Skip to content

Commit da62b23

Browse files
the-maldridgethe-maldridge
committed
Add group handling
1 parent 37695ed commit da62b23

3 files changed

Lines changed: 94 additions & 5 deletions

File tree

impl/entity.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ func (o OktaPlugin) EntityCreate(e, de pb.Entity) (pb.Entity, error) {
5151
// EntityUpdate pushes changes to the base entity profile, nothing
5252
// else. Custom attributes are not supported in this plugin.
5353
func (o OktaPlugin) EntityUpdate(e pb.Entity) (pb.Entity, error) {
54-
oktaID := getOktaID(e)
54+
oktaID := getEntityOktaID(e)
5555
if oktaID == "" {
5656
return e, nil
5757
}
@@ -87,7 +87,7 @@ func (o OktaPlugin) EntityUpdate(e pb.Entity) (pb.Entity, error) {
8787

8888
// EntityLock translates to a suspended entity in Okta.
8989
func (o OktaPlugin) EntityLock(e pb.Entity) (pb.Entity, error) {
90-
oktaID := getOktaID(e)
90+
oktaID := getEntityOktaID(e)
9191
if oktaID == "" {
9292
return e, nil
9393
}
@@ -102,7 +102,7 @@ func (o OktaPlugin) EntityLock(e pb.Entity) (pb.Entity, error) {
102102

103103
// EntityUnlock translates to a force un-suspend in Okta.
104104
func (o OktaPlugin) EntityUnlock(e pb.Entity) (pb.Entity, error) {
105-
oktaID := getOktaID(e)
105+
oktaID := getEntityOktaID(e)
106106
if oktaID == "" {
107107
return e, nil
108108
}
@@ -119,7 +119,7 @@ func (o OktaPlugin) EntityUnlock(e pb.Entity) (pb.Entity, error) {
119119
// bad, but if you must, then this function will ensure that users in
120120
// Okta have also been wiped.
121121
func (o OktaPlugin) EntityDestroy(e pb.Entity) error {
122-
oktaID := getOktaID(e)
122+
oktaID := getEntityOktaID(e)
123123
if oktaID == "" {
124124
return nil
125125
}

impl/group.go

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
package impl
2+
3+
import (
4+
"github.com/okta/okta-sdk-golang/okta"
5+
6+
"github.com/NetAuth/NetAuth/pkg/plugin/tree"
7+
8+
pb "github.com/NetAuth/Protocol"
9+
)
10+
11+
// GroupCreate will create a matched group in Okta. Assigning
12+
// applications to this group must still be done in Okta directly, but
13+
// the group and its attributes are mapped from NetAuth.
14+
func (o OktaPlugin) GroupCreate(g pb.Group) (pb.Group, error) {
15+
og := okta.Group{
16+
Profile: &okta.GroupProfile{
17+
Description: g.GetDisplayName(),
18+
Name: g.GetName(),
19+
},
20+
}
21+
22+
group, resp, err := o.c.Group.CreateGroup(og)
23+
if err != nil {
24+
appLogger.Error("Okta group was not created!", "error", err)
25+
return g, err
26+
}
27+
28+
appLogger.Debug("Okta Response", "response", resp)
29+
30+
g.UntypedMeta = tree.PatchKeyValueSlice(g.UntypedMeta, "UPSERT", "oktaID", group.Id)
31+
32+
return g, nil
33+
}
34+
35+
// GroupUpdate is called to manage ongoing changes to a group. This
36+
// function does not push membership changes.
37+
func (o OktaPlugin) GroupUpdate(g pb.Group) (pb.Group, error) {
38+
oktaID := getGroupOktaID(g)
39+
if oktaID == "" {
40+
return g, nil
41+
}
42+
43+
grp, resp, err := o.c.Group.GetGroup(oktaID, nil)
44+
if err != nil {
45+
appLogger.Warn("No group with OktaID", "name", g.GetName(), "oktaID", oktaID, "error", err)
46+
return g, nil
47+
}
48+
49+
appLogger.Debug("Okta Response", "response", resp)
50+
51+
grp.Profile.Description = g.GetDisplayName()
52+
53+
_, resp, err = o.c.Group.UpdateGroup(oktaID, *grp)
54+
if err != nil {
55+
appLogger.Warn("Error updating Okta group", "error", err)
56+
return g, nil
57+
}
58+
59+
appLogger.Debug("Okta Response", "response", resp)
60+
61+
return g, nil
62+
}
63+
64+
// GroupDestroy pushes the destruction of groups to Okta. It is
65+
// recommended to never destroy a group, but if this is desired this
66+
// function will ensure the group is removed in Okta as well.
67+
func (o OktaPlugin) GroupDestroy(g pb.Group) error {
68+
appLogger.Info("Attempting to remove group from Okta", "group", g.GetName())
69+
oktaID := getGroupOktaID(g)
70+
if oktaID == "" {
71+
return nil
72+
}
73+
resp, err := o.c.Group.DeleteGroup(oktaID)
74+
if err != nil {
75+
appLogger.Warn("Failed to delete Okta Group", "group", g.GetName(), "oktaID", oktaID, "error", err)
76+
}
77+
78+
appLogger.Debug("Okta Response", "response", resp)
79+
return nil
80+
}

impl/util.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import (
88
pb "github.com/NetAuth/Protocol"
99
)
1010

11-
func getOktaID(e pb.Entity) string {
11+
func getEntityOktaID(e pb.Entity) string {
1212
m := e.GetMeta()
1313
if m == nil {
1414
return ""
@@ -21,3 +21,12 @@ func getOktaID(e pb.Entity) string {
2121
oktaID := strings.SplitN(res[0], ":", 2)[1]
2222
return oktaID
2323
}
24+
25+
func getGroupOktaID(g pb.Group) string {
26+
res := tree.PatchKeyValueSlice(g.UntypedMeta, "READ", "oktaID", "")
27+
if len(res) != 1 || res[0] == "" {
28+
return ""
29+
}
30+
oktaID := strings.SplitN(res[0], ":", 2)[1]
31+
return oktaID
32+
}

0 commit comments

Comments
 (0)