Skip okta github orgs if not managed by governor (#168)

* skip okta github orgs if not managed by governor * revive recs
metal-toolbox · Jun 28, 2023 · b89ffe9 · b89ffe9
1 parent c767d2c
commit b89ffe9
Show file tree

Hide file tree

Showing 10 changed files with 83 additions and 42 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -103,7 +103,7 @@ func init() {
 	viperBindFlag("reconciler.locking", serveCmd.Flags().Lookup("reconciler-locking"))
 }
 
-func serve(cmdCtx context.Context, v *viper.Viper) error {
+func serve(cmdCtx context.Context, _ *viper.Viper) error {
 	initTracing()
 
 	if err := validateMandatoryFlags(); err != nil {

diff --git a/cmd/sync_members.go b/cmd/sync_members.go
@@ -249,7 +249,7 @@ func syncGroup(ctx context.Context, gc *governor.Client, oc *okta.Client, g *v1a
 	}, nil
 }
 
-func governorUserFromOktaUser(ctx context.Context, gc *governor.Client, oktaUser *okt.User, l *zap.Logger) (*v1alpha1.User, error) {
+func governorUserFromOktaUser(ctx context.Context, gc *governor.Client, oktaUser *okt.User, _ *zap.Logger) (*v1alpha1.User, error) {
 	email, err := okta.EmailFromUserProfile(oktaUser)
 	if err != nil {
 		return nil, err

diff --git a/go.sum b/go.sum
@@ -183,7 +183,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
@@ -510,8 +509,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nats-io/jwt/v2 v2.4.1 h1:Y35W1dgbbz2SQUYDPCaclXcuqleVmpbRa7646Jf2EX4=
 github.com/nats-io/nats-server/v2 v2.9.17 h1:gFpUQ3hqIDJrnqog+Bl5vaXg+RhhYEZIElasEuRn2tw=
-github.com/nats-io/nats.go v1.27.0 h1:3o9fsPhmoKm+yK7rekH2GtWoE+D9jFbw8N3/ayI1C00=
-github.com/nats-io/nats.go v1.27.0/go.mod h1:XpbWUlOElGwTYbMR7imivs7jJj9GtK7ypv321Wp6pjc=
 github.com/nats-io/nats.go v1.27.1 h1:OuYnal9aKVSnOzLQIzf7554OXMCG7KbaTkCSBHRcSoo=
 github.com/nats-io/nats.go v1.27.1/go.mod h1:XpbWUlOElGwTYbMR7imivs7jJj9GtK7ypv321Wp6pjc=
 github.com/nats-io/nkeys v0.4.4 h1:xvBJ8d69TznjcQl9t6//Q5xXuVhyYiSos6RPtvQNTwA=
@@ -546,8 +543,6 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
-github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
 github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
 github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -663,10 +658,6 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/zsais/go-gin-prometheus v0.1.0 h1:bkLv1XCdzqVgQ36ScgRi09MA2UC1t3tAB6nsfErsGO4=
 github.com/zsais/go-gin-prometheus v0.1.0/go.mod h1:Slirjzuz8uM8Cw0jmPNqbneoqcUtY2GGjn2bEd4NRLY=
-go.equinixmetal.net/governor-api v0.22.0 h1:Lp7lTgJaXb0zfSEORDgU5pN56zY393WqFjpgLPOsm9Q=
-go.equinixmetal.net/governor-api v0.22.0/go.mod h1:hN/85nU9cGaQNL2UsU4UV8J90hZmH+9rKUQbQ3xVRN0=
-go.equinixmetal.net/governor-api v0.23.0 h1:WYieASJ8Di/jS7/WHpxJWsbd1SWMJJlVRRGQBq2+a0Q=
-go.equinixmetal.net/governor-api v0.23.0/go.mod h1:6478oyqfT9nhHvlastLicngm0z1Sb4S9Yjn5kZbCXWU=
 go.equinixmetal.net/governor-api v0.24.0 h1:dPgB/06PISNDhCp2sC0gnjrvpVSS9tR77yQE/9dTGoc=
 go.equinixmetal.net/governor-api v0.24.0/go.mod h1:6478oyqfT9nhHvlastLicngm0z1Sb4S9Yjn5kZbCXWU=
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
@@ -746,8 +737,6 @@ golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -837,8 +826,6 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
 golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -861,8 +848,6 @@ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
 golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

diff --git a/internal/okta/applications_test.go b/internal/okta/applications_test.go
@@ -27,31 +27,31 @@ func (m *mockApplicationClient) ListApplications(context.Context, *query.Params)
 	return m.apps, m.resp, nil
 }
 
