github-org-manager 0.4.1__tar.gz → 0.5.1__tar.gz

{github_org_manager-0.4.1 → github_org_manager-0.5.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: github-org-manager
-Version: 0.4.1
+Version: 0.5.1
 Summary: Manage a GitHub Organization, its teams, repository permissions, and more
 Home-page: https://github.com/OpenRailAssociation/github-org-manager
 License: Apache-2.0
@@ -45,12 +45,20 @@ The basic principle: all settings reside in YAML configuration files which will
 
 ## Features
 
-* Manage GitHub teams and their members and maintainers
-* Support of sub-teams
+* Manage GitHub organization owners
+* Manage GitHub teams, their members, maintainers and settings
+* Support of parent/child teams
 * Manage teams' permissions on organizations' repositories
 * Invite members to the organization if they aren't part of it yet
 * Warn about unmanaged teams
 * Warn about organization members who are not part of any team
+* Handle individual collaborator permissions to repositories
+
+The tool's philosophy:
+
+* All relevant configuration shall happen in the YAML configuration files, no actions in GitHub UI shall be necessary.
+* All repository permissions shall be managed by team membership. Outside collaborators and individual permissions are discouraged.
+* All teams shall be managed by this tool. While it can deal with unmanaged teams, it's not a priority and may cause warnings.
 
 Are you missing a feature? Please check whether it's [already posted as an issue](https://github.com/OpenRailAssociation/github-org-manager/issues), and create one of this isn't the case.
 

{github_org_manager-0.4.1 → github_org_manager-0.5.1}/README.md

@@ -17,12 +17,20 @@ The basic principle: all settings reside in YAML configuration files which will
 
 ## Features
 
-* Manage GitHub teams and their members and maintainers
-* Support of sub-teams
+* Manage GitHub organization owners
+* Manage GitHub teams, their members, maintainers and settings
+* Support of parent/child teams
 * Manage teams' permissions on organizations' repositories
 * Invite members to the organization if they aren't part of it yet
 * Warn about unmanaged teams
 * Warn about organization members who are not part of any team
+* Handle individual collaborator permissions to repositories
+
+The tool's philosophy:
+
+* All relevant configuration shall happen in the YAML configuration files, no actions in GitHub UI shall be necessary.
+* All repository permissions shall be managed by team membership. Outside collaborators and individual permissions are discouraged.
+* All teams shall be managed by this tool. While it can deal with unmanaged teams, it's not a priority and may cause warnings.
 
 Are you missing a feature? Please check whether it's [already posted as an issue](https://github.com/OpenRailAssociation/github-org-manager/issues), and create one of this isn't the case.
 

{github_org_manager-0.4.1 → github_org_manager-0.5.1}/gh_org_mgr/_config.py

@@ -85,8 +85,9 @@ def _read_config_file(file: str) -> dict:
     return config
 
 
-def parse_config_files(path: str) -> tuple[dict, dict, dict]:
-    """Parse all relevant files in the configuration directory"""
+def parse_config_files(path: str) -> tuple[dict[str, str | dict[str, str]], dict, dict]:
+    """Parse all relevant files in the configuration directory. Returns a tuple
+    of org config, app config, and merged teams config"""
     # Find the relevant config files for app, org, and teams
     cfg_app_files = _find_matching_files(path, APP_CONFIG_FILE, only_one=True)
     cfg_org_files = _find_matching_files(path, ORG_CONFIG_FILE, only_one=True)

{github_org_manager-0.4.1 → github_org_manager-0.5.1}/gh_org_mgr/_gh_org.py

@@ -5,9 +5,10 @@
 """Class for the GitHub organization which contains most of the logic"""
 
 import logging
+import sys
 from dataclasses import asdict, dataclass, field
 
-from github import Github, UnknownObjectException
+from github import Github, GithubException, UnknownObjectException
 from github.NamedUser import NamedUser
 from github.Organization import Organization
 from github.Repository import Repository
@@ -17,23 +18,35 @@ from ._gh_api import get_github_token, run_graphql_query
 
