remove enterprise dependencies and integration

[aldevv]

this connector will just use the regular API, no enterprise client, credentials, much simpler.

also because there's no enterprise support, no grant or revoke are supported

resource types removed (now only available at https://github.com/ConductorOne/baton-slack-enterprise):

• groups
• userGroups
• enterprise roles

Summary by CodeRabbit

• Removals
  • Removed support for enterprise user enable/disable actions
  • Removed enterprise role management and assignment
  • Removed IDP group synchronization functionality
  • Removed government environment configuration support
  • Removed enterprise SSO configuration option
  • Removed enterprise token configuration field
  • Simplified workspace role management operations
  • Removed user group resource synchronization

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• .github/workflows/ci.yaml is excluded by none and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The PR removes enterprise-level Slack connector functionality, including SCIM/IDP group support, enterprise role management, and configuration fields. Enterprise API endpoints, client methods, action handlers, and resource builders are deleted across the codebase.

Changes

Cohort / File(s)	Summary
Configuration cleanup pkg/config/conf.gen.go, pkg/config/config.go	Removed EnterpriseToken, SsoEnabled, and GovEnv fields from Slack config struct; eliminated associated field definitions, relationships, and constraints.
Enterprise client library removal pkg/connector/client/helpers.go, pkg/connector/client/mock.go, pkg/connector/client/models.go, pkg/connector/client/path.go, pkg/connector/client/request.go, pkg/connector/client/slack.go, pkg/connector/client/slack_interface.go	Deleted entire enterprise package: HTTP response logging helper, mock service, SCIM/enterprise data models, API endpoint constants, HTTP request building methods, enterprise client implementation with Slack API interactions, and SlackEnterpriseService interface.
Action handlers pkg/connector/actions.go	Removed ActionDisableUser and ActionEnableUser action definitions, schemas, and handler functions; deleted RegisterActionManager method.
Connector core pkg/connector/connector.go	Removed enterpriseClient, enterpriseID, ssoEnabled, and govEnv fields from Slack struct; simplified NewSlack to accept only apiKey; removed enterprise initialization logic.
Resource type deletions pkg/connector/enterprise_roles.go, pkg/connector/group.go, pkg/connector/resource_types.go, pkg/connector/user_group.go	Removed entire files implementing enterprise roles, IDP groups, and user group resource types; eliminated resource builders, List/Entitlements/Grants methods, and associated resource type declarations.
Resource type refactoring pkg/connector/roles.go, pkg/connector/user.go, pkg/connector/workspace.go	Removed enterprise client dependencies from workspace and role resource types; simplified builders to accept only Slack client; removed Grant/Revoke methods from workspaceRoleType; removed enterprise-based user and grant retrieval logic.
Helper utilities cleanup pkg/helpers.go	Removed EnterpriseRolesPagination type and associated Marshal/Unmarshal/ParseRolesPageToken methods.
Tests removal pkg/connector/workspace_test.go	Deleted test suite covering workspace grant/revoke operations with enterprise mocks.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

• Areas requiring extra attention:
  • Verify no orphaned references to removed enterprise types (e.g., enterprise.Client, enterprise.GroupResource) remain elsewhere in codebase
  • Confirm workspace, role, and user resource functionality remains operable without enterprise integration
  • Check that all imports of deleted enterprise package are cleaned up
  • Validate that resourceSyncers initialization and resource builder calls are correctly updated
  • Ensure test coverage doesn't have dependencies on deleted enterprise_roles functionality

Possibly related PRs

• [BB-1518] Add deactivate and enable account #53: Removes enable/disable user actions and DisableUser/EnableUser client methods that this PR also deletes; directly inverse relationship
• [BB-1617] Add Wrap Errors With gRPC - Slack Connector #57: Modifies the same enterprise/SCIM client, handler, and helper files that this PR removes entirely; touches identical file set
• remove delete #51: Removes enterprise-oriented user deletion functionality in user.go; overlaps in scope of enterprise removal

Suggested reviewers

• laurenleach
• btipling
• johnallers
• agustin-conductor

Poem

🐰 Away with enterprise, now made lean,
No SCIM roles or groups to glean,
A connector simplified, clean and bright,
The Slack workspace shines with focused light!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 28.57% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'remove enterprise dependencies and integration' accurately reflects the main change: systematic removal of enterprise-related functionality, client, and configuration from the codebase.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR removes enterprise dependencies and integration, simplifying the Slack connector to use only the regular Slack API. The changes eliminate support for Enterprise Grid features, SCIM API operations, and account provisioning capabilities.

