SALTO-4992: dont fetch push rules for inactive apps (#5058)

salto-io · Nov 6, 2023 · 52192b0 · 52192b0
1 parent 4ddca71
commit 52192b0
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 12 deletions.
diff --git a/packages/okta-adapter/src/filters/group_push.ts b/packages/okta-adapter/src/filters/group_push.ts
@@ -21,7 +21,7 @@ import { createSchemeGuard } from '@salto-io/adapter-utils'
 import { collections } from '@salto-io/lowerdash'
 import { logger } from '@salto-io/logging'
 import { FilterCreator } from '../filter'
-import { OKTA, APPLICATION_TYPE_NAME, GROUP_PUSH_TYPE_NAME, GROUP_PUSH_RULE_TYPE_NAME } from '../constants'
+import { OKTA, APPLICATION_TYPE_NAME, GROUP_PUSH_TYPE_NAME, GROUP_PUSH_RULE_TYPE_NAME, ACTIVE_STATUS } from '../constants'
 import { PRIVATE_API_DEFINITIONS_CONFIG, OktaConfig, CLIENT_CONFIG } from '../config'
 
 const log = logger(module)
@@ -191,6 +191,29 @@ const toPushRuleInstance = async ({
   getElemIdFunc,
 })
 
+const getGroupPushRules = async ({
+  appInstance,
+  pushRuleType,
+  paginator,
+  config,
+  getElemIdFunc,
+}: {
+  appInstance: InstanceElement
+  pushRuleType: ObjectType
+  paginator: clientUtils.Paginator
+  config: OktaConfig
+  getElemIdFunc?: ElemIdGetter
+}): Promise<InstanceElement[]> => {
+  const pushRulesEntries = await getPushRulesForApp(paginator, appInstance.value.id)
+  return Promise.all(pushRulesEntries.map(async entry => toPushRuleInstance({
+    entry,
+    pushRuleType,
+    appInstance,
+    config,
+    getElemIdFunc,
+  })))
+}
+
 /**
  * Fetch group push instances and group push rule instances using private API
  */
@@ -240,15 +263,12 @@ const groupPushFilter: FilterCreator = ({ config, adminClient, getElemIdFunc })
           config,
           getElemIdFunc,
         })))
-        const pushRulesEntries = await getPushRulesForApp(paginator, appInstance.value.id)
-        const pushRules = await Promise.all(pushRulesEntries.map(async entry => toPushRuleInstance({
-          entry,
-          pushRuleType,
-          appInstance,
-          config,
-          getElemIdFunc,
-        })))
-        return groupPush.concat(pushRules)
+        const appStatus = appInstance.value.status
+        // fetching Group Push rules is only supported for apps in status ACTIVE
+        const groupPushRules = appStatus === ACTIVE_STATUS
+          ? await getGroupPushRules({ appInstance, pushRuleType, paginator, config, getElemIdFunc })
+          : []
+        return groupPush.concat(groupPushRules)
       })))
       .flat()
 

diff --git a/packages/okta-adapter/test/filters/group_push.test.ts b/packages/okta-adapter/test/filters/group_push.test.ts
@@ -37,12 +37,17 @@ describe('groupPushFilter', () => {
   const appWithGroupPush = new InstanceElement(
     'regular app',
     appType,
-    { id: 'abc', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA', 'GROUP_PUSH'] },
+    { id: 'abc', status: 'ACTIVE', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA', 'GROUP_PUSH'] },
   )
   const appWithNoGroupPush = new InstanceElement(
     'regular app',
     appType,
-    { id: 'bcd', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA'] },
+    { id: 'bcd', status: 'ACTIVE', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA'] },
+  )
+  const inactiveApp = new InstanceElement(
+    'regular app',
+    appType,
+    { id: 'cde', status: 'INACTIVE', name: 'zendesk', signOnMode: 'SAML_2_0', features: ['GROUP_PUSH'] },
   )
   const groupPushType = new ObjectType({ elemID: new ElemID(OKTA, GROUP_PUSH_TYPE_NAME) })
   const pushRuleType = new ObjectType({ elemID: new ElemID(OKTA, GROUP_PUSH_RULE_TYPE_NAME) })
@@ -149,6 +154,24 @@ describe('groupPushFilter', () => {
       expect(pushRuleInstances).toHaveLength(1)
       expect(pushRuleInstances[0].value).toEqual(pushRuleInstance.value)
     })
+    it('should not fetch group push rules for inactive apps', async () => {
+      mockGet.mockImplementation(params => {
+        if (params.url === '/api/internal/instance/cde/grouppush') {
+          return {
+            status: 200,
+            data: { mappings: [], nextMappingsPageUrl: null },
+          }
+        }
+        throw new Error('unexpected')
+      })
+      const elements: Element[] = [appType, inactiveApp]
+      filter = groupPushFilter(getFilterParams({ adminClient: client })) as typeof filter
+      await filter.onFetch(elements)
+      // Only 1 call for grouppush
+      expect(mockGet).toHaveBeenCalledTimes(1)
+      expect(mockGet).toHaveBeenCalledWith(expect.objectContaining({ url: '/api/internal/instance/cde/grouppush' }))
+      expect(mockGet).not.toHaveBeenCalledWith(expect.objectContaining({ url: '/api/internal/instance/cde/grouppushrules' }))
+    })
   })
 
   describe('preDeploy', () => {