Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix GET API call for okta_app_assigned_group. #61

Merged
merged 5 commits into from
Jan 26, 2022
Merged

Fix GET API call for okta_app_assigned_group. #61

merged 5 commits into from
Jan 26, 2022

Conversation

c0d3r-arnab
Copy link
Contributor

Example query results

Results 
> select * from okta_app_assigned_group where id = '00g3e9b6esCUiHSkK5d7' and app_id = '0oa1mf9l3dw26foa25d7';
+----------------------+----------------------+---------------------------+----------+----------------------------------------------------------------------------------------------------------------------
| id                   | app_id               | last_updated              | priority | links                                                                                                                
+----------------------+----------------------+---------------------------+----------+----------------------------------------------------------------------------------------------------------------------
| 00g3e9b6esCUiHSkK5d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-17T13:21:17+05:30 | 1        | {"app":{"href":"https://dev-21314997.okta.com/api/v1/apps/0oa1mf9l3dw26foa25d7"},"group":{"href":"https://dev-2131499
+----------------------+----------------------+---------------------------+----------+----------------------------------------------------------------------------------------------------------------------
> select * from okta_app_assigned_group where app_id = '0oa1mf9l3dw26foa25d7';
+----------------------+----------------------+---------------------------+----------+----------------------------------------------------------------------------------------------------------------------
| id                   | app_id               | last_updated              | priority | links                                                                                                                
+----------------------+----------------------+---------------------------+----------+----------------------------------------------------------------------------------------------------------------------
| 00g3e9b6esCUiHSkK5d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-17T13:21:17+05:30 | 1        | {"app":{"href":"https://dev-21314997.okta.com/api/v1/apps/0oa1mf9l3dw26foa25d7"},"group":{"href":"https://dev-2131499
| 00g33kzj6xOZvlBUQ5d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-24T11:16:23+05:30 | 2        | {"app":{"href":"https://dev-21314997.okta.com/api/v1/apps/0oa1mf9l3dw26foa25d7"},"group":{"href":"https://dev-2131499
| 00g1kchdmqwsZEGG65d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-24T11:16:25+05:30 | 3        | {"app":{"href":"https://dev-21314997.okta.com/api/v1/apps/0oa1mf9l3dw26foa25d7"},"group":{"href":"https://dev-2131499
+----------------------+----------------------+---------------------------+----------+----------------------------------------------------------------------------------------------------------------------
> select
  id as group_id,
  app_id,
  last_updated,
  priority
from
  okta_app_assigned_group;
+----------------------+----------------------+---------------------------+----------+
| group_id             | app_id               | last_updated              | priority |
+----------------------+----------------------+---------------------------+----------+
| 00g1kchdmqwsZEGG65d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-24T11:16:25+05:30 | 3        |
| 00g33kzj6xOZvlBUQ5d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-24T11:16:23+05:30 | 2        |
| 00g3e9b6esCUiHSkK5d7 | 0oa1mf9l3dw26foa25d7 | 2022-01-17T13:21:17+05:30 | 1        |
+----------------------+----------------------+---------------------------+----------+
> select
  grp.name as name,
  grp.description as description,
  jsonb_pretty(grp.group_members) as group_members
from
  okta_group grp
full outer join okta_app_assigned_group ag on grp.id = ag.id
where
  grp.id is null or ag.id is null;
+------+-------------+---------------+
| name | description | group_members |
+------+-------------+---------------+
+------+-------------+---------------+
> select
  app.name as app_name,
  app.id as app_id,
  app.created as app_created,
  app.status as app_status,
  ag.id as group_id,
  grp.name as group_name,
  grp.description as group_description,
  jsonb_pretty(grp.group_members) as group_members
from
  okta_application app
left join okta_app_assigned_group ag on app.id = ag.app_id
left join okta_group grp on ag.id = grp.id;
+---------------------+----------------------+---------------------------+------------+----------------------+---------------+--------------------------------+----------------------------------------+
| app_name            | app_id               | app_created               | app_status | group_id             | group_name    | group_description              | group_members                          |
+---------------------+----------------------+---------------------------+------------+----------------------+---------------+--------------------------------+----------------------------------------+
| okta_enduser        | 0oa1kchdrfcXTbEzV5d7 | 2021-08-26T09:56:36+05:30 | ACTIVE     | <null>               | <null>        | <null>                         | <null>                                 |
| okta_browser_plugin | 0oa1kcigd9Kob07k05d7 | 2021-08-26T09:56:36+05:30 | ACTIVE     | <null>               | <null>        | <null>                         | <null>                                 |
| oidc_client         | 0oa1mf49z9iZurdzA5d7 | 2021-08-31T18:01:44+05:30 | ACTIVE     | <null>               | <null>        | <null>                         | <null>                                 |
| saasure             | 0oa1kchdmerpZir9y5d7 | 2021-08-26T09:56:28+05:30 | ACTIVE     | <null>               | <null>        | <null>                         | <null>                                 |
| oidc_client         | 0oa1mf9l3dw26foa25d7 | 2021-08-31T18:16:30+05:30 | ACTIVE     | 00g1kchdmqwsZEGG65d7 | Everyone      | All users in your organization | [                                      |
|                     |                      |                           |            |                      |               |                                |     {                                  |
|                     |                      |                           |            |                      |               |                                |         "id": "00u1kcigdvWtR96HY5d7",  |
|                     |                      |                           |            |                      |               |                                |         "email": "arnab@turbot.com",   |
|                     |                      |                           |            |                      |               |                                |         "login": "arnab@turbot.com"    |
|                     |                      |                           |            |                      |               |                                |     },                                 |
|                     |                      |                           |            |                      |               |                                |     {                                  |
|                     |                      |                           |            |                      |               |                                |         "id": "00u33m8oarePFyaTm5d7",  |
|                     |                      |                           |            |                      |               |                                |         "email": "arnabg57@gmail.com", |
|                     |                      |                           |            |                      |               |                                |         "login": "arnabg57@gmail.com"  |
|                     |                      |                           |            |                      |               |                                |     },                                 |
|                     |                      |                           |            |                      |               |                                |     {                                  |
|                     |                      |                           |            |                      |               |                                |         "id": "00u3e9oo5e7hR6X815d7",  |
|                     |                      |                           |            |                      |               |                                |         "email": "testUser@gmail.com", |
|                     |                      |                           |            |                      |               |                                |         "login": "testUser@gmail.com"  |
|                     |                      |                           |            |                      |               |                                |     }                                  |
|                     |                      |                           |            |                      |               |                                | ]                                      |
| oidc_client         | 0oa1mf9l3dw26foa25d7 | 2021-08-31T18:16:30+05:30 | ACTIVE     | 00g33kzj6xOZvlBUQ5d7 | TestGroup     | This is a test group           | [                                      |
|                     |                      |                           |            |                      |               |                                |     {                                  |
|                     |                      |                           |            |                      |               |                                |         "id": "00u33m8oarePFyaTm5d7",  |
|                     |                      |                           |            |                      |               |                                |         "email": "arnabg57@gmail.com", |
|                     |                      |                           |            |                      |               |                                |         "login": "arnabg57@gmail.com"  |
|                     |                      |                           |            |                      |               |                                |     }                                  |
|                     |                      |                           |            |                      |               |                                | ]                                      |
| oidc_client         | 0oa1mf9l3dw26foa25d7 | 2021-08-31T18:16:30+05:30 | ACTIVE     | 00g3e9b6esCUiHSkK5d7 | Another Group | This is another group          | [                                      |
|                     |                      |                           |            |                      |               |                                |     {                                  |
|                     |                      |                           |            |                      |               |                                |         "id": "00u33m8oarePFyaTm5d7",  |
|                     |                      |                           |            |                      |               |                                |         "email": "arnabg57@gmail.com", |
|                     |                      |                           |            |                      |               |                                |         "login": "arnabg57@gmail.com"  |
|                     |                      |                           |            |                      |               |                                |     }                                  |
|                     |                      |                           |            |                      |               |                                | ]                                      |
+---------------------+----------------------+---------------------------+------------+----------------------+---------------+--------------------------------+----------------------------------------+