-func (m *mockApplicationClient) CreateApplicationGroupAssignment(ctx context.Context, appID, groupID string, body okta.ApplicationGroupAssignment) (*okta.ApplicationGroupAssignment, *okta.Response, error) {
+func (m *mockApplicationClient) CreateApplicationGroupAssignment(_ context.Context, _, _ string, _ okta.ApplicationGroupAssignment) (*okta.ApplicationGroupAssignment, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return nil, m.resp, nil
 }
 
-func (m *mockApplicationClient) DeleteApplicationGroupAssignment(ctx context.Context, appID, groupID string) (*okta.Response, error) {
+func (m *mockApplicationClient) DeleteApplicationGroupAssignment(_ context.Context, _, _ string) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockApplicationClient) GetApplicationGroupAssignment(ctx context.Context, appID, groupID string, qp *query.Params) (*okta.ApplicationGroupAssignment, *okta.Response, error) {
+func (m *mockApplicationClient) GetApplicationGroupAssignment(_ context.Context, _, _ string, _ *query.Params) (*okta.ApplicationGroupAssignment, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return nil, m.resp, nil
 }
 
-func (m *mockApplicationClient) ListApplicationGroupAssignments(ctx context.Context, appID string, qp *query.Params) ([]*okta.ApplicationGroupAssignment, *okta.Response, error) {
+func (m *mockApplicationClient) ListApplicationGroupAssignments(_ context.Context, _ string, _ *query.Params) ([]*okta.ApplicationGroupAssignment, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}

diff --git a/internal/okta/groups_test.go b/internal/okta/groups_test.go
@@ -25,63 +25,63 @@ type mockGroupClient struct {
 	resp *okta.Response
 }
 
-func (m *mockGroupClient) CreateGroup(ctx context.Context, body okta.Group) (*okta.Group, *okta.Response, error) {
+func (m *mockGroupClient) CreateGroup(_ context.Context, _ okta.Group) (*okta.Group, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return m.group, m.resp, nil
 }
 
-func (m *mockGroupClient) UpdateGroup(ctx context.Context, groupID string, body okta.Group) (*okta.Group, *okta.Response, error) {
+func (m *mockGroupClient) UpdateGroup(_ context.Context, _ string, _ okta.Group) (*okta.Group, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return m.group, m.resp, nil
 }
 
-func (m *mockGroupClient) DeleteGroup(ctx context.Context, groupID string) (*okta.Response, error) {
+func (m *mockGroupClient) DeleteGroup(_ context.Context, _ string) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockGroupClient) ListGroups(ctx context.Context, qp *query.Params) ([]*okta.Group, *okta.Response, error) {
+func (m *mockGroupClient) ListGroups(_ context.Context, _ *query.Params) ([]*okta.Group, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return m.groups, m.resp, nil
 }
 
-func (m *mockGroupClient) AddUserToGroup(ctx context.Context, groupID, userID string) (*okta.Response, error) {
+func (m *mockGroupClient) AddUserToGroup(_ context.Context, _, _ string) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockGroupClient) RemoveUserFromGroup(ctx context.Context, groupID, userID string) (*okta.Response, error) {
+func (m *mockGroupClient) RemoveUserFromGroup(_ context.Context, _, _ string) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockGroupClient) ListGroupUsers(ctx context.Context, groupID string, qp *query.Params) ([]*okta.User, *okta.Response, error) {
+func (m *mockGroupClient) ListGroupUsers(_ context.Context, _ string, _ *query.Params) ([]*okta.User, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return m.users, m.resp, nil
 }
 
-func (m *mockGroupClient) ListAssignedApplicationsForGroup(ctx context.Context, groupID string, qp *query.Params) ([]okta.App, *okta.Response, error) {
+func (m *mockGroupClient) ListAssignedApplicationsForGroup(_ context.Context, _ string, _ *query.Params) ([]okta.App, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}

diff --git a/internal/okta/logs_test.go b/internal/okta/logs_test.go
@@ -48,7 +48,7 @@ type mockLogEventsClient struct {
 	resp *okta.Response
 }
 
-func (m *mockLogEventsClient) GetLogs(ctx context.Context, qp *query.Params) ([]*okta.LogEvent, *okta.Response, error) {
+func (m *mockLogEventsClient) GetLogs(_ context.Context, qp *query.Params) ([]*okta.LogEvent, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}

diff --git a/internal/okta/users_test.go b/internal/okta/users_test.go
@@ -22,15 +22,15 @@ type mockUserClient struct {
 	deactivatedUser bool
 }
 