 
 @dataclass
-class GHorg:  # pylint: disable=too-many-instance-attributes
+class GHorg:  # pylint: disable=too-many-instance-attributes, too-many-lines
     """Dataclass holding GH organization data and functions"""
 
     gh: Github = None  # type: ignore
     org: Organization = None  # type: ignore
     gh_token: str = ""
     default_repository_permission: str = ""
-    org_owners: list[NamedUser] = field(default_factory=list)
+    current_org_owners: list[NamedUser] = field(default_factory=list)
+    configured_org_owners: list[str] = field(default_factory=list)
     org_members: list[NamedUser] = field(default_factory=list)
     current_teams: dict[Team, dict] = field(default_factory=dict)
     configured_teams: dict[str, dict | None] = field(default_factory=dict)
+    newly_added_users: list[NamedUser] = field(default_factory=list)
     current_repos_teams: dict[Repository, dict[Team, str]] = field(default_factory=dict)
     current_repos_collaborators: dict[Repository, dict[str, str]] = field(default_factory=dict)
     configured_repos_collaborators: dict[str, dict[str, str]] = field(default_factory=dict)
     archived_repos: list[Repository] = field(default_factory=list)
     unconfigured_team_repo_permissions: dict[str, dict[str, str]] = field(default_factory=dict)
 
+    # Re-usable Constants
+    TEAM_CONFIG_FIELDS: dict[str, dict[str, str | None]] = field(  # pylint: disable=invalid-name
+        default_factory=lambda: {
+            "parent": {"fallback_value": None},
+            "privacy": {"fallback_value": "<keep-current>"},
+            "description": {"fallback_value": "<keep-current>"},
+            "notification_setting": {"fallback_value": "<keep-current>"},
+        }
+    )
+
     # --------------------------------------------------------------------------
     # Helper functions
     # --------------------------------------------------------------------------
@@ -43,11 +56,13 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         # supported, or multiple spaces etc.
         return team.replace(" ", "-")
 
-    def login(self, orgname: str, token: str):
+    def login(self, orgname: str, token: str) -> None:
         """Login to GH, gather org data"""
         self.gh_token = get_github_token(token)
         self.gh = Github(self.gh_token)
+        logging.debug("Logged in as %s", self.gh.get_user().login)
         self.org = self.gh.get_organization(orgname)
+        logging.debug("Gathered data from organization '%s' (%s)", self.org.login, self.org.name)
 
     def ratelimit(self):
         """Get current rate limit"""
@@ -56,9 +71,8 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
             "Current rate limit: %s/%s (reset: %s)", core.remaining, core.limit, core.reset
         )
 
-    def df2json(self) -> str:
-        """Convert the dataclass to a JSON string"""
-        d = asdict(self)
+    def pretty_print_dict(self, dictionary: dict) -> str:
+        """Convert a dict to a pretty-printed output"""
 
         # Censor sensible fields
         def censor_half_string(string: str) -> str:
@@ -69,7 +83,8 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
         sensible_keys = ["gh_token"]
         for key in sensible_keys:
-            d[key] = censor_half_string(d.get(key, ""))
+            if value := dictionary.get(key, ""):
+                dictionary[key] = censor_half_string(value)
 
         # Print dict nicely
         def pretty(d, indent=0):
@@ -83,7 +98,211 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
             return string
 
