entitlements-github-plugin 0.4.4 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/entitlements/backend/github_org/controller.rb +7 -6
- data/lib/entitlements/backend/github_org/provider.rb +2 -1
- data/lib/entitlements/backend/github_org/service.rb +9 -1
- data/lib/entitlements/backend/github_team/controller.rb +2 -1
- data/lib/entitlements/backend/github_team/provider.rb +4 -3
- data/lib/entitlements/backend/github_team/service.rb +18 -8
- data/lib/entitlements/service/github.rb +10 -7
- data/lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0db3559ab7a07dfcd5d4a732095029a812097d5fd1152d79dc2a186a2db66707
|
|
4
|
+
data.tar.gz: cb97c975f6885865e4981b50c9db1d2b8d7e1eb26bca7bb62b0280ee7db6c9d2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 863dbd7ffe40ae5f72a27388c46777f2928bd342a88b9882c53274b54a209a34db43ac4e7312d6c2dda028cdedd321d22e120cc24f8f9092fcd1636ea2dfc7b1
|
|
7
|
+
data.tar.gz: 3d3c6d88f99389c9c1c38602d433c525f13b342d36350b09e19396cf1b4064a75e1552f0e06f4b6fbf9fe8f8b1fa0ef1b571c1734d057e312a0a56673f785fbf
|
|
@@ -120,12 +120,13 @@ module Entitlements
|
|
|
120
120
|
Contract String, C::HashOf[String => C::Any] => nil
|
|
121
121
|
def validate_config!(key, data)
|
|
122
122
|
spec = COMMON_GROUP_CONFIG.merge({
|
|
123
|
-
"base"
|
|
124
|
-
"addr"
|
|
125
|
-
"org"
|
|
126
|
-
"token"
|
|
127
|
-
"features"
|
|
128
|
-
"ignore"
|
|
123
|
+
"base" => { required: true, type: String },
|
|
124
|
+
"addr" => { required: false, type: String },
|
|
125
|
+
"org" => { required: true, type: String },
|
|
126
|
+
"token" => { required: true, type: String },
|
|
127
|
+
"features" => { required: false, type: Array },
|
|
128
|
+
"ignore" => { required: false, type: Array },
|
|
129
|
+
"ignore_not_found" => { required: false, type: [FalseClass, TrueClass] },
|
|
129
130
|
})
|
|
130
131
|
text = "GitHub organization group #{key.inspect}"
|
|
131
132
|
Entitlements::Util::Util.validate_attr!(spec, data, text)
|
|
@@ -25,7 +25,8 @@ module Entitlements
|
|
|
25
25
|
org: config.fetch("org"),
|
|
26
26
|
addr: config.fetch("addr", nil),
|
|
27
27
|
token: config.fetch("token"),
|
|
28
|
-
ou: config.fetch("base")
|
|
28
|
+
ou: config.fetch("base"),
|
|
29
|
+
ignore_not_found: config.fetch("ignore_not_found", false)
|
|
29
30
|
)
|
|
30
31
|
@role_cache = {}
|
|
31
32
|
end
|
|
@@ -44,7 +44,15 @@ module Entitlements
|
|
|
44
44
|
Contract String, String => C::Bool
|
|
45
45
|
def add_user_to_organization(user, role)
|
|
46
46
|
Entitlements.logger.debug "#{identifier} add_user_to_organization(user=#{user}, org=#{org}, role=#{role})"
|
|
47
|
-
|
|
47
|
+
|
|
48
|
+
begin
|
|
49
|
+
new_membership = octokit.update_organization_membership(org, user:, role:)
|
|
50
|
+
rescue Octokit::NotFound => e
|
|
51
|
+
raise e unless ignore_not_found
|
|
52
|
+
|
|
53
|
+
Entitlements.logger.warn "User #{user} not found in GitHub instance #{identifier}, ignoring."
|
|
54
|
+
return false
|
|
55
|
+
end
|
|
48
56
|
|
|
49
57
|
# Happy path
|
|
50
58
|
if new_membership[:role] == role
|
|
@@ -110,7 +110,8 @@ module Entitlements
|
|
|
110
110
|
"base" => { required: true, type: String },
|
|
111
111
|
"addr" => { required: false, type: String },
|
|
112
112
|
"org" => { required: true, type: String },
|
|
113
|
-
"token" => { required: true, type: String }
|
|
113
|
+
"token" => { required: true, type: String },
|
|
114
|
+
"ignore_not_found" => { required: false, type: [FalseClass, TrueClass] },
|
|
114
115
|
})
|
|
115
116
|
text = "GitHub group #{key.inspect}"
|
|
116
117
|
Entitlements::Util::Util.validate_attr!(spec, data, text)
|
|
@@ -23,7 +23,8 @@ module Entitlements
|
|
|
23
23
|
org: config.fetch("org"),
|
|
24
24
|
addr: config.fetch("addr", nil),
|
|
25
25
|
token: config.fetch("token"),
|
|
26
|
-
ou: config.fetch("base")
|
|
26
|
+
ou: config.fetch("base"),
|
|
27
|
+
ignore_not_found: config.fetch("ignore_not_found", false)
|
|
27
28
|
)
|
|
28
29
|
|
|
29
30
|
@github_team_cache = {}
|
|
@@ -199,8 +200,8 @@ module Entitlements
|
|
|
199
200
|
end
|
|
200
201
|
end
|
|
201
202
|
|
|
202
|
-
existing_maintainers = existing_group.metadata_fetch_if_exists("team_maintainers")
|
|
203
|
-
changed_maintainers = group.metadata_fetch_if_exists("team_maintainers")
|
|
203
|
+
existing_maintainers = existing_group.metadata_fetch_if_exists("team_maintainers")&.downcase
|
|
204
|
+
changed_maintainers = group.metadata_fetch_if_exists("team_maintainers")&.downcase
|
|
204
205
|
if existing_maintainers != changed_maintainers
|
|
205
206
|
base_diff[:metadata] ||= {}
|
|
206
207
|
if existing_maintainers.nil? && !changed_maintainers.nil?
