Skip to content

remove enterprise dependencies and integration #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
aldevv wants to merge 3 commits into from
Closed

remove enterprise dependencies and integration #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f4ff516
remove enterprise dependencies and integration
aldevv Nov 27, 2025
38881f5
remove enterprise role from ci
aldevv Nov 27, 2025
75acb93
remove grant-revoke tests
aldevv Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
253 changes: 0 additions & 253 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,256 +35,3 @@ jobs:
uses: guyarb/golang-test-annotations@v0.8.0
with:
test-results: test.json
test-member:
runs-on: ubuntu-latest
env:
BATON_LOG_LEVEL: debug

CONNECTOR_GRANT: 'workspaceRole:T08101AQL31:member:assigned:user:U083SJ36LCD'
CONNECTOR_ENTITLEMENT: 'workspaceRole:T08101AQL31:member:assigned'
CONNECTOR_PRINCIPAL: 'U083SJ36LCD'
CONNECTOR_PRINCIPAL_TYPE: 'user'

BATON_TOKEN: "${{ secrets.BATON_TOKEN }}"
BATON_ENTERPRISE_TOKEN: "${{ secrets.BATON_ENTERPRISE_TOKEN }}"

steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.25.x
- name: Checkout code
uses: actions/checkout@v4
- name: Build baton-slack
run: go build ./cmd/baton-slack
- name: Run baton-slack
run: ./baton-slack
- name: Install baton
run: ./scripts/get-baton.sh && mv baton /usr/local/bin

- name: Grant entitlement first time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check for grant before revoking
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep true

- name: Revoke grants
run: ./baton-slack --revoke-grant="${{ env.CONNECTOR_GRANT }}"

- name: Check grant was revoked
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"

- name: Grant entitlement second time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Wait 10 seconds
run: sleep 10

- name: Check grant was re-granted
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep true

test-admin:
needs: [test-member]
runs-on: ubuntu-latest
env:
# Logging level for Baton
BATON_LOG_LEVEL: debug

# Connector-specific details
CONNECTOR_GRANT: 'workspaceRole:T08101AQL31:admin:assigned:user:U083SJ36LCD'
CONNECTOR_ENTITLEMENT: 'workspaceRole:T08101AQL31:admin:assigned'
CONNECTOR_PRINCIPAL: 'U083SJ36LCD'
CONNECTOR_PRINCIPAL_TYPE: 'user'

# Secrets for Baton authentication
BATON_TOKEN: "${{ secrets.BATON_TOKEN }}"
BATON_ENTERPRISE_TOKEN: "${{ secrets.BATON_ENTERPRISE_TOKEN }}"

steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.25.x
- name: Checkout code
uses: actions/checkout@v4
- name: Build baton-slack
run: go build ./cmd/baton-slack

- name: Run baton-slack
run: ./baton-slack
- name: Install baton
run: ./scripts/get-baton.sh && mv baton /usr/local/bin

- name: Grant entitlement first time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check for grant before revoking
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep true

- name: Revoke grants
run: ./baton-slack --revoke-grant="${{ env.CONNECTOR_GRANT }}"

- name: Check grant was revoked
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
#
- name: Grant entitlement second time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check grant was re-granted
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep true


test-owner:
needs: [test-member, test-admin]
runs-on: ubuntu-latest
env:
BATON_LOG_LEVEL: debug

CONNECTOR_GRANT: 'workspaceRole:T08101AQL31:owner:assigned:user:U083SJ36LCD'
CONNECTOR_ENTITLEMENT: 'workspaceRole:T08101AQL31:owner:assigned'
CONNECTOR_PRINCIPAL: 'U083SJ36LCD'
CONNECTOR_PRINCIPAL_TYPE: 'user'

BATON_TOKEN: "${{ secrets.BATON_TOKEN }}"
BATON_ENTERPRISE_TOKEN: "${{ secrets.BATON_ENTERPRISE_TOKEN }}"

steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.25.x
- name: Checkout code
uses: actions/checkout@v4
- name: Build baton-slack
run: go build ./cmd/baton-slack

- name: Run baton-slack
run: ./baton-slack
- name: Install baton
run: ./scripts/get-baton.sh && mv baton /usr/local/bin

- name: Grant entitlement first time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check for grant before revoking
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep true

- name: Revoke grants
run: ./baton-slack --revoke-grant="${{ env.CONNECTOR_GRANT }}"

- name: Check grant was revoked
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"

