From 9a688eb95f8b7d88be86b95cd1df4b5e758cccfd Mon Sep 17 00:00:00 2001
From: Tommi Hovi <tommi.hovi@gmail.com>
Date: Thu, 18 Jul 2024 09:20:14 +0300
Subject: [PATCH 1/3] Make info command work with email queries

---
 client/client.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/client/client.go b/client/client.go
index 81b22b6..b6802d7 100644
--- a/client/client.go
+++ b/client/client.go
@@ -58,11 +58,19 @@ func (oi *OIClient) PrintGroupsForUser(wantUserName string) error {
 	for _, user := range users {
 		profile := *user.Profile
 		profileEmail := profile["email"].(string)
-		// strip host out from email
-		profileUserName := strings.Split(profileEmail, "@")[0]
 
-		if strings.EqualFold(profileUserName, wantUserName) {
-			userID = user.Id
+		// searhcing for username with email address
+		if strings.Contains(wantUserName, "@") {
+			if strings.EqualFold(profileEmail, wantUserName) {
+				userID = user.Id
+			}
+		} else {
+			// strip host out from email
+			profileUserName := strings.Split(profileEmail, "@")[0]
+
+			if strings.EqualFold(profileUserName, wantUserName) {
+				userID = user.Id
+			}
 		}
 	}
 

From 2892fb9733d5c78cd6b86d6f95519177778c4696 Mon Sep 17 00:00:00 2001
From: Tommi Hovi <tommi.hovi@gmail.com>
Date: Thu, 18 Jul 2024 10:13:46 +0300
Subject: [PATCH 2/3] Don't print deprovisioned users by default

---
 README.md        |  4 ++++
 client/client.go | 27 +++++++++++++++++----------
 main.go          | 23 +++++++++++++++++------
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 62149ea..fc86e49 100644
--- a/README.md
+++ b/README.md
@@ -54,3 +54,7 @@ OKTA_INFO_API_TOKEN=<your-api-token>
     okta-info rule group <group-name> # Search using group name
     okta-info rule name <rule name> # Search using rule name
     ```
+
+## Deprovisioned users
+
+By default deprovisioned users are not shown. To show them, set the following environment variable to truthy value: `OKTA_INFO_SHOW_DEPROVISIONED_USERS=true`
diff --git a/client/client.go b/client/client.go
index b6802d7..a943240 100644
--- a/client/client.go
+++ b/client/client.go
@@ -12,13 +12,16 @@ import (
 	"github.com/samber/lo"
 )
 
+const deprovisionedUserStatus = "DEPROVISIONED"
+
 type OIClient struct {
 	c *okta.Client
 	// Not sure if this is needed, the okta.NewClient returns context also, so storing it here for now
-	ctx context.Context
+	ctx                    context.Context
+	showDeprovisionedUsers bool
 }
 
-func NewOIClient(apiToken, oktaOrgURL string) (*OIClient, error) {
+func NewOIClient(apiToken, oktaOrgURL string, showDeprovisionedUsers bool) (*OIClient, error) {
 	ctx, client, err := okta.NewClient(
 		context.TODO(),
 		okta.WithOrgUrl(oktaOrgURL),
@@ -40,8 +43,9 @@ func NewOIClient(apiToken, oktaOrgURL string) (*OIClient, error) {
 	}
 
 	return &OIClient{
-		c:   client,
-		ctx: ctx,
+		c:                      client,
+		ctx:                    ctx,
+		showDeprovisionedUsers: showDeprovisionedUsers,
 	}, nil
 }
 
@@ -59,12 +63,12 @@ func (oi *OIClient) PrintGroupsForUser(wantUserName string) error {
 		profile := *user.Profile
 		profileEmail := profile["email"].(string)
 
-		// searhcing for username with email address
+		// searching for username with email address
 		if strings.Contains(wantUserName, "@") {
 			if strings.EqualFold(profileEmail, wantUserName) {
 				userID = user.Id
 			}
-		} else {
+		} else { // no email address, just name
 			// strip host out from email
 			profileUserName := strings.Split(profileEmail, "@")[0]
 
@@ -153,6 +157,9 @@ func (oi *OIClient) PrintUsersInGroups(wantGroupsName []string) error {
 	}
 
 	for _, user := range foundUsers {
+		if !oi.showDeprovisionedUsers && strings.Contains(user, deprovisionedUserStatus) {
+			continue
+		}
 		fmt.Println(user)
 	}
 
