From fd92366269c8ba7459ba129afed3c17cce97319e Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Thu, 9 Nov 2017 15:58:18 +0200
Subject: [PATCH 01/29] Initial commit - add_team_to_repo command
---
command_plugins/github/plugin.py | 65 ++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index d962780..3b476bc 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -48,6 +48,14 @@ def __init__(self):
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
"enabled": True # this command in the config.py.
},
+ "!SetRepoPermissions": {
+ "command": "!SetRepoPermissions",
+ "func": self.add_team_To_repo,
+ "user_data_required": True,
+ "help": "Adds a team to a specific repository in a specific GitHub organization.",
+ "permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
+ "enabled": True # this command in the config.py.
+ },
"!SetDescription": {
"command": "!SetDescription",
"func": self.set_description_command,
@@ -321,6 +329,63 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
org, repo),
markdown=True, thread=data["ts"])
+ @hubcommander_command(
+ name="!SetRepoPermissions",
+ usage="!SetRepoPermissions <Team> <OrgWithRepo> <Repo> <Permission>",
+ description="This will add an outside collaborator to a repository with the given permission.",
+ required=[
+ dict(name="team", properties=dict(type=str, help="The team's GitHub ID.")),
+ dict(name="org", properties=dict(type=str, help="The organization that contains the repo."),
+ validation_func=lookup_real_org, validation_func_kwargs={}),
+ dict(name="repo", properties=dict(type=str, help="The repository to add the outside collaborator to."),
+ validation_func=extract_repo_name, validation_func_kwargs={}),
+ dict(name="permission", properties=dict(type=str.lower, help="The permission to grant, must be one "
+ "of: `{values}`"),
+ choices="permitted_permissions")
+ ],
+ optional=[]
+ )
+ @auth()
+ @repo_must_exist()
+ def add_team_to_repo(self, data, user_data, team, org, repo, permission):
+ """
+ Adds a team to a repository with a specified permission.
+
+ Command is as follows: !SetRepoPermissions <Team> <OrgWithRepo> <Repo> <Permission>
+ :param permission:
+ :param repo:
+ :param org:
+ :param teamid:
+ :param user_data:
+ :param data:
+ :return:
+ """
+ # Output that we are doing work:
+ send_info(data["channel"], "@{}: Working, Please wait...".format(user_data["name"]), thread=data["ts"])
+
+ # Grant access:
+ try:
+ self.set_repo_permissions(repo, org, team, permission)
+
+ except ValueError as ve:
+ send_error(data["channel"],
+ "@{}: Problem encountered adding the team.\n"
+ "The response code from GitHub was: {}".format(user_data["name"], str(ve)), thread=data["ts"])
+ return
+
+ except Exception as e:
+ send_error(data["channel"],
+ "@{}: Problem encountered adding the team.\n"
+ "Here are the details: {}".format(user_data["name"], str(e)), thread=data["ts"])
+ return
+
+ # Done:
+ send_success(data["channel"],
+ "@{}: The GitHub team: `{}` has been added to the repo with `{}` "
+ "permissions to {}/{}.".format(user_data["name"], team, permission,
+ org, repo),
+ markdown=True, thread=data["ts"])
+
@hubcommander_command(
name="!AddUserToTeam",
usage="!AddUserToTeam <UserGitHubId> <Org> <Team> <Role>",
From ee3153997604abf03dc64775721688318714337b Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Thu, 9 Nov 2017 16:11:12 +0200
Subject: [PATCH 02/29] fix typo and reference team by name instead of id
---
command_plugins/github/plugin.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 3b476bc..86f2d2d 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -50,7 +50,7 @@ def __init__(self):
},
"!SetRepoPermissions": {
"command": "!SetRepoPermissions",
- "func": self.add_team_To_repo,
+ "func": self.add_team_to_repo,
"user_data_required": True,
"help": "Adds a team to a specific repository in a specific GitHub organization.",
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
@@ -363,9 +363,12 @@ def add_team_to_repo(self, data, user_data, team, org, repo, permission):
# Output that we are doing work:
send_info(data["channel"], "@{}: Working, Please wait...".format(user_data["name"]), thread=data["ts"])
+ # Check if team exists, if it does return the id
+ team_id = self.find_team_id_by_name(org, team)
+
# Grant access:
try:
- self.set_repo_permissions(repo, org, team, permission)
+ self.set_repo_permissions(repo, org, team_id, permission)
except ValueError as ve:
send_error(data["channel"],
From 320a3621c679054bc78c56a157a155083c15d0df Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Thu, 9 Nov 2017 16:35:32 +0200
Subject: [PATCH 03/29] Change to more accurate function name
---
command_plugins/github/plugin.py | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 86f2d2d..a0948b6 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -48,11 +48,11 @@ def __init__(self):
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
"enabled": True # this command in the config.py.
},
- "!SetRepoPermissions": {
- "command": "!SetRepoPermissions",
- "func": self.add_team_to_repo,
+ "!SetRepoTeamPermissions": {
+ "command": "!SetRepoTeamPermissions",
+ "func": self.set_team_permissions,
"user_data_required": True,
- "help": "Adds a team to a specific repository in a specific GitHub organization.",
+ "help": "Sets team permissions to a specific repository in a specific GitHub organization.",
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
"enabled": True # this command in the config.py.
},
@@ -330,14 +330,14 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
markdown=True, thread=data["ts"])
@hubcommander_command(
- name="!SetRepoPermissions",
- usage="!SetRepoPermissions <Team> <OrgWithRepo> <Repo> <Permission>",
- description="This will add an outside collaborator to a repository with the given permission.",
+ name="!SetRepoTeamPermissions",
+ usage="!SetRepoTeamPermissions <Team> <OrgWithRepo> <Repo> <Permission>",
+ description="This will set team permissions on a repository .",
required=[
- dict(name="team", properties=dict(type=str, help="The team's GitHub ID.")),
+ dict(name="team", properties=dict(type=str, help="The team's name.")),
dict(name="org", properties=dict(type=str, help="The organization that contains the repo."),
validation_func=lookup_real_org, validation_func_kwargs={}),
- dict(name="repo", properties=dict(type=str, help="The repository to add the outside collaborator to."),
+ dict(name="repo", properties=dict(type=str, help="The repository to add the team to."),
validation_func=extract_repo_name, validation_func_kwargs={}),
dict(name="permission", properties=dict(type=str.lower, help="The permission to grant, must be one "
"of: `{values}`"),
@@ -347,7 +347,7 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
)
@auth()
@repo_must_exist()
- def add_team_to_repo(self, data, user_data, team, org, repo, permission):
+ def set_team_permissions(self, data, user_data, team, org, repo, permission):
"""
Adds a team to a repository with a specified permission.
@@ -355,7 +355,7 @@ def add_team_to_repo(self, data, user_data, team, org, repo, permission):
:param permission:
:param repo:
:param org:
- :param teamid:
+ :param team:
:param user_data:
:param data:
:return:
From f9a9e264210684a92db9d5fcd0576d5fcaccc2ea Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Tue, 21 Nov 2017 21:14:37 +0200
Subject: [PATCH 04/29] Apply changes and add team_must_exist decorator
---
command_plugins/github/decorators.py | 15 +++++++++++++++
command_plugins/github/plugin.py | 17 +++++++++++------
2 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/command_plugins/github/decorators.py b/command_plugins/github/decorators.py
index 0968b8a..14ce63b 100644
--- a/command_plugins/github/decorators.py
+++ b/command_plugins/github/decorators.py
@@ -23,6 +23,21 @@ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
return command_decorator
+def team_must_exist(org_arg="org", team_arg="team"):
+ def command_decorator(func):
+ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
+ # Check if the specified GitHub team exists:
+ if not github_plugin.find_team_id_by_name(data, user_date, kwargs[org_arg], kwargs[team_arg]):
+ send_error(data["channel"], "@{}: The GitHub team: {} does not exist.".format(user_data["name"],
+ kwargs[team_arg]))
+ return
+
+ # Run the next function:
+ return func(github_plugin, data, user_data, *args, **kwargs)
+
+ return decorated_command
+
+ return command_decorator
def github_user_exists(user_arg):
def command_decorator(func):
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index a0948b6..7208b72 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -18,7 +18,7 @@
from hubcommander.bot_components.parse_functions import extract_repo_name, parse_toggles
from hubcommander.command_plugins.github.config import GITHUB_URL, GITHUB_VERSION, ORGS, USER_COMMAND_DICT
from hubcommander.command_plugins.github.parse_functions import lookup_real_org, validate_homepage
-from hubcommander.command_plugins.github.decorators import repo_must_exist, github_user_exists, branch_must_exist
+from hubcommander.command_plugins.github.decorators import repo_must_exist, github_user_exists, branch_must_exist, team_must_exist
class GitHubPlugin(BotCommander):
@@ -48,8 +48,8 @@ def __init__(self):
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
"enabled": True # this command in the config.py.
