questions/bugs/requests

[gabrielsroka]

Thanks for the great tool! i've been showing other Okta customers on https://macadmins.slack.com how to use it.

i know this is a lot (esp. in 1 place). hopefully that's ok.

1. okta-cli raw logs returns un-pretty-printed JSON by default, whereas other commands return a table by default, or the JSON is pretty-printed.
2. okta-cli raw logs returns a target which is a JSON array (ie, a Python list), but u can't address it. eg, it'd be nice to request target.0.displayName or target[0].displayName, etc, but this crashes the cli.
3. --output-fields replaces the default fields. it'd be nice to have another flag to add to the default fields.
4. csv crashes when there's only 1 column. i think i figured out the format, but it's not well-documented -- examples would be nice.
5. config list doesn't show which one is the default or the current. config delete crashes when you try to delete something that's not there.
6. for large fetches (eg, 1,000s of users), it fetches everyone first, then displays them (this is nice because you can format the table, and you want to figure out the column widths). it'd be nice to a) show progress, and/or b) have a flag to show immediate results (eg, per page, even if they're not formatted as nicely from page to page).
7. I wanted to use the cli for bulk-updates, but this requires a csv (or some intermediary file). would something like this be recommended instead? it "works", but a) it's slow (cuz it spawns the cli many times, and it can't reuse the requests.Session(), b) is it good? i'm not much of a shell programmer. it'd be nice to have something more like what you can do in SQL: update users set department = 'New IT' where department = 'IT'. again, example use cases would be nice -- how do you use the cli?

okta-cli users list --search 'profile.department eq "IT"' | 
while read id status rest; do 
  echo $id $status $rest
  okta-cli users update $id --set profile.department="New IT" > /dev/null
done

or

okta-cli users list --search 'profile.department eq "IT"' --output-fields id | 
while read id; do 
  okta-cli users update $id --set profile.department="New IT"
done

[gabrielsroka]

8. i tried

okta-cli users list --search 'profile.department sw "IT"' --csv > it.csv
okta-cli users bulk-update --set profile.department="New IT" it.csv 
Bulk update might take a while. Please be patient.
88 - done.
   0 ok    
   0 errors
0 total

but it said 0 ok, 0 errors. i'm not sure why. i got bulk-update to work in other cases.

[flypenguin]

oof, that's a lot. could you please open separate issues for this? especially for the bugs.

regarding q8: yes, i remember the "sw" operator just does not work with the okta API, nothing i can do about it :( . i remember spending a lot of time until i accepted it. so what happens is that users list ... will not return anything. in case they fixed it you can try removing the "" around "IT", maybe that works (try the first step with and without quotes, and refer to the CSV file for confirmation)

regarding q7: yes, this is slow. your idea in q8 was "the right one", unfortunately if i'm correct you hit an Okta limitation. yet okta-cli can still help you ;) . --match filters after downloading the users (i.e. not using the API), in contrast to -f, -s, and -q. so modify your first command in question q8 like this: okta-cli users list --partial --match "profile.department=^IT" (it accepts regexes and needs no quotes IIRC). that should still be much faster than your q7 approach.

[flypenguin]

on second thought ... it says "88 - done" in your q7. that is weird. i will have a look at it.

[gabrielsroka]

sw works fine with search. Or eq

[gabrielsroka]

i will have a look at it.

https://github.com/flypenguin/okta-cli/issues/15#issuecomment-1812280486

did u look at it?

EDIT: nm, u opened #16

[flypenguin]

actually I did. it's in fact a bug with the multithreading. will be fixed in 18.1.0 (at least it will show the correct ERROR count ...)