cloud_deps: read auth0 creds from terraform_remote_state

[entlein]

Stacks on top of #44 (cockpit typo fix) which stacks on #41.

Replace the sops_file-based lookup of terraform/credentials/cockpit/auth0_config.yaml with data.terraform_remote_state.auth0. Lets the cloud_deps state consume client_id/secret from the live auth0 terraform state instead of relying on a committed SOPS file (which only contains one specific tenant's values).

Changes

• core_resource_deps.tf — data.sops_file.auth0 → data.terraform_remote_state.auth0; kubernetes_secret_v1.cloud_auth0 reads outputs.pixie_client_id / outputs.pixie_client_secret.
• variables.tf — new auth0_state_* vars to configure the remote state backend.
• provider.tf — drop the sops provider (no longer used).

Required on the auth0 state

The remote state must expose:

• output "pixie_client_id"
• output "pixie_client_secret" (sensitive)

These wrap whichever auth0_client / auth0_client_credentials resource pair represents Pixie Cloud in the relevant tenant.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c7b4b975-298b-4cf5-9d5f-2613c45c0319

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}