@@ -160,7 +167,7 @@ func (oi *OIClient) PrintUsersInGroups(wantGroupsName []string) error {
 }
 
 // PrintGroupDiff prints the difference of two sets of groups
-func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string, hideDeprovisioned bool) error {
+func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string) error {
 	groupsAUsers, err := oi.getUsersInGroupsUnion(groupsA)
 	if err != nil {
 		return err
@@ -177,13 +184,13 @@ func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string, hideDeprovisioned
 	groupB := strings.Join(groupsB, ", ")
 
 	headerStringFmt := "Users in %s, but not in %s:\n"
-	if hideDeprovisioned {
+	if !oi.showDeprovisionedUsers {
 		headerStringFmt = "Users (excluding deprovisioned) in %s, but not in %s:\n"
 	}
 
 	fmt.Printf(headerStringFmt, groupA, groupB)
 	for _, user := range notInB {
-		if strings.Contains(user, "(DEPROVISIONED)") && hideDeprovisioned {
+		if !oi.showDeprovisionedUsers && strings.Contains(user, deprovisionedUserStatus) {
 			continue
 		}
 
@@ -193,7 +200,7 @@ func (oi *OIClient) PrintGroupDiff(groupsA, groupsB []string, hideDeprovisioned
 
 	fmt.Printf(headerStringFmt, groupB, groupA)
 	for _, user := range notInA {
-		if strings.Contains(user, "(DEPROVISIONED)") && hideDeprovisioned {
+		if !oi.showDeprovisionedUsers && strings.Contains(user, deprovisionedUserStatus) {
 			continue
 		}
 
diff --git a/main.go b/main.go
index f09ef9e..cd9c839 100644
--- a/main.go
+++ b/main.go
@@ -12,8 +12,9 @@ import (
 )
 
 var (
-	oktaOrgURL = os.Getenv("OKTA_INFO_ORG_URL")
-	apiToken   = os.Getenv("OKTA_INFO_API_TOKEN")
+	oktaOrgURL                = os.Getenv("OKTA_INFO_ORG_URL")
+	apiToken                  = os.Getenv("OKTA_INFO_API_TOKEN")
+	showDeprovisionedUsersEnv = "OKTA_INFO_SHOW_DEPROVISIONED_USERS"
 )
 
 func printHelp() {
@@ -25,6 +26,18 @@ func printHelp() {
 	fmt.Println("  rule [name/group] <rule name/group name> - print rules matching the search string or print group rules for a group")
 }
 
+// showDeprecatedUsersFromEnv returns false unless environment variable
+// has been set to show deprecated users.
+func showDeprovisionedUsersFromEnv() bool {
+	val := os.Getenv(showDeprovisionedUsersEnv)
+
+	if val == "" || strings.EqualFold(val, "false") {
+		return false
+	}
+
+	return true
+}
+
 func run() error {
 	// Check which subcommand was provided
 	if len(os.Args) < 3 {
@@ -37,7 +50,7 @@ func run() error {
 		return err
 	}
 
-	oic, err := client.NewOIClient(token, oktaOrgURL)
+	oic, err := client.NewOIClient(token, oktaOrgURL, showDeprovisionedUsersFromEnv())
 	if err != nil {
 		return err
 	}
@@ -56,9 +69,7 @@ func run() error {
 		groupsA := strings.Split(os.Args[2], ",")
 		groupsB := strings.Split(os.Args[3], ",")
 
-		hideDeprovisioned := false
-
-		return oic.PrintGroupDiff(groupsA, groupsB, hideDeprovisioned)
+		return oic.PrintGroupDiff(groupsA, groupsB)
 	case "rule":
 		switch os.Args[2] {
 		case "group", "name":

From 53bb0eac1e20df81f04ae8c4ea0fe28c0d08fcc6 Mon Sep 17 00:00:00 2001
From: Tommi Hovi <tommi.hovi@gmail.com>
Date: Thu, 18 Jul 2024 10:14:33 +0300
Subject: [PATCH 3/3] Add comment

---
 client/client.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/client/client.go b/client/client.go
index a943240..d758d1e 100644
--- a/client/client.go
+++ b/client/client.go
@@ -17,7 +17,8 @@ const deprovisionedUserStatus = "DEPROVISIONED"
 type OIClient struct {
 	c *okta.Client
 	// Not sure if this is needed, the okta.NewClient returns context also, so storing it here for now
-	ctx                    context.Context
+	ctx context.Context
+	// showDeprovisionedUsers is a flag to enable/disable printing of deprovisioned users
 	showDeprovisionedUsers bool
 }