Migrate configuration to use schema fields

README.md

@@ -76,19 +76,24 @@ Available Commands:
   help               Help about any command
 
 Flags:
-      --api-token string             The API token for the service account.  ($BATON_API_TOKEN)
+      --api-token string             The API token for the service account ($BATON_API_TOKEN)
+      --ciam                         Whether to run in CIAM mode or not. In CIAM mode, only roles and the users assigned to roles are synced ($BATON_CIAM)
+      --ciam-email-domains strings   The email domains to use for CIAM mode. Any users that don't have an email address with one of the provided domains will be ignored, unless explicitly granted a role ($BATON_CIAM_EMAIL_DOMAINS)
       --client-id string             The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
       --client-secret string         The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
-      --domain string                The URL for the Okta organization. ($BATON_DOMAIN)
+      --domain string                required: The URL for the Okta organization ($BATON_DOMAIN)
   -f, --file string                  The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
   -h, --help                         help for baton-okta
       --log-format string            The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")
       --log-level string             The log level: debug, info, warn, error ($BATON_LOG_LEVEL) (default "info")
-      --okta-client-id string        The Okta Client ID. ($BATON_OKTA_CLIENT_ID)
-      --okta-private-key string      The Okta Private Key. This can be the whole private key or the path to the private key. ($BATON_OKTA_PRIVATE_KEY)
-      --okta-private-key-id string   The Okta Private Key ID. ($BATON_OKTA_PRIVATE_KEY_ID)
-  -p, --provisioning                 This must be set in order for provisioning actions to be enabled. ($BATON_PROVISIONING)
-      --sync-inactive-apps           Whether to sync inactive apps or not.  ($BATON_SYNC_INACTIVE_APPS) (default true)
+      --okta-client-id string        The Okta Client ID ($BATON_OKTA_CLIENT_ID)
+      --okta-private-key string      The Okta Private Key. This can be the whole private key or the path to the private key ($BATON_OKTA_PRIVATE_KEY)
+      --okta-private-key-id string   The Okta Private Key ID ($BATON_OKTA_PRIVATE_KEY_ID)
+      --okta-provisioning            ($BATON_OKTA_PROVISIONING)
+  -p, --provisioning                 This must be set in order for provisioning actions to be enabled ($BATON_PROVISIONING)
+      --skip-full-sync               This must be set to skip a full sync ($BATON_SKIP_FULL_SYNC)
+      --sync-inactive-apps           Whether to sync inactive apps or not ($BATON_SYNC_INACTIVE_APPS) (default true)
+      --ticketing                    This must be set to enable ticketing support ($BATON_TICKETING)
   -v, --version                      version for baton-okta
 
 Use "baton-okta [command] --help" for more information about a command.

cmd/baton-okta/config.go

@@ -1,66 +1,29 @@
 package main
 
 import (
-	"context"
-	"fmt"
-
-	"github.com/conductorone/baton-sdk/pkg/cli"
-	"github.com/spf13/cobra"
+	"github.com/conductorone/baton-sdk/pkg/field"
 )
 
-// config defines the external configuration required for the connector to run.
-type Config struct {
-	cli.BaseConfig `mapstructure:",squash"` // Puts the base config options in the same place as the connector options
-
-	Domain           string   `mapstructure:"domain"`
-	ApiToken         string   `mapstructure:"api-token"`
-	OktaClientId     string   `mapstructure:"okta-client-id"`
-	OktaPrivateKey   string   `mapstructure:"okta-private-key"`
-	OktaPrivateKeyId string   `mapstructure:"okta-private-key-id"`
-	SyncInactiveApps bool     `mapstructure:"sync-inactive-apps"`
-	OktaProvisioning bool     `mapstructure:"provisioning"`
-	Ciam             bool     `mapstructure:"ciam"`
-	CiamEmailDomains []string `mapstructure:"ciam-email-domains"`
-}
-
-// validateConfig is run after the configuration is loaded, and should return an error if it isn't valid.
-func validateConfig(ctx context.Context, cfg *Config) error {
-	if cfg.Domain == "" {
-		return fmt.Errorf("domain is missing")
-	}
-
-	if cfg.ApiToken == "" {
-		if cfg.OktaClientId == "" {
-			return fmt.Errorf("either api token or client id is required")
-		} else if cfg.OktaClientId != "" && cfg.OktaPrivateKey == "" || cfg.OktaPrivateKeyId == "" {
-			return fmt.Errorf("private key and private key id required")
-		}
-
-		if cfg.OktaClientId == "" && cfg.OktaPrivateKey == "" && cfg.OktaPrivateKeyId == "" {
-			return fmt.Errorf("client id, private key and private key id required")
-		}
-	}
-
-	if cfg.ApiToken != "" && cfg.OktaClientId != "" {
-		return fmt.Errorf("api token and client id cannot be provided simultaneously")
-	}
+var (
+	domain             = field.StringField("domain", field.WithRequired(true), field.WithDescription("The URL for the Okta organization"))
+	apiToken           = field.StringField("api-token", field.WithDescription("The API token for the service account"))
+	oktaClientId       = field.StringField("okta-client-id", field.WithDescription("The Okta Client ID"))
+	oktaPrivateKeyId   = field.StringField("okta-private-key-id", field.WithDescription("The Okta Private Key ID"))
+	oktaPrivateKey     = field.StringField("okta-private-key", field.WithDescription("The Okta Private Key. This can be the whole private key or the path to the private key"))
+	syncInactivateApps = field.BoolField("sync-inactive-apps", field.WithDescription("Whether to sync inactive apps or not"), field.WithDefaultValue(true))
+	oktaProvisioning   = field.BoolField("okta-provisioning")
+	ciam               = field.BoolField("ciam", field.WithDescription("Whether to run in CIAM mode or not. In CIAM mode, only roles and the users assigned to roles are synced"))
+	ciamEmailDomains   = field.StringSliceField("ciam-email-domains",
+		field.WithDescription("The email domains to use for CIAM mode. Any users that don't have an email address with one of the provided domains will be ignored, unless explicitly granted a role"))
+)
 
