Fix issue causing number of groups to be limited to 20 (#106)

redhat-cop · Aug 13, 2021 · 696bad2 · 696bad2
1 parent 25817ce
commit 696bad2
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -403,6 +403,7 @@ The following table describes the set of configuration options for the Okta prov
 | `appId` | Application ID of App Groups are assigned to | `''`  | Yes |
 | `extractLoginUsername` | Bool to determine if you should extract username from okta login | `false`  | No |
 | `profileKey` | Attribute field on Okta User Profile you would like to use as identity | `'login'` | No |
+| `groupLimit` | Integer to set the maximum number of groups to sync | `1000` | No |
 
 
 The following is an example of a minimal configuration that can be applied to integrate with an Okta provider:

diff --git a/api/v1alpha1/groupsync_types.go b/api/v1alpha1/groupsync_types.go
@@ -360,6 +360,10 @@ type OktaProvider struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Profile Key",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
 	// +kubebuilder:validation:Optional
 	ProfileKey string `json:"profileKey"`
+	// GroupLimit is the maximum number of groups that can be synced. Default is "1000"
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Group Limit",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
+	// +kubebuilder:validation:Optional
+	GroupLimit int `json:"groupLimit"`
 }
 
 // SecretRef represents a reference to an item within a Secret

diff --git a/config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml b/config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml
@@ -549,6 +549,9 @@ spec:
                           url:
                             description: URL is the location of the Okta domain server
                             type: string
+                          groupLimit:
+                            description: The maximum number of groups that can be synced
+                            type: integer
                         required:
                           - appId
                           - credentialsSecret

diff --git a/pkg/syncer/okta.go b/pkg/syncer/okta.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"net/http"
+	"github.com/okta/okta-sdk-golang/v2/okta/query"
 	"net/url"
 	"strings"
 	"sync"
@@ -32,13 +32,6 @@ const (
 	secretOktaTokenKey = "okta-api-token"
 )
 
-type AppGroup struct {
-	Id          string      `json:"id,omitempty"`
-	LastUpdated string      `json:"lastUpdated,omitempty"`
-	Links       interface{} `json:"_links,omitempty"`
-	Priority    int         `json:"priority,omitempty"`
-}
-
 type OktaSyncer struct {
 	cachedGroups       map[string]*okta.Group
 	cachedGroupMembers map[string][]*okta.User
@@ -54,6 +47,10 @@ func (o *OktaSyncer) Init() bool {
 	o.cachedGroupMembers = make(map[string][]*okta.User)
 	o.cachedGroups = make(map[string]*okta.Group)
 
+	if o.Provider.GroupLimit == 0 {
+		o.Provider.GroupLimit = 1000
+	}
+
 	if o.Provider.ProfileKey == "" {
 		o.Provider.ProfileKey = "login"
 		return true
@@ -177,19 +174,11 @@ func (o *OktaSyncer) Sync() ([]userv1.Group, error) {
 
 func (o OktaSyncer) getGroups() ([]*okta.Group, error) {
 	var (
-		appGroups []AppGroup
-		groups    []*okta.Group
+		groups []*okta.Group
 	)
 
-	url := "api/v1/apps/" + o.Provider.AppId + "/groups"
-
-	// at the time okta did not currently provide a function for this endpoint
-	req, err := o.goOkta.GetRequestExecutor().
-		WithAccept("application/json").
-		WithContentType("application/json").
-		NewRequest(http.MethodGet, url, nil)
+	appGroups, _, err := o.goOkta.Application.ListApplicationGroupAssignments(context.TODO(), o.Provider.AppId, query.NewQueryParams(query.WithLimit(int64(o.Provider.GroupLimit))))
 
-	_, err = o.goOkta.GetRequestExecutor().Do(context.TODO(), req, &appGroups)
 	if err != nil {
 		oktaLogger.Error(err, "getting groups for specified application")
 		return nil, err
@@ -199,7 +188,7 @@ func (o OktaSyncer) getGroups() ([]*okta.Group, error) {
 	return groups, err
 }
 
-func (o OktaSyncer) fetchGroupsAsync(appGroups []AppGroup) ([]*okta.Group, error) {
+func (o OktaSyncer) fetchGroupsAsync(appGroups []*okta.ApplicationGroupAssignment) ([]*okta.Group, error) {
 
 	wg := &sync.WaitGroup{}
 	groupCh := make(chan *okta.Group, len(appGroups))
@@ -223,7 +212,7 @@ func (o OktaSyncer) fetchGroupsAsync(appGroups []AppGroup) ([]*okta.Group, error
 	return groups, nil
 }
 
-func getGroup(app AppGroup, groupChan chan *okta.Group, resource *okta.GroupResource, wg *sync.WaitGroup) {
+func getGroup(app *okta.ApplicationGroupAssignment, groupChan chan *okta.Group, resource *okta.GroupResource, wg *sync.WaitGroup) {
 	defer wg.Done()
 	group, _, err := resource.GetGroup(context.TODO(), app.Id)
 	if err != nil {