From 9520c5f266353633ad48dec26619760d854ec015 Mon Sep 17 00:00:00 2001
From: edulop <elopez@chanzuckerberg.com>
Date: Thu, 11 Jun 2020 17:10:56 -0400
Subject: [PATCH] [fix] Only fetch clientIDs assigned to user

---
 pkg/aws_config_server/webserver.go |  2 +-
 pkg/okta/okta.go                   | 17 ++++++++++++-----
 pkg/okta/okta_test.go              |  4 ++--
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/pkg/aws_config_server/webserver.go b/pkg/aws_config_server/webserver.go
index 40456ca6..5586860b 100644
--- a/pkg/aws_config_server/webserver.go
+++ b/pkg/aws_config_server/webserver.go
@@ -120,7 +120,7 @@ func Index(
 			return
 		}
 
-		clientIDs, err := okta.GetClientIDs(ctx, oktaClient)
+		clientIDs, err := okta.GetClientIDs(ctx, *email, oktaClient)
 		if err != nil {
 			logrus.Errorf("Unable to get list of ClientIDs for %s: %s", *email, err)
 			http.Error(w, fmt.Sprintf("%v:%s", 500, http.StatusText(500)), 500)
diff --git a/pkg/okta/okta.go b/pkg/okta/okta.go
index b12f9a99..84ae74aa 100644
--- a/pkg/okta/okta.go
+++ b/pkg/okta/okta.go
@@ -2,6 +2,7 @@ package okta
 
 import (
 	"context"
+	"fmt"
 	"net/url"
 
 	"github.com/okta/okta-sdk-golang/v2/okta"
@@ -31,8 +32,8 @@ func NewOktaClient(ctx context.Context, conf *OktaClientConfig) (*okta.Client, e
 	return client, errors.Wrap(err, "error creating Okta client")
 }
 
-func GetClientIDs(ctx context.Context, oktaClient AppResource) ([]ClientID, error) {
-	apps, err := paginateListApplications(ctx, oktaClient)
+func GetClientIDs(ctx context.Context, userEmail string, oktaClient AppResource) ([]ClientID, error) {
+	apps, err := paginateListApplications(ctx, userEmail, oktaClient)
 	if err != nil {
 		return nil, err
 	}
@@ -40,13 +41,19 @@ func GetClientIDs(ctx context.Context, oktaClient AppResource) ([]ClientID, erro
 }
 
 type AppResource interface {
-	ListApplications(context.Context, *query.Params) ([]okta.App, *okta.Response, error)
+	ListApplications(
+		ctx context.Context,
+		qp *query.Params,
+	) ([]okta.App, *okta.Response, error)
 }
 
-func paginateListApplications(ctx context.Context, client AppResource) ([]okta.App, error) {
-	var qp query.Params
+func paginateListApplications(ctx context.Context, userEmail string, client AppResource) ([]okta.App, error) {
 	var apps []okta.App
 
+	qp := query.Params{
+		Filter: fmt.Sprintf("user.email+eq+\"%s\"", userEmail),
+	}
+
 	for {
 		currentApps, resp, err := client.ListApplications(ctx, &qp)
 		if err != nil {
diff --git a/pkg/okta/okta_test.go b/pkg/okta/okta_test.go
index 7262ef4c..18ab0a63 100644
--- a/pkg/okta/okta_test.go
+++ b/pkg/okta/okta_test.go
@@ -77,7 +77,7 @@ func TestPaginateListApplications(t *testing.T) {
 	ctx := context.Background()
 	r := require.New(t)
 
-	appInterfaces, err := paginateListApplications(ctx, &oktaApplicationsWithNilResponse{})
+	appInterfaces, err := paginateListApplications(ctx, "okta user id", &oktaApplicationsWithNilResponse{})
 	r.NoError(err)
 	r.Len(appInterfaces, 2)
 }
@@ -119,7 +119,7 @@ func TestPaginateWithNext(t *testing.T) {
 			},
 		},
 	)
-	clientIDs, err := GetClientIDs(ctx, oktaApps)
+	clientIDs, err := GetClientIDs(ctx, "oktaUserID", oktaApps)
 	r.NoError(err)
 	r.Equal(clientIDs, []ClientID{"id1", "id2", "id3"})
 }