• Removed enterprise client and all enterprise-specific functionality
• Simplified configuration by removing enterprise token, SSO, and gov environment settings
• Removed support for user groups, IDP groups, enterprise roles, and provisioning operations

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
pkg/helpers.go	Removed enterprise-specific pagination types and helper functions
pkg/connector/workspace_test.go	Removed tests for workspace grant/revoke operations
pkg/connector/workspace.go	Simplified workspace builder and removed grant/revoke methods; removed enterprise role grants
pkg/connector/user_group.go	Deleted entire user group resource type implementation
pkg/connector/user.go	Simplified user builder and removed account provisioning capability
pkg/connector/roles.go	Simplified workspace role builder and removed grant/revoke methods
pkg/connector/resource_types.go	Removed user group, IDP group, and enterprise role resource types
pkg/connector/group.go	Deleted entire IDP group resource type implementation
pkg/connector/enterprise_roles.go	Deleted entire enterprise role resource type implementation
pkg/connector/connector.go	Removed enterprise client initialization and action manager registration
pkg/connector/client/*.go	Deleted all enterprise client implementation files
pkg/connector/actions.go	Deleted account enable/disable action implementations
pkg/config/config.go	Removed enterprise token, SSO enabled, and gov environment configuration fields
pkg/config/conf.gen.go	Updated generated config struct to remove enterprise fields
baton_capabilities.json	Updated capabilities to reflect removal of provisioning and enterprise features

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The Grants function doesn't implement pagination support. The GetUsersContext method may return a paginated list of users, but the current implementation doesn't handle the attrs.PageToken parameter or set a NextPageToken in the response. This could lead to incomplete grant data for workspaces with many users.

Consider adding pagination support similar to how it's done in the List function, which uses ParsePageToken and bag.NextToken() to handle pagination properly.

[Copilot]

The List function doesn't implement pagination support. The GetUsersContext method may return a paginated list of users, but the current implementation doesn't handle the attrs.PageToken parameter or set a NextPageToken in the response. This could lead to incomplete user data for workspaces with many users.

Consider adding pagination support using ParsePageToken and bag.NextToken() similar to the workspace List function.

[Copilot]

Trailing whitespace after the import statement. This should be removed for consistency with Go formatting standards.

Suggested change

	import "reflect"
	import "reflect"

[Copilot]

The description mentions "user groups" but the PR removes user group support. The description should be updated to reflect that only users, workspaces, and workspace roles are now being synced.

Suggested change: "Connector syncing users, workspaces and workspace roles from Slack to Baton."

Suggested change

	Description: "Connector syncing users, workspaces, user groups and workspace roles from Slack to Baton.",
	Description: "Connector syncing users, workspaces and workspace roles from Slack to Baton.",

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pkg/connector/user.go (1)

33-46: Duplicate user_id key assignment.

The profile map sets user_id twice: first at line 33 with user.ID, then at line 46 with fmt.Sprint(user.ID). Since user.ID is already a string, the second assignment is redundant and overwrites the first.

Remove the duplicate assignment:

 	profile["is_deleted"] = user.Deleted
-	profile["user_id"] = fmt.Sprint(user.ID)

pkg/connector/workspace.go (1)

121-131: GetUsersContext call lacks pagination support, risking memory exhaustion and API timeouts for large workspaces.

The GetUsersContext method is called without pagination parameters. Slack's users.list API requires cursor-based pagination and defaults to attempting to return the entire user set when no limit is specified—which can cause errors for large workspaces. The codebase already demonstrates the pagination pattern in the List method (line 69-75) using ListTeamsParameters{Cursor: bag.PageToken()}. The Grants method and similar call in user.go should implement equivalent pagination to safely handle large result sets.