-	return nil
+var relationships = []field.SchemaFieldRelationship{
+	field.FieldsDependentOn([]field.SchemaField{oktaPrivateKey, oktaPrivateKey}, []field.SchemaField{oktaClientId}),
+	field.FieldsMutuallyExclusive(apiToken, oktaClientId),
+	field.FieldsAtLeastOneUsed(apiToken, oktaClientId),
 }
 
-// cmdFlags sets the cmdFlags required for the connector.
-func cmdFlags(cmd *cobra.Command) {
-	cmd.PersistentFlags().String("domain", "", "The URL for the Okta organization. ($BATON_DOMAIN)")
-	cmd.PersistentFlags().String("okta-client-id", "", "The Okta Client ID. ($BATON_OKTA_CLIENT_ID)")
-	cmd.PersistentFlags().String("okta-private-key", "", "The Okta Private Key. This can be the whole private key or the path to the private key. ($BATON_OKTA_PRIVATE_KEY)")
-	cmd.PersistentFlags().String("okta-private-key-id", "", "The Okta Private Key ID. ($BATON_OKTA_PRIVATE_KEY_ID)")
-	cmd.PersistentFlags().String("api-token", "", "The API token for the service account.  ($BATON_API_TOKEN)")
-	cmd.PersistentFlags().Bool("sync-inactive-apps", true, "Whether to sync inactive apps or not.  ($BATON_SYNC_INACTIVE_APPS)")
-	cmd.PersistentFlags().Bool("ciam", false, "Whether to run in CIAM mode or not. In CIAM mode, only roles and the users assigned to roles are synced.  ($BATON_CIAM)")
-	cmd.PersistentFlags().StringSlice(
-		"ciam-email-domains",
-		nil,
-		"The email domains to use for CIAM mode. Any users that don't have an email address with one of the provided domains will be ignored,"+
-			"unless explicitly granted a role. ($BATON_CIAM_EMAIL_DOMAIN)",
-	)
-}
+var configuration = field.NewConfiguration([]field.SchemaField{
+	domain, apiToken, oktaClientId, oktaPrivateKey, oktaPrivateKeyId,
+	syncInactivateApps, oktaProvisioning, ciam, ciamEmailDomains,
+}, relationships...)

cmd/baton-okta/main.go

@@ -5,51 +5,49 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/conductorone/baton-sdk/pkg/cli"
 	"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
 	"github.com/conductorone/baton-sdk/pkg/types"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
+	"github.com/spf13/viper"
 	"go.uber.org/zap"
 
 	"github.com/conductorone/baton-okta/pkg/connector"
+	configschema "github.com/conductorone/baton-sdk/pkg/config"
 )
 
 var version = "dev"
 
 func main() {
 	ctx := context.Background()
 
-	cfg := &Config{}
-	cmd, err := cli.NewCmd(ctx, "baton-okta", cfg, validateConfig, getConnector)
+	_, cmd, err := configschema.DefineConfiguration(ctx, "baton-okta", getConnector, configuration)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err.Error())
 		os.Exit(1)
 	}
 
 	cmd.Version = version
 
-	cmdFlags(cmd)
-
 	err = cmd.Execute()
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err.Error())
 		os.Exit(1)
 	}
 }
 
