[fix] Only fetch clientIDs assigned to user

chanzuckerberg · Jun 11, 2020 · 9520c5f · 9520c5f
1 parent abe5abe
commit 9520c5f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/pkg/aws_config_server/webserver.go b/pkg/aws_config_server/webserver.go
@@ -120,7 +120,7 @@ func Index(
 			return
 		}
 
-		clientIDs, err := okta.GetClientIDs(ctx, oktaClient)
+		clientIDs, err := okta.GetClientIDs(ctx, *email, oktaClient)
 		if err != nil {
 			logrus.Errorf("Unable to get list of ClientIDs for %s: %s", *email, err)
 			http.Error(w, fmt.Sprintf("%v:%s", 500, http.StatusText(500)), 500)

diff --git a/pkg/okta/okta.go b/pkg/okta/okta.go
@@ -2,6 +2,7 @@ package okta
 
 import (
 	"context"
+	"fmt"
 	"net/url"
 
 	"github.com/okta/okta-sdk-golang/v2/okta"
@@ -31,22 +32,28 @@ func NewOktaClient(ctx context.Context, conf *OktaClientConfig) (*okta.Client, e
 	return client, errors.Wrap(err, "error creating Okta client")
 }
 
-func GetClientIDs(ctx context.Context, oktaClient AppResource) ([]ClientID, error) {
-	apps, err := paginateListApplications(ctx, oktaClient)
+func GetClientIDs(ctx context.Context, userEmail string, oktaClient AppResource) ([]ClientID, error) {
+	apps, err := paginateListApplications(ctx, userEmail, oktaClient)
 	if err != nil {
 		return nil, err
 	}
 	return getClientIDsfromApplications(ctx, apps)
 }
 
 type AppResource interface {
-	ListApplications(context.Context, *query.Params) ([]okta.App, *okta.Response, error)
+	ListApplications(
+		ctx context.Context,
+		qp *query.Params,
+	) ([]okta.App, *okta.Response, error)
 }
 
-func paginateListApplications(ctx context.Context, client AppResource) ([]okta.App, error) {
-	var qp query.Params
+func paginateListApplications(ctx context.Context, userEmail string, client AppResource) ([]okta.App, error) {
 	var apps []okta.App
 
+	qp := query.Params{
+		Filter: fmt.Sprintf("user.email+eq+\"%s\"", userEmail),
+	}
+
 	for {
 		currentApps, resp, err := client.ListApplications(ctx, &qp)
 		if err != nil {

diff --git a/pkg/okta/okta_test.go b/pkg/okta/okta_test.go
@@ -77,7 +77,7 @@ func TestPaginateListApplications(t *testing.T) {
 	ctx := context.Background()
 	r := require.New(t)
 
-	appInterfaces, err := paginateListApplications(ctx, &oktaApplicationsWithNilResponse{})
+	appInterfaces, err := paginateListApplications(ctx, "okta user id", &oktaApplicationsWithNilResponse{})
 	r.NoError(err)
 	r.Len(appInterfaces, 2)
 }
@@ -119,7 +119,7 @@ func TestPaginateWithNext(t *testing.T) {
 			},
 		},
 	)
-	clientIDs, err := GetClientIDs(ctx, oktaApps)
+	clientIDs, err := GetClientIDs(ctx, "oktaUserID", oktaApps)
 	r.NoError(err)
 	r.Equal(clientIDs, []ClientID{"id1", "id2", "id3"})
 }