🧹 Nitpick comments (1)

pkg/connector/roles.go (1)

42-56: Struct and builder simplified, but client field appears unused.

The workspaceRoleType struct stores a client field, but none of the methods (List, Entitlements, Grants) use it. The List method uses pkg.MakeResourceList with static role data from the roles map.

Consider removing the unused client field if it's not needed for future functionality:

 type workspaceRoleType struct {
 	resourceType *v2.ResourceType
-	client       *slack.Client
 }
 
-func workspaceRoleBuilder(client *slack.Client) *workspaceRoleType {
+func workspaceRoleBuilder() *workspaceRoleType {
 	return &workspaceRoleType{
 		resourceType: resourceTypeWorkspaceRole,
-		client:       client,
 	}
 }

This would also require updating connector.go line 106 to call workspaceRoleBuilder() without arguments.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8fc2f65 and f4ff516.

⛔ Files ignored due to path filters (1)

• baton_capabilities.json is excluded by none and included by none

📒 Files selected for processing (20)

• pkg/config/conf.gen.go (1 hunks)
• pkg/config/config.go (0 hunks)
• pkg/connector/actions.go (0 hunks)
• pkg/connector/client/helpers.go (0 hunks)
• pkg/connector/client/mock.go (0 hunks)
• pkg/connector/client/models.go (0 hunks)
• pkg/connector/client/path.go (0 hunks)
• pkg/connector/client/request.go (0 hunks)
• pkg/connector/client/slack.go (0 hunks)
• pkg/connector/client/slack_interface.go (0 hunks)
• pkg/connector/connector.go (4 hunks)
• pkg/connector/enterprise_roles.go (0 hunks)
• pkg/connector/group.go (0 hunks)
• pkg/connector/resource_types.go (0 hunks)
• pkg/connector/roles.go (2 hunks)
• pkg/connector/user.go (3 hunks)
• pkg/connector/user_group.go (0 hunks)
• pkg/connector/workspace.go (4 hunks)
• pkg/connector/workspace_test.go (0 hunks)
• pkg/helpers.go (0 hunks)

💤 Files with no reviewable changes (15)

• pkg/helpers.go
• pkg/connector/actions.go
• pkg/connector/client/helpers.go
• pkg/connector/client/mock.go
• pkg/connector/client/request.go
• pkg/config/config.go
• pkg/connector/client/slack_interface.go
• pkg/connector/enterprise_roles.go
• pkg/connector/resource_types.go
• pkg/connector/group.go
• pkg/connector/workspace_test.go
• pkg/connector/user_group.go
• pkg/connector/client/path.go
• pkg/connector/client/slack.go
• pkg/connector/client/models.go

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-10-28T17:48:53.644Z

Learnt from: mateoHernandez123
Repo: ConductorOne/baton-slack PR: 57
File: pkg/connector/roles.go:217-219
Timestamp: 2025-10-28T17:48:53.644Z
Learning: In the baton-slack connector, when client methods like SetWorkspaceRole(), RemoveUser(), or other enterprise/slack client calls already wrap errors with specific gRPC codes via handleError(), use fmt.Errorf with %w to preserve those codes while adding context. Only use uhttp.WrapErrors for errors generated directly in the function (e.g., validation, precondition checks). Double-wrapping with uhttp.WrapErrors would overwrite the specific codes (Unavailable, PermissionDenied, etc.) needed for proper retry logic and alerting.
<!-- [/add_learning]

Applied to files:

• pkg/connector/user.go
• pkg/connector/roles.go
• pkg/connector/connector.go
• pkg/connector/workspace.go

🧬 Code graph analysis (3)

pkg/connector/user.go (1)

pkg/helpers.go (1)

• MakeResourceList (37-59)

pkg/connector/connector.go (2)

pkg/config/conf.gen.go (1)

• Slack (6-8)

pkg/helpers.go (1)

• WrapSlackClientError (173-222)

pkg/connector/workspace.go (1)

pkg/helpers.go (1)

• AnnotationsForError (227-242)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL analysis (go)
• GitHub Check: go-lint

🔇 Additional comments (13)

pkg/config/conf.gen.go (1)

1-8: Configuration struct simplified correctly.