},
- "!SetRepoTeamPermissions": {
- "command": "!SetRepoTeamPermissions",
+ "!SetRepoPermissions": {
+ "command": "!SetRepoPermissions",
"func": self.set_team_permissions,
"user_data_required": True,
"help": "Sets team permissions to a specific repository in a specific GitHub organization.",
@@ -330,15 +330,15 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
markdown=True, thread=data["ts"])
@hubcommander_command(
- name="!SetRepoTeamPermissions",
- usage="!SetRepoTeamPermissions <Team> <OrgWithRepo> <Repo> <Permission>",
+ name="!SetRepoPermissions",
+ usage="!SetRepoPermissions <OrgWithRepo> <Repo> <Team> <Permission>",
description="This will set team permissions on a repository .",
required=[
- dict(name="team", properties=dict(type=str, help="The team's name.")),
dict(name="org", properties=dict(type=str, help="The organization that contains the repo."),
validation_func=lookup_real_org, validation_func_kwargs={}),
dict(name="repo", properties=dict(type=str, help="The repository to add the team to."),
validation_func=extract_repo_name, validation_func_kwargs={}),
+ dict(name="team", properties=dict(type=str, help="The team's name.")),
dict(name="permission", properties=dict(type=str.lower, help="The permission to grant, must be one "
"of: `{values}`"),
choices="permitted_permissions")
@@ -347,6 +347,7 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
)
@auth()
@repo_must_exist()
+ @team_must_exist()
def set_team_permissions(self, data, user_data, team, org, repo, permission):
"""
Adds a team to a repository with a specified permission.
@@ -366,6 +367,10 @@ def set_team_permissions(self, data, user_data, team, org, repo, permission):
# Check if team exists, if it does return the id
team_id = self.find_team_id_by_name(org, team)
+ if not team_id:
+ send_error(data["channel"], "The GitHub team does not exist.", thread=data["ts"])
+ return
+
# Grant access:
try:
self.set_repo_permissions(repo, org, team_id, permission)
From 6253c8b1ed3cc8d3c88b9b886eca7ad65bde97e1 Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Tue, 21 Nov 2017 21:18:49 +0200
Subject: [PATCH 05/29] replace inline checks with decorator
---
command_plugins/github/plugin.py | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 7208b72..16a433e 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -367,10 +367,6 @@ def set_team_permissions(self, data, user_data, team, org, repo, permission):
# Check if team exists, if it does return the id
team_id = self.find_team_id_by_name(org, team)
- if not team_id:
- send_error(data["channel"], "The GitHub team does not exist.", thread=data["ts"])
- return
-
# Grant access:
try:
self.set_repo_permissions(repo, org, team_id, permission)
@@ -411,6 +407,7 @@ def set_team_permissions(self, data, user_data, team, org, repo, permission):
)
@auth()
@github_user_exists("user_id")
+ @team_must_exist()
def add_user_to_team_command(self, data, user_data, user_id, org, team, role):
"""
Adds a GitHub user to a team with a specified role.
@@ -430,10 +427,6 @@ def add_user_to_team_command(self, data, user_data, user_id, org, team, role):
# Check if team exists, if it does return the id
team_id = self.find_team_id_by_name(org, team)
- if not team_id:
- send_error(data["channel"], "The GitHub team does not exist.", thread=data["ts"])
- return
-
# Do it:
try:
self.invite_user_to_gh_org_team(user_id, team_id, role)
From 079e74a83368a6ac396a211afa8da511e6c42c3b Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Wed, 22 Nov 2017 10:30:05 +0200
Subject: [PATCH 06/29] fix decorator and remove redundant calls to
find_team_by_name
---
command_plugins/github/decorators.py | 4 ++--
command_plugins/github/plugin.py | 12 +++---------
2 files changed, 5 insertions(+), 11 deletions(-)
diff --git a/command_plugins/github/decorators.py b/command_plugins/github/decorators.py
index 14ce63b..0669065 100644
--- a/command_plugins/github/decorators.py
+++ b/command_plugins/github/decorators.py
@@ -27,11 +27,11 @@ def team_must_exist(org_arg="org", team_arg="team"):
def command_decorator(func):
def decorated_command(github_plugin, data, user_data, *args, **kwargs):
# Check if the specified GitHub team exists:
- if not github_plugin.find_team_id_by_name(data, user_date, kwargs[org_arg], kwargs[team_arg]):
+ kwargs['team_id'] = github_plugin.find_team_id_by_name(kwargs[org_arg], kwargs[team_arg])
+ if not kwargs.get("team_id"):
send_error(data["channel"], "@{}: The GitHub team: {} does not exist.".format(user_data["name"],
kwargs[team_arg]))
return
-
# Run the next function:
return func(github_plugin, data, user_data, *args, **kwargs)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 16a433e..2f4e4b4 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -50,7 +50,7 @@ def __init__(self):
},
"!SetRepoPermissions": {
"command": "!SetRepoPermissions",
- "func": self.set_team_permissions,
+ "func": self.set_repo_permissions_command,
"user_data_required": True,
"help": "Sets team permissions to a specific repository in a specific GitHub organization.",
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
@@ -348,7 +348,7 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
@auth()
@repo_must_exist()
@team_must_exist()
- def set_team_permissions(self, data, user_data, team, org, repo, permission):
+ def set_repo_permissions_command(self, data, user_data, team, org, repo, permission, team_id=None):
"""
Adds a team to a repository with a specified permission.
@@ -364,9 +364,6 @@ def set_team_permissions(self, data, user_data, team, org, repo, permission):
# Output that we are doing work:
send_info(data["channel"], "@{}: Working, Please wait...".format(user_data["name"]), thread=data["ts"])
- # Check if team exists, if it does return the id
- team_id = self.find_team_id_by_name(org, team)
-
# Grant access:
try:
self.set_repo_permissions(repo, org, team_id, permission)
@@ -408,7 +405,7 @@ def set_team_permissions(self, data, user_data, team, org, repo, permission):
@auth()
@github_user_exists("user_id")
@team_must_exist()
- def add_user_to_team_command(self, data, user_data, user_id, org, team, role):
+ def add_user_to_team_command(self, data, user_data, user_id, org, team, role, team_id=None):
"""
Adds a GitHub user to a team with a specified role.
@@ -424,9 +421,6 @@ def add_user_to_team_command(self, data, user_data, user_id, org, team, role):
# Output that we are doing work:
send_info(data["channel"], "@{}: Working, Please wait...".format(user_data["name"]), thread=data["ts"])
- # Check if team exists, if it does return the id
- team_id = self.find_team_id_by_name(org, team)
-
# Do it:
try:
self.invite_user_to_gh_org_team(user_id, team_id, role)
From ac4241f7ff6e44261d3a06d59d9fe048044285f1 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Mon, 27 Nov 2017 13:27:18 -0800
Subject: [PATCH 07/29] Implemented #57. This allows batch outside collaborator
repo adding.
---
.travis.yml | 1 -
bot_components/parse_functions.py | 18 ++++++++++++++++++
build_docker.sh | 6 +++---
command_plugins/github/decorators.py | 26 +++++++++++++++++++-------
command_plugins/github/plugin.py | 25 ++++++++++++++-----------
publish_via_travis.sh | 6 +++---
tests/test_parse_functions.py | 10 ++++++++++
7 files changed, 67 insertions(+), 25 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 5119576..803c8d7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,7 +3,6 @@ sudo: required
language: python
python:
- - "3.5"
- "3.6"
install:
diff --git a/bot_components/parse_functions.py b/bot_components/parse_functions.py
index c88c0d9..7038477 100644
--- a/bot_components/parse_functions.py
+++ b/bot_components/parse_functions.py
@@ -121,6 +121,24 @@ def extract_repo_name(plugin_obj, reponame, **kwargs):
return split_repo.replace(">", "")
+def extract_multiple_repo_names(plugin_obj, repos, **kwargs):
+ """
+ Does what the above does, but does it for a comma separated list of repos.
