Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed the column rules to populate all the properties correctly for the tables okta_signon_policy, okta_password_policy, okta_idp_discovery_policy and okta_authentication_policy Closes #144 #145

Merged
merged 1 commit into from
Sep 11, 2024
Merged

Fixed the column rules to populate all the properties correctly for the tables okta_signon_policy, okta_password_policy, okta_idp_discovery_policy and okta_authentication_policy Closes #144 #145

merged 1 commit into from
Sep 11, 2024

Conversation

ParthaI
Copy link
Contributor

@ParthaI ParthaI commented Aug 21, 2024

Example query results

Results

Identity Engine:

> select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_admin.okta_password_policy,
  jsonb_array_elements(rules) as r

+----------------+-------------+--------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name           | policy_name | policy_type  | policy_actions                                                                                                                                                                                               |
+----------------+-------------+--------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Policy | PASSWORD    | test         | {"passwordChange":{"access":"ALLOW"},"selfServicePasswordReset":{"access":"ALLOW","requirement":{"primary":{"methods":["email","push"]},"stepUp":{"required":true}}},"selfServiceUnlock":{"access":"ALLOW"}} |
| Default Policy | PASSWORD    | Default Rule | {"passwordChange":{"access":"ALLOW"},"selfServicePasswordReset":{"access":"ALLOW","requirement":{"primary":{"methods":["email"]},"stepUp":{"required":false}}},"selfServiceUnlock":{"access":"DENY"}}        |
+----------------+-------------+--------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Time: 1.8s. Rows returned: 2. Rows fetched: 1. Hydrate calls: 1.

Scans:
  1) okta_password_policy.okta_admin: Time: 1.7s. Fetched: 1. Hydrates: 1.

> select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_admin.okta_signon_policy,
  jsonb_array_elements(rules) as r
+----------------+-------------+--------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name           | policy_name | policy_type  | policy_actions                                                                                                                                                                                                                  |
+----------------+-------------+--------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Policy | SIGN_ON     | Default Rule | {"signon":{"access":"ALLOW","primaryFactor":"PASSWORD_IDP_ANY_FACTOR","rememberDeviceByDefault":false,"requireFactor":false,"session":{"maxSessionIdleMinutes":120,"maxSessionLifetimeMinutes":0,"usePersistentCookie":false}}} |
+----------------+-------------+--------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Time: 0.8s. Rows returned: 1. Rows fetched: 1. Hydrate calls: 1.

Scans:
  1) okta_signon_policy.okta_admin: Time: 0.7s. Fetched: 1. Hydrates: 1.

> select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_admin.okta_idp_discovery_policy,
  jsonb_array_elements(rules) as r
+----------------------+---------------+--------------+-----------------------------------------------------------------------+
| name                 | policy_name   | policy_type  | policy_actions                                                        |
+----------------------+---------------+--------------+-----------------------------------------------------------------------+
| Idp Discovery Policy | IDP_DISCOVERY | Default Rule | {"idp":{"idpSelectionType":"SPECIFIC","providers":[{"type":"OKTA"}]}} |
+----------------------+---------------+--------------+-----------------------------------------------------------------------+

Time: 0.7s. Rows returned: 1. Rows fetched: 1. Hydrate calls: 1.

Scans:
  1) okta_idp_discovery_policy.okta_admin: Time: 0.6s. Fetched: 1. Hydrates: 1.

> select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_admin.okta_authentication_policy,
  jsonb_array_elements(rules) as r
+-------------------------+---------------+------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name                    | policy_name   | policy_type                  | policy_actions                                                                                                                                                                                                           |
+-------------------------+---------------+------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Okta Browser Plugin     | ACCESS_POLICY | Catch-all Rule               | {"appSignOn":{"access":"ALLOW","verificationMethod":{"factorMode":"2FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}}                                                                                                 |
| Any two factors         | ACCESS_POLICY | Catch-all Rule               | {"appSignOn":{"access":"ALLOW","verificationMethod":{"factorMode":"2FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}}                                                                                                 |
| Okta Agent Registration | ACCESS_POLICY | Catch-all Rule               | {"appSignOn":{"access":"ALLOW","verificationMethod":{"factorMode":"2FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}}                                                                                                 |
| Okta Dashboard          | ACCESS_POLICY | Free trial org password Rule | {"appSignOn":{"access":"ALLOW","verificationMethod":{"constraints":[{"knowledge":{"required":true,"types":["password"]}}],"factorMode":"1FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}}                            |
| Okta Dashboard          | ACCESS_POLICY | Catch-all Rule               | {"appSignOn":{"access":"ALLOW","verificationMethod":{"factorMode":"2FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}}                                                                                                 |
| Okta Admin Console      | ACCESS_POLICY | Free trial org password Rule | {"appSignOn":{"access":"ALLOW","verificationMethod":{"constraints":[{"knowledge":{"required":true,"types":["password"]}}],"factorMode":"1FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}}                            |
| Okta Admin Console      | ACCESS_POLICY | Catch-all Rule               | {"appSignOn":{"access":"ALLOW","verificationMethod":{"constraints":[{"knowledge":{"reauthenticateIn":"PT12H","required":true,"types":["password"]}}],"factorMode":"2FA","reauthenticateIn":"PT12H","type":"ASSURANCE"}}} |
+-------------------------+---------------+------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Time: 0.7s. Rows returned: 7. Rows fetched: 5. Hydrate calls: 5.

