forked from github/platform-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Script to show all repositories a user can access
* groovy script to show all repositories that can be accessed by given users on an GitHub Enterprise instance * run 'groovy AuditUsers.groovy' to see the list of command line options * first run may take some time as required dependencies have to get downloaded, then it should be quite fast
- Loading branch information
Showing
1 changed file
with
93 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| #!/usr/bin/env groovy | ||
|
|
||
| /** | ||
| * groovy script to show all repositories that can be accessed by given users on an GitHub Enterprise instance | ||
| * | ||
| * | ||
| * Run 'groovy AuditUsers.groovy' to see the list of command line options | ||
| * | ||
| * First run may take some time as required dependencies have to get downloaded, then it should be quite fast | ||
| * | ||
| * If you do not have groovy yet, run 'brew install groovy' | ||
| */ | ||
|
|
||
| @Grab(group='org.kohsuke', module='github-api', version='1.75') | ||
| @Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.7.2' ) | ||
| import org.kohsuke.github.GitHub | ||
| import groovyx.net.http.RESTClient | ||
| import static groovyx.net.http.ContentType.* | ||
| import groovy.json.JsonOutput | ||
|
|
||
|
|
||
| // parsing command line args | ||
| cli = new CliBuilder(usage: 'groovy AuditUsers.groovy [options] [user accounts]\nReports all repositories that can be accessed by given users') | ||
| cli.t(longOpt: 'token', 'personal access token of a GitHub Enterprise site admin with repo skope (or use GITHUB_TOKEN env variable)', required: false , args: 1 ) | ||
| cli.u(longOpt: 'url', 'GitHub Enterprise URL (or use GITHUB_URL env variable), e.g. https://myghe.com', required: false , args: 1 ) | ||
| cli.s(longOpt: 'skipPublicRepos', 'Do not print publicly available repositories at the end of the report', required: false , args: 0 ) | ||
| cli.h(longOpt: 'help', 'Print this usage info', required: false , args: 0 ) | ||
|
|
||
| OptionAccessor opt = cli.parse(args) | ||
|
|
||
| token = opt.t?opt.t:System.getenv("GITHUB_TOKEN") | ||
| url = opt.u?opt.u:System.getenv("GITHUB_URL") | ||
| listOnly = opt.l | ||
|
|
||
| // bail out if help parameter was supplied or not sufficient input to proceed | ||
| if (opt.h || !token || !url || opt.arguments().size() == 0) { | ||
| cli.usage() | ||
| return | ||
| } | ||
|
|
||
| // chop potential trailing slash from GitHub Enterprise URL | ||
| url = url.replaceAll('/\$', "") | ||
|
|
||
|
|
||
| RESTClient restSiteAdmin = getGithubApi(url , token) | ||
|
|
||
| // iterate over all supplied users | ||
| opt.arguments().each { | ||
| user=it | ||
| println "Showing repositories accessible for user ${user} ... " | ||
| try { | ||
| // get temporary access token for given user | ||
| resp = restSiteAdmin.post( | ||
| path: "/api/v3/admin/users/${user}/authorizations", | ||
| body: JsonOutput.toJson( scopes: ["repo"]), | ||
| requestContentType: URLENC ) | ||
|
|
||
| assert resp.data.token != null | ||
| userToken = resp.data.token | ||
|
|
||
| try { | ||
| // list all accessible repositories in organizations and personal repositories of this user | ||
| userRepos = GitHub.connectToEnterprise("${url}/api/v3", userToken).getMyself().listAllRepositories() | ||
|
|
||
| // further fields available on http://github-api.kohsuke.org/apidocs/org/kohsuke/github/GHRepository.html#method_summary | ||
| userRepos.each { println "user: ${user}, repo: ${it.name}, owner: ${it.ownerName}, private: ${it.private}, read: ${it.hasPullAccess()}, write: ${it.hasPushAccess()}, admin: ${it.hasAdminAccess()}, url: ${it.getHtmlUrl()}" } | ||
| } | ||
| finally { | ||
| // delete the personal access token again even if we ran into an exception | ||
| resp = restClient.delete(path: "/api/v3/admin/users/${user}/authorizations") | ||
| assert resp.status == 204 | ||
| } | ||
| println "" | ||
| } catch (Exception e) { | ||
| e.printStackTrace() | ||
| println "An error occurred while fetching repositories for user ${user}, continuing with the next user ..." | ||
| } | ||
| } | ||
|
|
||
| if (!opt.s) { | ||
| println "Showing repositories accessible by any logged in user ..." | ||
| publicRepos = GitHub.connectToEnterprise("${url}/api/v3", token).listAllPublicRepositories() | ||
| // further fields on http://github-api.kohsuke.org/apidocs/org/kohsuke/github/GHRepository.html#method_summary | ||
| publicRepos.each { println "public repo: ${it.name}, owner: ${it.ownerName}, url: ${it.getHtmlUrl()}" } | ||
| } | ||
|
|
||
| def RESTClient getGithubApi(url, token) { | ||
| restClient = new RESTClient(url).with { | ||
| headers['Accept'] = 'application/json' | ||
| headers['Authorization'] = "token ${token}" | ||
| it | ||
| } | ||
| } |