entitlements-github-plugin 0.4.3 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0987a803d14c6ea071918561b6295665e0e72c41b4888ea796d73809e5befb91'
-  data.tar.gz: 52a80360a3dc15c5248228fa64aae7bb1afde55b3248bf2048ed26b64117d8c2
+  metadata.gz: ebcd029f78fa24a64272f1ceb54d2f8ef72cf384fc7847a61cd9d036ac8ebc44
+  data.tar.gz: 3fb63ab5ef87df7691b84891a798d3992bd0268fec1dbe63504af8e240c40384
 SHA512:
-  metadata.gz: 6bb6d37eee52744b52af7303b60101f12e21b387d9526fad08f9c77e98d5c9b98724be9104b730c31b89b8ed9c1052051f2a2acb7b73cbfc6190ddf567771f05
-  data.tar.gz: 48545ac1774a659e90dc0303bd4d51b5a6619012a1d1ded25f8ed52472e774b9547abd6a462c37e2d318c73eb7e04d16b27346c83e502c1cb8b0771a77f6f727
+  metadata.gz: 56c8e0717ea77f9ef87352a66e3abad55ebe94219337108b8a7291782e26d8e1b0f8166e512b3d12b9327e39938cfc4fd81f9f6517eda7f434d48a09ebb08d01
+  data.tar.gz: 921ec103e0413d0665c3f2c2f681f2a2ace406083c80306827c76b7f006376f442445eaa537679a7368df5a2b280fceb216d9ae6c2456bc50db367ba32ef5480

data/lib/entitlements/backend/github_org/controller.rb

@@ -120,12 +120,13 @@ module Entitlements
         Contract String, C::HashOf[String => C::Any] => nil
         def validate_config!(key, data)
           spec = COMMON_GROUP_CONFIG.merge({
-            "base"     => { required: true, type: String },
-            "addr"     => { required: false, type: String },
-            "org"      => { required: true, type: String },
-            "token"    => { required: true, type: String },
-            "features" => { required: false, type: Array },
-            "ignore"   => { required: false, type: Array }
+            "base"             => { required: true, type: String },
+            "addr"             => { required: false, type: String },
+            "org"              => { required: true, type: String },
+            "token"            => { required: true, type: String },
+            "features"         => { required: false, type: Array },
+            "ignore"           => { required: false, type: Array },
+            "ignore_not_found" => { required: false, type: [FalseClass, TrueClass] },
           })
           text = "GitHub organization group #{key.inspect}"
           Entitlements::Util::Util.validate_attr!(spec, data, text)

data/lib/entitlements/backend/github_org/provider.rb

@@ -25,7 +25,8 @@ module Entitlements
             org: config.fetch("org"),
             addr: config.fetch("addr", nil),
             token: config.fetch("token"),
-            ou: config.fetch("base")
+            ou: config.fetch("base"),
+            ignore_not_found: config.fetch("ignore_not_found", false)
           )
           @role_cache = {}
         end

data/lib/entitlements/backend/github_org/service.rb

@@ -44,7 +44,15 @@ module Entitlements
         Contract String, String => C::Bool
         def add_user_to_organization(user, role)
           Entitlements.logger.debug "#{identifier} add_user_to_organization(user=#{user}, org=#{org}, role=#{role})"
-          new_membership = octokit.update_organization_membership(org, user:, role:)
+
+          begin
+            new_membership = octokit.update_organization_membership(org, user:, role:)
+          rescue Octokit::NotFound => e
+            raise e unless ignore_not_found
+
+            Entitlements.logger.warn "User #{user} not found in GitHub instance #{identifier}, ignoring."
+            return false
+          end
 
           # Happy path
           if new_membership[:role] == role

data/lib/entitlements/backend/github_team/controller.rb

@@ -110,7 +110,8 @@ module Entitlements
             "base"  => { required: true, type: String },
             "addr"  => { required: false, type: String },
             "org"   => { required: true, type: String },
-            "token" => { required: true, type: String }
+            "token" => { required: true, type: String },
+            "ignore_not_found" => { required: false, type: [FalseClass, TrueClass] },
           })
           text = "GitHub group #{key.inspect}"
           Entitlements::Util::Util.validate_attr!(spec, data, text)

data/lib/entitlements/backend/github_team/provider.rb

@@ -23,7 +23,8 @@ module Entitlements
             org: config.fetch("org"),
             addr: config.fetch("addr", nil),
             token: config.fetch("token"),
-            ou: config.fetch("base")
+            ou: config.fetch("base"),
+            ignore_not_found: config.fetch("ignore_not_found", false)
           )
 
           @github_team_cache = {}
@@ -199,8 +200,8 @@ module Entitlements
             end
           end
 
