entitlements-github-plugin 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c8e5d4e8e883e7e4eb58cc3a8617ce223c6213ead611893bef473b5c95f509f
4
- data.tar.gz: 45f3ca22502cffb65002c5bd651f60bab30e98c14c4f9588dfae0d43565abe73
3
+ metadata.gz: 9080cc49d01feac15d1437b9d665d00321106ef875daca827daa2f863e422065
4
+ data.tar.gz: d351b657f2fefc75d4e629181bbe17204f41fdd8dc5cb83fb3a2df640ba7957e
5
5
  SHA512:
6
- metadata.gz: d1ae84a3fa11c39758e813f6ce8ab1c7d4309ca3b3133ac05d324cfbb9a82161dc075892ff8970ef18c5b141e0b94fa3466cd6f2735c4cd57e5ac62f1df519e5
7
- data.tar.gz: ea80b29e5bac4d316549ead1d04baaa3e8111f5baa69c97530c50089dbbafcdd86db1f1558976d4681199217ccc82c8411581f02e8f03d1d324a5956d5ca0540
6
+ metadata.gz: d90d3b9eb5663b77ed4e2098a1a06f26322aa7a8c01e75b91e73f1c5635030afe76d93cf819d4df19deff6e9b317247da230d31578acd61b7679e10700d0c6c4
7
+ data.tar.gz: b2510ac0f9d8d318de6e2fe675c29e7c6c9de97c12da03a8661c31baf71e93e996d78f9c310254751007d088da0d691fc34edbbd46e8d512fa7fd0f35429c7fe
@@ -32,7 +32,7 @@ module Entitlements
32
32
  ou: String,
33
33
  ignore_not_found: C::Maybe[C::Bool],
34
34
  ] => C::Any
35
- def initialize(addr: nil, org:, token:, ou:, ignore_not_found: false)
35
+ def initialize(org:, token:, ou:, addr: nil, ignore_not_found: false)
36
36
  super
37
37
  Entitlements.cache[:github_team_members] ||= {}
38
38
  Entitlements.cache[:github_team_members][org_signature] ||= {}
@@ -107,8 +107,8 @@ module Entitlements
107
107
  end
108
108
 
109
109
  maintainers = teamdata[:members].select { |u| teamdata[:roles][u] == "maintainer" }
110
- team_metadata = team_metadata || {}
111
- team_metadata = team_metadata.merge({"team_maintainers" => maintainers.any? ? maintainers.join(",") : nil})
110
+ team_metadata ||= {}
111
+ team_metadata = team_metadata.merge({ "team_maintainers" => maintainers.any? ? maintainers.join(",") : nil })
112
112
 
113
113
  team = Entitlements::Backend::GitHubTeam::Models::Team.new(
114
114
  team_id: teamdata[:team_id],
@@ -139,7 +139,7 @@ module Entitlements
139
139
  def from_predictive_cache?(entitlement_group)
140
140
  team_identifier = entitlement_group.cn.downcase
141
141
  read_team(entitlement_group) unless @team_cache[team_identifier]
142
- (@team_cache[team_identifier] && @team_cache[team_identifier][:cache]) ? true : false
142
+ @team_cache[team_identifier] && @team_cache[team_identifier][:cache] ? true : false
143
143
  end
144
144
 
