okta

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package okta provides Okta API client with OAuth 2.0 private key authentication.

Package okta provides Okta group querying and filtering.

Package okta provides Okta group to GitHub team synchronization.

Index

Constants

This section is empty.

Variables

View Source 
var DefaultScopes = []string{"okta.groups.read", "okta.users.read"}

DefaultScopes defines the required OAuth scopes for the Okta API. these scopes are necessary for group sync functionality.

Functions

func FilterEnabledGroups 

func FilterEnabledGroups(groups []*okta.Group, enabledNames []string) []*okta.Group

FilterEnabledGroups filters Okta groups to only those in the enabled list. returns all groups if enabled list is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client wraps the Okta SDK client with custom configuration.

func NewClient 

func NewClient(cfg *ClientConfig) (*Client, error)

NewClient creates an Okta client with background context.

func NewClientWithContext 

func NewClientWithContext(ctx context.Context, cfg *ClientConfig) (*Client, error)

NewClientWithContext creates an Okta client with OAuth 2.0 private key authentication. supports custom TLS certificate pools via context for testing.

func (*Client) GetClient 

func (c *Client) GetClient() *okta.Client

GetClient returns the underlying Okta SDK client.

func (*Client) GetContext 

func (c *Client) GetContext() context.Context

GetContext returns the context used for API requests.

func (*Client) GetGroupByName 

func (c *Client) GetGroupByName(name string) (*okta.Group, error)

GetGroupByName searches for an Okta group by exact name match.

func (*Client) GetGroupInfo 

func (c *Client) GetGroupInfo(groupName string) (*GroupInfo, error)

GetGroupInfo fetches details for a single Okta group by name.

func (*Client) GetGroupMembers 

func (c *Client) GetGroupMembers(groupID string) ([]string, error)

GetGroupMembers fetches GitHub usernames for all active members of an Okta group. only includes users with status "ACTIVE" to exclude suspended/deprovisioned users. falls back to email if GitHub username field is not set.

func (*Client) GetGroupsByPattern 

func (c *Client) GetGroupsByPattern(pattern string) ([]*GroupInfo, error)

GetGroupsByPattern fetches all Okta groups matching a regex pattern.

func (*Client) ListGroups 

func (c *Client) ListGroups() ([]*okta.Group, error)

ListGroups fetches all Okta groups.

type ClientConfig 

type ClientConfig struct {
	Domain          string
	ClientID        string
	PrivateKey      []byte
	Scopes          []string
	GitHubUserField string
	BaseURL         string
}

ClientConfig contains Okta client configuration.

type GroupInfo 

type GroupInfo struct {
	ID      string
	Name    string
	Members []string
}

GroupInfo contains Okta group details and member list.

type OrphanedUsersReport 

type OrphanedUsersReport struct {
	OrphanedUsers []string
}

OrphanedUsersReport contains users who are org members but not in any synced teams.

type SyncReport 

type SyncReport struct {
	Rule                   string
	OktaGroup              string
	GitHubTeam             string
	MembersAdded           []string
	MembersRemoved         []string
	MembersSkippedExternal []string
	Errors                 []string
}

SyncReport contains the results of syncing a single Okta group to GitHub team.

func (*SyncReport) HasChanges 

func (r *SyncReport) HasChanges() bool

HasChanges returns true if members were added or removed.

func (*SyncReport) HasErrors 

func (r *SyncReport) HasErrors() bool

HasErrors returns true if any errors occurred during sync.

type SyncResult 

type SyncResult struct {
	Reports       []*SyncReport
	OrphanedUsers *OrphanedUsersReport
}

SyncResult contains all sync reports and orphaned users report.

type SyncRule 

type SyncRule struct {
	Name                string `json:"name"`
	Enabled             bool   `json:"enabled"`
	OktaGroupPattern    string `json:"okta_group_pattern,omitempty"`
	OktaGroupName       string `json:"okta_group_name,omitempty"`
	GitHubTeamPrefix    string `json:"github_team_prefix,omitempty"`
	GitHubTeamName      string `json:"github_team_name,omitempty"`
	StripPrefix         string `json:"strip_prefix,omitempty"`
	SyncMembers         bool   `json:"sync_members"`
	CreateTeamIfMissing bool   `json:"create_team_if_missing"`
	TeamPrivacy         string `json:"team_privacy,omitempty"`
}

SyncRule defines how to sync Okta groups to GitHub teams.

type Syncer 

type Syncer struct {
	// contains filtered or unexported fields
}

Syncer coordinates synchronization of Okta groups to GitHub teams.

func NewSyncer 

func NewSyncer(oktaClient *Client, githubClient *github.Client, rules []SyncRule, safetyThreshold float64, logger *slog.Logger) *Syncer

NewSyncer creates a new Okta to GitHub syncer.

func (*Syncer) DetectOrphanedUsers 

func (s *Syncer) DetectOrphanedUsers(ctx context.Context, syncedTeams []string) (*OrphanedUsersReport, error)

DetectOrphanedUsers finds organization members not in any synced teams. excludes external collaborators.

func (*Syncer) Sync 

func (s *Syncer) Sync(ctx context.Context) (*SyncResult, error)

Sync executes all enabled sync rules and returns reports. continues processing remaining rules even if some fail.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.