ConductorOne · ggreer · Oct 17, 2024 · Oct 4, 2024 · Oct 4, 2024 · Oct 4, 2024
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -11,7 +11,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Run linters
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
           version: latest
           args: --timeout=3m

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -14,7 +14,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Run linters
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
           version: latest
           args: --timeout=3m

diff --git a/cmd/baton-databricks/main.go b/cmd/baton-databricks/main.go
@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/conductorone/baton-databricks/pkg/config"
 	configSchema "github.com/conductorone/baton-sdk/pkg/config"
 	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
-	"github.com/conductorone/baton-sdk/pkg/field"
 	"github.com/conductorone/baton-sdk/pkg/types"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"github.com/spf13/viper"
@@ -17,17 +17,17 @@ import (
 	"github.com/conductorone/baton-databricks/pkg/databricks"
 )
 
-var version = "dev"
+var (
+	connectorName = "baton-databricks"
+	version       = "dev"
+)
 
 func main() {
 	ctx := context.Background()
 	_, cmd, err := configSchema.DefineConfiguration(ctx,
-		"baton-databricks",
+		connectorName,
 		getConnector,
-		field.NewConfiguration(
-			configurationFields,
-			fieldRelationships...,
-		),
+		config.ConfigurationSchema,
 	)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err.Error())
@@ -51,13 +51,13 @@ func AreTokensSet(workspaces []string, tokens []string) bool {
 func prepareClientAuth(ctx context.Context, cfg *viper.Viper) databricks.Auth {
 	l := ctxzap.Extract(ctx)
 
-	accountID := cfg.GetString(AccountIdField.FieldName)
-	databricksClientId := cfg.GetString(DatabricksClientIdField.FieldName)
-	databricksClientSecret := cfg.GetString(DatabricksClientSecretField.FieldName)
-	username := cfg.GetString(UsernameField.FieldName)
-	password := cfg.GetString(PasswordField.FieldName)
-	workspaces := cfg.GetStringSlice(WorkspacesField.FieldName)
-	tokens := cfg.GetStringSlice(TokensField.FieldName)
+	accountID := cfg.GetString(config.AccountIdField.FieldName)
+	databricksClientId := cfg.GetString(config.DatabricksClientIdField.FieldName)
+	databricksClientSecret := cfg.GetString(config.DatabricksClientSecretField.FieldName)
+	username := cfg.GetString(config.UsernameField.FieldName)
+	password := cfg.GetString(config.PasswordField.FieldName)
+	workspaces := cfg.GetStringSlice(config.WorkspacesField.FieldName)
+	tokens := cfg.GetStringSlice(config.TokensField.FieldName)
 
 	switch {
 	case username != "" && password != "":
@@ -101,17 +101,17 @@ func prepareClientAuth(ctx context.Context, cfg *viper.Viper) databricks.Auth {
 func getConnector(ctx context.Context, cfg *viper.Viper) (types.ConnectorServer, error) {
 	l := ctxzap.Extract(ctx)
 
-	err := validateConfig(ctx, cfg)
+	err := config.ValidateConfig(ctx, cfg)
 	if err != nil {
 		return nil, err
 	}
 
 	auth := prepareClientAuth(ctx, cfg)
 	cb, err := connector.New(
 		ctx,
-		cfg.GetString(AccountIdField.FieldName),
+		cfg.GetString(config.AccountIdField.FieldName),
 		auth,
-		cfg.GetStringSlice(WorkspacesField.FieldName),
+		cfg.GetStringSlice(config.WorkspacesField.FieldName),
 	)
 	if err != nil {
 		l.Error("error creating connector", zap.Error(err))

diff --git a/go.mod b/go.mod
@@ -3,11 +3,11 @@ module github.com/conductorone/baton-databricks
 go 1.21
 
 require (
-	github.com/conductorone/baton-sdk v0.2.23
+	github.com/conductorone/baton-sdk v0.2.35
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/spf13/viper v1.19.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/oauth2 v0.22.0
+	golang.org/x/oauth2 v0.23.0
 	google.golang.org/protobuf v1.34.2
 )
 

diff --git a/go.sum b/go.sum
@@ -52,8 +52,8 @@ github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/conductorone/baton-sdk v0.2.23 h1:52TzmvBypE0MLXFoUeYp51g1SFmbnq7qGVdt3d2OEQc=
-github.com/conductorone/baton-sdk v0.2.23/go.mod h1:hmd/Oz3DPIKD+9QmkusZaA18ZoiinnTDdrxh2skcdUc=
+github.com/conductorone/baton-sdk v0.2.35 h1:aSdNvlM5HMti8WdhotrXTHWs+b+BmSqMxtGwsSUFxjY=
+github.com/conductorone/baton-sdk v0.2.35/go.mod h1:hmd/Oz3DPIKD+9QmkusZaA18ZoiinnTDdrxh2skcdUc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -281,8 +281,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

