-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #443 from openedx/feanil/audit_users
feat: Add a tool to audit github users.
- Loading branch information
Showing
8 changed files
with
147 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
Audit GitHub Users | ||
################## | ||
|
||
This script will compare the list of users in a github org against a list of | ||
users in a CSV and tell you which github users are not listed in the CSV. | ||
|
||
CSV Location and Format | ||
*********************** | ||
|
||
The CSV is expected to be in a GitHub repo and it should contain a column name | ||
"GitHub Username" that contains a GitHub username. | ||
|
||
Usage | ||
***** | ||
|
||
You will need a GH pesonal access token with the following scopes: | ||
|
||
* read:org | ||
* repo | ||
|
||
First, set up repo-tools as described in `the root README <../../README.rst>`_. | ||
There are a few ways to do this; one way is:: | ||
|
||
export GITHUB_TOKEN="$(pass github-token)" # assumes you have passwordstore.org | ||
|
||
python3 -m venv venv | ||
. venv/bin/activate | ||
pip install -e .[audit_gh_users] | ||
|
||
Then, run the script:: | ||
|
||
audit_users | ||
|
||
Contributing | ||
************ | ||
|
||
* Make changes on your branch. | ||
|
||
* CI will run tests for you, but not linting, so ensure your changes don't break pylint: ``pylint edx_repo_tools/audit_users``. | ||
|
||
* Ping `#ask-axim`__ on Slack for review. | ||
|
||
__ https://openedx.slack.com/archives/C0497NQCLBT | ||
|
||
* Once approved, apply and merge (non-Axim engineers: ask your Axim reviewer to do this part for you). |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
""" | ||
Audit github users in an org. Comparing the list of users to those in a CSV. | ||
See the README for more info. | ||
""" | ||
|
||
import base64 | ||
import csv | ||
import io | ||
from itertools import chain | ||
import click | ||
from ghapi.all import GhApi, paged | ||
|
||
|
||
@click.command() | ||
@click.option( | ||
"--github-token", | ||
"_github_token", | ||
envvar="GITHUB_TOKEN", | ||
required=True, | ||
help="A github personal access token.", | ||
) | ||
@click.option( | ||
"--org", | ||
"org", | ||
default="openedx", | ||
help="The github org that you wish check.", | ||
) | ||
@click.option( | ||
"--csv-repo", | ||
"csv_repo", | ||
default="openedx-webhooks-data", | ||
help="The github repo that contains the CSV we should compare against.", | ||
) | ||
@click.option( | ||
"--csv-path", | ||
"csv_path", | ||
default="salesforce-export.csv", | ||
help="The path in the repo to the csv file. The file should contain a 'GitHub Username' column.", | ||
) | ||
def main(org, _github_token, csv_repo, csv_path): | ||
""" | ||
Entry point for command-line invocation. | ||
""" | ||
api = GhApi() | ||
|
||
# Get all github users in the org. | ||
current_org_users = [ | ||
member.login | ||
for member in chain.from_iterable( | ||
paged(api.orgs.list_members, org, per_page=100) | ||
) | ||
] | ||
|
||
# Get all github usernames from openedx-webhooks-data/salesforce-export.csv | ||
csv_file = io.StringIO( | ||
base64.decodebytes( | ||
api.repos.get_content(org, csv_repo, csv_path).content.encode() | ||
).decode("utf-8") | ||
) | ||
reader = csv.DictReader(csv_file) | ||
csv_github_users = [row["GitHub Username"] for row in reader] | ||
|
||
# Find all the people that are in the org but not in sales force. | ||
extra_org_users = set(current_org_users) - set(csv_github_users) | ||
|
||
# List the users we need to investigate | ||
print("\n".join(sorted(extra_org_users))) | ||
|
||
|
||
if __name__ == "__main__": | ||
main() # pylint: disable=no-value-for-parameter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
-c ../../requirements/constraints.txt | ||
|
||
click | ||
ghapi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# | ||
# This file is autogenerated by pip-compile with Python 3.8 | ||
# by the following command: | ||
# | ||
# make upgrade | ||
# | ||
click==8.1.7 | ||
# via -r edx_repo_tools/repo_checks/extra.in | ||
fastcore==1.5.29 | ||
# via ghapi | ||
ghapi==1.0.4 | ||
# via -r edx_repo_tools/repo_checks/extra.in | ||
packaging==23.1 | ||
# via | ||
# fastcore | ||
# ghapi | ||
|
||
# The following packages are considered to be unsafe in a requirements file: | ||
# pip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters