entitlements-github-plugin 0.4.4 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/entitlements/backend/github_org/controller.rb +7 -6
- data/lib/entitlements/backend/github_org/provider.rb +2 -1
- data/lib/entitlements/backend/github_org/service.rb +9 -1
- data/lib/entitlements/backend/github_team/controller.rb +2 -1
- data/lib/entitlements/backend/github_team/provider.rb +4 -3
- data/lib/entitlements/backend/github_team/service.rb +13 -4
- data/lib/entitlements/service/github.rb +5 -3
- data/lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ebcd029f78fa24a64272f1ceb54d2f8ef72cf384fc7847a61cd9d036ac8ebc44
|
4
|
+
data.tar.gz: 3fb63ab5ef87df7691b84891a798d3992bd0268fec1dbe63504af8e240c40384
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 56c8e0717ea77f9ef87352a66e3abad55ebe94219337108b8a7291782e26d8e1b0f8166e512b3d12b9327e39938cfc4fd81f9f6517eda7f434d48a09ebb08d01
|
7
|
+
data.tar.gz: 921ec103e0413d0665c3f2c2f681f2a2ace406083c80306827c76b7f006376f442445eaa537679a7368df5a2b280fceb216d9ae6c2456bc50db367ba32ef5480
|
@@ -120,12 +120,13 @@ module Entitlements
|
|
120
120
|
Contract String, C::HashOf[String => C::Any] => nil
|
121
121
|
def validate_config!(key, data)
|
122
122
|
spec = COMMON_GROUP_CONFIG.merge({
|
123
|
-
"base"
|
124
|
-
"addr"
|
125
|
-
"org"
|
126
|
-
"token"
|
127
|
-
"features"
|
128
|
-
"ignore"
|
123
|
+
"base" => { required: true, type: String },
|
124
|
+
"addr" => { required: false, type: String },
|
125
|
+
"org" => { required: true, type: String },
|
126
|
+
"token" => { required: true, type: String },
|
127
|
+
"features" => { required: false, type: Array },
|
128
|
+
"ignore" => { required: false, type: Array },
|
129
|
+
"ignore_not_found" => { required: false, type: [FalseClass, TrueClass] },
|
129
130
|
})
|
130
131
|
text = "GitHub organization group #{key.inspect}"
|
131
132
|
Entitlements::Util::Util.validate_attr!(spec, data, text)
|
@@ -25,7 +25,8 @@ module Entitlements
|
|
25
25
|
org: config.fetch("org"),
|
26
26
|
addr: config.fetch("addr", nil),
|
27
27
|
token: config.fetch("token"),
|
28
|
-
ou: config.fetch("base")
|
28
|
+
ou: config.fetch("base"),
|
29
|
+
ignore_not_found: config.fetch("ignore_not_found", false)
|
29
30
|
)
|
30
31
|
@role_cache = {}
|
31
32
|
end
|
@@ -44,7 +44,15 @@ module Entitlements
|
|
44
44
|
Contract String, String => C::Bool
|
45
45
|
def add_user_to_organization(user, role)
|
46
46
|
Entitlements.logger.debug "#{identifier} add_user_to_organization(user=#{user}, org=#{org}, role=#{role})"
|
47
|
-
|
47
|
+
|
48
|
+
begin
|
49
|
+
new_membership = octokit.update_organization_membership(org, user:, role:)
|
50
|
+
rescue Octokit::NotFound => e
|
51
|
+
raise e unless ignore_not_found
|
52
|
+
|
53
|
+
Entitlements.logger.warn "User #{user} not found in GitHub instance #{identifier}, ignoring."
|
54
|
+
return false
|
55
|
+
end
|
48
56
|
|
49
57
|
# Happy path
|
50
58
|
if new_membership[:role] == role
|
@@ -110,7 +110,8 @@ module Entitlements
|
|
110
110
|
"base" => { required: true, type: String },
|
111
111
|
"addr" => { required: false, type: String },
|
112
112
|
"org" => { required: true, type: String },
|
113
|
-
"token" => { required: true, type: String }
|
113
|
+
"token" => { required: true, type: String },
|
114
|
+
"ignore_not_found" => { required: false, type: [FalseClass, TrueClass] },
|
114
115
|
})
|
115
116
|
text = "GitHub group #{key.inspect}"
|
116
117
|
Entitlements::Util::Util.validate_attr!(spec, data, text)
|
@@ -23,7 +23,8 @@ module Entitlements
|
|
23
23
|
org: config.fetch("org"),
|
24
24
|
addr: config.fetch("addr", nil),
|
25
25
|
token: config.fetch("token"),
|
26
|
-
ou: config.fetch("base")
|
26
|
+
ou: config.fetch("base"),
|
27
|
+
ignore_not_found: config.fetch("ignore_not_found", false)
|
27
28
|
)
|
28
29
|
|
29
30
|
@github_team_cache = {}
|
@@ -199,8 +200,8 @@ module Entitlements
|
|
199
200
|
end
|
200
201
|
end
|
201
202
|
|
202
|
-
existing_maintainers = existing_group.metadata_fetch_if_exists("team_maintainers")
|
203
|
-
changed_maintainers = group.metadata_fetch_if_exists("team_maintainers")
|
203
|
+
existing_maintainers = existing_group.metadata_fetch_if_exists("team_maintainers")&.downcase
|
204
|
+
changed_maintainers = group.metadata_fetch_if_exists("team_maintainers")&.downcase
|
204
205
|
if existing_maintainers != changed_maintainers
|
205
206
|
base_diff[:metadata] ||= {}
|
206
207
|
if existing_maintainers.nil? && !changed_maintainers.nil?
|
@@ -28,9 +28,10 @@ module Entitlements
|
|
28
28
|
addr: C::Maybe[String],
|
29
29
|
org: String,
|
30
30
|
token: String,
|
31
|
-
ou: String
|
31
|
+
ou: String,
|
32
|
+
ignore_not_found: C::Bool,
|
32
33
|
] => C::Any
|
33
|
-
def initialize(addr: nil, org:, token:, ou:)
|
34
|
+
def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
|
34
35
|
super
|
35
36
|
Entitlements.cache[:github_team_members] ||= {}
|
36
37
|
Entitlements.cache[:github_team_members][org] ||= {}
|
@@ -436,8 +437,16 @@ module Entitlements
|
|
436
437
|
end
|
437
438
|
Entitlements.logger.debug "#{identifier} add_user_to_team(user=#{user}, org=#{org}, team_id=#{team.team_id}, role=#{role})"
|
438
439
|
validate_team_id_and_slug!(team.team_id, team.team_name)
|
439
|
-
|
440
|
-
|
440
|
+
|
441
|
+
begin
|
442
|
+
result = octokit.add_team_membership(team.team_id, user, role:)
|
443
|
+
result[:state] == "active" || result[:state] == "pending"
|
444
|
+
rescue Octokit::NotFound => e
|
445
|
+
raise e unless ignore_not_found
|
446
|
+
|
447
|
+
Entitlements.logger.warn "User #{user} not found in GitHub instance #{identifier}, ignoring."
|
448
|
+
false
|
449
|
+
end
|
441
450
|
end
|
442
451
|
|
443
452
|
# Remove user from team.
|
@@ -17,7 +17,7 @@ module Entitlements
|
|
17
17
|
MAX_GRAPHQL_RETRIES = 3
|
18
18
|
WAIT_BETWEEN_GRAPHQL_RETRIES = 1
|
19
19
|
|
20
|
-
attr_reader :addr, :org, :token, :ou
|
20
|
+
attr_reader :addr, :org, :token, :ou, :ignore_not_found
|
21
21
|
|
22
22
|
# Constructor.
|
23
23
|
#
|
@@ -31,14 +31,16 @@ module Entitlements
|
|
31
31
|
addr: C::Maybe[String],
|
32
32
|
org: String,
|
33
33
|
token: String,
|
34
|
-
ou: String
|
34
|
+
ou: String,
|
35
|
+
ignore_not_found: C::Bool,
|
35
36
|
] => C::Any
|
36
|
-
def initialize(addr: nil, org:, token:, ou:)
|
37
|
+
def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
|
37
38
|
# Save some parameters for the connection but don't actually connect yet.
|
38
39
|
@addr = addr
|
39
40
|
@org = org
|
40
41
|
@token = token
|
41
42
|
@ou = ou
|
43
|
+
@ignore_not_found = ignore_not_found
|
42
44
|
|
43
45
|
# This is a global cache across all invocations of this object. GitHub membership
|
44
46
|
# need to be obtained only one time per organization, but might be used multiple times.
|
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: entitlements-github-plugin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GitHub, Inc. Security Ops
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-12-
|
11
|
+
date: 2023-12-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: contracts
|