diff --git a/cmd/baton-databricks/config.go → pkg/config/schema.go b/cmd/baton-databricks/config.go → pkg/config/schema.go
@@ -1,4 +1,4 @@
-package main
+package config
 
 import (
 	"context"
@@ -71,10 +71,14 @@ var (
 			[]field.SchemaField{WorkspacesField},
 		),
 	}
+	ConfigurationSchema = field.NewConfiguration(
+		configurationFields,
+		fieldRelationships...,
+	)
 )
 
-// validateConfig - additional validations that cannot be encoded in relationships (yet!)
-func validateConfig(ctx context.Context, cfg *viper.Viper) error {
+// ValidateConfig - additional validations that cannot be encoded in relationships (yet!)
+func ValidateConfig(ctx context.Context, cfg *viper.Viper) error {
 	workspaces := cfg.GetStringSlice(WorkspacesField.FieldName)
 	tokens := cfg.GetStringSlice(TokensField.FieldName)
 

diff --git a/cmd/baton-databricks/config_test.go → pkg/config/schema_test.go b/cmd/baton-databricks/config_test.go → pkg/config/schema_test.go
@@ -1,4 +1,4 @@
-package main
+package config
 
 import (
 	"context"
@@ -72,7 +72,7 @@ func TestConfigs(t *testing.T) {
 	)
 
 	extraValidationFunction := func(configs *viper.Viper) error {
-		return validateConfig(ctx, configs)
+		return ValidateConfig(ctx, configs)
 	}
 
 	test.ExerciseTestCasesFromExpressions(

diff --git a/pkg/connector/account.go b/pkg/connector/account.go
@@ -85,22 +85,28 @@ func (a *accountBuilder) List(ctx context.Context, parentResourceID *v2.Resource
 }
 
 // Entitlements returns slice of entitlements for marketplace admins under account.
-func (a *accountBuilder) Entitlements(_ context.Context, resource *v2.Resource, _ *pagination.Token) ([]*v2.Entitlement, string, annotations.Annotations, error) {
+func (a *accountBuilder) Entitlements(
+	_ context.Context,
+	resource *v2.Resource,
+	_ *pagination.Token,
+) (
+	[]*v2.Entitlement,
+	string,
+	annotations.Annotations,
+	error,
+) {
 	if !a.client.IsAccountAPIAvailable() {
 		return nil, "", nil, nil
 	}
-
-	var rv []*v2.Entitlement
-
-	permissionOptions := []ent.EntitlementOption{
-		ent.WithGrantableTo(userResourceType, groupResourceType, servicePrincipalResourceType),
-		ent.WithDisplayName(fmt.Sprintf("%s %s role", resource.DisplayName, MarketplaceAdminRole)),
-		ent.WithDescription(fmt.Sprintf("%s %s role in Databricks", resource.DisplayName, MarketplaceAdminRole)),
-	}
-
-	rv = append(rv, ent.NewPermissionEntitlement(resource, MarketplaceAdminRole, permissionOptions...))
-
-	return rv, "", nil, nil
+	return []*v2.Entitlement{
+		ent.NewPermissionEntitlement(
+			resource,
+			MarketplaceAdminRole,
+			ent.WithGrantableTo(userResourceType, groupResourceType, servicePrincipalResourceType),
+			ent.WithDisplayName(fmt.Sprintf("%s %s role", resource.DisplayName, MarketplaceAdminRole)),
+			ent.WithDescription(fmt.Sprintf("%s %s role in Databricks", resource.DisplayName, MarketplaceAdminRole)),
+		),
+	}, "", nil, nil
 }
 
 // Grants returns grants for marketplace admins under account.
@@ -115,7 +121,7 @@ func (a *accountBuilder) Grants(ctx context.Context, resource *v2.Resource, pTok
 	var rv []*v2.Grant
 