+ :param plugin_obj:
+ :param repos:
+ :param kwargs:
+ :return:
+ """
+ repo_list = repos.split(",")
+
+ parsed_repos = []
+
+ for repo in repo_list:
+ parsed_repos.append(extract_repo_name(plugin_obj, repo, **kwargs))
+
+ return parsed_repos
+
+
def parse_toggles(plugin_obj, toggle, toggle_type="toggle", **kwargs):
"""
Parses typical toggle values, like off, on, enabled, disabled, true, false, etc.
diff --git a/build_docker.sh b/build_docker.sh
index bb79671..7e720ec 100755
--- a/build_docker.sh
+++ b/build_docker.sh
@@ -26,12 +26,12 @@ if [ -z ${BUILD_TAG} ]; then
BUILD_TAG="latest"
fi
-# If this is running in Travis, AND the Python version IS NOT 3.5, then don't build
+# If this is running in Travis, AND the Python version IS NOT 3.6, then don't build
# the Docker image:
if [ $TRAVIS ]; then
PYTHON_VERSION=$( python --version )
- if [[ $PYTHON_VERSION != *"3.5"* ]]; then
- echo "This only builds Docker images in the Python 3.5 Travis job"
+ if [[ $PYTHON_VERSION != *"3.6"* ]]; then
+ echo "This only builds Docker images in the Python 3.6 Travis job"
exit 0
fi
fi
diff --git a/command_plugins/github/decorators.py b/command_plugins/github/decorators.py
index 0669065..59fc442 100644
--- a/command_plugins/github/decorators.py
+++ b/command_plugins/github/decorators.py
@@ -9,12 +9,19 @@
from hubcommander.bot_components.slack_comm import send_error
-def repo_must_exist(org_arg="org", repo_arg="repo"):
+def repo_must_exist(org_arg="org"):
def command_decorator(func):
def decorated_command(github_plugin, data, user_data, *args, **kwargs):
+ # Just 1 repo -- or multiple?
+ if kwargs.get("repo"):
+ repos = [kwargs["repo"]]
+ else:
+ repos = kwargs["repos"]
+
# Check if the specified GitHub repo exists:
- if not github_plugin.check_if_repo_exists(data, user_data, kwargs[repo_arg], kwargs[org_arg]):
- return
+ for repo in repos:
+ if not github_plugin.check_if_repo_exists(data, user_data, repo, kwargs[org_arg]):
+ return
# Run the next function:
return func(github_plugin, data, user_data, *args, **kwargs)
@@ -23,6 +30,7 @@ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
return command_decorator
+
def team_must_exist(org_arg="org", team_arg="team"):
def command_decorator(func):
def decorated_command(github_plugin, data, user_data, *args, **kwargs):
@@ -30,7 +38,8 @@ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
kwargs['team_id'] = github_plugin.find_team_id_by_name(kwargs[org_arg], kwargs[team_arg])
if not kwargs.get("team_id"):
send_error(data["channel"], "@{}: The GitHub team: {} does not exist.".format(user_data["name"],
- kwargs[team_arg]))
+ kwargs[team_arg]),
+ thread=data["ts"])
return
# Run the next function:
return func(github_plugin, data, user_data, *args, **kwargs)
@@ -39,6 +48,7 @@ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
return command_decorator
+
def github_user_exists(user_arg):
def command_decorator(func):
def decorated_command(github_plugin, data, user_data, *args, **kwargs):
@@ -48,13 +58,15 @@ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
if not found_user:
send_error(data["channel"], "@{}: The GitHub user: {} does not exist.".format(user_data["name"],
- kwargs[user_arg]))
+ kwargs[user_arg]),
+ thread=data["ts"])
return
except Exception as e:
send_error(data["channel"],
"@{}: A problem was encountered communicating with GitHub to verify the user's GitHub "
- "id. Here are the details:\n{}".format(user_data["name"], str(e)))
+ "id. Here are the details:\n{}".format(user_data["name"], str(e)),
+ thread=data["ts"])
return
# Run the next function:
@@ -81,7 +93,7 @@ def decorated_command(github_plugin, data, user_data, *args, **kwargs):
send_error(data["channel"],
"@{}: This repository does not have the branch: `{}`.".format(user_data["name"],
kwargs[branch_arg]),
- markdown=True)
+ markdown=True, thread=data["ts"])
return
# Run the next function:
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 2f4e4b4..d4bc24c 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -15,10 +15,11 @@
from hubcommander.bot_components.bot_classes import BotCommander
from hubcommander.bot_components.decorators import hubcommander_command, auth
from hubcommander.bot_components.slack_comm import send_info, send_success, send_error, send_raw
-from hubcommander.bot_components.parse_functions import extract_repo_name, parse_toggles
+from hubcommander.bot_components.parse_functions import extract_repo_name, parse_toggles, extract_multiple_repo_names
from hubcommander.command_plugins.github.config import GITHUB_URL, GITHUB_VERSION, ORGS, USER_COMMAND_DICT
from hubcommander.command_plugins.github.parse_functions import lookup_real_org, validate_homepage
-from hubcommander.command_plugins.github.decorators import repo_must_exist, github_user_exists, branch_must_exist, team_must_exist
+from hubcommander.command_plugins.github.decorators import repo_must_exist, github_user_exists, branch_must_exist, \
+ team_must_exist
class GitHubPlugin(BotCommander):
@@ -273,14 +274,15 @@ def set_repo_homepage_command(self, data, user_data, org, repo, homepage):
@hubcommander_command(
name="!AddCollab",
- usage="!AddCollab <OutsideCollabId> <OrgWithRepo> <Repo> <Permission>",
+ usage="!AddCollab <OutsideCollabId> <OrgWithRepo> <Repos(Comma separated if more than 1)> <Permission>",
description="This will add an outside collaborator to a repository with the given permission.",
required=[
dict(name="collab", properties=dict(type=str, help="The outside collaborator's GitHub ID.")),
dict(name="org", properties=dict(type=str, help="The organization that contains the repo."),
validation_func=lookup_real_org, validation_func_kwargs={}),
- dict(name="repo", properties=dict(type=str, help="The repository to add the outside collaborator to."),
- validation_func=extract_repo_name, validation_func_kwargs={}),
+ dict(name="repos", properties=dict(type=str, help="A comma separated list (or not if just 1) of repos to "
+ "add the collaborator to."),
+ validation_func=extract_multiple_repo_names, validation_func_kwargs={}),
dict(name="permission", properties=dict(type=str.lower, help="The permission to grant, must be one "
"of: `{values}`"),
choices="permitted_permissions"),
@@ -290,9 +292,9 @@ def set_repo_homepage_command(self, data, user_data, org, repo, homepage):
@auth()
@repo_must_exist()
@github_user_exists("collab")
- def add_outside_collab_command(self, data, user_data, collab, org, repo, permission):
+ def add_outside_collab_command(self, data, user_data, collab, org, repos, permission):
"""
- Adds an outside collaborator a repository with a specified permission.
+ Adds an outside collaborator to repository (or multiple repos) with a specified permission.
Command is as follows: !addcollab <outside_collab_id> <organization> <repo> <permission>
:param permission:
@@ -308,7 +310,8 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
# Grant access:
try:
- self.add_outside_collab_to_repo(collab, repo, org, permission)
+ for r in repos:
+ self.add_outside_collab_to_repo(collab, r, org, permission)
except ValueError as ve:
send_error(data["channel"],
@@ -325,8 +328,8 @@ def add_outside_collab_command(self, data, user_data, collab, org, repo, permiss
# Done:
send_success(data["channel"],
"@{}: The GitHub user: `{}` has been added as an outside collaborator with `{}` "
- "permissions to {}/{}.".format(user_data["name"], collab, permission,
- org, repo),
+ "permissions to {} in {}.".format(user_data["name"], collab, permission,
+ ", ".join(repos), org),
markdown=True, thread=data["ts"])
@hubcommander_command(
@@ -980,7 +983,7 @@ def check_if_repo_exists(self, data, user_data, reponame, real_org):
if not result:
send_error(data["channel"],
- "@{}: This repository does not exist in {}.".format(user_data["name"], real_org),
+ "@{}: The repository {}/{} does not exist.".format(user_data["name"], real_org, reponame),
thread=data["ts"])
return False
diff --git a/publish_via_travis.sh b/publish_via_travis.sh
index b8d34aa..4134dff 100755
--- a/publish_via_travis.sh
+++ b/publish_via_travis.sh
@@ -20,12 +20,12 @@
#
################################################################################
-# If this is running in Travis, AND the Python version IS NOT 3.5, then don't build
+# If this is running in Travis, AND the Python version IS NOT 3.6, then don't build
# the Docker image:
if [ $TRAVIS ]; then
PYTHON_VERSION=$( python --version )
- if [[ $PYTHON_VERSION != *"3.5"* ]]; then
- echo "This only publishes Docker images in the Python 3.5 Travis job"
+ if [[ $PYTHON_VERSION != *"3.6"* ]]; then
+ echo "This only publishes Docker images in the Python 3.6 Travis job"
exit 0
fi
else
diff --git a/tests/test_parse_functions.py b/tests/test_parse_functions.py
index 94bf346..85e42ad 100644
--- a/tests/test_parse_functions.py
+++ b/tests/test_parse_functions.py
@@ -53,6 +53,16 @@ def test_extract_repo_name():
assert extract_repo_name(None, uri) == repo
+def test_extract_multiple_repo_names():
+ from hubcommander.bot_components.parse_functions import extract_multiple_repo_names
+
+ test_repos = ["www.foo.com", "foo", "HubCommander", "netflix.github.io"]
+ test_repo_strings = "<http://www.foo.com|www.foo.com>,foo,HubCommander," \
+ "<https://netflix.github.io|netflix.github.io>"
+
+ assert extract_multiple_repo_names(None, test_repo_strings) == test_repos
+
+
def test_parse_toggles():
from hubcommander.bot_components.parse_functions import parse_toggles, TOGGLE_ON_VALUES, \
TOGGLE_OFF_VALUES, ParseException
From 9aa5804317993f4ee005407d59b814ce23703d60 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Thu, 30 Nov 2017 10:46:39 -0800
Subject: [PATCH 08/29] Added multiple-domain DUO support.
