Skip to content

Commit

Permalink
Remove deprecated users from group command (#4)
Browse files Browse the repository at this point in the history
* Make info command work with email queries

* Don't print deprovisioned users by default

* Add comment
  • Loading branch information
popsu authored Jul 18, 2024
1 parent b21fe68 commit 0530944
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 17 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,7 @@ OKTA_INFO_API_TOKEN=<your-api-token>
okta-info rule group <group-name> # Search using group name
okta-info rule name <rule name> # Search using rule name
```

## Deprovisioned users

By default deprovisioned users are not shown. To show them, set the following environment variable to truthy value: `OKTA_INFO_SHOW_DEPROVISIONED_USERS=true`
38 changes: 27 additions & 11 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,17 @@ import (
"github.com/samber/lo"
)

const deprovisionedUserStatus = "DEPROVISIONED"

type OIClient struct {
c *okta.Client
// Not sure if this is needed, the okta.NewClient returns context also, so storing it here for now
ctx context.Context
// showDeprovisionedUsers is a flag to enable/disable printing of deprovisioned users
showDeprovisionedUsers bool
}

func NewOIClient(apiToken, oktaOrgURL string) (*OIClient, error) {
func NewOIClient(apiToken, oktaOrgURL string, showDeprovisionedUsers bool) (*OIClient, error) {
ctx, client, err := okta.NewClient(
context.TODO(),
okta.WithOrgUrl(oktaOrgURL),
Expand All @@ -40,8 +44,9 @@ func NewOIClient(apiToken, oktaOrgURL string) (*OIClient, error) {
}

return &OIClient{
c: client,
ctx: ctx,
c: client,
ctx: ctx,
showDeprovisionedUsers: showDeprovisionedUsers,
}, nil
}

Expand All @@ -58,11 +63,19 @@ func (oi *OIClient) PrintGroupsForUser(wantUserName string) error {
for _, user := range users {
profile := *user.Profile
profileEmail := profile["email"].(string)
// strip host out from email
profileUserName := strings.Split(profileEmail, "@")[0]

if strings.EqualFold(profileUserName, wantUserName) {
userID = user.Id
// searching for username with email address
if strings.Contains(wantUserName, "@") {
if strings.EqualFold(profileEmail, wantUserName) {
userID = user.Id
}
} else { // no email address, just name
// strip host out from email
profileUserName := strings.Split(profileEmail, "@")[0]

if strings.EqualFold(profileUserName, wantUserName) {
userID = user.Id
}
}
}

Expand Down Expand Up @@ -145,14 +158,17 @@ func (oi *OIClient) PrintUsersInGroups(wantGroupsName []string) error {
}

for _, user := range foundUsers {
if !oi.showDeprovisionedUsers && strings.Contains(user, deprovisionedUserStatus) {
continue
}
fmt.Println(user)
}

return nil
}

// PrintGroupDiff prints the difference of two sets of groups
func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string, hideDeprovisioned bool) error {
func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string) error {
groupsAUsers, err := oi.getUsersInGroupsUnion(groupsA)
if err != nil {
return err
Expand All @@ -169,13 +185,13 @@ func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string, hideDeprovisioned
groupB := strings.Join(groupsB, ", ")

headerStringFmt := "Users in %s, but not in %s:\n"
if hideDeprovisioned {
if !oi.showDeprovisionedUsers {
headerStringFmt = "Users (excluding deprovisioned) in %s, but not in %s:\n"
}

fmt.Printf(headerStringFmt, groupA, groupB)
for _, user := range notInB {
if strings.Contains(user, "(DEPROVISIONED)") && hideDeprovisioned {
if !oi.showDeprovisionedUsers && strings.Contains(user, deprovisionedUserStatus) {
continue
}

Expand All @@ -185,7 +201,7 @@ func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string, hideDeprovisioned

fmt.Printf(headerStringFmt, groupB, groupA)
for _, user := range notInA {
if strings.Contains(user, "(DEPROVISIONED)") && hideDeprovisioned {
if !oi.showDeprovisionedUsers && strings.Contains(user, deprovisionedUserStatus) {
continue
}

Expand Down
23 changes: 17 additions & 6 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ import (
)

var (
oktaOrgURL = os.Getenv("OKTA_INFO_ORG_URL")
apiToken = os.Getenv("OKTA_INFO_API_TOKEN")
oktaOrgURL = os.Getenv("OKTA_INFO_ORG_URL")
apiToken = os.Getenv("OKTA_INFO_API_TOKEN")
showDeprovisionedUsersEnv = "OKTA_INFO_SHOW_DEPROVISIONED_USERS"
)

func printHelp() {
Expand All @@ -25,6 +26,18 @@ func printHelp() {
fmt.Println(" rule [name/group] <rule name/group name> - print rules matching the search string or print group rules for a group")
}

// showDeprecatedUsersFromEnv returns false unless environment variable
// has been set to show deprecated users.
func showDeprovisionedUsersFromEnv() bool {
val := os.Getenv(showDeprovisionedUsersEnv)

if val == "" || strings.EqualFold(val, "false") {
return false
}

return true
}

func run() error {
// Check which subcommand was provided
if len(os.Args) < 3 {
Expand All @@ -37,7 +50,7 @@ func run() error {
return err
}

oic, err := client.NewOIClient(token, oktaOrgURL)
oic, err := client.NewOIClient(token, oktaOrgURL, showDeprovisionedUsersFromEnv())
if err != nil {
return err
}
Expand All @@ -56,9 +69,7 @@ func run() error {
groupsA := strings.Split(os.Args[2], ",")
groupsB := strings.Split(os.Args[3], ",")

hideDeprovisioned := false

return oic.PrintGroupDiff(groupsA, groupsB, hideDeprovisioned)
return oic.PrintGroupDiff(groupsA, groupsB)
case "rule":
switch os.Args[2] {
case "group", "name":
Expand Down

0 comments on commit 0530944

Please sign in to comment.