-        return pretty(d)
+        return pretty(dictionary)
+
+    def pretty_print_dataclass(self) -> str:
+        """Convert this dataclass to a pretty-printed output"""
+        return self.pretty_print_dict(asdict(self))
+
+    def compare_two_lists(self, list1: list[str], list2: list[str]):
+        """
+        Compares two lists of strings and returns a tuple containing elements
+        missing in each list and common elements.
+
+        Args:
+            list1 (list of str): The first list of strings.
+            list2 (list of str): The second list of strings.
+
+        Returns:
+            tuple: A tuple containing three lists:
+                1. The first list contains elements in `list2` that are missing in `list1`.
+                2. The second list contains elements that are present in both `list1` and `list2`.
+                3. The third list contains elements in `list1` that are missing in `list2`.
+
+        Example:
+            >>> list1 = ["apple", "banana", "cherry"]
+            >>> list2 = ["banana", "cherry", "date", "fig"]
+            >>> compare_lists(list1, list2)
+            (['date', 'fig'], ['banana', 'cherry'], ['apple'])
+        """
+        # Convert lists to sets for easier comparison
+        set1, set2 = set(list1), set(list2)
+
+        # Elements in list2 that are missing in list1
+        missing_in_list1 = list(set2 - set1)
+
+        # Elements present in both lists
+        common_elements = list(set1 & set2)
+
+        # Elements in list1 that are missing in list2
+        missing_in_list2 = list(set1 - set2)
+
+        # Return the result as a tuple
+        return (missing_in_list1, common_elements, missing_in_list2)
+
+    def compare_two_dicts(self, dict1: dict, dict2: dict) -> dict[str, dict[str, str | int | None]]:
+        """Compares two dictionaries. Assume that the keys are the same. Output
+        a dict with keys that have differing values"""
+        # Create an empty dictionary to store differences
+        differences = {}
+
+        # Iterate through the keys (assuming both dictionaries have the same keys)
+        for key in dict1:
+            # Compare the values for each key
+            if dict1[key] != dict2[key]:
+                differences[key] = {"dict1": dict1[key], "dict2": dict2[key]}
+
+        return differences
+
+    def _resolve_gh_username(self, username: str, teamname: str) -> NamedUser | None:
+        """Turn a username into a proper GitHub user object"""
+        try:
+            gh_user: NamedUser = self.gh.get_user(username)  # type: ignore
+        except UnknownObjectException:
+            logging.error(
+                "The user '%s' configured as member of team '%s' does not "
+                "exist on GitHub. Spelling error or did they rename themselves?",
+                username,
+                teamname,
+            )
+            return None
+
+        return gh_user
+
+    # --------------------------------------------------------------------------
+    # Configuration
+    # --------------------------------------------------------------------------
+    def consolidate_team_config(self, default_team_configs: dict[str, str]) -> None:
+        """Complete teams configuration with default teams configs"""
+        for team_name, team_config in self.configured_teams.items():
+            # Handle none team configs
+            if team_config is None:
+                team_config = {}
+
+            # Iterate through configurable team settings. Take team config, fall
+            # back to default org-wide value. If no config can be found, either
+            # add a fallback value or do not add this setting altogether.
+            for cfg_item, cfg_value in self.TEAM_CONFIG_FIELDS.items():
+                # Case 1: setting in team config
+                if tcfg := team_config.get(cfg_item):
+                    team_config[cfg_item] = tcfg
+                # Case 2: setting in default org team config
+                elif dcfg := default_team_configs.get(cfg_item):
+                    team_config[cfg_item] = dcfg
+                # Case 3: setting defined nowhere, take hardcoded default
+                else:
+                    # Look which fallback value/action shall be taken
+                    fallback_value = cfg_value["fallback_value"]
+                    if fallback_value != "<keep-current>":
+                        team_config[cfg_item] = fallback_value
+
+            logging.debug("Configuration for team '%s' consolidated to: %s", team_name, team_config)
+
+    # --------------------------------------------------------------------------
+    # Owners