- This will change how DUO environment variables are sent in. Please see the updated README.
- This also adds support for hidden commands where help text is not specified. This is useful for
commands that you have retired. This is so if users type in the retired command, they still
get some output that you can control -- indicating to them that the command is retired and
that another command should be used instead -- while not showing up in the help text.
---
auth_plugins/duo/plugin.py | 25 ++++++++++++++++++-------
decrypt_creds.py | 33 ++++++++++++++++++++-------------
docs/authentication.md | 15 ++++++++++++---
docs/command_config.md | 9 +++++++++
hubcommander.py | 7 ++++++-
5 files changed, 65 insertions(+), 24 deletions(-)
diff --git a/auth_plugins/duo/plugin.py b/auth_plugins/duo/plugin.py
index 0136749..b1a5ac6 100644
--- a/auth_plugins/duo/plugin.py
+++ b/auth_plugins/duo/plugin.py
@@ -30,20 +30,31 @@ class DuoPlugin(BotAuthPlugin):
def __init__(self):
super().__init__()
- self.client = None
+ self.clients = {}
def setup(self, secrets, **kwargs):
- if not secrets.get("DUO_IKEY") or not secrets.get("DUO_SKEY") or not secrets.get("DUO_HOST"):
- raise NoSecretsProvidedError("Must provide secrets to enable authentication.")
+ for variable, secret in secrets.items():
+ if "DUO_" in variable:
+ domain, host, ikey, skey = secret.split(",")
+ self.clients[domain] = Client(ikey, skey, host)
- self.client = Client(secrets["DUO_IKEY"], secrets["DUO_SKEY"], secrets["DUO_HOST"])
+ if not len(self.clients):
+ raise NoSecretsProvidedError("Must provide secrets to enable authentication.")
def authenticate(self, data, user_data, **kwargs):
+ # Which domain does this user belong to?
+ domain = user_data["profile"]["email"].split("@")[1]
+ if not self.clients.get(domain):
+ send_error(data["channel"], "💀 @{}: Duo in this bot is not configured for the domain: `{}`. It needs "
+ "to be configured for you to run this command."
+ .format(user_data["name"], domain), markdown=True, thread=data["ts"])
+ return False
+
send_info(data["channel"], "🎟 @{}: Sending a Duo notification to your device. You must approve!"
.format(user_data["name"]), markdown=True, ephemeral_user=user_data["id"])
try:
- result = self._perform_auth(user_data)
+ result = self._perform_auth(user_data, self.clients[domain])
except InvalidDuoResponseError as idre:
send_error(data["channel"], "💀 @{}: There was a problem communicating with Duo. Got this status: {}. "
"Aborting..."
@@ -71,14 +82,14 @@ def authenticate(self, data, user_data, **kwargs):
.format(user_data["name"]), markdown=True, ephemeral_user=user_data["id"])
return True
- def _perform_auth(self, user_data):
+ def _perform_auth(self, user_data, client):
# Push to devices:
duo_params = {
"username": user_data["profile"]["email"],
"factor": "push",
"device": "auto"
}
- response, data = self.client.api_call("POST", "/auth/v2/auth", duo_params)
+ response, data = client.api_call("POST", "/auth/v2/auth", duo_params)
result = json.loads(data.decode("utf-8"))
if response.status != 200:
diff --git a/decrypt_creds.py b/decrypt_creds.py
index b136742..7df65c7 100644
--- a/decrypt_creds.py
+++ b/decrypt_creds.py
@@ -10,25 +10,34 @@ def get_credentials():
# For Docker, encryption is assumed to be happening outside of this, and the secrets
# are instead being passed in as environment variables:
import os
- return {
+
+ creds = {
# Minimum
"SLACK": os.environ["SLACK_TOKEN"],
# Optional:
"GITHUB": os.environ.get("GITHUB_TOKEN"),
- "TRAVIS_PRO_USER": os.environ.get("TRAVIS_PRO_USER"),
- "TRAVIS_PRO_ID": os.environ.get("TRAVIS_PRO_ID"),
- "TRAVIS_PRO_TOKEN": os.environ.get("TRAVIS_PRO_TOKEN"),
- "TRAVIS_PUBLIC_USER": os.environ.get("TRAVIS_PUBLIC_USER"),
- "TRAVIS_PUBLIC_ID": os.environ.get("TRAVIS_PUBLIC_ID"),
- "TRAVIS_PUBLIC_TOKEN": os.environ.get("TRAVIS_PUBLIC_TOKEN"),
- "DUO_HOST": os.environ.get("DUO_HOST"),
- "DUO_IKEY": os.environ.get("DUO_IKEY"),
- "DUO_SKEY": os.environ.get("DUO_SKEY"),
+
+ # These are named the same as the env var, but these are the env vars should you
+ # want to leverage the feature:
+ # "TRAVIS_PRO_USER": os.environ.get("TRAVIS_PRO_USER"),
+ # "TRAVIS_PRO_ID": os.environ.get("TRAVIS_PRO_ID"),
+ # "TRAVIS_PRO_TOKEN": os.environ.get("TRAVIS_PRO_TOKEN"),
+ # "TRAVIS_PUBLIC_USER": os.environ.get("TRAVIS_PUBLIC_USER"),
+ # "TRAVIS_PUBLIC_ID": os.environ.get("TRAVIS_PUBLIC_ID"),
+ # "TRAVIS_PUBLIC_TOKEN": os.environ.get("TRAVIS_PUBLIC_TOKEN"),
+
+ # DUO_...NAME_OF_DUO_CRED: "domain-that-is-duod.com,duo_host,duo_ikey,duo_skey"
# ADD MORE HERE...
}
+ # Just adds the rest for freely-named ones (Like for Duo):
+ for variable, value in os.environ.items():
+ creds[variable] = value
+
+ return creds
+
# def kms_decrypt():
# """
@@ -69,9 +78,7 @@ def get_credentials():
"TRAVIS_PUBLIC_USER": "GitHub ID of GitHub account with access to Travis Public",
"TRAVIS_PUBLIC_ID": "The ID of the Travis user. Use the Travis API to get this (for Public)",
"TRAVIS_PUBLIC_TOKEN": Use the Travis API to get the Travis token (for the Travis Public account)",
- "DUO-HOST": "xxxxxxxx.duosecurity.com",
- "DUO-IKEY": "The IKEY for Duo",
- "DUO-SKEY": "The SKEY for Duo"
+ "DUO_YOUR_DOMAIN": "your-domain-here.com,xxxxxxxx.duosecurity.com,THEDUOIKEY,THEDUOSKEY"
}
encrypt_res = kms_client.encrypt(KeyId=kms_arn, Plaintext=bytes(json.dumps(secrets_to_encrypt, indent=4), "utf-8"))
diff --git a/docs/authentication.md b/docs/authentication.md
index ebd606f..fd483f6 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -25,10 +25,19 @@ An example for how this is configured can be found in
Enabling Duo
------------
Duo is disabled by default. To enable Duo, you will need the following information:
+ 1. The domain name that is Duo protected
+ 1. The Duo Host
+ 1. The "IKEY"
+ 1. The "SKEY"
- - `DUO-HOST`: Your administrator needs to provide you with this
- - `DUO-IKEY`: The `IKEY`, provided to you by your administrator
- - `DUO-SKEY`: The `SKEY`, provided to you by your administrator
+HubCommander supports multiple Duo domains. For this to work, you will need the information above
+for the given domain. Additionally, the secrets dictionary needs to be updated such that it has a key that starts
+with `DUO_`. This key needs a comma-separated list of the domain, duo host, `ikey`, and `skey`. It needs to look like:
+
+ "DUO_DOMAIN_ONE": "domainone.com,YOURHOST.duosecurity.com,THEIKEY,THESKEY"
+ "DUO_DOMAIN_TWO": "domaintwo.com,YOUROTHERHOST.duosecurity.com,THEOTHERIKEY,THEOTHERSKEY"
+
+The email address of the Slack user will determine which domain gets used.
With the above information, you need to modify the secrets `dict` that is decrypted by the application
on startup.
diff --git a/docs/command_config.md b/docs/command_config.md
index cf91472..e5e4b4e 100644
--- a/docs/command_config.md
+++ b/docs/command_config.md
@@ -44,3 +44,12 @@ By default, authentication is disabled. An example of enabling authentication ca
[`config.py`](https://github.com/Netflix/hubcommander/blob/master/github/config.py) file.