145
145
  # Declare the entry to be invalid for a specific team, and if the prior knowledge
@@ -192,7 +192,7 @@ module Entitlements
192
192
  if desired_metadata["parent_team_name"].nil?
193
193
  Entitlements.logger.debug "sync_team(team=#{current_state.team_name}): IGNORING GitHub Parent Team DELETE"
194
194
  else
195
- # :nocov:
195
+ # :nocov:
196
196
  Entitlements.logger.debug "sync_team(#{current_state.team_name}=#{current_state.team_id}): Parent team change found - From #{current_metadata["parent_team_name"] || "No Parent Team"} to #{desired_metadata["parent_team_name"]}"
197
197
  desired_parent_team_id = team_by_name(org_name: org, team_name: desired_metadata["parent_team_name"])[:id]
198
198
  unless desired_parent_team_id.nil?
@@ -240,17 +240,20 @@ module Entitlements
240
240
  Entitlements.logger.debug "sync_team(#{current_state.team_name}=#{current_state.team_id}): Textual change but no semantic change in maintainers. It is remains: #{current_maintainers.to_a}."
241
241
  else
242
242
  Entitlements.logger.debug "sync_team(#{current_state.team_name}=#{current_state.team_id}): Maintainer members change found - From #{current_maintainers.to_a} to #{desired_maintainers.to_a}"
243
- added_maintainers.select! { |username| add_user_to_team(user: username, team: current_state, role: "maintainer") }
243
+ added_maintainers.select! do |username|
244
+ add_user_to_team(user: username, team: current_state, role: "maintainer")
245
+ end
244
246
 
245
247
  ## We only touch previous maintainers who are actually still going to be members of the team
246
248
  removed_maintainers = removed_maintainers.intersection(desired_team_members)
247
249
  ## Downgrade membership to default (role: "member")
248
- removed_maintainers.select! { |username| add_user_to_team(user: username, team: current_state, role: "member") }
250
+ removed_maintainers.select! do |username|
251
+ add_user_to_team(user: username, team: current_state, role: "member")
252
+ end
249
253
  end
250
254
  end
251
255
  end
252
256
 
253
-
254
257
  Entitlements.logger.debug "sync_team(#{current_state.team_name}=#{current_state.team_id}): Added #{added_members.count}, removed #{removed_members.count}"
255
258
  added_members.any? || removed_members.any? || added_maintainers.any? || removed_maintainers.any? || changed_parent_team
256
259
  end
@@ -264,28 +267,41 @@ module Entitlements
264
267
  entitlement_group: Entitlements::Models::Group,
265
268
  ] => C::Bool
266
269
  def create_team(entitlement_group:)
270
+ team_name = entitlement_group.cn.downcase
271
+ team_options = { name: team_name, repo_names: [], privacy: "closed" }
272
+
267
273
  begin
268
- team_name = entitlement_group.cn.downcase
269
- team_options = { name: team_name, repo_names: [], privacy: "closed" }
274
+ entitlement_metadata = entitlement_group.metadata
275
+ unless entitlement_metadata["parent_team_name"].nil?
270
276
 
271
- begin
272
- entitlement_metadata = entitlement_group.metadata
273
- unless entitlement_metadata["parent_team_name"].nil?
277
+ begin
274
278
  parent_team_data = graphql_team_data(entitlement_metadata["parent_team_name"])
275
279
  team_options[:parent_team_id] = parent_team_data[:team_id]
276
- Entitlements.logger.debug "create_team(team=#{team_name}) Parent team #{entitlement_metadata["parent_team_name"]} with id #{parent_team_data[:team_id]} found"
280
+ rescue TeamNotFound
281
+ # if the parent team does not exist, create it (think `mkdir -p` logic here)
282
+ result = octokit.create_team(
283
+ org,
284
+ { name: entitlement_metadata["parent_team_name"], repo_names: [], privacy: "closed" }
285
+ )
286
+
287
+ Entitlements.logger.debug "created parent team #{entitlement_metadata["parent_team_name"]} with id #{result[:id]}"
288
+
289
+ team_options[:parent_team_id] = result[:id]
277
290
  end
278
- rescue Entitlements::Models::Group::NoMetadata
279
- Entitlements.logger.debug "create_team(team=#{team_name}) No metadata found"
280
- end
281
291
 
