From 52192b003979c5d9b0bff2d996d70736919c909d Mon Sep 17 00:00:00 2001 From: shir-reifenberg <74004474+shir-reifenberg@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:46:33 +0200 Subject: [PATCH] SALTO-4992: dont fetch push rules for inactive apps (#5058) --- .../okta-adapter/src/filters/group_push.ts | 40 ++++++++++++++----- .../test/filters/group_push.test.ts | 27 ++++++++++++- 2 files changed, 55 insertions(+), 12 deletions(-) diff --git a/packages/okta-adapter/src/filters/group_push.ts b/packages/okta-adapter/src/filters/group_push.ts index 8c943f91fa7..8cfd52ef112 100644 --- a/packages/okta-adapter/src/filters/group_push.ts +++ b/packages/okta-adapter/src/filters/group_push.ts @@ -21,7 +21,7 @@ import { createSchemeGuard } from '@salto-io/adapter-utils' import { collections } from '@salto-io/lowerdash' import { logger } from '@salto-io/logging' import { FilterCreator } from '../filter' -import { OKTA, APPLICATION_TYPE_NAME, GROUP_PUSH_TYPE_NAME, GROUP_PUSH_RULE_TYPE_NAME } from '../constants' +import { OKTA, APPLICATION_TYPE_NAME, GROUP_PUSH_TYPE_NAME, GROUP_PUSH_RULE_TYPE_NAME, ACTIVE_STATUS } from '../constants' import { PRIVATE_API_DEFINITIONS_CONFIG, OktaConfig, CLIENT_CONFIG } from '../config' const log = logger(module) @@ -191,6 +191,29 @@ const toPushRuleInstance = async ({ getElemIdFunc, }) +const getGroupPushRules = async ({ + appInstance, + pushRuleType, + paginator, + config, + getElemIdFunc, +}: { + appInstance: InstanceElement + pushRuleType: ObjectType + paginator: clientUtils.Paginator + config: OktaConfig + getElemIdFunc?: ElemIdGetter +}): Promise => { + const pushRulesEntries = await getPushRulesForApp(paginator, appInstance.value.id) + return Promise.all(pushRulesEntries.map(async entry => toPushRuleInstance({ + entry, + pushRuleType, + appInstance, + config, + getElemIdFunc, + }))) +} + /** * Fetch group push instances and group push rule instances using private API */ @@ -240,15 +263,12 @@ const groupPushFilter: FilterCreator = ({ config, adminClient, getElemIdFunc }) config, getElemIdFunc, }))) - const pushRulesEntries = await getPushRulesForApp(paginator, appInstance.value.id) - const pushRules = await Promise.all(pushRulesEntries.map(async entry => toPushRuleInstance({ - entry, - pushRuleType, - appInstance, - config, - getElemIdFunc, - }))) - return groupPush.concat(pushRules) + const appStatus = appInstance.value.status + // fetching Group Push rules is only supported for apps in status ACTIVE + const groupPushRules = appStatus === ACTIVE_STATUS + ? await getGroupPushRules({ appInstance, pushRuleType, paginator, config, getElemIdFunc }) + : [] + return groupPush.concat(groupPushRules) }))) .flat() diff --git a/packages/okta-adapter/test/filters/group_push.test.ts b/packages/okta-adapter/test/filters/group_push.test.ts index 24d42fe529a..7b8ab90dd07 100644 --- a/packages/okta-adapter/test/filters/group_push.test.ts +++ b/packages/okta-adapter/test/filters/group_push.test.ts @@ -37,12 +37,17 @@ describe('groupPushFilter', () => { const appWithGroupPush = new InstanceElement( 'regular app', appType, - { id: 'abc', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA', 'GROUP_PUSH'] }, + { id: 'abc', status: 'ACTIVE', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA', 'GROUP_PUSH'] }, ) const appWithNoGroupPush = new InstanceElement( 'regular app', appType, - { id: 'bcd', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA'] }, + { id: 'bcd', status: 'ACTIVE', name: 'salesforce', signOnMode: 'SAML_2_0', features: ['IMPORT_USER_SCHEMA'] }, + ) + const inactiveApp = new InstanceElement( + 'regular app', + appType, + { id: 'cde', status: 'INACTIVE', name: 'zendesk', signOnMode: 'SAML_2_0', features: ['GROUP_PUSH'] }, ) const groupPushType = new ObjectType({ elemID: new ElemID(OKTA, GROUP_PUSH_TYPE_NAME) }) const pushRuleType = new ObjectType({ elemID: new ElemID(OKTA, GROUP_PUSH_RULE_TYPE_NAME) }) @@ -149,6 +154,24 @@ describe('groupPushFilter', () => { expect(pushRuleInstances).toHaveLength(1) expect(pushRuleInstances[0].value).toEqual(pushRuleInstance.value) }) + it('should not fetch group push rules for inactive apps', async () => { + mockGet.mockImplementation(params => { + if (params.url === '/api/internal/instance/cde/grouppush') { + return { + status: 200, + data: { mappings: [], nextMappingsPageUrl: null }, + } + } + throw new Error('unexpected') + }) + const elements: Element[] = [appType, inactiveApp] + filter = groupPushFilter(getFilterParams({ adminClient: client })) as typeof filter + await filter.onFetch(elements) + // Only 1 call for grouppush + expect(mockGet).toHaveBeenCalledTimes(1) + expect(mockGet).toHaveBeenCalledWith(expect.objectContaining({ url: '/api/internal/instance/cde/grouppush' })) + expect(mockGet).not.toHaveBeenCalledWith(expect.objectContaining({ url: '/api/internal/instance/cde/grouppushrules' })) + }) }) describe('preDeploy', () => {