+    # --------------------------------------------------------------------------
+    def _get_current_org_owners(self) -> None:
+        """Get all owners of the org"""
+        # Reset the user list, then build up new list
+        self.current_org_owners = []
+        for member in self.org.get_members(role="admin"):
+            self.current_org_owners.append(member)
+
+    def _check_configured_org_owners(self) -> bool:
+        """Check configured owners and make them lower-case for better
+        comparison. Returns True if owners are well configured."""
+        # Add configured owners if they are a list
+        if isinstance(self.configured_org_owners, list):
+            # Make all configured users lower-case
+            self.configured_org_owners = [user.lower() for user in self.configured_org_owners]
+        else:
+            logging.warning(
+                "The organisation owners are not configured as a proper list. Will not handle them."
+            )
+            self.configured_org_owners = []
+
+        if not self.configured_org_owners:
+            logging.warning(
+                "No owners for your GitHub organisation configured. Will not make any "
+                "change regarding the ownership, and continue with the current owners: %s",
+                ", ".join([user.login for user in self.current_org_owners]),
+            )
+            return False
+
+        return True
+
+    def _is_user_authenticated_user(self, user: NamedUser) -> bool:
+        """Check if a given NamedUser is the authenticated user"""
+        if user.login == self.gh.get_user().login:
+            return True
+        return False
+
+    def sync_org_owners(self, dry: bool = False, force: bool = False) -> None:
+        """Synchronise the organization owners"""
+        # Get current and configured owners
+        self._get_current_org_owners()
+
+        # Abort owner synchronisation if no owners are configured, or badly
+        if not self._check_configured_org_owners():
+            return
+
+        # Get differences between the current and configured owners
+        owners_remove, owners_ok, owners_add = self.compare_two_lists(
+            self.configured_org_owners, [user.login for user in self.current_org_owners]
+        )
+        # Compare configured (lower-cased) owners with lower-cased list of current owners
+        if not owners_remove and not owners_add:
+            logging.info("Organization owners are in sync, no changes")
+            return
+
+        logging.debug(
+            "Organization owners are not in sync. Config: '%s' vs. Current: '%s'",
+            self.configured_org_owners,
+            self.current_org_owners,
+        )
+        logging.debug(
+            "Will remove %s, will not change %s, will add %s", owners_remove, owners_ok, owners_add
+        )
+
+        # Add the missing owners
+        for user in owners_add:
+            if gh_user := self._resolve_gh_username(user, "<org owners>"):
+                logging.info("Adding user '%s' as organization owner", gh_user.login)
+                if not dry:
+                    self.org.add_to_members(gh_user, "admin")
+
+        # Remove the surplus owners
+        for user in owners_remove:
+            if gh_user := self._resolve_gh_username(user, "<org owners>"):
+                logging.info(
+                    "User '%s' is not configured as organization owners. "
+                    "Will make them a normal member",
+                    gh_user.login,
+                )
+                # Handle authenticated user being the same as the one you want to degrade
+                if self._is_user_authenticated_user(gh_user):
+                    logging.warning(
+                        "The user '%s' you want to remove from owners is the one you "
+                        "authenticated with. This may disrupt all further operations. "
+                        "Unless you run the program with --force, "
+                        "this operation will not be executed.",
+                        gh_user.login,
+                    )
+                    # Check if user forced this operation
+                    if force:
+                        logging.info(
+                            "You called the program with --force, "
+                            "so it will remove yourself from the owners"
+                        )
+                    else:
+                        continue
+
+                # Execute the degradation of the owner
+                if not dry:
+                    self.org.add_to_members(gh_user, "member")
+
+        # Update the current organisation owners
+        self._get_current_org_owners()
 