 	// list rule sets for the account
-	ruleSets, err := a.client.ListRuleSets(ctx, "", "")
+	ruleSets, _, err := a.client.ListRuleSets(ctx, "", "")
 	if err != nil {
 		return nil, "", nil, fmt.Errorf("databricks-connector: failed to list rule sets for account %s: %w", resource.Id.Resource, err)
 	}
@@ -161,7 +167,7 @@ func (a *accountBuilder) Grant(ctx context.Context, principal *v2.Resource, enti
 	}
 
 	accID := entitlement.Resource.Id.Resource
-	ruleSets, err := a.client.ListRuleSets(ctx, "", "")
+	ruleSets, _, err := a.client.ListRuleSets(ctx, "", "")
 	if err != nil {
 		return nil, fmt.Errorf("databricks-connector: failed to list rule sets for account %s: %w", accID, err)
 	}
@@ -202,7 +208,7 @@ func (a *accountBuilder) Grant(ctx context.Context, principal *v2.Resource, enti
 		})
 	}
 
-	err = a.client.UpdateRuleSets(ctx, "", "", ruleSets)
+	_, err = a.client.UpdateRuleSets(ctx, "", "", ruleSets)
 	if err != nil {
 		return nil, fmt.Errorf("databricks-connector: failed to update rule sets for account %s: %w", accID, err)
 	}
@@ -227,7 +233,7 @@ func (a *accountBuilder) Revoke(ctx context.Context, grant *v2.Grant) (annotatio
 	}
 
 	accID := entitlement.Resource.Id.Resource
-	ruleSets, err := a.client.ListRuleSets(ctx, "", "")
+	ruleSets, _, err := a.client.ListRuleSets(ctx, "", "")
 	if err != nil {
 		return nil, fmt.Errorf("databricks-connector: failed to list rule sets for account %s: %w", accID, err)
 	}
@@ -272,7 +278,7 @@ func (a *accountBuilder) Revoke(ctx context.Context, grant *v2.Grant) (annotatio
 		}
 	}
 
-	err = a.client.UpdateRuleSets(ctx, "", "", ruleSets)
+	_, err = a.client.UpdateRuleSets(ctx, "", "", ruleSets)
 	if err != nil {
 		return nil, fmt.Errorf("databricks-connector: failed to update rule sets for account %s: %w", accID, err)
 	}

diff --git a/pkg/connector/connector.go b/pkg/connector/connector.go
@@ -52,7 +52,7 @@ func (d *Databricks) Validate(ctx context.Context) (annotations.Annotations, err
 
 	// Check if we can list users from Account API (unless we are using token auth specific to a single workspace).
 	if !d.client.IsTokenAuth() {
-		_, err := d.client.ListRoles(ctx, "", "")
+		_, _, err := d.client.ListRoles(ctx, "", "")
 		if err == nil {
 			isAccAPIAvailable = true
 		}
@@ -63,7 +63,7 @@ func (d *Databricks) Validate(ctx context.Context) (annotations.Annotations, err
 		for _, workspace := range d.workspaces {
 			d.client.SetWorkspaceConfig(workspace)
 
-			_, err := d.client.ListRoles(ctx, "", "")
+			_, _, err := d.client.ListRoles(ctx, "", "")
 			if err != nil && !isAccAPIAvailable {
 				return nil, fmt.Errorf("databricks-connector: failed to validate credentials for workspace %s: %w", workspace, err)
 			}
@@ -74,15 +74,15 @@ func (d *Databricks) Validate(ctx context.Context) (annotations.Annotations, err
 
 	// Validate that credentials are valid for every workspace.
 	if len(d.workspaces) == 0 {
-		workspaces, err := d.client.ListWorkspaces(ctx)
+		workspaces, _, err := d.client.ListWorkspaces(ctx)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to list workspaces: %w", err)
 		}
 
 		for _, workspace := range workspaces {
 			d.client.SetWorkspaceConfig(workspace.Host)
 
-			_, err := d.client.ListRoles(ctx, "", "")
+			_, _, err := d.client.ListRoles(ctx, "", "")
 			if err != nil && !isAccAPIAvailable {
 				return nil, fmt.Errorf("databricks-connector: failed to validate credentials for workspace %s: %w", workspace.Host, err)
 			}

diff --git a/pkg/connector/groups.go b/pkg/connector/groups.go
@@ -93,7 +93,7 @@ func (g *groupBuilder) List(ctx context.Context, parentResourceID *v2.ResourceId
 		return nil, "", nil, fmt.Errorf("databricks-connector: failed to parse page token: %w", err)
 	}
 
-	groups, total, err := g.client.ListGroups(
+	groups, total, _, err := g.client.ListGroups(
 		ctx,
 		databricks.NewPaginationVars(page, ResourcesPageSize),
 		databricks.NewGroupAttrVars(),
@@ -152,7 +152,7 @@ func (g *groupBuilder) Entitlements(_ context.Context, resource *v2.Resource, _
 