- name: Grant entitlement second time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check grant was re-granted
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep -q "true"

test-enterprise-roles:
runs-on: ubuntu-latest
env:
BATON_LOG_LEVEL: debug

CONNECTOR_GRANT: 'enterpriseRole:Rl0K:assigned:user:U083SJ36LCD'
CONNECTOR_ENTITLEMENT: 'enterpriseRole:Rl0K:assigned'
CONNECTOR_PRINCIPAL: 'U083SJ36LCD'
CONNECTOR_PRINCIPAL_TYPE: 'user'

BATON_TOKEN: "${{ secrets.BATON_TOKEN }}"
BATON_ENTERPRISE_TOKEN: "${{ secrets.BATON_ENTERPRISE_TOKEN }}"

steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.25.x
- name: Checkout code
uses: actions/checkout@v4
- name: Build baton-slack
run: go build ./cmd/baton-slack

- name: Run baton-slack
run: ./baton-slack
- name: Install baton
run: ./scripts/get-baton.sh && mv baton /usr/local/bin

- name: Grant enterprise role first time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check for enterprise role grant before revoking
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep -q "true"

- name: Revoke enterprise role grant
run: ./baton-slack --revoke-grant="${{ env.CONNECTOR_GRANT }}"

- name: Check enterprise role grant was revoked
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"

- name: Grant enterprise role second time
run: |
./baton-slack --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \
--grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \
--grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"

- name: Check enterprise role was re-granted
run: |
./baton-slack && \
baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \
jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | grep -q "true"


108 changes: 27 additions & 81 deletions baton_capabilities.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,107 +1,53 @@
{
"@type": "type.googleapis.com/c1.connector.v2.ConnectorCapabilities",
"resourceTypeCapabilities": [
"@type": "type.googleapis.com/c1.connector.v2.ConnectorCapabilities",
"resourceTypeCapabilities": [
{
"resourceType": {
"id": "enterpriseRole",
"displayName": "Enterprise Role",
"traits": [
"TRAIT_ROLE"
]
},
"capabilities": [
"CAPABILITY_SYNC",
"CAPABILITY_PROVISION"
],
"permissions": {}
},
{
"resourceType": {
"id": "group",
"displayName": "IDP Group",
"traits": [
"TRAIT_GROUP"
]
},
"capabilities": [
"CAPABILITY_SYNC",
"CAPABILITY_PROVISION"
],
"permissions": {}
},
{
"resourceType": {
"id": "user",
"displayName": "User",
"traits": [
"resourceType": {
"id": "user",
"displayName": "User",
"traits": [
"TRAIT_USER"
],
"annotations": [
"annotations": [
{
"@type": "type.googleapis.com/c1.connector.v2.SkipEntitlementsAndGrants"
"@type": "type.googleapis.com/c1.connector.v2.SkipEntitlementsAndGrants"
}
]
},
"capabilities": [
"CAPABILITY_SYNC",
"CAPABILITY_ACCOUNT_PROVISIONING"
],
"permissions": {}
},
{
"resourceType": {
"id": "userGroup",
"displayName": "User Group",
"traits": [
"TRAIT_GROUP"
]
},
"capabilities": [
"capabilities": [
"CAPABILITY_SYNC"
],
"permissions": {}
"permissions": {}
},
{
"resourceType": {
"id": "workspace",
"displayName": "Workspace",
"traits": [
"resourceType": {
"id": "workspace",
"displayName": "Workspace",
"traits": [
"TRAIT_GROUP"
]
},
"capabilities": [
"CAPABILITY_SYNC",
"CAPABILITY_PROVISION"
"capabilities": [
"CAPABILITY_SYNC"
],
"permissions": {}
"permissions": {}
},
{
"resourceType": {
"id": "workspaceRole",
"displayName": "Workspace Role",
"traits": [
"resourceType": {
"id": "workspaceRole",
"displayName": "Workspace Role",
"traits": [
"TRAIT_ROLE"
]
},
"capabilities": [
"CAPABILITY_SYNC",
"CAPABILITY_PROVISION"
"capabilities": [
"CAPABILITY_SYNC"
],
"permissions": {}
"permissions": {}
}
],
"connectorCapabilities": [
"CAPABILITY_PROVISION",
"CAPABILITY_SYNC",
"CAPABILITY_ACCOUNT_PROVISIONING",
"CAPABILITY_ACTIONS"
"connectorCapabilities": [
"CAPABILITY_SYNC"
],
"credentialDetails": {
"capabilityAccountProvisioning": {
"supportedCredentialOptions": [
"CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD"
],
"preferredCredentialOption": "CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD"
}
}
"credentialDetails": {}
}
Loading