_For more details on authentication plugins, please read the [authentication plugin documentation](authentication.md)._
+
+
+### Hidden Commands
+
+If you ever retire a command, you can make it hidden from the `!Help` output. You can modify the command so that it
+outputs information redirecting the user to the new and supported command to utilize.
+
+To do this, in the command configuration, simply remove the `help` text. This command can stil be
+executed, but won't appear as a command.
diff --git a/hubcommander.py b/hubcommander.py
index fc98d5f..f2cc67c 100644
--- a/hubcommander.py
+++ b/hubcommander.py
@@ -108,7 +108,12 @@ def setup(slackclient):
if cmd["enabled"]:
print("\t[+] Adding command: \'{cmd}\'".format(cmd=cmd["command"]))
COMMANDS[cmd["command"].lower()] = cmd
- HELP_TEXT.append("`{cmd}` - {help}\n".format(cmd=cmd["command"], help=cmd["help"]))
+
+ # Hidden commands: don't show on the help:
+ if cmd.get("help"):
+ HELP_TEXT.append("`{cmd}` - {help}\n".format(cmd=cmd["command"], help=cmd["help"]))
+ else:
+ print("\t[!] Not adding help text for hidden command: {}".format(cmd["command"]))
else:
print("\t[/] Skipping disabled command: \'{cmd}\'".format(cmd=cmd["command"]))
print("[+] Successfully enabled command plugin \"{}\"".format(name))
From be4bb4780f2a3c018cf5694ff924de7529b0adf7 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Tue, 5 Dec 2017 12:37:00 -0800
Subject: [PATCH 09/29] Fixed bug #81.
---
command_plugins/github/plugin.py | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index d4bc24c..2f81f1a 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -1338,23 +1338,29 @@ def set_branch_protection(self, repo, org, branch, enabled):
# See: https://developer.github.com/v3/repos/branches/#enabling-and-disabling-branch-protection
headers = {
'Authorization': 'token {}'.format(self.token),
- 'Accept': "application/vnd.github.loki-preview+json"
}
- api_part = 'repos/{}/{}/branches/{}'.format(org, repo, branch)
-
- data = {
- "protection": {
- "enabled": enabled
+ api_part = 'repos/{}/{}/branches/{}/protection'.format(org, repo, branch)
+ if enabled:
+ data = {
+ "required_status_checks": None,
+ "enforce_admins": None,
+ "required_pull_request_reviews": None,
+ "restrictions": None
}
- }
+ response = requests.put('{}{}'.format(GITHUB_URL, api_part), json=data, headers=headers, timeout=10)
- response = requests.patch('{}{}'.format(GITHUB_URL, api_part), data=json.dumps(data), headers=headers,
- timeout=10)
+ if response.status_code != 200:
+ message = 'An error was encountered communicating with GitHub: Status Code: {}' \
+ .format(response.status_code)
+ raise requests.exceptions.RequestException(message)
- if response.status_code != 200:
- message = 'An error was encountered communicating with GitHub: Status Code: {}' \
- .format(response.status_code)
- raise requests.exceptions.RequestException(message)
+ else:
+ response = requests.delete('{}{}'.format(GITHUB_URL, api_part), headers=headers, timeout=10)
+
+ if response.status_code != 204:
+ message = 'An error was encountered communicating with GitHub: Status Code: {}' \
+ .format(response.status_code)
+ raise requests.exceptions.RequestException(message)
def check_if_user_is_member_of_org(self, github_id, org):
# Check if the user exists first:
From a2ad149750b916e6680c8ed6853655fbae2205d3 Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Wed, 20 Dec 2017 22:34:31 +0200
Subject: [PATCH 10/29] Build app entirely frmo Dockerfile
---
Dockerfile | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 6d61b65..87cfb4a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,15 +3,17 @@ FROM ubuntu:xenial
# Mostly Mike Grima: mgrima@netflix.com
MAINTAINER NetflixOSS <netflixoss@netflix.com>
-# Install the Python RTM bot itself:
-ARG RTM_VERSION
-ADD python-rtmbot-${RTM_VERSION}.tar.gz /
-
RUN \
# Install Python:
apt-get update && \
apt-get upgrade -y && \
- apt-get install python3 python3-venv nano -y
+ apt-get install python3 python3-venv nano curl -y
+
+# Install the Python RTM bot itself:
+ARG RTM_VERSION="0.4.0"
+ARG RTM_PATH="python-rtmbot-${RTM_VERSION}"
+RUN curl -L https://github.com/slackhq/python-rtmbot/archive/${RTM_VERSION}.tar.gz > /${RTM_PATH}.tar.gz && tar xvzf python-rtmbot-0.4.0.tar.gz
+
# Add all the other stuff to the plugins:
COPY / /python-rtmbot-${RTM_VERSION}/hubcommander
@@ -20,16 +22,13 @@ COPY / /python-rtmbot-${RTM_VERSION}/hubcommander
RUN \
# Rename the rtmbot:
mv /python-rtmbot-${RTM_VERSION} /rtmbot && \
-
# Set up the VENV:
pyvenv /venv && \
-
# Install all the deps:
/bin/bash -c "source /venv/bin/activate && pip install --upgrade pip" && \
/bin/bash -c "source /venv/bin/activate && pip install --upgrade setuptools" && \
/bin/bash -c "source /venv/bin/activate && pip install wheel" && \
/bin/bash -c "source /venv/bin/activate && pip install /rtmbot/hubcommander" && \
-
# The launcher script:
mv /rtmbot/hubcommander/launch_in_docker.sh / && chmod +x /launch_in_docker.sh && \
rm /rtmbot/hubcommander/python-rtmbot-${RTM_VERSION}.tar.gz
From 4880ea5d3ff0d62e7095615277ff0cdf50450bd9 Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Wed, 20 Dec 2017 23:04:09 +0200
Subject: [PATCH 11/29] fix rm of tar file
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 87cfb4a..02026e9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,7 +31,7 @@ RUN \
/bin/bash -c "source /venv/bin/activate && pip install /rtmbot/hubcommander" && \
# The launcher script:
mv /rtmbot/hubcommander/launch_in_docker.sh / && chmod +x /launch_in_docker.sh && \
- rm /rtmbot/hubcommander/python-rtmbot-${RTM_VERSION}.tar.gz
+ rm /python-rtmbot-${RTM_VERSION}.tar.gz
# DEFINE YOUR ENV VARS FOR SECRETS HERE:
ENV SLACK_TOKEN="REPLACEMEINCMDLINE" \
From 775c21c8e7a0ccbc2e1d26d130a03b1ed26d29be Mon Sep 17 00:00:00 2001
From: yaron <yaron@soluto.com>
Date: Wed, 20 Dec 2017 23:14:34 +0200
Subject: [PATCH 12/29] change deprecated MAINTAINER to label
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 02026e9..d45bd7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
FROM ubuntu:xenial
# Mostly Mike Grima: mgrima@netflix.com
-MAINTAINER NetflixOSS <netflixoss@netflix.com>
+LABEL maintainer="netflixoss@netflix.com"
RUN \
# Install Python:
From 85da716c0ace9f2e67c267b09efb64b74db149d7 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Mon, 15 Jan 2018 15:42:28 -0800
Subject: [PATCH 13/29] Added more threads to duo error messages
---
auth_plugins/duo/plugin.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/auth_plugins/duo/plugin.py b/auth_plugins/duo/plugin.py
index b1a5ac6..d16a2ac 100644
--- a/auth_plugins/duo/plugin.py
+++ b/auth_plugins/duo/plugin.py
@@ -58,18 +58,18 @@ def authenticate(self, data, user_data, **kwargs):
except InvalidDuoResponseError as idre:
send_error(data["channel"], "💀 @{}: There was a problem communicating with Duo. Got this status: {}. "
"Aborting..."
- .format(user_data["name"], str(idre)), markdown=True)
+ .format(user_data["name"], str(idre)), thread=data["ts"], markdown=True)
return False
except CantDuoUserError as _:
send_error(data["channel"], "💀 @{}: I can't Duo authenticate you. Please consult with your identity team."
" Aborting..."
- .format(user_data["name"]), markdown=True)
+ .format(user_data["name"]), thread=data["ts"], markdown=True)
return False
except Exception as e:
send_error(data["channel"], "💀 @{}: I encountered some issue with Duo... Here are the details: ```{}```"
- .format(user_data["name"], str(e)), markdown=True)
+ .format(user_data["name"], str(e)), thread=data["ts"], markdown=True)
return False
if not result:
From 25849f42b322044c5d66cec58894ba7dfe8e1e91 Mon Sep 17 00:00:00 2001
From: sbalagopal <sabarish.balagopal@gmail.com>
Date: Thu, 22 Feb 2018 12:18:02 +0530
Subject: [PATCH 14/29] Update for exit status
Small change to include a non-zero exit status if the docker build command failed for any reason.