The Slack struct now only contains the Token field, which aligns with the PR objective to remove enterprise dependencies. Since this is a generated file, ensure the generator input/schema was updated accordingly rather than editing this file directly.

pkg/connector/user.go (3)

13-16: Struct simplification looks good.

The userResourceType struct has been appropriately simplified by removing enterprise-related fields.

---

129-147: Resource list construction is correct.

The MakeResourceList usage matches the helper signature from pkg/helpers.go and correctly transforms slack.User objects to resources via the inline callback.

---

150-155: Builder simplification is consistent.

The userBuilder now only accepts a *slack.Client, matching the simplified struct and aligning with the removal of enterprise dependencies.

pkg/connector/connector.go (3)

66-90: Initialization flow correctly simplified.

The NewSlack function now only takes apiKey, validates with AuthTestContext, and returns a simplified Slack struct. Error handling appropriately uses pkg.WrapSlackClientError.

---

92-100: New function correctly wires configuration.

The function properly extracts config.Token and passes it to NewSlack, matching the simplified configuration struct.

---

102-108: ResourceSyncers correctly updated.

All three builders (userBuilder, workspaceBuilder, workspaceRoleBuilder) now receive only s.client, consistent with the simplified builder signatures across the codebase.

pkg/connector/roles.go (2)

108-138: Entitlement description strings simplified.

The entitlement descriptions now use static text ("the Slack workspace") instead of interpolating workspace-specific names. This is a reasonable simplification given the enterprise removal.

---

140-155: Grants method correctly returns empty with explanatory comment.

The comment clearly explains that role grants are emitted during user grant calculation for efficiency. This pattern is consistent with the Slack API's structure.

pkg/connector/workspace.go (4)

17-31: Workspace type and builder correctly simplified.

The workspaceResourceType struct and workspaceBuilder function have been appropriately simplified to remove enterprise-related fields.

---

69-78: List pagination correctly implemented.

The List method properly uses ListTeamsContext with cursor-based pagination, deriving NextPageToken from the Slack API response.

---

191-197: Member role assignment logic is correct but complex.

The condition correctly identifies regular members by excluding restricted users, ultra-restricted users, invited users, bots, and deleted users. Consider extracting this to a helper function for readability if this pattern is used elsewhere.

---

207-210: Workspace member grant correctly appended.

Each non-stranger user receives a workspace member grant in addition to any role-specific grants.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if apiKey field is used anywhere in the connector package
rg -n '\bapiKey\b' --type=go pkg/connector/

Repository: ConductorOne/baton-slack

Length of output: 326

---

🏁 Script executed:

#!/bin/bash
# Check if apiKey field is accessed from outside connector package
rg -n '\.apiKey\b' --type=go

Repository: ConductorOne/baton-slack

Length of output: 50

---

Remove the unused apiKey field from the Slack struct.

The apiKey field is assigned during initialization but never accessed after the slack.Client is created. Since all operations use s.client, this field is dead code and should be removed:

type Slack struct {
	client *slack.Client
	apiKey string  // ← Remove this line
}

Update NewSlack to not assign it:

return &Slack{
	client: client,
	// apiKey: apiKey,  ← Remove this assignment
}, nil

🤖 Prompt for AI Agents

In pkg/connector/connector.go around lines 20 to 23, the Slack struct contains
an unused apiKey field that is assigned in NewSlack but never read; remove the
apiKey field declaration from the struct and also remove any assignment of
apiKey in NewSlack so the struct only holds the slack.Client pointer and
initialization returns &Slack{client: client}, nil.

[Copilot]

Pull request overview

Copilot reviewed 22 out of 22 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Removed trailing whitespace after 'reflect' import statement.

Suggested change

	import "reflect"
	import "reflect"

[btipling]

I would like to wait on this PR until we have safely deployed it as a containerized connector and removed it from C1 as merging this work would prevent us from updating the connector in C1 in case we have issues with the lambda