-          existing_maintainers = existing_group.metadata_fetch_if_exists("team_maintainers")
-          changed_maintainers = group.metadata_fetch_if_exists("team_maintainers")
+          existing_maintainers = existing_group.metadata_fetch_if_exists("team_maintainers")&.downcase
+          changed_maintainers = group.metadata_fetch_if_exists("team_maintainers")&.downcase
           if existing_maintainers != changed_maintainers
             base_diff[:metadata] ||= {}
             if existing_maintainers.nil? && !changed_maintainers.nil?

data/lib/entitlements/backend/github_team/service.rb

@@ -28,9 +28,10 @@ module Entitlements
           addr: C::Maybe[String],
           org: String,
           token: String,
-          ou: String
+          ou: String,
+          ignore_not_found: C::Bool,
         ] => C::Any
-        def initialize(addr: nil, org:, token:, ou:)
+        def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
           super
           Entitlements.cache[:github_team_members] ||= {}
           Entitlements.cache[:github_team_members][org] ||= {}
@@ -436,8 +437,16 @@ module Entitlements
           end
           Entitlements.logger.debug "#{identifier} add_user_to_team(user=#{user}, org=#{org}, team_id=#{team.team_id}, role=#{role})"
           validate_team_id_and_slug!(team.team_id, team.team_name)
-          result = octokit.add_team_membership(team.team_id, user, role:)
-          result[:state] == "active" || result[:state] == "pending"
+
+          begin
+            result = octokit.add_team_membership(team.team_id, user, role:)
+            result[:state] == "active" || result[:state] == "pending"
+          rescue Octokit::NotFound => e
+            raise e unless ignore_not_found
+
+            Entitlements.logger.warn "User #{user} not found in GitHub instance #{identifier}, ignoring."
+            false
+          end
         end
 
         # Remove user from team.

data/lib/entitlements/service/github.rb

@@ -17,7 +17,7 @@ module Entitlements
       MAX_GRAPHQL_RETRIES = 3
       WAIT_BETWEEN_GRAPHQL_RETRIES = 1
 
-      attr_reader :addr, :org, :token, :ou
+      attr_reader :addr, :org, :token, :ou, :ignore_not_found
 
       # Constructor.
       #
@@ -31,14 +31,16 @@ module Entitlements
         addr: C::Maybe[String],
         org: String,
         token: String,
-        ou: String
+        ou: String,
+        ignore_not_found: C::Bool,
       ] => C::Any
-      def initialize(addr: nil, org:, token:, ou:)
+      def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
         # Save some parameters for the connection but don't actually connect yet.
         @addr = addr
         @org = org
         @token = token
         @ou = ou
+        @ignore_not_found = ignore_not_found
 
         # This is a global cache across all invocations of this object. GitHub membership
         # need to be obtained only one time per organization, but might be used multiple times.
@@ -210,8 +212,8 @@ module Entitlements
                     login
                   }
                   role
-                  cursor
                 }
+                pageInfo { endCursor }
               }
             }
           }".gsub(/\n\s+/, "\n")
@@ -222,14 +224,15 @@ module Entitlements
             raise "GraphQL query failure"
           end
 
-          edges = response[:data].fetch("data").fetch("organization").fetch("membersWithRole").fetch("edges")
+          membersWithRole = response[:data].fetch("data").fetch("organization").fetch("membersWithRole")
+          edges = membersWithRole.fetch("edges")
           break unless edges.any?
 
           edges.each do |edge|
             result[edge.fetch("node").fetch("login").downcase] = edge.fetch("role")
           end
 
-          cursor = edges.last.fetch("cursor")
+          cursor = membersWithRole.fetch("pageInfo").fetch("endCursor")
           next if cursor && edges.size == max_graphql_results
           break
         end
@@ -276,8 +279,8 @@ module Entitlements
                   node {
                     login
                   }
-                  cursor
                 }
+                pageInfo { endCursor }
               }
             }
           }".gsub(/\n\s+/, "\n")
@@ -288,14 +291,15 @@ module Entitlements
             raise "GraphQL query failure"
           end
 
-          edges = response[:data].fetch("data").fetch("organization").fetch("pendingMembers").fetch("edges")
+          pendingMembers = response[:data].fetch("data").fetch("organization").fetch("pendingMembers")
+          edges = pendingMembers.fetch("edges")
           break unless edges.any?
 
           edges.each do |edge|
             result.add(edge.fetch("node").fetch("login").downcase)
           end
 
-          cursor = edges.last.fetch("cursor")
+          cursor = pendingMembers.fetch("pageInfo").fetch("endCursor")
           next if cursor && edges.size == max_graphql_results
           break
         end

data/lib/version.rb

@@ -2,6 +2,6 @@
 
 module Entitlements
   module Version
-    VERSION = "0.4.3"
+    VERSION = "0.5.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: entitlements-github-plugin
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.5.0
 platform: ruby
 authors:
 - GitHub, Inc. Security Ops
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-27 00:00:00.000000000 Z
+date: 2023-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: contracts