---
build_docker.sh | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/build_docker.sh b/build_docker.sh
index 7e720ec..c8f7126 100755
--- a/build_docker.sh
+++ b/build_docker.sh
@@ -55,5 +55,12 @@ echo "[-->] Now building the Docker image..."
# Build that Docker image...
docker build -t netflixoss/hubcommander:${BUILD_TAG} --rm=true . --build-arg RTM_VERSION=${RTM_VERSION}
+cmd_st="$?"
+if [ $cmd_st -gt 0 ]
+then
+ echo "Error building image. Exiting."
+ exit $cmd_st
+fi
+
echo
echo "DONE!"
From ce8e0fe4d3db0f894f947978099b83e4e0aaab88 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Thu, 5 Jul 2018 09:45:38 -0700
Subject: [PATCH 15/29] Addresses #83
---
docs/installation.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/installation.md b/docs/installation.md
index 8d8ce2c..b34ab7a 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -83,6 +83,8 @@ enable the plugins to make authenticated calls to their respective services. You
required for plugins to work.
1. Contact your Slack administrator to obtain a Slack token that can be used for bots.
+ - More specifically, you will need to create a Slack app, and give the app the permissions to be a bot.
+ - You will need to use the bot token for Oauth in order to get `rtm:stream` permissions.
2. If you haven't already, create a GitHub bot account, and invite it to all the organizations that
you manage with the `owner` role. Also, please configure this account with a strong password
and 2FA! (Don't forget to back up those recovery codes into a safe place!)
@@ -94,7 +96,7 @@ configuration that the plugin supports.
For the GitHub plugin, you are required to define a Python `dict` with the organizations that you manage. An example
of what this `dict` looks like can be found in the sample
-[`github/config.py`](https://github.com/Netflix/hubcommander/blob/master/github/config.py) file.
+[`command_plugins/github/config.py`](https://github.com/Netflix/hubcommander/blob/develop/command_plugins/github/config.py) file.
At a minimum, you need to specify the real name of the organization, a list of aliases for the orgs (or an empty list),
whether the organization can only create public repos (via the `public_only` boolean), as well as
From f79da51311ba7dd507ca4263a3773a7df40fb351 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Thu, 5 Jul 2018 10:10:56 -0700
Subject: [PATCH 16/29] Properly removes all macOS "Smart Quotes".
Fixes #87
---
bot_components/decorators.py | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/bot_components/decorators.py b/bot_components/decorators.py
index 62d6fa0..8e75e71 100644
--- a/bot_components/decorators.py
+++ b/bot_components/decorators.py
@@ -81,13 +81,10 @@ def perform_additional_verification(plugin_obj, args, **kwargs):
elif argument.get("lowercase", True):
args[real_arg_name] = args[real_arg_name].lower()
- # Perform cleanups? This will remove things like the annoying macOS "smart quotes",
- # and the <>, {}, <> from the variables if `cleanup=False` not set.
+ # Perform cleanups? Removes <>, {}, <> from the variables if `cleanup=False` not set.
if argument.get("cleanup", True):
args[real_arg_name] = args[real_arg_name].replace("<", "") \
.replace(">", "").replace("{", "").replace("}", "") \
- .replace(u'\u201C', "\"").replace(u'\u201D', "\"") \
- .replace(u'\u2018', "\'").replace(u'\u2019', "\'") \
.replace("[", "").replace("]", "") \
.replace("<", "").replace(">", "")
@@ -140,6 +137,10 @@ def decorated_command(plugin_obj, data, user_data):
parser.add_argument(argument["name"], **argument["properties"])
+ # Remove all the macOS "Smart Quotes":
+ data["text"] = data["text"].replace(u'\u201C', "\"").replace(u'\u201D', "\"") \
+ .replace(u'\u2018', "\'").replace(u'\u2019', "\'")
+
# Remove the command from the command string:
split_args = shlex.split(data["text"])[1:]
try:
From a440bc3c596e232f6e4a7965b37e8ad9e2c3c2dc Mon Sep 17 00:00:00 2001
From: Dogbone0714 <jameskang0714@gmail.com>
Date: Sat, 13 Oct 2018 03:13:02 +0800
Subject: [PATCH 17/29] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 28e8a48..31adfa0 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ administrative or `owner` privileges to your GitHub organization members.
|Travis CI|[](https://travis-ci.org/Netflix/hubcommander)|[](https://travis-ci.org/Netflix/hubcommander)|
-How it works?
+How does it work?
-------------
HubCommander is based on [slackhq/python-rtmbot](https://github.com/slackhq/python-rtmbot)
(currently, dependent on release [0.4.0](https://github.com/slackhq/python-rtmbot/releases/tag/0.4.0))
From cb157ef14df1ebbcf8a26c060d36cc68f6bc819e Mon Sep 17 00:00:00 2001
From: Francois-D <46973576+Francois-D@users.noreply.github.com>
Date: Wed, 22 Apr 2020 00:55:45 -0400
Subject: [PATCH 18/29] Update .travis.yml
https://changelog.travis-ci.com/the-container-based-build-environment-is-fully-deprecated-84517
sudo required is deprecated
---
.travis.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 803c8d7..826773f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,3 @@
-sudo: required
-
language: python
python:
From 976c9bf6d9882c9e9e2941822a22136adfce4e06 Mon Sep 17 00:00:00 2001
From: Steve Hill <sghill.dev@gmail.com>
Date: Fri, 30 Oct 2020 13:24:33 -0700
Subject: [PATCH 19/29] Update build status location
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 31adfa0..4b3e169 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ administrative or `owner` privileges to your GitHub organization members.
| Service | Master | Develop |
|:-----------:|:--------:|:---------:|
-|Travis CI|[](https://travis-ci.org/Netflix/hubcommander)|[](https://travis-ci.org/Netflix/hubcommander)|
+|Travis CI|[](https://travis-ci.com/Netflix/hubcommander)|[](https://travis-ci.com/Netflix/hubcommander)|
How does it work?
@@ -66,4 +66,4 @@ Please see the documentation [here](docs/installation.md) for details.
Contributing
---------------
If you are interested in contributing to HubCommander, please review the [contributing documentation](docs/contributing.md).
-
\ No newline at end of file
+
From e2b13c63b968213c15df7b9a3f0af79d1fb5c45c Mon Sep 17 00:00:00 2001
From: Noa Amran <namran@netflix.com>
Date: Fri, 20 Nov 2020 12:17:45 -0800
Subject: [PATCH 20/29] Updating the Travis Plugin to use travis-ci.com by
default
---
command_plugins/travis_ci/plugin.py | 12 +++++++-----
docs/travis_ci.md | 15 ++++++---------
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/command_plugins/travis_ci/plugin.py b/command_plugins/travis_ci/plugin.py
index 83e939c..2111ec3 100644
--- a/command_plugins/travis_ci/plugin.py
+++ b/command_plugins/travis_ci/plugin.py
@@ -119,7 +119,7 @@ def list_org_command(data):
@hubcommander_command(
name="!EnableTravis",
- usage="!EnableTravis <OrgWithRepo> <Repo>",
+ usage="!EnableTravis <OrgWithRepo> <Repo> [--public=true]",
description="This will enable Travis CI on a GitHub repository.",
required=[
dict(name="org", properties=dict(type=str, help="The organization that contains the repo."),
@@ -127,14 +127,16 @@ def list_org_command(data):
dict(name="repo", properties=dict(type=str, help="The repository to enable Travis CI on."),
validation_func=extract_repo_name, validation_func_kwargs={})
],
- optional=[]
+ optional=[dict(name="--public",
+ properties=dict(type=str, help="When set to true - attempts to enable Travis CI using the public travis-ci.org"))]
)
@auth()
- def enable_travis_command(self, data, user_data, org, repo):
+ def enable_travis_command(self, data, user_data, org, repo, public):
"""
Enables Travis CI on a repository within the organization.
- Command is as follows: !enabletravis <organization> <repo>
+ Command is as follows: !enabletravis <organization> <repo> [--public=true]
+ :param public:
:param repo:
:param org:
:param user_data:
@@ -162,7 +164,7 @@ def enable_travis_command(self, data, user_data, org, repo):
"@{}: I encountered a problem:\n\n{}".format(user_data["name"], e), thread=data["ts"])
return
- which = "pro" if repo_result["private"] else "public"
+ which = "public" if (public and public.lower() == 'true') else "pro"
try:
# Sync with Travis CI so that it knows about the repo:
diff --git a/docs/travis_ci.md b/docs/travis_ci.md
index 85b1c35..6d6e96f 100644
--- a/docs/travis_ci.md
+++ b/docs/travis_ci.md
@@ -1,14 +1,13 @@
Travis CI Plugin
=================
-The [Travis CI](https://travis-ci.org/) plugin features an `!EnableTravis` command which will enable Travis CI
+The [Travis CI](https://travis-ci.com/) plugin features an `!EnableTravis` command which will enable Travis CI
on a given repository. By default, this plugin is disabled.
