fix containerize auth0

[aldevv]

Description

• Bug fix
• New feature

Useful links:

• Baton SDK coding guidelines
• New contributor guide

Summary by CodeRabbit

• New Features

  • Added Auth0 integration configuration support with new fields: base URL, client ID, client secret, and permissions sync option.

• Refactor

  • Restructured configuration schema for improved organization and maintainability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

New Auth0 configuration struct with reflection-based typed accessors added to pkg/config/conf.gen.go. Schema file updated with go:generate directive and restructured configuration metadata exports, replacing inline definitions with public variables.

Changes

Cohort / File(s)	Summary
Configuration struct generation pkg/config/conf.gen.go	Introduces new Auth0 type with four mapstructure-tagged fields (Auth0BaseUrl, Auth0ClientId, Auth0ClientSecret, SyncPermissions) and reflection-based getter methods (GetStringSlice, GetString, GetInt, GetBool, GetStringMap) for typed value resolution.
Schema metadata restructuring pkg/config/schema.go	Adds go:generate directive; enriches Auth0 field metadata with display names, descriptions, and placeholders; replaces inline ConfigurationFields definition and ConfigurationSchema with public exports ConfigurationFields ([]field.SchemaField) and Config (field.Configuration).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• pkg/config/conf.gen.go follows standard Go reflection patterns for field lookup and typed accessors; verify mapstructure tag names match schema definitions
• pkg/config/schema.go restructuring preserves existing field order and composition; confirm go:generate directive targets correct code generator and that new public exports are used consistently across the codebase

Possibly related PRs

• ConductorOne/baton-auth0#36: Directly related—modifies the same generated config file and schema, adding identical Auth0 struct with mapstructure-tagged fields and adjusting ConfigurationFields/Config exports.

Suggested reviewers

• laurenleach
• btipling
• agustin-conductor

Poem

🐰 A config struct takes form so fine,
With Auth0 fields that all align,
Reflection magic, getters bright,
Schema flows now cleaned just right!
Hop hop—the auth config's all set! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fix containerize auth0' is vague and does not clearly describe the specific changes made. The PR introduces Auth0 configuration generation infrastructure with new exported types and variables, but the title uses generic terms ('fix', 'containerize') that don't convey the actual substance of the changes.	Consider using a more descriptive title that captures the main change, such as 'Generate Auth0 configuration helpers and update schema exports' or similar language that clearly indicates code generation and structural refactoring.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch containerize_auth0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR modernizes the Auth0 connector to support containerized deployments, specifically adding AWS Lambda support. The changes migrate from manual configuration management to an SDK-based code generation approach and consolidate release workflows.

Key changes:

• Implements SDK-based configuration schema with code generation for type-safe config handling
• Adds AWS Lambda support with dedicated Dockerfile and build configuration
• Consolidates release workflows to use centralized GitHub workflows from the ConductorOne organization

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
pkg/config/schema.go	Enhanced configuration fields with display names, descriptions, placeholders, and metadata (connector name, help URL, icon) for containerization
pkg/config/gen/gen.go	New code generator that produces type-safe configuration structs from the schema definition
pkg/config/conf.gen.go	Generated configuration struct with accessor methods for type-safe field access
cmd/baton-auth0/main.go	Updated to use generated config struct instead of viper directly, adds validation call
Makefile	Adds code generation target, build tags for Lambda support, and dependency tracking
Dockerfile.lambda	New Dockerfile for AWS Lambda deployment using AWS-provided base image
.github/workflows/release.yaml	Simplified to use centralized release workflow with Lambda support enabled
.github/workflows/capabilities_and_config.yaml	Updated to generate both config schema and capabilities, with bot prevention
.goreleaser.yaml	Removed in favor of centralized workflow
.goreleaser.docker.yaml	Removed in favor of centralized workflow
.gon-amd64.json	Removed in favor of centralized workflow
.gon-arm64.json	Removed in favor of centralized workflow

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Missing space between * and Auth0 in the receiver declaration. Should be (c *Auth0) instead of (c* Auth0).

Suggested change

	func (c* Auth0) findFieldByTag(tagValue string) (any, bool) {
	func (c *Auth0) findFieldByTag(tagValue string) (any, bool) {

[Copilot]

Trailing whitespace after "reflect" import statement. Remove the extra space.

Suggested change

	import "reflect"
	import "reflect"

[Copilot]

Comment references ENABLE_LAMBDA but the actual variable name is BATON_LAMBDA_SUPPORT. Update the comment to match the variable name.

Suggested change

	# Set the build tag conditionally based on ENABLE_LAMBDA
	# Set the build tag conditionally based on BATON_LAMBDA_SUPPORT

[Copilot]

The base image public.ecr.aws/lambda/provided:al2023 is not pinned to a specific digest, which enables supply-chain tampering: future pushes to the same tag could pull a different (potentially compromised) image. An attacker controlling the upstream tag or a registry compromise could alter the image your builds consume. Pin the image by digest (e.g., FROM public.ecr.aws/lambda/provided@sha256:<digest>) and establish a process to update the digest intentionally.

Suggested change

	FROM public.ecr.aws/lambda/provided:al2023
	FROM public.ecr.aws/lambda/provided@sha256:<digest>

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pkg/config/conf.gen.go (1)

13-86: Be aware of panic-on-mismatch semantics in reflection getters

The reflection helpers will panic on type mismatches (e.g., calling GetStringSlice for a string field or GetString for a bool field), and findFieldByTag will also panic if any getter is called on a nil *Auth0 receiver. That’s acceptable if these methods are only used in tightly-controlled paths, but it’s worth ensuring all call sites pair field names with the correct getter and never pass a nil receiver. If this ever needs to be more robust, consider changing the generated API to return (T, bool) or (T, error) instead of panicking, and/or include the field name in the panic message for easier debugging.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1141f97 and 431241d.

⛔ Files ignored due to path filters (10)

• .github/workflows/capabilities_and_config.yaml is excluded by none and included by none
• .github/workflows/release.yaml is excluded by none and included by none
• .gon-amd64.json is excluded by none and included by none
• .gon-arm64.json is excluded by none and included by none
• .goreleaser.docker.yaml is excluded by none and included by none
• .goreleaser.yaml is excluded by none and included by none
• Dockerfile.lambda is excluded by none and included by none
• Makefile is excluded by none and included by none
• cmd/baton-auth0/main.go is excluded by none and included by none
• pkg/config/gen/gen.go is excluded by !**/gen/** and included by pkg/**

📒 Files selected for processing (2)

• pkg/config/conf.gen.go (1 hunks)
• pkg/config/schema.go (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

pkg/config/conf.gen.go (1)

pkg/config/schema.go (1)

• SyncPermissions (30-34)

🔇 Additional comments (4)

pkg/config/schema.go (3)

1-1: go:generate directive looks good

The //go:generate go run ./gen hook is appropriate for keeping the generated config helper in sync with schema; no issues from this addition.

---

9-35: Auth0 field metadata is consistent and descriptive

The Auth0 config fields and their display names, descriptions, placeholders, and secret flagging look consistent and should produce a clear UX for configuration.

---

37-51: No action needed. Verification confirms there are no remaining references to ConfigurationSchema in the codebase, indicating the migration to Config and ConfigurationFields is complete with no breaking changes to downstream callers.

pkg/config/conf.gen.go (1)

6-11: Struct fields and tags align with schema

Auth0’s fields and mapstructure tags match the schema keys defined in pkg/config/schema.go (auth0-base-url, auth0-client-id, auth0-client-secret, sync-permissions), so decoding from config should work as expected.