-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add table okta_group_owner Closes #132
- Loading branch information
Showing
3 changed files
with
263 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,126 @@ | ||
| --- | ||
| title: "Steampipe Table: okta_group_owner - Query Okta Group Owners using SQL" | ||
| description: "Allows users to query Okta Group Owners, providing insights into group ownership details within Okta." | ||
| --- | ||
|
|
||
| # Table: okta_group_owner - Query Okta Group Owners using SQL | ||
|
|
||
| Okta Group Owners are individuals responsible for managing and overseeing specific groups within the Okta identity and access management platform. They have the authority to add or remove group members, set group policies, and ensure that the group's access permissions are correctly configured to maintain security and compliance. | ||
|
|
||
| ## Table Usage Guide | ||
|
|
||
| The `okta_group_owner` table provides detailed information about group owners within Okta. As an IT administrator, you can explore ownership details through this table, including the display name, origin type, and last updated timestamp. Utilize it to manage group ownership, identify responsible individuals, and ensure proper group administration. | ||
|
|
||
| ## Examples | ||
|
|
||
| ### Basic Info | ||
| Retrieve basic information about group owners in Okta to understand their roles and responsibilities. This is useful for managing group ownership and ensuring proper oversight. | ||
|
|
||
| ```sql+postgres | ||
| select | ||
| group_id, | ||
| id, | ||
| display_name, | ||
| type, | ||
| origin_type, | ||
| last_updated | ||
| from | ||
| okta_group_owner; | ||
| ``` | ||
|
|
||
| ```sql+sqlite | ||
| select | ||
| group_id, | ||
| id, | ||
| display_name, | ||
| type, | ||
| origin_type, | ||
| last_updated | ||
| from | ||
| okta_group_owner; | ||
| ``` | ||
|
|
||
| ### List group owners by domain | ||
| Identify group owners based on their Okta domain. This helps in organizing and managing owners within specific domains. | ||
|
|
||
| ```sql+postgres | ||
| select | ||
| domain, | ||
| group_id, | ||
| id, | ||
| display_name | ||
| from | ||
| okta_group_owner | ||
| where | ||
| domain = 'example.com'; | ||
| ``` | ||
|
|
||
| ```sql+sqlite | ||
| select | ||
| domain, | ||
| group_id, | ||
| id, | ||
| display_name | ||
| from | ||
| okta_group_owner | ||
| where | ||
| domain = 'example.com'; | ||
| ``` | ||
|
|
||
| ### Group owners with application origin | ||
| Find group owners whose ownership is managed by applications. This can help in understanding the source of group management and reconciling ownership details. | ||
|
|
||
| ```sql+postgres | ||
| select | ||
| group_id, | ||
| id, | ||
| display_name, | ||
| origin_id, | ||
| origin_type, | ||
| resolved | ||
| from | ||
| okta_group_owner | ||
| where | ||
| origin_type = 'APPLICATION'; | ||
| ``` | ||
|
|
||
| ```sql+sqlite | ||
| select | ||
| group_id, | ||
| id, | ||
| display_name, | ||
| origin_id, | ||
| origin_type, | ||
| resolved | ||
| from | ||
| okta_group_owner | ||
| where | ||
| origin_type = 'APPLICATION'; | ||
| ``` | ||
|
|
||
| ### List recently updated group owners | ||
| Get a list of group owners who were recently updated. This helps in tracking recent changes and updates to group ownership. | ||
|
|
||
| ```sql+postgres | ||
| select | ||
| group_id, | ||
| id, | ||
| display_name, | ||
| last_updated | ||
| from | ||
| okta_group_owner | ||
| where | ||
| last_updated > current_timestamp - interval '30 days'; | ||
| ``` | ||
|
|
||
| ```sql+sqlite | ||
| select | ||
| group_id, | ||
| id, | ||
| display_name, | ||
| last_updated | ||
| from | ||
| okta_group_owner | ||
| where | ||
| last_updated > datetime('now', '-30 days'); | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,136 @@ | ||
| package okta | ||
|
|
||
| import ( | ||
| "context" | ||
| "time" | ||
|
|
||
| "github.com/okta/okta-sdk-golang/v2/okta" | ||
| oktav4 "github.com/okta/okta-sdk-golang/v4/okta" | ||
| "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" | ||
| "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" | ||
|
|
||
| "github.com/turbot/steampipe-plugin-sdk/v5/plugin" | ||
| ) | ||
|
|
||
| //// TABLE DEFINITION | ||
|
|
||
| func tableOktaGroupOwner() *plugin.Table { | ||
| return &plugin.Table{ | ||
| Name: "okta_group_owner", | ||
| Description: "An Okta Group owner is a designated individual responsible for managing and overseeing a specific group within the Okta identity and access management platform.", | ||