     # --------------------------------------------------------------------------
     # Teams
@@ -108,13 +327,25 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                     parent_id = self.org.get_team_by_slug(self._sluggify_teamname(parent)).id
 
                     logging.info("Creating team '%s' with parent ID '%s'", team, parent_id)
+                    # NOTE: We do not specify any team settings (description etc)
+                    # here, this will happen later
                     if not dry:
-                        self.org.create_team(team, parent_team_id=parent_id)
+                        self.org.create_team(
+                            team,
+                            parent_team_id=parent_id,
+                            # Hardcode privacy as "secret" is not possible in child teams
+                            privacy="closed",
+                        )
 
                 else:
                     logging.info("Creating team '%s' without parent", team)
                     if not dry:
-                        self.org.create_team(team, privacy="closed")
+                        self.org.create_team(
+                            team,
+                            # Hardcode privacy as "secret" is not possible in
+                            # parent teams, which is the API's default
+                            privacy="closed",
+                        )
 
             else:
                 logging.debug("Team '%s' already exists", team)
@@ -122,13 +353,109 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         # Re-scan current teams as new ones may have been created
         self._get_current_teams()
 
+    def _prepare_team_config_for_sync(
+        self, team_config: dict[str, str | int | Team | None]
+    ) -> dict[str, str | int | None]:
+        """Turn parent values into IDs, and sort the config dictionary for better comparison"""
+        if parent := team_config["parent"]:
+            # team coming from API request (current)
+            if isinstance(parent, Team):
+                team_config["parent_team_id"] = parent.id
+            # team coming from config, and valid string
+            elif isinstance(parent, str) and parent:
+                team_config["parent_team_id"] = self.org.get_team_by_slug(
+                    self._sluggify_teamname(parent)
+                ).id
+            # empty from string, so probably default value
+            elif isinstance(parent, str) and not parent:
+                team_config["parent_team_id"] = None
+        else:
+            team_config["parent_team_id"] = None
+
+        # Remove parent key
+        team_config.pop("parent", None)
+
+        # Sort dict and return
+        # Ensure the dictionary has only comparable types before sorting
+        filtered_team_config = {
+            k: v for k, v in team_config.items() if isinstance(v, (str, int, type(None)))
+        }
+        return dict(sorted(filtered_team_config.items()))
+
+    def sync_current_teams_settings(self, dry: bool = False) -> None:
+        """Sync settings for the existing teams: description, visibility etc."""
+        for team in self.current_teams:
+            # Skip unconfigured teams
+            if team.name not in self.configured_teams:
+                logging.debug(
+                    "Will not sync settings of team '%s' as not configured locally", team.name
+                )
+                continue
+
+            # Use dictionary comprehensions to build the dictionaries with the
+            # relevant team settings for comparison
+            configured_team_configs = {
+                key: self.configured_teams[team.name].get(key)  # type: ignore
+                for key in self.TEAM_CONFIG_FIELDS
+                # Only add keys that are actually in the configuration. Deals
+                # with settings that should be changed, as they are neither
+                # defined in the default or team config, and marked as
+                # <keep-current>
+                if key in self.configured_teams[team.name]  # type: ignore
+            }
+            current_team_configs = {
+                key: getattr(team, key)
+                for key in self.TEAM_CONFIG_FIELDS
+                # Only compare current team settings with keys that are defined
+                # as the configured team settings. Taking out settings that
+                # shall not be changed
+                if key in self.configured_teams[team.name]  # type: ignore
+            }
+
+            # Resolve parent team id from parent Team object or team string, and sort
+            configured_team_configs = self._prepare_team_config_for_sync(configured_team_configs)
+            current_team_configs = self._prepare_team_config_for_sync(current_team_configs)
+
+            # Log the comparison result
+            logging.debug(
+                "Comparing team '%s' settings: Configured '%s' vs. Current '%s'",
+                team.name,
+                configured_team_configs,
+                current_team_configs,
+            )
+
+            # Compare settings and update if necessary
+            if differences := self.compare_two_dicts(configured_team_configs, current_team_configs):
+                # Log differences
+                logging.info(
+                    "Team settings for '%s' differ from the configuration. Updating them:",
+                    team.name,
+                )
+                for setting, diff in differences.items():
+                    logging.info(
+                        "Setting '%s': '%s' --> '%s'", setting, diff["dict2"], diff["dict1"]
+                    )
+                # Execute team setting changes
+                if not dry:
+                    try:
+                        team.edit(name=team.name, **configured_team_configs)  # type: ignore
+                    except GithubException as exc:
+                        logging.critical(
+                            "Team '%s' settings could not be edited. Error: \n%s",
+                            team.name,
+                            self.pretty_print_dict(exc.data),
+                        )
+                        sys.exit(1)
+            else:
+                logging.info("Team '%s' settings are in sync, no changes", team.name)
+
     # --------------------------------------------------------------------------
     # Members
     # --------------------------------------------------------------------------
-    def _get_org_members(self):
-        """Get all owners of the org"""
-        for member in self.org.get_members(role="admin"):
-            self.org_owners.append(member)
+    def _get_current_org_members(self):
+        """Get all ordinary members of the org"""
+        # Reset the user list, then build up new list
+        self.org_members = []
         for member in self.org.get_members(role="member"):
             self.org_members.append(member)
 