-func (m *mockUserClient) ClearUserSessions(ctx context.Context, userID string, qp *query.Params) (*okta.Response, error) {
+func (m *mockUserClient) ClearUserSessions(_ context.Context, _ string, _ *query.Params) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockUserClient) DeactivateUser(ctx context.Context, userID string, qp *query.Params) (*okta.Response, error) {
+func (m *mockUserClient) DeactivateUser(_ context.Context, _ string, _ *query.Params) (*okta.Response, error) {
 	m.deactivatedUser = true
 
 	if m.err != nil {
@@ -40,39 +40,39 @@ func (m *mockUserClient) DeactivateUser(ctx context.Context, userID string, qp *
 	return m.resp, nil
 }
 
-func (m *mockUserClient) DeactivateOrDeleteUser(ctx context.Context, userID string, qp *query.Params) (*okta.Response, error) {
+func (m *mockUserClient) DeactivateOrDeleteUser(_ context.Context, _ string, _ *query.Params) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockUserClient) GetUser(ctx context.Context, userID string) (*okta.User, *okta.Response, error) {
+func (m *mockUserClient) GetUser(_ context.Context, _ string) (*okta.User, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return m.users[0], m.resp, nil
 }
 
-func (m *mockUserClient) ListUsers(ctx context.Context, qp *query.Params) ([]*okta.User, *okta.Response, error) {
+func (m *mockUserClient) ListUsers(_ context.Context, _ *query.Params) ([]*okta.User, *okta.Response, error) {
 	if m.err != nil {
 		return nil, nil, m.err
 	}
 
 	return m.users, m.resp, nil
 }
 
-func (m *mockUserClient) SuspendUser(ctx context.Context, userID string) (*okta.Response, error) {
+func (m *mockUserClient) SuspendUser(_ context.Context, _ string) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}
 
 	return m.resp, nil
 }
 
-func (m *mockUserClient) UnsuspendUser(ctx context.Context, userID string) (*okta.Response, error) {
+func (m *mockUserClient) UnsuspendUser(_ context.Context, _ string) (*okta.Response, error) {
 	if m.err != nil {
 		return nil, m.err
 	}

diff --git a/internal/reconciler/groups.go b/internal/reconciler/groups.go
@@ -34,11 +34,7 @@ func (r *Reconciler) GroupsApplicationAssignments(ctx context.Context, ids ...st
 		groupMap[oktaGID] = group
 	}
 
-	if err := r.reconcileGroupApplicationAssignments(ctx, groupMap); err != nil {
-		return err
-	}
-
-	return nil
+	return r.reconcileGroupApplicationAssignments(ctx, groupMap)
 }
 
 // GroupCreate creates a governor group in okta

diff --git a/internal/reconciler/reconciler.go b/internal/reconciler/reconciler.go
@@ -315,6 +315,11 @@ func (r *Reconciler) reconcileGroupApplicationAssignments(ctx context.Context, g
 	for org, appID := range oktaAppOrgs {
 		logger := r.logger.With(zap.String("okta.app.org", org), zap.String("okta.app.id", appID))
 
+		if !containsOrg(org, govOrgs) {
+			logger.Info("skipping okta github org not managed by governor")
+			continue
+		}
+
 		assignments, err := r.oktaClient.ListGroupApplicationAssignment(ctx, appID)
 		if err != nil {
 			logger.Error("error listing okta group assigned to okta application")
@@ -552,3 +557,14 @@ func contains(list []string, item string) bool {
 
 	return false
 }
+
+// containsOrg returns true if the org slug is in the list of organizations
+func containsOrg(org string, orgs []*v1alpha1.Organization) bool {
+	for _, o := range orgs {
+		if o.Slug == org {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/internal/reconciler/reconciler_test.go b/internal/reconciler/reconciler_test.go
@@ -2,6 +2,9 @@ package reconciler
 
 import (
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"go.equinixmetal.net/governor-api/pkg/api/v1alpha1"
 )
 
 func Test_contains(t *testing.T) {
@@ -56,3 +59,44 @@ func Test_contains(t *testing.T) {
 		})
 	}
 }
+
+func Test_containsOrg(t *testing.T) {
+	tests := []struct {
+		name string
+		org  string
+		orgs []*v1alpha1.Organization
+		want bool
+	}{
+		{
+			name: "org in orgs list",
+			org:  "pajama-party",
+			orgs: testOrganizationSlice(t),
+			want: true,
+		},
+		{
+			name: "org not in orgs list",
+			org:  "no-party",
+			orgs: testOrganizationSlice(t),
+			want: false,
+		},
+		{
+			name: "blank org",
+			org:  "",
+			orgs: testOrganizationSlice(t),
+			want: false,
+		},
+		{
+			name: "empty orgs list",
+			org:  "pajama-party",
+			orgs: []*v1alpha1.Organization{},
+			want: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := containsOrg(tt.org, tt.orgs)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}