okta

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package okta provides Okta API client and group synchronization to GitHub teams. Uses OAuth 2.0 with private key authentication.

Index

Constants

This section is empty.

Variables

View Source 
var DefaultScopes = []string{"okta.groups.read", "okta.users.read"}

DefaultScopes defines the required OAuth scopes for the Okta API. these scopes are necessary for group sync functionality.

Functions

func FilterEnabledGroups 

func FilterEnabledGroups(groups []okta.Group, enabledNames []string) []okta.Group

FilterEnabledGroups filters Okta groups to only those in the enabled list. returns all groups if enabled list is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client wraps the Okta SDK client with custom configuration.

func NewClient 

func NewClient(cfg *ClientConfig) (*Client, error)

NewClient creates an Okta client with background context.

func NewClientWithContext 

func NewClientWithContext(ctx context.Context, cfg *ClientConfig) (*Client, error)

NewClientWithContext creates an Okta client with OAuth 2.0 private key authentication. supports custom TLS certificate pools via context for testing.

func (*Client) GetAPIClient added in v0.18.0 

func (c *Client) GetAPIClient() *okta.APIClient

GetAPIClient returns the underlying Okta SDK API client.

func (*Client) GetContext 

func (c *Client) GetContext() context.Context

GetContext returns the context used for API requests.

func (*Client) GetGroupByName 

func (c *Client) GetGroupByName(name string) (*okta.Group, error)

GetGroupByName searches for an Okta group by exact name match.

func (*Client) GetGroupInfo 

func (c *Client) GetGroupInfo(groupName string) (*GroupInfo, error)

GetGroupInfo fetches details for a single Okta group by name.

func (*Client) GetGroupMembers 

func (c *Client) GetGroupMembers(groupID string) (*GroupMembersResult, error)

GetGroupMembers fetches GitHub usernames for all active members of an Okta group. only includes users with status "ACTIVE" to exclude suspended/deprovisioned users. skips users without a GitHub username in their profile and tracks them separately.

func (*Client) GetGroupsByPattern 

func (c *Client) GetGroupsByPattern(pattern string) ([]*GroupInfo, error)

GetGroupsByPattern fetches all Okta groups matching a regex pattern.

func (*Client) ListGroups 

func (c *Client) ListGroups() ([]okta.Group, error)

ListGroups fetches all Okta groups.

type ClientConfig 

type ClientConfig struct {
	Domain          string
	ClientID        string
	PrivateKey      []byte
	PrivateKeyID    string
	Scopes          []string
	GitHubUserField string
	BaseURL         string
}

ClientConfig contains Okta client configuration.

type GroupInfo 

type GroupInfo struct {
	ID                      string
	Name                    string
	Members                 []string
	SkippedNoGitHubUsername []string
}

GroupInfo contains Okta group details and member list.

type GroupMembersResult added in v0.6.0 

type GroupMembersResult struct {
	Members                 []string
	SkippedNoGitHubUsername []string
}

GroupMembersResult contains the results of fetching group members.

type OrphanedUsersReport 

type OrphanedUsersReport struct {
	OrphanedUsers []string
}

OrphanedUsersReport contains users who are org members but not in any synced teams.

type SyncReport 

type SyncReport struct {
	Rule                       string
	OktaGroup                  string
	GitHubTeam                 string
	MembersAdded               []string
	MembersRemoved             []string
	MembersSkippedExternal     []string
	MembersSkippedNoGHUsername []string
	Errors                     []string
}

SyncReport contains the results of syncing a single Okta group to GitHub team.

func (*SyncReport) HasChanges 

func (r *SyncReport) HasChanges() bool

HasChanges returns true if members were added or removed.

func (*SyncReport) HasErrors 

func (r *SyncReport) HasErrors() bool

HasErrors returns true if any errors occurred during sync.

type SyncResult 

type SyncResult struct {
	Reports       []*SyncReport
	OrphanedUsers *OrphanedUsersReport
}

SyncResult contains all sync reports and orphaned users report.

type SyncRule 

type SyncRule = types.SyncRule

SyncRule is an alias to types.SyncRule for convenience.

type Syncer 

type Syncer struct {
	// contains filtered or unexported fields
}

Syncer coordinates synchronization of Okta groups to GitHub teams.

func NewSyncer 

func NewSyncer(oktaClient *Client, githubClient *client.Client, rules []SyncRule, safetyThreshold float64, logger *slog.Logger) *Syncer

NewSyncer creates a new Okta to GitHub syncer.

func (*Syncer) DetectOrphanedUsers 

func (s *Syncer) DetectOrphanedUsers(ctx context.Context, syncedTeams []string) (*OrphanedUsersReport, error)

DetectOrphanedUsers finds organization members not in any synced teams. excludes external collaborators.

func (*Syncer) Sync 

func (s *Syncer) Sync(ctx context.Context) (*SyncResult, error)

Sync executes all enabled sync rules and returns reports. continues processing remaining rules even if some fail.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.