From 0a3d816be27ec80e955597c4d833686f68676af9 Mon Sep 17 00:00:00 2001
From: Rajat Venkatesh <1638298+vrajat@users.noreply.github.com>
Date: Tue, 31 Oct 2023 10:27:44 +0530
Subject: [PATCH] Add support for Okta

Accepts token through a command line argument.
Add a new sync only for Okta.
---
 cartography/cli.py  | 19 ++++++++++++-------
 cartography/sync.py |  9 +++++++++
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/cartography/cli.py b/cartography/cli.py
index 089e4c12be..d96d813d71 100644
--- a/cartography/cli.py
+++ b/cartography/cli.py
@@ -288,6 +288,14 @@ def _build_parser(self):
                 'Okta organizational id to sync. Required if you are using the Okta intel module. Ignored otherwise.'
             ),
         )
+        parser.add_argument(
+            '--okta-api-key',
+            type=str,
+            default=None,
+            help=(
+                'Key with which to auth to the Okta API.'
+            ),
+        )
         parser.add_argument(
             '--okta-api-key-env-var',
             type=str,
@@ -513,12 +521,7 @@ def main(self, argv: str) -> int:
         else:
             config.azure_client_secret = None
 
-        # Okta config
-        if config.okta_org_id and config.okta_api_key_env_var:
-            logger.debug(f"Reading API key for Okta from environment variable {config.okta_api_key_env_var}")
-            config.okta_api_key = os.environ.get(config.okta_api_key_env_var)
-        else:
-            config.okta_api_key = None
+        # Okta config. Rajat: No extra work required any more.
 
         # CRXcavator config
         if config.crxcavator_api_base_uri and config.crxcavator_api_key_env_var:
@@ -622,8 +625,10 @@ def main(argv=None, sync_flag=None):
     if(requested_sync == 'rule_check'):
         sync = cartography.sync.build_rule_check_sync()
         result = CLI(sync, prog='cartography').main(argv)
-    if(requested_sync.startswith("gcp")):
+    elif(requested_sync.startswith("gcp")):
         sync = cartography.sync.build_borneo_gcp_sync("skip_index" in requested_sync)
+    elif(requested_sync.startswith("okta")):
+        sync = cartography.sync.build_borneo_okta_sync("skip_index" in requested_sync)
         result = CLI(sync, prog='cartography').main(argv)
     else:
         if(requested_sync != "default"):
diff --git a/cartography/sync.py b/cartography/sync.py
index ae6519733f..71cb854120 100644
--- a/cartography/sync.py
+++ b/cartography/sync.py
@@ -209,6 +209,15 @@ def build_borneo_gcp_sync(skipIndex: bool) -> Sync:
     ])
     return sync
 
+def build_borneo_okta_sync(skipIndex: bool) -> Sync:
+    sync = Sync()
+    if skipIndex != True:
+        sync.add_stages([('create-indexes', cartography.intel.create_indexes.run)])
+    sync.add_stages([
+        ('okta', cartography.intel.okta.start_okta_ingestion),
+    ])
+    return sync
+
 def build_rule_check_sync() -> Sync:
     sync = Sync()
     sync.add_stages([