-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.go
127 lines (105 loc) · 2.72 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package main
import (
"bytes"
"fmt"
"log"
"os"
"os/exec"
"strings"
"github.com/popsu/okta-info/client"
)
var (
oktaOrgURL = os.Getenv("OKTA_INFO_ORG_URL")
apiToken = os.Getenv("OKTA_INFO_API_TOKEN")
showDeprovisionedUsersEnv = "OKTA_INFO_SHOW_DEPROVISIONED_USERS"
)
func printHelp() {
fmt.Println("Usage: okta-info <subcommand> <subcommand arguments>")
fmt.Println("Subcommands:")
fmt.Println(" group <group name> - print users in a group")
fmt.Println(" user <user name> - print groups for a user")
fmt.Println(" diff <group1,group2> <group3,group4> - print users in any of groups 1 or 2 but not in groups 3 or 4")
fmt.Println(" rule [name/group] <rule name/group name> - print rules matching the search string or print group rules for a group")
}
// showDeprecatedUsersFromEnv returns false unless environment variable
// has been set to show deprecated users.
func showDeprovisionedUsersFromEnv() bool {
val := os.Getenv(showDeprovisionedUsersEnv)
if val == "" || strings.EqualFold(val, "false") {
return false
}
return true
}
func run() error {
// Check which subcommand was provided
if len(os.Args) < 3 {
printHelp()
os.Exit(1)
}
token, err := getAPIToken()
if err != nil {
return err
}
oic, err := client.NewOIClient(token, oktaOrgURL, showDeprovisionedUsersFromEnv())
if err != nil {
return err
}
// Handle the subcommands
switch os.Args[1] {
case "group":
// CommaSeparated list of groups
groups := strings.Split(os.Args[2], ",")
return oic.PrintUsersInGroups(groups)
case "user":
return oic.PrintGroupsForUser(os.Args[2])
case "diff":
// CommaSeparated list of groups
groupsA := strings.Split(os.Args[2], ",")
groupsB := strings.Split(os.Args[3], ",")
return oic.PrintGroupDiff(groupsA, groupsB)
case "rule":
switch os.Args[2] {
case "group", "name":
return oic.PrintGroupRules(os.Args[3], client.RuleType(os.Args[2]))
default:
printHelp()
os.Exit(1)
}
default:
printHelp()
os.Exit(1)
}
// should not get here ever
return nil
}
func main() {
err := run()
if err != nil {
log.Fatalf("Error: %s", err)
}
}
func getAPIToken() (string, error) {
if apiToken != "" {
return apiToken, nil
}
if os.Getenv("OKTA_INFO_USE_1PASSWORD") == "" {
return "", nil
}
// Use 1password vault to fetch token
// This probably doesn't work for anyone else than me, sorry
cmd := exec.Command("op", "item", "get",
"product-Okta ApiToken",
"--vault", "Private",
"--field", "password")
var outb, errb bytes.Buffer
cmd.Stdout = &outb
cmd.Stderr = &errb
err := cmd.Run()
if err != nil {
fmt.Println(outb.String())
fmt.Println(errb.String())
return "", err
}
// trim extra whitespace
return strings.TrimSpace(outb.String()), nil
}