internal/directory/okta: remove rate limiter (#1370) (#1371)

We did honor the rate limit header from okta, so don't bother to add our
rate limiter there.

go.mod

@@ -62,7 +62,6 @@ require (
 	golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
 	google.golang.org/api v0.29.0
 	google.golang.org/genproto v0.0.0-20200731012542-8145dea6a485
-	golang.org/x/time v0.0.0-20191024005414-555d28b269f0
 	google.golang.org/grpc v1.31.0
 	google.golang.org/protobuf v1.25.0
 	gopkg.in/cookieo9/resources-go.v2 v2.0.0-20150225115733-d27c04069d0d

go.sum

@@ -839,7 +839,6 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=

internal/directory/okta/okta.go

@@ -15,7 +15,6 @@ import (
 
 	"github.com/rs/zerolog"
 	"github.com/tomnomnom/linkheader"
-	"golang.org/x/time/rate"
 
 	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/pkg/grpc/databroker"
@@ -25,9 +24,6 @@ import (
 // Name is the provider name.
 const Name = "okta"
 
-// See https://developer.okta.com/docs/reference/rate-limits/#okta-api-endpoints-and-per-minute-limits
-const defaultQPS = 100 / 60
-
 // Okta use ISO-8601, see https://developer.okta.com/docs/reference/api-overview/#media-types
 const filterDateFormat = "2006-01-02T15:04:05.999Z"
 
@@ -36,7 +32,6 @@ type config struct {
 	httpClient     *http.Client
 	providerURL    *url.URL
 	serviceAccount *ServiceAccount
-	qps            float64
 }
 
 // An Option configures the Okta Provider.
@@ -70,18 +65,10 @@ func WithServiceAccount(serviceAccount *ServiceAccount) Option {
 	}
 }
 
-// WithQPS sets the query per second option.
-func WithQPS(qps float64) Option {
-	return func(cfg *config) {
-		cfg.qps = qps
-	}
-}
-
 func getConfig(options ...Option) *config {
 	cfg := new(config)
 	WithBatchSize(100)(cfg)
 	WithHTTPClient(http.DefaultClient)(cfg)
-	WithQPS(defaultQPS)(cfg)
 	for _, option := range options {
 		option(cfg)
 	}
@@ -92,22 +79,16 @@ func getConfig(options ...Option) *config {
 type Provider struct {
 	cfg         *config
 	log         zerolog.Logger
-	limiter     *rate.Limiter
 	lastUpdated *time.Time
 	groups      map[string]*directory.Group
 }
 
 // New creates a new Provider.
 func New(options ...Option) *Provider {
-	cfg := getConfig(options...)
-	if cfg.qps == 0 {
-		cfg.qps = defaultQPS
-	}
 	return &Provider{
-		cfg:     cfg,
-		log:     log.With().Str("service", "directory").Str("provider", "okta").Logger(),
-		limiter: rate.NewLimiter(rate.Limit(cfg.qps), int(cfg.qps)),
-		groups:  make(map[string]*directory.Group),
+		cfg:    getConfig(options...),
+		log:    log.With().Str("service", "directory").Str("provider", "okta").Logger(),
+		groups: make(map[string]*directory.Group),
 	}
 }
 
@@ -240,10 +221,6 @@ func (p *Provider) apiGet(ctx context.Context, uri string, out interface{}) (htt
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("Authorization", "SSWS "+p.cfg.serviceAccount.APIKey)
 
-	if err := p.limiter.Wait(ctx); err != nil {
-		return nil, err
-	}
-
 	for {
 		res, err := p.cfg.httpClient.Do(req)
 		if err != nil {

internal/directory/provider.go

@@ -86,7 +86,6 @@ func GetProvider(options *config.Options) Provider {
 			return okta.New(
 				okta.WithProviderURL(providerURL),
 				okta.WithServiceAccount(serviceAccount),
-				okta.WithQPS(1.0), // Backported default config
 			)
 		}
 		log.Warn().