Resource modeling recipes

// Define parent type with child annotation
var orgResourceType = &v2.ResourceType{
    Id:          "organization",
    DisplayName: "Organization",
    Traits:      []v2.ResourceType_Trait{v2.ResourceType_TRAIT_GROUP},
}

var projectResourceType = &v2.ResourceType{
    Id:          "project",
    DisplayName: "Project",
    Traits:      []v2.ResourceType_Trait{v2.ResourceType_TRAIT_GROUP},
}

// In org List(), declare children
func (o *orgBuilder) List(ctx context.Context, _ *v2.ResourceId,
    pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {

    orgs, err := o.client.ListOrgs(ctx)
    if err != nil {
        return nil, "", nil, err
    }

    var resources []*v2.Resource
    for _, org := range orgs {
        r, _ := resource.NewResource(org.Name, orgResourceType, org.ID,
            // Declare that this org has project children
            resource.WithAnnotation(&v2.ChildResourceType{
                ResourceTypeId: projectResourceType.Id,
            }),
        )
        resources = append(resources, r)
    }

    return resources, "", nil, nil
}

// In project List(), reference parent
func (p *projectBuilder) List(ctx context.Context, parentID *v2.ResourceId,
    pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {

    // parentID is the org ID when SDK calls this for each org
    if parentID == nil {
        return nil, "", nil, nil // Projects only exist within orgs
    }

    projects, err := p.client.ListProjects(ctx, parentID.Resource)
    if err != nil {
        return nil, "", nil, err
    }

    var resources []*v2.Resource
    for _, proj := range projects {
        r, _ := resource.NewResource(proj.Name, projectResourceType, proj.ID,
            resource.WithParentResourceID(parentID),
        )
        resources = append(resources, r)
    }

    return resources, "", nil, nil
}

func displayNameFor(user User) string {
    if user.DisplayName != "" {
        return user.DisplayName
    }
    if user.Name != "" {
        return user.Name
    }
    if user.Email != "" {
        return user.Email
    }
    // Last resort - never return empty
    return user.ID
}

func (u *userBuilder) List(ctx context.Context, _ *v2.ResourceId,
    pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {

    users, _ := u.client.ListUsers(ctx)

    var resources []*v2.Resource
    for _, user := range users {
        r, _ := resource.NewUserResource(
            displayNameFor(user),  // Never empty
            userResourceType,
            user.ID,
        )
        resources = append(resources, r)
    }

    return resources, "", nil, nil
}

func (u *userBuilder) List(ctx context.Context, _ *v2.ResourceId,
    pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {

    users, err := u.client.ListUsers(ctx)
    if err != nil {
        // Include connector name and operation
        return nil, "", nil, fmt.Errorf("baton-example: failed to list users: %w", err)
    }

    // ...
}

import "github.com/conductorone/baton-sdk/pkg/connectorbuilder"

func (u *userBuilder) List(ctx context.Context, _ *v2.ResourceId,
    pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {

    users, err := u.client.ListUsers(ctx)
    if err != nil {
        // Check for retryable errors
        if isRateLimitError(err) || isNetworkError(err) {
            // SDK will retry automatically
            return nil, "", nil, err
        }

        // Fatal errors (bad credentials, permission denied)
        if isAuthError(err) {
            return nil, "", nil, fmt.Errorf("baton-example: authentication failed (check credentials): %w", err)
        }

        return nil, "", nil, err
    }
    // ...
}

func isRateLimitError(err error) bool {
    var httpErr *HTTPError
    if errors.As(err, &httpErr) {
        return httpErr.StatusCode == 429
    }
    return false
}

func (u *userBuilder) List(ctx context.Context, _ *v2.ResourceId,
    pToken *pagination.Token) ([]*v2.Resource, string, annotations.Annotations, error) {

    users, err := u.client.ListUsers(ctx)
    if err != nil {
        return nil, "", nil, err
    }

    var resources []*v2.Resource
    for _, user := range users {
        // Check for cancellation
        select {
        case <-ctx.Done():
            return nil, "", nil, ctx.Err()
        default:
        }

        r, err := resource.NewUserResource(user.Name, userResourceType, user.ID)
        if err != nil {
            return nil, "", nil, err
        }
        resources = append(resources, r)
    }

    return resources, "", nil, nil
}

// WRONG: Loading everything into memory
allUsers, _ := client.GetAllUsers(ctx)  // Could be millions

// CORRECT: Paginate
users, nextCursor, _ := client.ListUsers(ctx, cursor, 100)

// WRONG: Ignoring errors
users, _ := client.ListUsers(ctx)

// CORRECT: Return errors
users, err := client.ListUsers(ctx)
if err != nil {
    return nil, "", nil, fmt.Errorf("baton-example: failed to list users: %w", err)
}

// WRONG: Logging tokens
l.Info("authenticating", zap.String("token", token))

// CORRECT: Never log credentials
l.Info("authenticating", zap.String("user", username))

// WRONG: Grant with mismatched types
grant.NewGrant(
    groupResource,
    "member",
    &v2.ResourceId{
        ResourceType: "app",  // Wrong!
        Resource:     userID,
    },
)

// CORRECT: Consistent resource types
grant.NewGrant(
    groupResource,
    "member",
    &v2.ResourceId{
        ResourceType: userResourceType.Id,
        Resource:     userID,
    },
)