Add table github_organization_ruleset#547
Conversation
cbruno10
left a comment
There was a problem hiding this comment.
@romain-pix-cyber Thanks for raising this PR! I've added a few suggestions, and can you please also share the results of running each of the example queries (just for 1 engine is ok), as some of them seem like they wouldn't return the expected set of rows.
| {Name: "organization", Require: plugin.Required}, | ||
| }, | ||
| }, | ||
| Columns: gitHubOrganizationRulesetColumns(), |
There was a problem hiding this comment.
Could you wrap this in commonColumns(...)? Almost every table in the plugin adds the standard login_id column via commonColumns(), and it looks like this was copied from github_repository_ruleset, which is one of the few tables that accidentally omits it.
For instance: https://github.com/turbot/steampipe-plugin-github/blob/main/github/table_github_organization.go#L113
| return nil, nil | ||
| } | ||
|
|
||
| func getAdditionalOrgRules(ctx context.Context, d *plugin.QueryData, client *githubv4.Client, databaseID int, org string, initialCursor githubv4.String) []models.Rule { |
There was a problem hiding this comment.
Is d *plugin.QueryData used, do we need it?
Also, for this function and getAdditionalOrgBypassActors, can we order the args to be consistent between the 2 functions?
|
|
||
| To query this table using a [fine-grained access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token), the following permissions are required: | ||
| - Organization permissions: | ||
| - Members (Read-only): Required to access organization rulesets. |
There was a problem hiding this comment.
Can you please double check the required permissions? Reading organization rulesets generally needs organization Administration (Read-only), or admin:org for a classic PAT, not Members (Read-only).
| github_organization_ruleset | ||
| where | ||
| organization = 'my-org' | ||
| and enforcement = 'active'; |
There was a problem hiding this comment.
Looking at the GraphQL schema, the values would be uppercase for enforcement, e.g., EVALUATE, DISABLED. Does this example return rows as expected?
Problem : Steampipe allows to query the ruleset from individual repositories but not rulesets defined at the organization level.
This PR solves the issue with a new table github_organization_ruleset :
organization(login: $org) GraphQL path
Example query results
Details
Results