
 	respCtx, err := responseToContext(token, resp)
@@ -426,7 +426,7 @@ func listAdministratorRoleFlags(
 			return nil, nil, errMissingRolePermissions
 		}
 
-		return nil, nil, err
+		return nil, nil, handleOktaResponseError(resp, err)
 	}
 
 	respCtx, err := responseToContext(token, resp)

diff --git a/pkg/connector/user.go b/pkg/connector/user.go
@@ -161,7 +161,7 @@ func listUsers(ctx context.Context, client *okta.Client, token *pagination.Token
 	}
 	oktaUsers, resp, err := client.User.ListUsers(ctx, qp)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, handleOktaResponseError(resp, err)
 	}
 	respCtx, err := responseToContext(token, resp)
 	if err != nil {

diff --git a/vendor/github.com/conductorone/baton-sdk/internal/connector/noop_ticketing.go b/vendor/github.com/conductorone/baton-sdk/internal/connector/noop_ticketing.go
diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go