public/syncRepoAccess.ps1
|
<# .SYNOPSIS Synchronize the access of a list of users to a repository. #> function Sync-RepoAccess{ [CmdletBinding(SupportsShouldProcess)] [OutputType([hashtable])] param( [Parameter(Mandatory,Position=0)][ValidateSet("read", "triage", "write", "maintain", "admin")] [string]$role, [Parameter(Mandatory,Position=1)] [string]$FilePath, [Parameter()] [string]$Owner, [Parameter()] [string]$Repo ) # Resolve repor form parameters and environment $Owner,$Repo = Get-Environment $Owner $Repo # Error if parameters not set. No need to check repo too. if([string]::IsNullOrEmpty($Owner) -or [string]::IsNullOrEmpty($Repo)){ "[Sync-RepoAccess] Owner and Repo parameters are required" | Write-Error return $null } "Syncing access $role to $Owner/$Repo from $FilePath" | Write-Verbose $ret = @{} # Read users from file $users = Get-UsersFromFile -Path $FilePath if($null -eq $users){ "Error reading user file $FilePath" | Write-Error return $null } "Found $($users.Count) users" | Write-Verbose # Get current permissions and invitations $permissions = Get-UserAccess -Owner $Owner -Repo $Repo $invitations = Get-RepoAccessInvitations -Owner $Owner -Repo $Repo "Found $($permissions.Count) permissions granted" | Write-Verbose "Found $($invitations.Count) invitations pending" | Write-Verbose # Update or add existing users foreach($user in $users){ "Processing $user for role $role" | Write-Verbose # Already invited to this role if($invitations.$user -eq $role){ "User $user has an invitation pending" | Write-Verbose $ret.$user = "?" continue } # Already granted to this role if($permissions.$user -eq $role){ "User $user already has this role" | Write-Verbose $ret.$user = "=" continue } # Check if it has granted a different role "User $user needs to be granted $role" | Write-Verbose if($permissions.ContainsKey($user)){ "User $user has already granted role $($permissions.$user)" | Write-Verbose $status = "+ ($($permissions.$user))" } elseif ($invitations.ContainsKey($user)){ "User $user has already an invitation pending for role $($invitations.$user)" | Write-Verbose $status = "+ ($($invitations.$user))" } else { $status = "+" } # Force to avoid the call to check if the access is already set if ($PSCmdlet.ShouldProcess("User $user", "Grant-RepoAccess -Owner $Owner -Repo $Repo -User $user -Role $role -Force")) { $result = Grant-RepoAccess -Owner $Owner -Repo $Repo -User $user -Role $role -Force if($result.$user -eq $role.ToLower()){ "User $user granted $role" | Write-Verbose $ret.$user = $status } else { "Error granting $role to $user" | Write-Verbose $ret.$user = "X" } } else { $ret.$user = $status } } # Delete non existing users "Deleting users that are granted but not in the list" | Write-Verbose # Just remove the users that where set to $role $usersToDelete = $Permissions.Keys | Where-Object { $users -notcontains $_ } $usersToDelete = $usersToDelete | Where-Object { $Permissions.$_ -eq $role} "Found $($usersToDelete.Count) users to delete" | Write-Verbose foreach($userToDelete in $usersToDelete){ "Deleting $userToDelete access $role to $Owner/$Repo" | Write-Verbose if ($PSCmdlet.ShouldProcess("User $userToDelete", "Remove-RepoAccess -Owner $owner -Repo $repo -User $userToDelete")) { $result = Remove-RepoAccess -Owner $owner -Repo $repo -User $userToDelete if($null -eq $result){ "Deleted $role grant for $userToDelete" | Write-Verbose $ret.$userToDelete += "-" } else { "Error deleting $role grant for $userToDelete" | Write-Verbose $ret.$userToDelete += 'X -' } } else { $ret.$userToDelete += "-" } } return $ret } Export-ModuleMember -Function Sync-RepoAccess function Get-UsersFromFile{ [CmdletBinding()] [OutputType([string[]])] param( [Parameter(Mandatory)] [string]$Path ) $users = @() $content = Get-Content -Path $Path if(-not $?){ return $null } foreach($line in $content){ $line = $line.Trim() if($line -eq ""){ continue } if($line.StartsWith("#")){ continue } $users += $line } return $users } |