282
- Entitlements.logger.debug "create_team(team=#{team_name})"
283
- octokit.create_team(org, team_options)
284
- true
285
- rescue Octokit::UnprocessableEntity => e
286
- Entitlements.logger.debug "create_team(team=#{team_name}) ERROR - #{e.message}"
287
- false
292
+ Entitlements.logger.debug "create_team(team=#{team_name}) Parent team #{entitlement_metadata["parent_team_name"]} with id #{team_options[:parent_team_id]} found"
293
+ end
294
+ rescue Entitlements::Models::Group::NoMetadata
295
+ Entitlements.logger.debug "create_team(team=#{team_name}) No metadata found"
288
296
  end
297
+
298
+ Entitlements.logger.debug "create_team(team=#{team_name})"
299
+ result = octokit.create_team(org, team_options)
300
+ Entitlements.logger.debug "created team #{team_name} with id #{result[:id]}"
301
+ true
302
+ rescue Octokit::UnprocessableEntity => e
303
+ Entitlements.logger.debug "create_team(team=#{team_name}) ERROR - #{e.message}"
304
+ false
289
305
  end
290
306
 
291
307
  # Update a team
@@ -298,15 +314,14 @@ module Entitlements
298
314
  metadata: C::Or[Hash, nil]
299
315
  ] => C::Bool
300
316
  def update_team(team:, metadata: {})
301
- begin
302
- Entitlements.logger.debug "update_team(team=#{team.team_name})"
303
- options = { name: team.team_name, repo_names: [], privacy: "closed", parent_team_id: metadata[:parent_team_id] }
304
- octokit.update_team(team.team_id, options)
305
- true
306
- rescue Octokit::UnprocessableEntity => e
307
- Entitlements.logger.debug "update_team(team=#{team.team_name}) ERROR - #{e.message}"
308
- false
309
- end
317
+ Entitlements.logger.debug "update_team(team=#{team.team_name})"
318
+ options = { name: team.team_name, repo_names: [], privacy: "closed",
319
+ parent_team_id: metadata[:parent_team_id] }
320
+ octokit.update_team(team.team_id, options)
321
+ true
322
+ rescue Octokit::UnprocessableEntity => e
323
+ Entitlements.logger.debug "update_team(team=#{team.team_name}) ERROR - #{e.message}"
324
+ false
310
325
  end
311
326
 
312
327
  # Gets a team by name
@@ -332,7 +347,8 @@ module Entitlements
332
347
  # team_slug - Identifier of the team to retrieve.
333
348
  #
334
349
  # Returns a data structure with team data.
335
- Contract String => { members: C::ArrayOf[String], team_id: Integer, parent_team_name: C::Or[String, nil], roles: C::HashOf[String => String] }
350
+ Contract String => { members: C::ArrayOf[String], team_id: Integer, parent_team_name: C::Or[String, nil],
351
+ roles: C::HashOf[String => String] }
336
352
  def graphql_team_data(team_slug)
337
353
  cursor = nil
338
354
  team_id = nil
@@ -370,9 +386,7 @@ module Entitlements
370
386
  end
371
387
 
372
388
  team = response[:data].fetch("data").fetch("organization").fetch("team")
373
- if team.nil?
374
- raise TeamNotFound, "Requested team #{team_slug} does not exist in #{org}!"
375
- end
389
+ raise TeamNotFound, "Requested team #{team_slug} does not exist in #{org}!" if team.nil?
376
390
 
377
391
  team_id = team.fetch("databaseId")
378
392
  parent_team_name = team.dig("parentTeam", "slug")
@@ -390,6 +404,7 @@ module Entitlements
390
404
 
391
405
  cursor = edges.last.fetch("cursor")
392
406
  next if cursor && buffer.size == max_graphql_results
407
+
393
408
  break
394
409
  end
395
410
 
@@ -415,6 +430,7 @@ module Entitlements
415
430
  team_data[:slug]
416
431
  end
417
432
  return if @validation_cache[team_id] == team_slug
433
+
418
434
  raise "validate_team_id_and_slug! mismatch: team_id=#{team_id} expected=#{team_slug.inspect} got=#{@validation_cache[team_id].inspect}"
419
435
  end
420
436
 