 	// role permissions entitlements
 	// get all assignable roles for this specific group resource
-	roles, err := g.client.ListRoles(context.Background(), GroupsType, groupId.Resource)
+	roles, _, err := g.client.ListRoles(context.Background(), GroupsType, groupId.Resource)
 	if err != nil {
 		return nil, "", nil, fmt.Errorf("databricks-connector: failed to list roles for group %s: %w", groupId.Resource, err)
 	}
@@ -229,7 +229,7 @@ func (g *groupBuilder) Grants(ctx context.Context, resource *v2.Resource, pToken
 	}
 
 	// role permissions grants
-	ruleSets, err := g.client.ListRuleSets(ctx, GroupsType, groupId.Resource)
+	ruleSets, _, err := g.client.ListRuleSets(ctx, GroupsType, groupId.Resource)
 	if err != nil {
 		return nil, "", nil, fmt.Errorf("databricks-connector: failed to list role rule sets for group %s: %w", resource.Id.Resource, err)
 	}
@@ -291,7 +291,7 @@ func (g *groupBuilder) Grant(ctx context.Context, principal *v2.Resource, entitl
 
 	// If the entitlement is a member entitlement
 	if entitlement.Slug == groupMemberEntitlement {
-		group, err := g.client.GetGroup(ctx, groupId.Resource)
+		group, _, err := g.client.GetGroup(ctx, groupId.Resource)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to get group %s: %w", groupId.Resource, err)
 		}
@@ -313,7 +313,7 @@ func (g *groupBuilder) Grant(ctx context.Context, principal *v2.Resource, entitl
 			ID: principal.Id.Resource,
 		})
 
-		err = g.client.UpdateGroup(ctx, group)
+		_, err = g.client.UpdateGroup(ctx, group)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to update group %s: %w", groupId.Resource, err)
 		}
@@ -322,7 +322,7 @@ func (g *groupBuilder) Grant(ctx context.Context, principal *v2.Resource, entitl
 	}
 
 	// If the entitlement is a role permission entitlement
-	ruleSets, err := g.client.ListRuleSets(ctx, GroupsType, groupId.Resource)
+	ruleSets, _, err := g.client.ListRuleSets(ctx, GroupsType, groupId.Resource)
 	if err != nil {
 		return nil, fmt.Errorf("databricks-connector: failed to list rule sets for group %s (%s): %w", principal.Id.Resource, groupId.Resource, err)
 	}
@@ -361,7 +361,7 @@ func (g *groupBuilder) Grant(ctx context.Context, principal *v2.Resource, entitl
 		})
 	}
 
-	err = g.client.UpdateRuleSets(ctx, GroupsType, groupId.Resource, ruleSets)
+	_, err = g.client.UpdateRuleSets(ctx, GroupsType, groupId.Resource, ruleSets)
 	if err != nil {
 		return nil, fmt.Errorf("databricks-connector: failed to update rule sets for group %s (%s): %w", principal.Id.Resource, groupId.Resource, err)
 	}
@@ -403,7 +403,7 @@ func (g *groupBuilder) Revoke(ctx context.Context, grant *v2.Grant) (annotations
 	}
 
 	if entitlement.Slug == groupMemberEntitlement {
-		group, err := g.client.GetGroup(ctx, groupId.Resource)
+		group, _, err := g.client.GetGroup(ctx, groupId.Resource)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to get group %s: %w", groupId.Resource, err)
 		}
@@ -415,12 +415,12 @@ func (g *groupBuilder) Revoke(ctx context.Context, grant *v2.Grant) (annotations
 			}
 		}
 
-		err = g.client.UpdateGroup(ctx, group)
+		_, err = g.client.UpdateGroup(ctx, group)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to update group %s: %w", groupId.Resource, err)
 		}
 	} else {
-		ruleSets, err := g.client.ListRuleSets(ctx, GroupsType, groupId.Resource)
+		ruleSets, _, err := g.client.ListRuleSets(ctx, GroupsType, groupId.Resource)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to list rule sets for group %s (%s): %w", principal.Id.Resource, groupId.Resource, err)
 		}
@@ -466,7 +466,7 @@ func (g *groupBuilder) Revoke(ctx context.Context, grant *v2.Grant) (annotations
 			return nil, nil
 		}
 
-		err = g.client.UpdateRuleSets(ctx, GroupsType, groupId.Resource, ruleSets)
+		_, err = g.client.UpdateRuleSets(ctx, GroupsType, groupId.Resource, ruleSets)
 		if err != nil {
 			return nil, fmt.Errorf("databricks-connector: failed to update rule sets for group %s (%s): %w", principal.Id.Resource, groupId.Resource, err)
 		}