forked from popsu/okta-info
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
110 lines (90 loc) · 2.18 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package main
import (
"bytes"
"fmt"
"log"
"os"
"os/exec"
"strings"
"github.com/popsu/okta-info/client"
)
var (
oktaOrgURL = os.Getenv("OKTA_INFO_ORG_URL")
apiToken = os.Getenv("OKTA_INFO_API_TOKEN")
)
func printHelp() {
fmt.Println("Usage: okta-info <subcommand> <subcommand arguments>")
fmt.Println("Subcommands:")
fmt.Println(" group <group name> - print users in a group")
fmt.Println(" user <user name> - print groups for a user")
fmt.Println(" diff <group1,group2> <group3,group4> - print users in any of groups 1 or 2 but not in groups 3 or 4")
fmt.Println(" rule <group name> - print group rules for a group")
}
func run() error {
// Check which subcommand was provided
if len(os.Args) < 3 {
printHelp()
os.Exit(1)
}
token, err := getAPIToken()
if err != nil {
return err
}
oic, err := client.NewOIClient(token, oktaOrgURL)
if err != nil {
return err
}
// Handle the subcommands
switch os.Args[1] {
case "group":
// CommaSeparated list of groups
groups := strings.Split(os.Args[2], ",")
return oic.PrintUsersInGroups(groups)
case "user":
return oic.PrintGroupsForUser(os.Args[2])
case "diff":
// CommaSeparated list of groups
groupsA := strings.Split(os.Args[2], ",")
groupsB := strings.Split(os.Args[3], ",")
hideDeprovisioned := false
return oic.PrintGroupDiff(groupsA, groupsB, hideDeprovisioned)
case "rule":
return oic.PrintGroupRules(os.Args[2])
default:
printHelp()
os.Exit(1)
}
// should not get here ever
return nil
}
func main() {
err := run()
if err != nil {
log.Fatalf("Error: %s", err)
}
}
func getAPIToken() (string, error) {
if apiToken != "" {
return apiToken, nil
}
if os.Getenv("OKTA_INFO_USE_1PASSWORD") == "" {
return "", nil
}
// Use 1password vault to fetch token
// This probably doesn't work for anyone else than me, sorry
cmd := exec.Command("op", "item", "get",
"product-Okta ApiToken",
"--vault", "Private",
"--field", "password")
var outb, errb bytes.Buffer
cmd.Stdout = &outb
cmd.Stderr = &errb
err := cmd.Run()
if err != nil {
fmt.Println(outb.String())
fmt.Println(errb.String())
return "", err
}
// trim extra whitespace
return strings.TrimSpace(outb.String()), nil
}