@@ -432,10 +448,11 @@ module Entitlements
432
448
  ] => C::Bool
433
449
  def add_user_to_team(user:, team:, role: "member")
434
450
  return false unless org_members.include?(user.downcase)
435
- unless role == "member" || role == "maintainer"
451
+ unless ["member", "maintainer"].include?(role)
436
452
  # :nocov:
437
453
  raise "add_user_to_team role mismatch: team_id=#{team.team_id} user=#{user} expected role=maintainer/member got=#{role}"
438
454
  end
455
+
439
456
  Entitlements.logger.debug "#{identifier} add_user_to_team(user=#{user}, org=#{org}, team_id=#{team.team_id}, role=#{role})"
440
457
  validate_team_id_and_slug!(team.team_id, team.team_name)
441
458
 
@@ -462,6 +479,7 @@ module Entitlements
462
479
  ] => C::Bool
463
480
  def remove_user_from_team(user:, team:)
464
481
  return false unless org_members.include?(user.downcase)
482
+
465
483
  Entitlements.logger.debug "#{identifier} remove_user_from_team(user=#{user}, org=#{org}, team_id=#{team.team_id})"
466
484
  validate_team_id_and_slug!(team.team_id, team.team_name)
467
485
  octokit.remove_team_membership(team.team_id, user)
data/lib/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Entitlements
4
4
  module Version
5
- VERSION = "0.6.0"
5
+ VERSION = "0.7.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: entitlements-github-plugin
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub, Inc. Security Ops
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-03 00:00:00.000000000 Z
11
+ date: 2024-05-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: contracts
@@ -86,56 +86,56 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 13.0.6
89
+ version: 13.2.0
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 13.0.6
96
+ version: 13.2.0
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: rspec
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - "~>"
101
+ - - '='
102
102
  - !ruby/object:Gem::Version
103
- version: 3.8.0
103
+ version: 3.13.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - "~>"
108
+ - - '='
109
109
  - !ruby/object:Gem::Version
110
- version: 3.8.0
110
+ version: 3.13.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rspec-core
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - "~>"
115
+ - - '='
116
116
  - !ruby/object:Gem::Version
117
- version: 3.8.0
117
+ version: 3.13.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - "~>"
122
+ - - '='
123
123
  - !ruby/object:Gem::Version
124
- version: 3.8.0
124
+ version: 3.13.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 1.62.1
131
+ version: 1.63.3
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: 1.62.1
138
+ version: 1.63.3
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rubocop-github
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -156,14 +156,28 @@ dependencies:
156
156
  requirements:
157
157
  - - '='
158
158
  - !ruby/object:Gem::Version
159
- version: 1.20.2
159
+ version: 1.21.0
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - '='
165
165
  - !ruby/object:Gem::Version
166
- version: 1.20.2
166
+ version: 1.21.0
167
+ - !ruby/object:Gem::Dependency
168
+ name: ruby-lsp
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - "~>"
172
+ - !ruby/object:Gem::Version
173
+ version: 0.16.7
174
+ type: :development
175
+ prerelease: false
176
+ version_requirements: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - "~>"
179
+ - !ruby/object:Gem::Version
180
+ version: 0.16.7
167
181
  - !ruby/object:Gem::Dependency
168
182
  name: rugged
169
183
  requirement: !ruby/object:Gem::Requirement
@@ -190,14 +204,14 @@ dependencies:
190
204
  requirements:
191
205
  - - '='
192
206
  - !ruby/object:Gem::Version
193
- version: 0.16.1
207
+ version: 0.22.0
194
208
  type: :development
195
209
  prerelease: false
196
210
  version_requirements: !ruby/object:Gem::Requirement
197
211
  requirements:
198
212
  - - '='
199
213
  - !ruby/object:Gem::Version
200
- version: 0.16.1
214
+ version: 0.22.0
201
215
  - !ruby/object:Gem::Dependency
202
216
  name: simplecov-erb
203
217
  requirement: !ruby/object:Gem::Requirement