|
|
@@ -18,19 +18,21 @@ module Entitlements
|
|
|
18
18
|
|
|
19
19
|
# Constructor.
|
|
20
20
|
#
|
|
21
|
-
# addr
|
|
22
|
-
# org
|
|
23
|
-
# token
|
|
24
|
-
# ou
|
|
21
|
+
# addr - Base URL a GitHub Enterprise API (leave undefined to use dotcom)
|
|
22
|
+
# org - String with organization name
|
|
23
|
+
# token - Access token for GitHub API
|
|
24
|
+
# ou - Base OU for fudged DNs
|
|
25
|
+
# ignore_not_found - Boolean to ignore not found errors
|
|
25
26
|
#
|
|
26
27
|
# Returns nothing.
|
|
27
28
|
Contract C::KeywordArgs[
|
|
28
29
|
addr: C::Maybe[String],
|
|
29
30
|
org: String,
|
|
30
31
|
token: String,
|
|
31
|
-
ou: String
|
|
32
|
+
ou: String,
|
|
33
|
+
ignore_not_found: C::Maybe[C::Bool],
|
|
32
34
|
] => C::Any
|
|
33
|
-
def initialize(addr: nil, org:, token:, ou:)
|
|
35
|
+
def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
|
|
34
36
|
super
|
|
35
37
|
Entitlements.cache[:github_team_members] ||= {}
|
|
36
38
|
Entitlements.cache[:github_team_members][org] ||= {}
|
|
@@ -436,8 +438,16 @@ module Entitlements
|
|
|
436
438
|
end
|
|
437
439
|
Entitlements.logger.debug "#{identifier} add_user_to_team(user=#{user}, org=#{org}, team_id=#{team.team_id}, role=#{role})"
|
|
438
440
|
validate_team_id_and_slug!(team.team_id, team.team_name)
|
|
439
|
-
|
|
440
|
-
|
|
441
|
+
|
|
442
|
+
begin
|
|
443
|
+
result = octokit.add_team_membership(team.team_id, user, role:)
|
|
444
|
+
result[:state] == "active" || result[:state] == "pending"
|
|
445
|
+
rescue Octokit::NotFound => e
|
|
446
|
+
raise e unless ignore_not_found
|
|
447
|
+
|
|
448
|
+
Entitlements.logger.warn "User #{user} not found in GitHub instance #{identifier}, ignoring."
|
|
449
|
+
false
|
|
450
|
+
end
|
|
441
451
|
end
|
|
442
452
|
|
|
443
453
|
# Remove user from team.
|
|
@@ -17,28 +17,31 @@ module Entitlements
|
|
|
17
17
|
MAX_GRAPHQL_RETRIES = 3
|
|
18
18
|
WAIT_BETWEEN_GRAPHQL_RETRIES = 1
|
|
19
19
|
|
|
20
|
-
attr_reader :addr, :org, :token, :ou
|
|
20
|
+
attr_reader :addr, :org, :token, :ou, :ignore_not_found
|
|
21
21
|
|
|
22
22
|
# Constructor.
|
|
23
23
|
#
|
|
24
|
-
# addr
|
|
25
|
-
# org
|
|
26
|
-
# token
|
|
27
|
-
# ou
|
|
24
|
+
# addr - Base URL a GitHub Enterprise API (leave undefined to use dotcom)
|
|
25
|
+
# org - String with organization name
|
|
26
|
+
# token - Access token for GitHub API
|
|
27
|
+
# ou - Base OU for fudged DNs
|
|
28
|
+
# ignore_not_found - Boolean to ignore not found errors
|
|
28
29
|
#
|
|
29
30
|
# Returns nothing.
|
|
30
31
|
Contract C::KeywordArgs[
|
|
31
32
|
addr: C::Maybe[String],
|
|
32
33
|
org: String,
|
|
33
34
|
token: String,
|
|
34
|
-
ou: String
|
|
35
|
+
ou: String,
|
|
36
|
+
ignore_not_found: C::Maybe[C::Bool],
|
|
35
37
|
] => C::Any
|
|
36
|
-
def initialize(addr: nil, org:, token:, ou:)
|
|
38
|
+
def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
|
|
37
39
|
# Save some parameters for the connection but don't actually connect yet.
|
|
38
40
|
@addr = addr
|
|
39
41
|
@org = org
|
|
40
42
|
@token = token
|
|
41
43
|
@ou = ou
|
|
44
|
+
@ignore_not_found = ignore_not_found
|
|
42
45
|
|
|
43
46
|
# This is a global cache across all invocations of this object. GitHub membership
|
|
44
47
|
# need to be obtained only one time per organization, but might be used multiple times.
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: entitlements-github-plugin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub, Inc. Security Ops
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: contracts
|