Skip to content

Revoke Grant Events #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mj-palanker wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Revoke Grant Events #131

mj-palanker wants to merge 1 commit into from

Conversation

@mj-palanker
Copy link
Contributor

@mj-palanker mj-palanker commented Nov 12, 2025
edited by coderabbitai bot
Loading

Creates the new revoke grant event types in the event feed.

Summary by CodeRabbit

  • New Features
    • Added automated tracking and logging of user removals from group memberships for improved audit visibility.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 12, 2025
edited
Loading

Walkthrough

A new event filter named CreateRevokeFilter was introduced to handle group membership removal events. The filter validates one UserGroup and one User target, constructs resources accordingly, and emits a CreateRevokeEvent with a "member" entitlement. The filter was registered in the active filter list used by event log operations.

Changes

Cohort / File(s) Summary
New EventFilter Implementation
pkg/connector/event_filters.go		 Introduced CreateRevokeFilter EventFilter that processes group.user_membership.remove events. Validates exactly one UserGroup and one User target, constructs group resource and user principal, creates user email trait, and emits CreateRevokeEvent with "member" entitlement type. Includes debug logging.
Filter Registration
pkg/connector/event_log.go		 Added CreateRevokeFilter to the active event filter list in ListEvents, enabling it to participate in filter mappings and query parameter construction.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Filter implementation closely mirrors the existing CreateGrantFilter pattern, reducing cognitive overhead
  • Straightforward validation logic and event emission
  • Registration is a simple list addition with no conditional logic
  • No architectural changes or complex interactions introduced

Poem

🐰 A rabbit's gentle revoke,
When memberships must go,
With one group and one user spoke,
The removal seeds we sow,
No more "member" to invoke!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Revoke Grant Events' directly aligns with the PR's objective to create new revoke grant event types, matching the CreateRevokeFilter implementation for handling group.user_membership.remove events.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch mjp/revoke-event

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
pkg/connector/event_filters.go (1)

88-133: LGTM! Revoke filter correctly mirrors the grant filter.

The CreateRevokeFilter implementation is correct and appropriately handles group membership removal events. The logic properly validates targets, constructs resources and principals, attaches user trait annotations, and emits the revoke event.

The code is nearly identical to CreateGrantFilter (lines 42-87). If additional grant/revoke filters are added in the future, consider extracting the shared logic into a helper function to reduce duplication. For now, the duplication is acceptable and keeps the filters self-contained and clear.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d3cd357 and b3cddba.

📒 Files selected for processing (2)
  • pkg/connector/event_filters.go (1 hunks)
  • pkg/connector/event_log.go (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
pkg/connector/event_log.go (1)
pkg/connector/event_filters.go (1)
  • CreateRevokeFilter (88-133)
pkg/connector/event_filters.go (1)
pkg/connector/event_filter.go (1)
  • EventFilter (16-26)
🔇 Additional comments (1)
pkg/connector/event_log.go (1)

51-51: LGTM! Filter correctly registered.

The CreateRevokeFilter is properly added to the active filters list and will participate in event processing as expected.

laurenleach
laurenleach reviewed Nov 19, 2025
View reviewed changes
pkg/connector/event_filters.go
return fmt.Errorf("okta-connectorv2: error creating resource: %w", err)
}

userTrait, err := sdkResource.NewUserTrait(sdkResource.WithEmail(user.AlternateId, true))
Copy link
Contributor

@laurenleach laurenleach Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AlternateId is the email?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@laurenleach laurenleach laurenleach approved these changes

@btipling btipling Awaiting requested review from btipling

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mj-palanker @laurenleach @kans