@@ -159,27 +486,19 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
         return current_users
 
-    def _resolve_gh_username(self, username: str, teamname: str) -> NamedUser | None:
-        """Turn a username into a proper GitHub user object"""
-        try:
-            gh_user: NamedUser = self.gh.get_user(username)  # type: ignore
-        except UnknownObjectException:
-            logging.error(
-                "The user '%s' configured as member of team '%s' does not "
-                "exist on GitHub. Spelling error or did they rename themselves?",
-                username,
-                teamname,
-            )
-            return None
-
-        return gh_user
+    def _add_or_update_user_in_team(self, team: Team, user: NamedUser, role: str):
+        """Add or update membership of a user in a team"""
+        team.add_membership(member=user, role=role)
+        # Document that the user has just been added to a team. Relevant when we
+        # will later find users without team membership
+        self.newly_added_users.append(user)
 
     def sync_teams_members(self, dry: bool = False) -> None:  # pylint: disable=too-many-branches
         """Check the configured members of each team, add missing ones and delete unconfigured"""
         logging.debug("Starting to sync team members")
 
-        # Gather all members and owners of the organisation
-        self._get_org_members()
+        # Gather all ordinary members of the organisation
+        self._get_current_org_members()
 
         # Get open invitations
         open_invitations = [user.login.lower() for user in self.org.invitations()]
@@ -223,7 +542,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
             # Consider all GitHub organisation team maintainers if they are member of the team
             # This is because GitHub API returns them as maintainers even if they are just members
-            for user in self.org_owners:
+            for user in self.current_org_owners:
                 if user.login in configured_users:
                     logging.debug(
                         "Overriding role of organisation owner '%s' to maintainer", user.login
@@ -232,7 +551,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
             # Only make edits to the team membership if the current state differs from config
             if configured_users == current_team_members:
-                logging.info("Team '%s' configuration is in sync, no changes", team.name)
+                logging.info("Team '%s' memberships are in sync, no changes", team.name)
                 continue
 
             # Loop through the configured users, add / update them if necessary
@@ -260,7 +579,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                         config_role,
                     )
                     if not dry:
-                        team.add_membership(member=gh_user, role=config_role)
+                        self._add_or_update_user_in_team(team=team, user=gh_user, role=config_role)
 
                 # Update roles if they differ from old role
                 elif config_role != current_team_members.get(config_user, ""):
@@ -274,7 +593,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                         config_role,
                     )
                     if not dry:
-                        team.add_membership(member=gh_user, role=config_role)
+                        self._add_or_update_user_in_team(team=team, user=gh_user, role=config_role)
 
             # Loop through all current members. Remove them if they are not configured
             for current_user in current_team_members:
@@ -304,14 +623,15 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
     def get_members_without_team(self) -> None:
         """Get all organisation members without any team membership"""
         # Combine org owners and org members
-        all_org_members = set(self.org_members + self.org_owners)
+        all_org_members = set(self.org_members + self.current_org_owners)
 
         # Get all members of all teams
-        all_team_members_lst = []
+        all_team_members_lst: list[NamedUser] = []
         for _, team_attrs in self.current_teams.items():
             for member in team_attrs.get("members", {}):
                 all_team_members_lst.append(member)
-        all_team_members = set(all_team_members_lst)
+        # Also add users that have just been added to a team, and unify them
+        all_team_members: set[NamedUser] = set(all_team_members_lst + self.newly_added_users)
 