-This plugin makes an assumption that you have Travis CI Public (for public repos) and
-Professional (for private repos) enabled for your GitHub organizations.
+This plugin makes an assumption that you have Travis CI enabled for your GitHub organizations.
-This plugin will automatically detect which Travis CI (Public vs. Pro) to use based on the public/private
-visibility of a given GitHub repository.
+Since Travis CI Public (travis-ci.org) [is moving](https://blog.travis-ci.com/2018-05-02-open-source-projects-on-travis-ci-com-with-github-apps) to Travis CI Pro (travis-ci.com),
+the plugin will default to using Travis CI Pro.
How does it work?
----------------
@@ -26,11 +25,9 @@ then run the API command to enable Travis CI on the repo.
Configuration
-------------
-This plugin requires access to the Travis CI API version 3
-([currently in closed BETA](https://developer.travis-ci.org/)). You must contact Travis CI's support
-and request a GitHub ID to be added into the beta for access to the methods utilized by this plugin.
+This plugin requires access to [Travis CI API version 3](https://developer.travis-ci.com/).
-Once you are added into the closed beta, you will need to get your Travis CI tokens. These tokens
+You will need to get your Travis CI tokens. These tokens
are _different_ for public and professional Travis CI.
### GitHub API Token for Travis
From 9d385bea7e710ea1fbc1552adc4d6a55366bbd63 Mon Sep 17 00:00:00 2001
From: Tim Gates <tim.gates@iress.com>
Date: Wed, 30 Dec 2020 06:51:54 +1100
Subject: [PATCH 21/29] docs: fix simple typo, safegurad -> safeguard
There is a small typo in docs/authentication.md.
Should read `safeguard` rather than `safegurad`.
---
docs/authentication.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/authentication.md b/docs/authentication.md
index fd483f6..ec03cd9 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -1,6 +1,6 @@
Authentication Plugins
===================
-HubCommander supports the ability to add authentication to the command flow. This is useful to safegurad
+HubCommander supports the ability to add authentication to the command flow. This is useful to safeguard
specific commands, and additionally, add a speedbump to privileged commands.
For organizations making use of Duo, a plugin is supplied that will prompt a user's device for approval
From 2e3116080f6c9bb0fe8c536cb3099af2e3db7fc4 Mon Sep 17 00:00:00 2001
From: Megan Marsh <meganmarsh@netflix.com>
Date: Wed, 15 Dec 2021 13:30:36 -0800
Subject: [PATCH 22/29] update dependencies for rtmbot and duo_client to allow
for newer versions. this will let us build on newer versions of python and
use patched versions of the rtmbot
---
setup.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/setup.py b/setup.py
index 802b76f..944fa03 100644
--- a/setup.py
+++ b/setup.py
@@ -25,10 +25,10 @@
install_requires = [
'boto3>=1.4.3', # For KMS support
- 'duo_client==3.0',
+ 'duo_client>=4.0',
'tabulate>=0.7.7',
'validators>=0.11.1',
- 'rtmbot==0.4.0'
+ 'rtmbot>=0.4.0'
]
tests_require = [
From c8c3686f2842f5d089b4c0f2c986d3c9cd9fea68 Mon Sep 17 00:00:00 2001
From: Megan Marsh <meganmarsh@netflix.com>
Date: Thu, 16 Dec 2021 10:11:23 -0800
Subject: [PATCH 23/29] update to python 3.8
---
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index 826773f..95d175d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,7 @@
language: python
python:
- - "3.6"
+ - "3.8"
install:
- pip install -e .
From 397304602ef4762f1b01b61cef4bd072536c9946 Mon Sep 17 00:00:00 2001
From: Megan Marsh <meganmarsh@netflix.com>
Date: Fri, 17 Dec 2021 14:45:46 -0800
Subject: [PATCH 24/29] add hook to remove collaborators in nathanexplosion
---
command_plugins/github/plugin.py | 79 ++++++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 2f81f1a..e7c6630 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -49,6 +49,13 @@ def __init__(self):
"permitted_permissions": ["push", "pull"], # To grant admin, add this to the config for
"enabled": True # this command in the config.py.
},
+ "!RemoveCollab": {
+ "command": "!RemoveCollab",
+ "func": self.remove_outside_collab_command,
+ "user_data_required": True,
+ "help": "Removes an outside collaborator from a specific repository in a specific GitHub organization.",
+ "enabled": True # this command in the config.py.
+ },
"!SetRepoPermissions": {
"command": "!SetRepoPermissions",
"func": self.set_repo_permissions_command,
@@ -332,6 +339,62 @@ def add_outside_collab_command(self, data, user_data, collab, org, repos, permis
", ".join(repos), org),
markdown=True, thread=data["ts"])
+ @hubcommander_command(
+ name="!RemoveCollab",
+ usage="!RemoveCollab <OutsideCollabId> <OrgWithRepo> <Repos(Comma separated if more than 1)>",
+ description="This will remove an outside collaborator from a repository.",
+ required=[
+ dict(name="collab", properties=dict(type=str, help="The outside collaborator's GitHub ID.")),
+ dict(name="org", properties=dict(type=str, help="The organization that contains the repo."),
+ validation_func=lookup_real_org, validation_func_kwargs={}),
+ dict(name="repos", properties=dict(type=str, help="A comma separated list (or not if just 1) of repos to "
+ "add the collaborator to."),
+ validation_func=extract_multiple_repo_names, validation_func_kwargs={}),
+ ],
+ optional=[]
+ )
+ @auth()
+ @repo_must_exist()
+ @github_user_exists("collab")
+ def remove_outside_collab_command(self, data, user_data, collab, org, repos):
+ """
+ Removes an outside collaborator to repository (or multiple repos).
+
+ Command is as follows: !removecollab <outside_collab_id> <organization> <repo>
+ :param repo:
+ :param org:
+ :param collab:
+ :param user_data:
+ :param data:
+ :return:
+ """
+ # Output that we are doing work:
+ send_info(data["channel"], "@{}: Working, Please wait...".format(user_data["name"]), thread=data["ts"])
+
+ # Grant access:
+ try:
+ for r in repos:
+ self.remove_outside_collab_from_repo(collab, r, org)
+
+ except ValueError as ve:
+ send_error(data["channel"],
+ "@{}: Problem encountered removing the user as an outside collaborator.\n"
+ "The response code from GitHub was: {}".format(user_data["name"], str(ve)), thread=data["ts"])
+ return
+
+ except Exception as e:
+ send_error(data["channel"],
+ "@{}: Problem encountered removing the user as an outside collaborator.\n"
+ "Here are the details: {}".format(user_data["name"], str(e)), thread=data["ts"])
+ return
+
+ # Done:
+ send_success(data["channel"],
+ "@{}: The GitHub user: `{}` has been removed as an outside collaborator "
+ "from {} in {}.".format(user_data["name"], collab,
+ ", ".join(repos), org),
+ markdown=True, thread=data["ts"])
+
@hubcommander_command(
name="!SetRepoPermissions",
usage="!SetRepoPermissions <OrgWithRepo> <Repo> <Team> <Permission>",
@@ -1245,6 +1308,22 @@ def add_outside_collab_to_repo(self, outside_collab_id, repo_name, real_org, per
if response.status_code not in [201, 204]:
raise ValueError(response.status_code)
+ def remove_outside_collab_from_repo(self, outside_collab_id, repo_name, real_org):
+ headers = {
+ 'Authorization': 'token {}'.format(self.token),
+ 'Accept': GITHUB_VERSION
+ }
+
+ # Add the outside collab to the repo:
+ api_part = 'repos/{}/{}/collaborators/{}'.format(real_org, repo_name, outside_collab_id)
+ response = requests.delete('{}{}'.format(GITHUB_URL, api_part),
+ headers=headers,
+ timeout=10)
+
+ # GitHub response code flakiness...
+ if response.status_code not in [201, 204]:
+ raise ValueError(response.status_code)
+
def create_new_repo(self, repo_to_create, org, visibility):
headers = {
'Authorization': 'token {}'.format(self.token),
From c84c0000a1a7862ca00aa8bd4acb938c88d546dc Mon Sep 17 00:00:00 2001
From: Megan Marsh <meganmarsh@netflix.com>
Date: Tue, 4 Jan 2022 15:24:42 -0800
Subject: [PATCH 25/29] add check against whether user is a member of a set of
teams in the org.
---
command_plugins/github/config.py | 5 ++++
command_plugins/github/plugin.py | 41 ++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+)
diff --git a/command_plugins/github/config.py b/command_plugins/github/config.py
index 10ac55d..e99b824 100644
--- a/command_plugins/github/config.py
+++ b/command_plugins/github/config.py
@@ -14,6 +14,11 @@
"name": "TeamName" # The name of the team here...
