[CX-832] Containerize and update baton-sdk version

[FeliLucero1]

Summary by CodeRabbit

• Chores

  • Updated Go runtime to 1.25.2
  • Upgraded core SDK and multiple dependencies for stability and performance

• Refactor

  • Streamlined connector configuration and initialization to use a centralized config model
  • Unified paging/operation result handling across sync operations

• Tests

  • Updated integration tests to match the new sync API patterns

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Refactors the connector to use a generated config.Snowflake struct and configuration-driven New(cfg *config.Snowflake). Converts pagination/token-based APIs to rs.SyncOpAttrs/ *rs.SyncOpResults across builders, renames unused context params to _, and updates Go module dependencies and toolchain versions.

Changes

Cohort / File(s)	Summary
Configuration package pkg/config/conf.gen.go, pkg/config/config.go	Adds generated config.Snowflake struct with mapstructure tags and getters. Moves config.go to package config, introduces Configuration variable built via field.NewConfiguration(...) and ConfigurationSchema() accessor; adds field metadata and secret flag for private key.
Connector constructor & wiring pkg/connector/connector.go	Changes New to accept *config.Snowflake; extracts account URL/identifier, user, private key/path, and syncSecrets from cfg. Updates ResourceSyncers to return []connectorbuilder.ResourceSyncerV2.
Builder paging / sync API updates pkg/connector/rsa.go, pkg/connector/secrets.go, pkg/connector/users.go, pkg/connector/account_roles.go, pkg/connector/databases.go	Replaces pagination/token-based signatures with rs.SyncOpAttrs input and *rs.SyncOpResults output. Adjusts all return paths to return &rs.SyncOpResults{} or populated NextPageToken. Removes pagination/annotations imports where unused. Renames unused ctx params to _.
Tests & integration adjustments pkg/connector/internal_integration_test.go	Updates test calls to pass rs.SyncOpAttrs{PageToken: pagination.Token{}} and to receive (rv, results, err); adds assertion that results is not nil.
Dependencies / toolchain go.mod	Bumps Go toolchain to go 1.25.2. Upgrades many module versions (notably github.com/conductorone/baton-sdk v0.2.96 → v0.6.23), replaces/updates indirect deps (otter→otter/v2, gopsutil v3→v4), and adds/updates several indirect modules.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I hopped through fields of code and found,
One tidy struct where params once were bound.
Pages now whisper results in a row,
New deps stretch their legs and simply grow.
A tiny rabbit cheers: "Config, let’s go!" 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 7.69% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main changes: updating the baton-sdk dependency from v0.2.96 to v0.6.23 and Go toolchain from 1.23.4 to 1.25.2, plus related API signature updates throughout the codebase.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[linear]

CX-832 [snowflake] Containerize connector

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@pkg/connector/connector.go`:
- Around line 70-91: The constructor New currently dereferences cfg without a
nil check and doesn't validate required Snowflake fields; add an initial nil
check for cfg and return a descriptive error if nil, then validate that
cfg.AccountUrl, cfg.AccountIdentifier, and cfg.UserIdentifier are non-empty (and
any other required fields for JWT/client init) before proceeding to key parsing;
update the error messages to clearly mention which field is missing and keep
validations near the top of New so subsequent code (private key parsing and
Connector creation) can safely assume cfg is populated.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add nil check for cfg parameter and consider validating required fields.

The function dereferences cfg immediately without checking if it's nil, which would cause a panic. Additionally, AccountUrl, AccountIdentifier, and UserIdentifier appear to be required for proper JWT generation and client initialization but lack validation.

