search

mbegan / Okta-Identity-Cloud-for-Splunk

Public REPO for splunkbase app
https://splunkbase.splunk.com/app/3682/
Other
19 stars 13 forks source link

Save appUser scope data for reporting purposes #11

Open gabrielsroka opened 6 years ago

gabrielsroka commented 6 years ago

We need to report appUser with scope=="USER". Here's some pseudocode:

function saveAppUsers() {
    apps = fetch("/api/v1/apps")
    foreach (app in apps) {
        save app.name # etc
        # Use /users because /skinny_users doesn't have scope.
        appUsers = fetch("/api/v1/apps/$appId/users") {
        foreach (appUser in appUsers) {
            save app.name, appUser.name, appUser.scope # etc
        }
    }
}

function report() {
    apps = getApps()
    # Filter out AD (or LDAP, etc) instances since their users all have scope=="USER".
    nonADApps = apps.filter(app.type != "AD")
    foreach (app in nonADApps) {
        appUsers = getAppUsers(app)
        individAppUsers = appUsers.filter(appUser.scope == "USER") # Keep USER, filter out GROUP.
        foreach (appUser in individAppUsers) {
            print app.name, appUser.name # etc
        }
    }
}
mbegan commented 6 years ago

digging into see how feasible it would be to have the scope values included in the responses for the skinny_users endpoint.

gabrielsroka commented 6 years ago

And what if we need other values? I'm wondering if skinny is too skinny.

On Tue, May 1, 2018, 9:16 PM Matt Egan notifications@github.com wrote:

digging into see how feasible it would be to have the scope values included in the responses for the skinny_users endpoint.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mbegan/Okta-Identity-Cloud-for-Splunk/issues/11#issuecomment-385860143, or mute the thread https://github.com/notifications/unsubscribe-auth/ANsJMEV-CBGChHN-YwyzeW9rirjylQF6ks5tuTMjgaJpZM4Tuluu .