Describe the bug
We are hitting rate limiting and triggering alerts when doing "straight forward" lookups with the new okta_app_assigned_group
table. This may be happening with other tables too but I have only verified it with this tabled based on our testing.
I set logging to trace and change the okta url to localhost to see what it was doing and it looks like it is getting all apps which would be costly with the size of our org and I am passing an app_id
qualifier.
> 2022-01-20T09:48:00.939-0800 [TRACE] steampipe: Got Session with PID: 86911
2022-01-20T09:48:00.939-0800 [TRACE] steampipe: Session with PID: 86911 - returning
>
> select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = '<redacted>' limit 1;
2022-01-20T09:48:04.109-0800 [TRACE] steampipe: resolveQuery select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = '<redacted>' limit 1; args <empty>
2022-01-20T09:48:04.109-0800 [TRACE] steampipe: Got Session with PID: 86911
2022-01-20T09:48:04.109-0800 [TRACE] steampipe: Session with PID: 86911 - returning
Error: Get "https://localhost/api/v1/apps": dial tcp [::1]:443: connect: connection refused (SQLSTATE HV000)
>
I cant find where the list api (https://developer.okta.com/docs/reference/api/apps/#list-applications) call is being done (is it related to the parent hydrate code?)
I believe for this table if app_id
is specified it should just make a paginated call to api/v1/apps/<app_id>/groups
for each app_id
specified
also
https://github.com/turbot/steampipe-plugin-okta/blob/80bfd027a163b4b241b0e24cd6af220c752c74ea/okta/table_okta_app_assigned_group.go#L117
Should that be app_id
and not user_id
? If you could explain how user_id is related that would be appreciated. I am trying to get up to speed so I can make some PRs.
Steampipe version (steampipe -v
)
Example: v0.11.2
Plugin version (steampipe plugin list
)
Example: v0.4.0
To reproduce
run a query with on okta_app_assigned_group
with app_id
qualifier
select app_id,id as group_id,jsonb_array_elements_text(profile->'samlRoles') as roles from okta.okta_app_assigned_group where app_id = '<someappid>' limit 1;
Expected behavior
Not listing ALL apps before getting results
Additional context
none