Add an Okta Devices table

[mattjurczyk]

Is your feature request related to a problem? Please describe. With okta moving more towards a device trust model, it would be good to be able to put a device to a user

Describe the solution you'd like

Be able to relate a user to a device and see device information (encryption, managed, etc)

Describe alternatives you've considered

https://support.okta.com/help/s/article/Howto-Get-a-List-of-All-Managed-and-NotManaged-Devices-in-Okta?language=en_US

Additional context Add any other context or screenshots about the feature request here.

[ParthaI]

Hello @mattjurczyk, Thank you for highlighting this issue.

To address it, we've introduced a new table called okta_device and have committed these changes to the issue-111 branch. Currently, we lack the necessary authorization to link a device in our setup, which means we haven't been able to test this feature ourselves.

We would greatly appreciate it if you could test it on your end using the PR branch and share any feedback you might have.

Here are the steps to test it in the issue-111 branch:

• Execute git clone https://github.com/turbot/steampipe-plugin-okta.git to clone the repository.
• Change directory using cd steampipe-plugin-okta.
• Switch to the relevant branch with git checkout issue-111.
• Run make to build or update the plugin.
• Finally, execute your queries to test the new table.

Thank you again for your cooperation!

[mattjurczyk]

No problem. Getting this error

select id from okta_device;

Error: okta: PATCH is not a valid HttpMethod (SQLSTATE HV000)

+----+ | id | +----+ +----+

Shouldn't that be a "Get" instead of patch

[ParthaI]

Thank you for your prompt reply!

• We don't explicitly use any HTTP methods in our implementation as the SDK handles them. Currently, we're using Okta SDK V2 (github.com/okta/okta-sdk-golang/v2), which unfortunately does not support the ListDevices API call. However, Okta SDK V3 (github.com/okta/okta-sdk-golang/v3) does support it.
• Could you please share the plugin logs associated with the query where the error is occurring? You can find the log file at ~/.steampipe/logs/plugin-2024-1-*.log. Make sure to remove any sensitive information before sharing.
• As I couldn't locate any documentation for implementation details of version 3, I based the changes on the code structure of the Okta SDK.
• My trials with SDK v3 for listing Okta Users were successful, so I applied it to the okta_device table.
• I've made a small update and would appreciate it if you could test it again. Please pull the latest changes locally:
  • Execute git pull origin issue-111
  • Run make
  • Then, execute your query
• If you still encounter any issues, we might need to drop the idea of using SDK V3, given its potential bugs.

Thank you!

[mattjurczyk]

plugin-2024-01-25 copy.log

[mattjurczyk]

still getting

Error: okta: PATCH is not a valid HttpMethod (SQLSTATE HV000)

+----+ | id | +----+ +----+

Is there a way to see if its using the SDK v3?

[mattjurczyk]

2024-01-25 16:34:07.496 UTC [ERROR] steampipe-plugin-okta.plugin: [ERROR] 1706200447168: okta_device.listOktaDevices: api_error="PATCH is not a valid HttpMethod" 2024-01-25 16:34:07.497 UTC [WARN] steampipe-plugin-okta.plugin: [WARN] 1706200447168: doList callHydrateWithRetries (okta-1706200447168) returned err PATCH is not a valid HttpMethod 2024-01-25 16:34:07.497 UTC [WARN] steampipe-plugin-okta.plugin: [WARN] 1706200447168: QueryData StreamError PATCH is not a valid HttpMethod (okta-1706200447168)

[ParthaI]

Based on the error log you shared, it appears the issue might stem from the SDK/API.

Is there a way to see if its using the SDK v3?

• Yes, if you've pulled the changes locally, open the directory ~/.steampipe-plugin-okta in your preferred IDE. Look for the files table_okta_device.go and connect.go.
• For a web view, you can visit table_okta_device.go and connect.go.
• If you'd like to experiment with modifications and build the plugin locally:
• Make the necessary modifications.
• Run make to build.
• Execute your query.
• If you face difficulties with modifying the plugin code, the following Go examples might help in your investigation:

Using okta-sdk-golang/v3:

package main

import (
    "context"
    "fmt"
    "os"

    "github.com/okta/okta-sdk-golang/v3/okta"
)

func main() {
    // Set up the Okta client
    oktaConfiguratiopn, err := okta.NewConfiguration(okta.WithOrgUrl("<YOUR OKTA DOMAIN>"), okta.WithToken("<YOUT TOKEN>"), okta.WithRequestTimeout(30), okta.WithRateLimitMaxRetries(5))
    client := okta.NewAPIClient(oktaConfiguratiopn) // Replace with your API token
    if err != nil {
        fmt.Printf("Error creating Okta client: %v\n", err)
        os.Exit(1)
    }

    // List Users
    // userReq := client.UserAPI.ListUsers(context.Background())

    // users, _, err := userReq.Execute()
    // if err != nil {
    //  fmt.Printf("Error in API call: %v\n", err)
    // }

    // for _, user := range users {
    //  fmt.Printf("User: %v\n", *user.Id)
    // }

    // List devices
    deviceReq := client.DeviceAPI.ListDevices(context.Background())

    devices, _, err := deviceReq.Execute()
    if err != nil {
        fmt.Printf("Error in API call: %v\n", err)
    }

    for _, device := range devices {
        fmt.Printf("Device: %v\n", *device.Id)
    }
}

Using Raw API Call:

package main

import (
  "fmt"
  "net/http"
  "io/ioutil"
)

func main() {
  yourOktaDomain := "subdomain.okta.com";
  reqUrl := "https://" + yourOktaDomain + "/api/v1/devices"
  req, err := http.NewRequest("GET", reqUrl, nil)

  query := req.URL.Query()
  query.Add("after", "200u3des4afA47rYJu1d7")
  query.Add("limit", "20")
  query.Add("search", "lastUpdated gt "2019-06-01T09:00:00.000Z"")
  query.Add("expand", "userSummary")
  req.URL.RawQuery = query.Encode()

  if err != nil {
    panic(err)
  }
  req.Header.Add("Authorization", "YOUR_API_KEY_HERE")
  res, err := http.DefaultClient.Do(req)
  if err != nil {
    panic(err)
  }
  defer res.Body.Close()
  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    panic(err)
  }

  fmt.Println(res)
  fmt.Println(string(body))
}

Your contributions to this project would be highly appreciated.

Thank you for your involvement.

[bigdatasourav]

Hey @mattjurczyk, we're closing this issue as we haven't heard back from you yet, please feel free to reopen if you want to share anything. Thanks!

[mattjurczyk]

Error: rpc error: code = Internal desc = okta: rpc error: code = Internal desc = hydrate function listGroupMembers failed with panic interface conversion: interface {} is okta.DeviceList, not *okta.Group (SQLSTATE HV000)

Seeing this issue now with the new version of the okta go sdk

[mattjurczyk]

@bigdatasourav if we could reopen

[ParthaI]

Hello, @mattjurczyk, I've reopened PR (#113) with the addition of the okta_device table. Additionally, I've implemented a fix addressing the concerns raised in this issue comment. After thorough testing, I believe all issues have been resolved. I look forward to your feedback without anticipating further errors.

Thank you!