-func getConnector(ctx context.Context, cfg *Config) (types.ConnectorServer, error) {
+func getConnector(ctx context.Context, v *viper.Viper) (types.ConnectorServer, error) {
 	l := ctxzap.Extract(ctx)
 
 	ccfg := &connector.Config{
-		Domain:           cfg.Domain,
-		ApiToken:         cfg.ApiToken,
-		OktaClientId:     cfg.OktaClientId,
-		OktaPrivateKey:   cfg.OktaPrivateKey,
-		OktaPrivateKeyId: cfg.OktaPrivateKeyId,
-		SyncInactiveApps: cfg.SyncInactiveApps,
-		OktaProvisioning: cfg.OktaProvisioning,
-		Ciam:             cfg.Ciam,
-		CiamEmailDomains: cfg.CiamEmailDomains,
+		Domain:           v.GetString("domain"),
+		ApiToken:         v.GetString("api-token"),
+		OktaClientId:     v.GetString("okta-client-id"),
+		OktaPrivateKey:   v.GetString("okta-private-key"),
+		OktaPrivateKeyId: v.GetString("okta-private-key-id"),
+		SyncInactiveApps: v.GetBool("sync-inactive-apps"),
+		OktaProvisioning: v.GetBool("okta-provisioning"),
+		Ciam:             v.GetBool("ciam"),
+		CiamEmailDomains: v.GetStringSlice("ciam-email-domains"),
 	}
 
 	cb, err := connector.New(ctx, ccfg)

go.mod

@@ -3,10 +3,10 @@ module github.com/conductorone/baton-okta
 go 1.22.2
 
 require (
-	github.com/conductorone/baton-sdk v0.1.43
+	github.com/conductorone/baton-sdk v0.2.18
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/okta/okta-sdk-golang/v2 v2.20.0
-	github.com/spf13/cobra v1.8.0
+	github.com/spf13/viper v1.19.0
 	go.uber.org/zap v1.27.0
 	google.golang.org/protobuf v1.34.1
 )
@@ -15,6 +15,7 @@ require (
 	filippo.io/age v1.1.1 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/allegro/bigcache/v3 v3.1.0 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.27.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.27.17 // indirect
@@ -36,6 +37,7 @@ require (
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/deckarep/golang-set/v2 v2.6.0 // indirect
 	github.com/doug-martin/goqu/v9 v9.19.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
@@ -68,8 +70,8 @@ require (
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.19.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tklauser/go-sysconf v0.3.14 // indirect
 	github.com/tklauser/numcpus v0.8.0 // indirect

go.sum

@@ -8,6 +8,8 @@ github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/allegro/bigcache/v3 v3.1.0 h1:H2Vp8VOvxcrB91o86fUSVJFqeuz8kpyyB02eH3bSzwk=
+github.com/allegro/bigcache/v3 v3.1.0/go.mod h1:aPyh7jEvrog9zAwx5N7+JUQX5dZTSGpxF1LAR4dr35I=
 github.com/aws/aws-sdk-go-v2 v1.27.1 h1:xypCL2owhog46iFxBKKpBcw+bPTX/RJzwNj8uSilENw=
 github.com/aws/aws-sdk-go-v2 v1.27.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
@@ -54,13 +56,15 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/conductorone/baton-sdk v0.1.43 h1:fEOsR/Os66GhA/FpXpldjcm7NIyUZ0TNCBkWmqtalrs=
-github.com/conductorone/baton-sdk v0.1.43/go.mod h1:CxHwuTWhrX2w5yEuAxoRWIUofimnnnM9ancsZPvTko8=
+github.com/conductorone/baton-sdk v0.2.18 h1:nnEtw0qKl1s6zbDbQxlq6beA6Az+gwYGSycMG9X7fgg=
+github.com/conductorone/baton-sdk v0.2.18/go.mod h1:hmd/Oz3DPIKD+9QmkusZaA18ZoiinnTDdrxh2skcdUc=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set/v2 v2.6.0 h1:XfcQbWM1LlMB8BsJ8N9vW5ehnnPVIw0je80NsVHagjM=
+github.com/deckarep/golang-set/v2 v2.6.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/denisenkom/go-mssqldb v0.10.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/doug-martin/goqu/v9 v9.19.0 h1:PD7t1X3tRcUiSdc5TEyOFKujZA5gs3VSA7wxSvBx7qo=
 github.com/doug-martin/goqu/v9 v9.19.0/go.mod h1:nf0Wc2/hV3gYK9LiyqIrzBEVGlI8qW3GuDCEobC4wBQ=
@@ -141,6 +145,7 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.7 h1:fxWBnXkxfM6sRiuH3bqJ4CfzZojMOLVc0UTsTglEghA=
 github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -220,8 +225,14 @@ github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
 go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.27.0 h1:/jlt1Y8gXWiHG9FBx6cJaIC5hYx5Fe64nC8w5Cylt/0=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.27.0/go.mod h1:bmToOGOBZ4hA9ghphIc1PAf66VA8KOtsuy3+ScStG20=
 go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
 go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
+go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI=
+go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A=
+go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI=
+go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw=
 go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
 go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=