Skip to content

annotate permissions/v2 default builder #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
laurenleach merged 1 commit into from
Feb 27, 2026
Merged

annotate permissions/v2 default builder #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cmd/baton-slack/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,6 @@ var (
func main() {
ctx := context.Background()
config.RunConnector(ctx, connectorName, version, cfg.Configuration, connector.New,
connectorrunner.WithDefaultCapabilitiesConnectorBuilderV2(&connector.Slack{}),
connectorrunner.WithSessionStoreEnabled())
Comment on lines 17 to 21
Copy link

@coderabbitai coderabbitai bot Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Add required --base-url and --insecure CLI support

Line 19 currently runs with static connector configuration and does not expose --base-url / --insecure handling required for mock-server and self-signed cert workflows.

As per coding guidelines, "Use command-line flags for API URLs and configuration rather than hardcoding them to allow mock server testing and environment flexibility. Support --base-url and --insecure command-line flags for mock server testing and self-signed certificate handling."

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@cmd/baton-slack/main.go` around lines 17 - 21, Add CLI flags --base-url
(string) and --insecure (bool) in main(), parse them before calling
config.RunConnector, and propagate their values into the connector configuration
used by RunConnector. Concretely: declare flag variables (e.g., baseURL,
insecure), call flag.Parse(), then set the appropriate fields on
cfg.Configuration (or call a setter on cfg.Configuration) so the value of
baseURL is used as the connector API base URL and insecure toggles TLS
verification (e.g., disable cert verification in the connector's HTTP/TLS
setup). Keep the rest of the invocation of config.RunConnector(ctx,
connectorName, version, cfg.Configuration, connector.New,
connectorrunner.WithDefaultCapabilitiesConnectorBuilderV2(&connector.Slack{}),
connectorrunner.WithSessionStoreEnabled()) unchanged except that
cfg.Configuration now contains the parsed baseURL and insecure values.

}
59 changes: 57 additions & 2 deletions pkg/connector/resource_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,41 +5,96 @@ import (
"github.com/conductorone/baton-sdk/pkg/annotations"
)

func capabilityPermissions(perms ...string) *v2.CapabilityPermissions {
cp := &v2.CapabilityPermissions{}
for _, p := range perms {
cp.Permissions = append(cp.Permissions, &v2.CapabilityPermission{Permission: p})
}
return cp
}

var (
resourceTypeUser = &v2.ResourceType{
Id: "user",
DisplayName: "User",
Traits: []v2.ResourceType_Trait{
v2.ResourceType_TRAIT_USER,
},
Annotations: annotations.New(&v2.SkipEntitlementsAndGrants{}),
Annotations: annotations.New(
&v2.SkipEntitlementsAndGrants{},
capabilityPermissions(
// Bot Token Scopes
"users:read",
"users:read.email",
"users.profile:read",
// User Token Scopes (Business+ SCIM)
"admin",
"admin.users:read",
),
),
}
resourceTypeWorkspace = &v2.ResourceType{
Id: "workspace",
DisplayName: "Workspace",
Traits: []v2.ResourceType_Trait{
v2.ResourceType_TRAIT_GROUP,
},
Annotations: annotations.New(
capabilityPermissions(
// Bot Token Scopes
"team:read",
"users:read",
"users:read.email",
"channels:join",
"channels:read",
"groups:read",
// User Token Scopes (Business+)
"admin.teams:read",
),
),
}
resourceTypeUserGroup = &v2.ResourceType{
Id: "userGroup",
DisplayName: "User Group",
Traits: []v2.ResourceType_Trait{
v2.ResourceType_TRAIT_GROUP,
},
Annotations: annotations.New(
capabilityPermissions(
// Bot Token Scopes
"usergroups:read",
"users:read",
// User Token Scopes (Business+)
"admin.usergroups:read",
),
),
}
resourceTypeGroup = &v2.ResourceType{
Id: "group",
DisplayName: "IDP Group",
Traits: []v2.ResourceType_Trait{
v2.ResourceType_TRAIT_GROUP,
},
Annotations: annotations.New(
capabilityPermissions(
// User Token Scopes (Business+ SCIM)
"admin",
"admin.users:write",
),
),
}

resourceTypeWorkspaceRole = &v2.ResourceType{
Id: "workspaceRole",
DisplayName: "Workspace Role",
Annotations: annotations.New(&v2.SkipGrants{}),
Annotations: annotations.New(
&v2.SkipGrants{},
capabilityPermissions(
// User Token Scopes (Business+)
"admin",
"admin.roles:read",
),
),
Traits: []v2.ResourceType_Trait{
v2.ResourceType_TRAIT_ROLE,
},
Expand Down
Loading