         # Find members that are in org_members but not team_members
         members_without_team = all_org_members.difference(all_team_members)
@@ -556,6 +876,8 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
                 # Add team member to repo with their repo permissions
                 for team_member in team_members:
+                    # Lower-case team member
+                    team_member = team_member.lower()
                     # Check if permissions already exist
                     if self.configured_repos_collaborators[repo].get(team_member, {}):
                         logging.debug(
@@ -571,7 +893,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                             )
                         )
                     else:
-                        self.configured_repos_collaborators[repo][team_member.lower()] = perm
+                        self.configured_repos_collaborators[repo][team_member] = perm
 
     def _convert_graphql_perm_to_rest(self, permission: str) -> str:
         """Convert a repo permission coming from the GraphQL API to the ones
@@ -639,7 +961,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         for collaborator in collaborators:
             login: str = collaborator["node"]["login"]
             # Skip entry if collaborator is org owner, which is "admin" anyway
-            if login.lower() in [user.login.lower() for user in self.org_owners]:
+            if login.lower() in [user.login.lower() for user in self.current_org_owners]:
                 continue
             permission = self._convert_graphql_perm_to_rest(collaborator["permission"])
             self.current_repos_collaborators[repo][login.lower()] = permission

{github_org_manager-0.4.1 → github_org_manager-0.5.1}/gh_org_mgr/manage.py

@@ -47,6 +47,12 @@ parser_sync.add_argument(
     action="store_true",
     help="Do not take any action in ignored repositories",
 )
+parser_sync.add_argument(
+    "-f",
+    "--force",
+    action="store_true",
+    help="Execute potentially dangerous actions which you will be warned about without this flag",
+)
 
 # Setup Team
 parser_create_team = subparsers.add_parser(
@@ -74,12 +80,6 @@ parser_create_team_file.add_argument(
     "--file",
     help="Path to the file in which the team shall be added",
 )
-# parser_create_team.add_argument(
-#     "-a",
-#     "--file-exists-action",
-#     help="Define which action shall be taken when the requested output file already exists",
-#     choices=["override", "extend", "skip"]
-# )
 
 
 def main():
@@ -94,6 +94,8 @@ def main():
     if args.command == "sync":
         if args.dry:
             logging.info("Dry-run mode activated, will not make any changes at GitHub")
+        if args.force:
+            logging.info("Force mode activated, will make potentially dangerous actions")
 
         org = GHorg()
 
@@ -104,14 +106,22 @@ def main():
                 "No GitHub organisation name configured in organisation settings. Cannot continue"
             )
             sys.exit(1)
+        org.configured_org_owners = cfg_org.get("org_owners", [])
+        org.consolidate_team_config(
+            default_team_configs=cfg_org.get("defaults", {}).get("team", {})
+        )
 
         # Login to GitHub with token, get GitHub organisation
         org.login(cfg_org.get("org_name", ""), cfg_app.get("github_token", ""))
         # Get current rate limit
         org.ratelimit()
 
+        # Synchronise organisation owners
+        org.sync_org_owners(dry=args.dry, force=args.force)
         # Create teams that aren't present at Github yet
         org.create_missing_teams(dry=args.dry)
+        # Configure general settings of teams
+        org.sync_current_teams_settings(dry=args.dry)
         # Synchronise the team memberships
         org.sync_teams_members(dry=args.dry)
         # Report about organisation members that do not belong to any team
@@ -123,7 +133,7 @@ def main():
         org.sync_repo_collaborator_permissions(dry=args.dry)
 
         # Debug output
-        logging.debug("Final dataclass:\n%s", org.df2json())
+        logging.debug("Final dataclass:\n%s", org.pretty_print_dataclass())
         org.ratelimit()
 
     # Setup Team command

{github_org_manager-0.4.1 → github_org_manager-0.5.1}/pyproject.toml

@@ -4,7 +4,7 @@
 
 [tool.poetry]
 name = "github-org-manager"
-version = "0.4.1"
+version = "0.5.1"
 description = "Manage a GitHub Organization, its teams, repository permissions, and more"
 authors = ["Max Mehl <max.mehl@deutschebahn.com>"]
 readme = "README.md"
@@ -57,10 +57,6 @@ line-length = 100
 [tool.mypy]
 files = ["gh_org_mgr/*.py"]
 
-# Pylint
-[tool.pylint.'MESSAGES CONTROL']
-disable = "fixme"
-
 # Bump-My-Version
 [tool.bumpversion]
 commit = true