}
]
+ "collab_validation_teams": [
+ # If users are members of any of the teams in this list, they will
+ # not be added as outside collaborators
+ "TeamName"
+ ]
}
}
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 2f81f1a..f956e50 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -1230,6 +1230,17 @@ def set_repo_topics_http(self, org, repo, topics, **kwargs):
return True
def add_outside_collab_to_repo(self, outside_collab_id, repo_name, real_org, permission):
+ # Make sure the user is not a member of any of the "validation" teams
+ # in an org; this prevents us from accidentally adding collaborators who
+ # are already given the permissions they need via a different mechanism.
+ if "collab_validation_teams" in ORGS[real_org]:
+ for team in ORGS[real_org]["collab_validation_teams"]:
+ if self.check_if_user_is_member_of_team(real_org, outside_collab_id, team):
+ raise Exception(("User {} is already a member of the {} "
+ "team in {}. You should not add them as an external "
+ "collaborator as well. Consider using the !InviteMeTo command "
+ "instead.").format(outside_collab_id, team, real_org))
+
headers = {
'Authorization': 'token {}'.format(self.token),
'Accept': GITHUB_VERSION
@@ -1386,6 +1397,36 @@ def check_if_user_is_member_of_org(self, github_id, org):
return False
+ def check_if_user_is_member_of_team(self, org, github_id, team_name):
+ """
+ This will connect to GitHub, and try to retrieve the membership status of a
+ single user for a team in a given org.
+ """
+
+ # Check if the user exists first:
+ user = self.get_github_user(github_id)
+
+ if not user:
+ return None
+
+
+ headers = {
+ 'Authorization': 'token {}'.format(self.token),
+ 'Accept': GITHUB_VERSION
+ }
+
+ # Retrieve a users membership details.
+ api_part = 'orgs/{}/teams/{}/memberships/{}'.format(org, team_name, github_id)
+ response = requests.get('{}{}'.format(GITHUB_URL, api_part), headers=headers, timeout=10)
+
+ if response.status_code == 200:
+ return True
+
+ elif response.status_code != 404:
+ raise ValueError("GitHub Problem: Checking membership, status code: {}".format(response.status_code))
+
+ return False
+
def invite_user_to_gh_org_team(self, github_id, team_id, role):
headers = {
'Authorization': 'token {}'.format(self.token),
From c6661556f58b9c356ff521a06cca570589e3b99b Mon Sep 17 00:00:00 2001
From: Ricardo Veguilla <836617+rveguilla@users.noreply.github.com>
Date: Fri, 4 Mar 2022 15:36:43 -0600
Subject: [PATCH 26/29] Use new org-scope team API endpoint to add repo to team
---
command_plugins/github/plugin.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index f4d7c83..b88eca3 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -1384,7 +1384,7 @@ def set_repo_permissions(self, repo_to_set, org, team, permission):
'Authorization': 'token {}'.format(self.token),
'Accept': GITHUB_VERSION
}
- api_part = 'teams/{}/repos/{}/{}'.format(team, org, repo_to_set)
+ api_part = 'orgs/{}/teams/{}/repos/{}/{}'.format(org, team, org, repo_to_set)
data = {
"permission": permission
From 2e5f071c4ba08a30140c06edde69f88e0c12b93c Mon Sep 17 00:00:00 2001
From: Ricardo Veguilla <836617+rveguilla@users.noreply.github.com>
Date: Fri, 4 Mar 2022 16:32:09 -0600
Subject: [PATCH 27/29] Use new teams API for AddUserToTeam and
SetRepoPermissions
---
command_plugins/github/decorators.py | 4 ++--
command_plugins/github/plugin.py | 12 ++++++------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/command_plugins/github/decorators.py b/command_plugins/github/decorators.py
index 59fc442..5729a21 100644
--- a/command_plugins/github/decorators.py
+++ b/command_plugins/github/decorators.py
@@ -35,8 +35,8 @@ def team_must_exist(org_arg="org", team_arg="team"):
def command_decorator(func):
def decorated_command(github_plugin, data, user_data, *args, **kwargs):
# Check if the specified GitHub team exists:
- kwargs['team_id'] = github_plugin.find_team_id_by_name(kwargs[org_arg], kwargs[team_arg])
- if not kwargs.get("team_id"):
+ team_id = github_plugin.find_team_id_by_name(kwargs[org_arg], kwargs[team_arg])
+ if not team_id:
send_error(data["channel"], "@{}: The GitHub team: {} does not exist.".format(user_data["name"],
kwargs[team_arg]),
thread=data["ts"])
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index b88eca3..34fe88b 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -414,7 +414,7 @@ def remove_outside_collab_command(self, data, user_data, collab, org, repos):
@auth()
@repo_must_exist()
@team_must_exist()
- def set_repo_permissions_command(self, data, user_data, team, org, repo, permission, team_id=None):
+ def set_repo_permissions_command(self, data, user_data, team, org, repo, permission):
"""
Adds a team to a repository with a specified permission.
@@ -432,7 +432,7 @@ def set_repo_permissions_command(self, data, user_data, team, org, repo, permiss
# Grant access:
try:
- self.set_repo_permissions(repo, org, team_id, permission)
+ self.set_repo_permissions(repo, org, team, permission)
except ValueError as ve:
send_error(data["channel"],
@@ -471,7 +471,7 @@ def set_repo_permissions_command(self, data, user_data, team, org, repo, permiss
@auth()
@github_user_exists("user_id")
@team_must_exist()
- def add_user_to_team_command(self, data, user_data, user_id, org, team, role, team_id=None):
+ def add_user_to_team_command(self, data, user_data, user_id, org, team, role):
"""
Adds a GitHub user to a team with a specified role.
@@ -489,7 +489,7 @@ def add_user_to_team_command(self, data, user_data, user_id, org, team, role, te
# Do it:
try:
- self.invite_user_to_gh_org_team(user_id, team_id, role)
+ self.invite_user_to_gh_org_team(org, team, user_id, role)
except ValueError as ve:
send_error(data["channel"],
@@ -1506,7 +1506,7 @@ def check_if_user_is_member_of_team(self, org, github_id, team_name):
return False
- def invite_user_to_gh_org_team(self, github_id, team_id, role):
+ def invite_user_to_gh_org_team(self, org, team, username, role):
headers = {
'Authorization': 'token {}'.format(self.token),
'Accept': GITHUB_VERSION
@@ -1515,7 +1515,7 @@ def invite_user_to_gh_org_team(self, github_id, team_id, role):
data = {"role": role}
# Add the GitHub user to the team:
- api_part = 'teams/{}/memberships/{}'.format(team_id, github_id)
+ api_part = 'orgs/{}/teams/{}/memberships/{}'.format(org, team, username)
response = requests.put('{}{}'.format(GITHUB_URL, api_part), data=json.dumps(data), headers=headers, timeout=10)
if response.status_code != 200:
From 301f6a65d83bc1cdae836283ea2efe1bc351af7f Mon Sep 17 00:00:00 2001
From: Ricardo Veguilla <836617+rveguilla@users.noreply.github.com>
Date: Fri, 4 Mar 2022 21:12:45 -0600
Subject: [PATCH 28/29] fix command_plugins/github/config.py syntax
---
command_plugins/github/config.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/command_plugins/github/config.py b/command_plugins/github/config.py
index e99b824..3edae67 100644
--- a/command_plugins/github/config.py
+++ b/command_plugins/github/config.py
@@ -13,7 +13,7 @@
"perm": "push", # The permission, either "push", "pull", or "admin"...
"name": "TeamName" # The name of the team here...
}
- ]
+ ],
"collab_validation_teams": [
# If users are members of any of the teams in this list, they will
# not be added as outside collaborators
From 35abf3880b48e6059ea811b17d46ea2b1820c4f7 Mon Sep 17 00:00:00 2001
From: Ricardo Veguilla <836617+rveguilla@users.noreply.github.com>
Date: Fri, 4 Mar 2022 22:31:14 -0600
Subject: [PATCH 29/29] fix set_repo_permissions
---
command_plugins/github/plugin.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/command_plugins/github/plugin.py b/command_plugins/github/plugin.py
index 34fe88b..a294fc5 100644
--- a/command_plugins/github/plugin.py
+++ b/command_plugins/github/plugin.py
@@ -572,7 +572,7 @@ def create_repo_command(self, data, user_data, org, repo):
# Grant the proper teams access to the repository:
try:
for perm_dict in ORGS[org]["new_repo_teams"]:
- self.set_repo_permissions(repo, org, perm_dict["id"], perm_dict["perm"])
+ self.set_repo_permissions(repo, org, perm_dict["name"], perm_dict["perm"])
except Exception as e:
send_error(data["channel"],