Scans:
  1) okta_authentication_policy.okta_admin: Time: 0.6s. Fetched: 5. Hydrates: 5.

Classic Engine:

> select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_idp_discovery_policy,
  jsonb_array_elements(rules) as r
+----------------------+---------------+--------------+-----------------------------------------+
| name                 | policy_name   | policy_type  | policy_actions                          |
+----------------------+---------------+--------------+-----------------------------------------+
| Idp Discovery Policy | IDP_DISCOVERY | Default Rule | {"idp":{"providers":[{"type":"OKTA"}]}} |
+----------------------+---------------+--------------+-----------------------------------------+

Time: 1.5s. Rows returned: 1. Rows fetched: 1. Hydrate calls: 1.

Scans:
  1) okta_idp_discovery_policy.okta: Time: 1.4s. Fetched: 1. Hydrates: 1.

> select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_password_policy,
  jsonb_array_elements(rules) as r
+----------------+-------------+--------------+---------------------------------------------------------------------------------------------------------------------------+
| name           | policy_name | policy_type  | policy_actions                                                                                                            |
+----------------+-------------+--------------+---------------------------------------------------------------------------------------------------------------------------+
| Default Policy | PASSWORD    | Default Rule | {"passwordChange":{"access":"ALLOW"},"selfServicePasswordReset":{"access":"ALLOW"},"selfServiceUnlock":{"access":"DENY"}} |
+----------------+-------------+--------------+---------------------------------------------------------------------------------------------------------------------------+

Time: 0.6s. Rows returned: 1. Rows fetched: 1. Hydrate calls: 1.

Scans:
  1) okta_password_policy.okta: Time: 0.5s. Fetched: 1. Hydrates: 1.

>   select 
  name,
  r -> 'PolicyRule' ->> 'type'  as policy_name,
  r -> 'PolicyRule' ->> 'name'  as policy_type,
  r -> 'Actions' as policy_actions
from 
  okta_signon_policy,
  jsonb_array_elements(rules) as r
+----------------+-------------+--------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name           | policy_name | policy_type  | policy_actions                                                                                                                                                                                                       |
+----------------+-------------+--------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Policy | SIGN_ON     | Default Rule | {"signon":{"access":"ALLOW","primaryFactor":"PASSWORD_IDP","rememberDeviceByDefault":false,"requireFactor":false,"session":{"maxSessionIdleMinutes":120,"maxSessionLifetimeMinutes":0,"usePersistentCookie":false}}} |
+----------------+-------------+--------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Time: 0.6s. Rows returned: 1. Rows fetched: 3. Hydrate calls: 3.

Scans:
  1) okta_signon_policy.okta: Time: 0.5s. Fetched: 3. Hydrates: 3.

@ParthaI
Fixed the column rules value should populate all the properties cor…
923e348 
…rectly for the tables okta_signon_policy, okta_password_policy, okta_idp_discovery_policy and okta_authentication_policy Closes #144
@ParthaI ParthaI requested a review from misraved August 21, 2024 09:16
@ParthaI ParthaI self-assigned this Aug 21, 2024
@ParthaI ParthaI linked an issue Aug 21, 2024 that may be closed by this pull request
Actions within the rules JSON blob in the okta_authentication_policy are not populated #144
Closed
@ParthaI ParthaI changed the title Fixed the column rules value should populate all the properties correctly for the tables okta_signon_policy, okta_password_policy, okta_idp_discovery_policy and okta_authentication_policy Closes #144 Fixed the column rules to populate all the properties correctly for the tables okta_signon_policy, okta_password_policy, okta_idp_discovery_policy and okta_authentication_policy Closes #144 Aug 21, 2024
@misraved misraved merged commit bdba51e into main Sep 11, 2024
1 check passed
@misraved misraved deleted the issue-144 branch September 11, 2024 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@misraved misraved misraved approved these changes

Assignees

@ParthaI ParthaI

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Actions within the rules JSON blob in the okta_authentication_policy are not populated
2 participants
@ParthaI @misraved