🛡️ Proposed fix

 func New(ctx context.Context, cfg *config.Snowflake) (*Connector, error) {
+	if cfg == nil {
+		return nil, fmt.Errorf("config is required")
+	}
+	if cfg.AccountUrl == "" {
+		return nil, fmt.Errorf("account-url is required")
+	}
+	if cfg.AccountIdentifier == "" {
+		return nil, fmt.Errorf("account-identifier is required")
+	}
+	if cfg.UserIdentifier == "" {
+		return nil, fmt.Errorf("user-identifier is required")
+	}
 	if cfg.PrivateKeyPath == "" && cfg.PrivateKey == "" {
 		return nil, fmt.Errorf("private-key or private-key-path is required")
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func New(ctx context.Context, cfg *config.Snowflake) (*Connector, error) {
	if cfg.PrivateKeyPath == "" && cfg.PrivateKey == "" {
	return nil, fmt.Errorf("private-key or private-key-path is required")
	}
	if privateKeyPath != "" && privateKey != "" {
	if cfg.PrivateKeyPath != "" && cfg.PrivateKey != "" {
	return nil, fmt.Errorf("only one of private-key or private-key-path can be provided")
	}
	var privateKeyValue any
	if privateKeyPath != "" {
	if cfg.PrivateKeyPath != "" {
	var err error
	privateKeyValue, err = snowflake.ReadPrivateKey(privateKeyPath)
	privateKeyValue, err = snowflake.ReadPrivateKey(cfg.PrivateKeyPath)
	if err != nil {
	return nil, err
	}
	}
	if privateKey != "" {
	if cfg.PrivateKey != "" {
	var err error
	privateKeyValue, err = snowflake.ParsePrivateKey([]byte(privateKey))
	privateKeyValue, err = snowflake.ParsePrivateKey([]byte(cfg.PrivateKey))
	if err != nil {
	return nil, err
	}
	}
	func New(ctx context.Context, cfg *config.Snowflake) (*Connector, error) {
	if cfg == nil {
	return nil, fmt.Errorf("config is required")
	}
	if cfg.AccountUrl == "" {
	return nil, fmt.Errorf("account-url is required")
	}
	if cfg.AccountIdentifier == "" {
	return nil, fmt.Errorf("account-identifier is required")
	}
	if cfg.UserIdentifier == "" {
	return nil, fmt.Errorf("user-identifier is required")
	}
	if cfg.PrivateKeyPath == "" && cfg.PrivateKey == "" {
	return nil, fmt.Errorf("private-key or private-key-path is required")
	}
	if cfg.PrivateKeyPath != "" && cfg.PrivateKey != "" {
	return nil, fmt.Errorf("only one of private-key or private-key-path can be provided")
	}
	var privateKeyValue any
	if cfg.PrivateKeyPath != "" {
	var err error
	privateKeyValue, err = snowflake.ReadPrivateKey(cfg.PrivateKeyPath)
	if err != nil {
	return nil, err
	}
	}
	if cfg.PrivateKey != "" {
	var err error
	privateKeyValue, err = snowflake.ParsePrivateKey([]byte(cfg.PrivateKey))
	if err != nil {
	return nil, err
	}
	}

🤖 Prompt for AI Agents

In `@pkg/connector/connector.go` around lines 70 - 91, The constructor New
currently dereferences cfg without a nil check and doesn't validate required
Snowflake fields; add an initial nil check for cfg and return a descriptive
error if nil, then validate that cfg.AccountUrl, cfg.AccountIdentifier, and
cfg.UserIdentifier are non-empty (and any other required fields for JWT/client
init) before proceeding to key parsing; update the error messages to clearly
mention which field is missing and keep validations near the top of New so
subsequent code (private key parsing and Connector creation) can safely assume
cfg is populated.

[luisina-santos]

Let's revisit resource_types.go and add Annotations: getSkipEntitlementsAnnotation(), for resources that are not implementing entitlements and grants

[luisina-santos]

based on c1 this field should be renamed to "Account ID / Locator" > https://github.com/ductone/c1/blob/main/pkg/builtin_connectors/snowflake.go

[luisina-santos]

we should refactor all the descriptions since there isn't much descriptive info

[luisina-santos]

this field should include Export target CLI only > Example

[luisina-santos]

This field should be replaces by an input file field with allowed extensions (".p8", ".pem", ".key")

• Example
• C1 reference

[luisina-santos]

help url should match the v2 connector url ("/docs/baton/snowflake-v2") > https://github.com/ductone/c1/blob/main/pkg/builtin_connectors/snowflake.go#L32

[luisina-santos]

we should return nil here instead of empty struct

[luisina-santos]

please revisit all scenarios where you are returning empty op results