| List: &plugin.ListConfig{ | ||
| Hydrate: listOktaGroupOwners, | ||
| ParentHydrate: listOktaGroups, | ||
| KeyColumns: plugin.OptionalColumns([]string{"group_id"}), | ||
| }, | ||
| Columns: commonColumns([]*plugin.Column{ | ||
| {Name: "group_id", Type: proto.ColumnType_STRING, Description: "Unique key for Group."}, | ||
| {Name: "display_name", Type: proto.ColumnType_STRING, Description: "The display name of the group owner."}, | ||
| {Name: "id", Type: proto.ColumnType_STRING, Description: "The ID of the group owner."}, | ||
| {Name: "last_updated", Type: proto.ColumnType_TIMESTAMP, Transform: transform.FromField("LastUpdated").Transform(transform.NullIfZeroValue), Description: "Timestamp when the group owner was last updated."}, | ||
| {Name: "origin_id", Type: proto.ColumnType_STRING, Description: "The ID of the app instance if the originType is APPLICATION. This value is NULL if originType is OKTA_DIRECTORY."}, | ||
| {Name: "origin_type", Type: proto.ColumnType_STRING, Description: "The source where group ownership is managed."}, | ||
| {Name: "type", Type: proto.ColumnType_STRING, Description: "The entity type of the owner."}, | ||
| {Name: "resolved", Type: proto.ColumnType_BOOL, Description: "If originType is APPLICATION, this parameter is set to FALSE until the owner’s originId is reconciled with an associated Okta ID."}, | ||
|
|
||
| // JSON Columns | ||
| {Name: "additional_properties", Type: proto.ColumnType_JSON, Description: "The additional properties for the owner."}, | ||
|
|
||
| // Steampipe Columns | ||
| {Name: "title", Type: proto.ColumnType_STRING, Transform: transform.FromField("DisplayName"), Description: titleDescription}, | ||
| }), | ||
| } | ||
| } | ||
|
|
||
| type GroupOwner struct { | ||
| GroupId *string | ||
| DisplayName *string | ||
| Id *string | ||
| LastUpdated *time.Time | ||
| OriginId *string | ||
| OriginType *string | ||
| Resolved *bool | ||
| Type *string | ||
| AdditionalProperties map[string]interface{} | ||
| } | ||
|
|
||
| //// LIST FUNCTION | ||
|
|
||
| func listOktaGroupOwners(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { | ||
| logger := plugin.Logger(ctx) | ||
|
|
||
| var groupId string | ||
| if h.Item != nil { | ||
| groupId = h.Item.(*okta.Group).Id | ||
| } else { | ||
| groupId = d.EqualsQuals["group_id"].GetStringValue() | ||
| } | ||
|
|
||
| // Restrict API call based on group_id query parameter. | ||
| if d.EqualsQuals["group_id"] != nil && d.EqualsQuals["group_id"].GetStringValue() != groupId { | ||
| return nil, nil | ||
| } | ||
|
|
||
| client, err := ConnectV4(ctx, d) | ||
| if err != nil { | ||
| logger.Error("okta_group_owner.listGroupOwners", "connect_error", err) | ||
| return nil, err | ||
| } | ||
|
|
||
| groupOwnerReq := client.GroupAPI.ListGroupOwners(ctx, groupId) | ||
|
|
||
| owners, resp, err := groupOwnerReq.Execute() | ||
| if err != nil { | ||
| logger.Error("okta_group_owner.listGroupOwners", "api_error", err) | ||
| return nil, err | ||
| } | ||
|
|
||
| for _, owner := range owners { | ||
| d.StreamListItem(ctx, GroupOwner{ | ||
| GroupId: &groupId, | ||
| DisplayName: owner.DisplayName, | ||
| Id: owner.Id, | ||
| LastUpdated: owner.LastUpdated, | ||
| OriginId: owner.OriginId, | ||
| OriginType: owner.OriginType, | ||
| Resolved: owner.Resolved, | ||
| Type: owner.Type, | ||
| AdditionalProperties: owner.AdditionalProperties, | ||
| }) | ||
|
|
||
| // Context can be cancelled due to manual cancellation or the limit has been hit | ||
| if d.RowsRemaining(ctx) == 0 { | ||
| return nil, nil | ||
| } | ||
| } | ||
|
|
||
| // paging | ||
| for resp.HasNextPage() { | ||
| var nextGroupOwners []oktav4.GroupOwner | ||
| resp, err = resp.Next(&nextGroupOwners) | ||
| if err != nil { | ||
| logger.Error("okta_group_owner.listGroupOwners", "api_paging_error", err) | ||
| return nil, err | ||
| } | ||
| for _, owner := range nextGroupOwners { | ||
| d.StreamListItem(ctx, GroupOwner{ | ||
| GroupId: &groupId, | ||
| DisplayName: owner.DisplayName, | ||
| Id: owner.Id, | ||
| LastUpdated: owner.LastUpdated, | ||
| OriginId: owner.OriginId, | ||
| OriginType: owner.OriginType, | ||
| Resolved: owner.Resolved, | ||
| Type: owner.Type, | ||
| AdditionalProperties: owner.AdditionalProperties, | ||
| }) | ||
|
|
||
| // Context can be cancelled due to manual cancellation or the limit has been hit | ||
| if d.RowsRemaining(ctx) == 0 { | ||
| return nil, nil | ||
| } | ||
| } | ||
| } | ||
|
|
||
| return nil, nil | ||
| } |