@c0d3r-arnab c0d3r-arnab self-assigned this Jan 24, 2022
@c0d3r-arnab c0d3r-arnab linked an issue Jan 24, 2022 that may be closed by this pull request
High API usage #60
Closed
@tinder-tder
Copy link

tinder-tder commented Jan 24, 2022
edited
Loading

@c0d3r-arnab there still seems to be some missing logic if you specify app_id only.
if BOTH app_id and id are specified in a where clause the first api call looks correct.

> select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = 'someappid' and id = 'somegroupid' limit 1;
2022-01-24T11:22:07.360-0800 [TRACE] steampipe: resolveQuery select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = 'someappid' and id = 'somegroupid' limit 1; args <empty>
2022-01-24T11:22:07.360-0800 [TRACE] steampipe: Got Session with PID: 53521
2022-01-24T11:22:07.360-0800 [TRACE] steampipe: Session with PID: 53521 - returning
Error: Get "https://localhost/api/v1/apps/someappid/groups/somegroupid": dial tcp [::1]:443: connect: connection refused (SQLSTATE HV000)

If only 'app_id' is specified it is still listing ALL applications. Instead it should be calling the list groups assigned (https://github.com/okta/okta-sdk-golang/blob/cddf90a929809d0df3d86a8fecc405cdb46eacc9/okta/application.go#L537) to application endpoint (ie: GET /api/v1/apps/${applicationId}/groups)
https://developer.okta.com/docs/reference/api/apps/#list-groups-assigned-to-application

Current behavior is:

> select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = 'someappid' limit 1;
2022-01-24T11:22:16.003-0800 [TRACE] steampipe: resolveQuery select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = 'someappid' limit 1; args <empty>
2022-01-24T11:22:16.003-0800 [TRACE] steampipe: Got Session with PID: 53521
2022-01-24T11:22:16.003-0800 [TRACE] steampipe: Session with PID: 53521 - returning
Error: Get "https://localhost/api/v1/apps": dial tcp [::1]:443: connect: connection refused (SQLSTATE HV000)

@bigdatasourav bigdatasourav mentioned this pull request Jan 25, 2022
Closed
cbruno10
cbruno10 reviewed Jan 25, 2022
View reviewed changes
Copy link
Contributor

@cbruno10 cbruno10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see comments

okta/table_okta_app_assigned_group.go Outdated Show resolved Hide resolved
okta/table_okta_app_assigned_group.go Outdated Show resolved Hide resolved
@cbruno10
Copy link
Contributor

Summary of most recent changes below:

  • Increase the default page size when listing applications in okta_application table.
  • Reduce page size if limit is specified in the query when listing applications in okta_application table.
  • For okta_app_assigned_group and okta_app_assigned_user tables, if app_id is specified, only get that application in the parent hydrate function. This should drastically reduce the number of API calls the tables make for accounts with a large number of applications. If app_id is not specified, all applications will still be listed.

@cbruno10 cbruno10 merged commit a5727bb into main Jan 26, 2022
@cbruno10 cbruno10 deleted the issue-60 branch January 26, 2022 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bigdatasourav bigdatasourav bigdatasourav left review comments

@cbruno10 cbruno10 cbruno10 approved these changes

Assignees

@c0d3r-arnab c0d3r-arnab

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

High API usage
4 participants
@c0d3r-arnab @tinder-tder @cbruno10 @bigdatasourav