Skip to content

Add table github_organization_ruleset#547

Open
romain-pix-cyber wants to merge 1 commit into
turbot:mainfrom
romain-pix-cyber:main
Open

Add table github_organization_ruleset#547
romain-pix-cyber wants to merge 1 commit into
turbot:mainfrom
romain-pix-cyber:main

Conversation

@romain-pix-cyber

Copy link
Copy Markdown

Problem : Steampipe allows to query the ruleset from individual repositories but not rulesets defined at the organization level.

This PR solves the issue with a new table github_organization_ruleset :

  • New table mirrors github_repository_ruleset but scoped to an organization via
    organization(login: $org) GraphQL path
  • Reuses existing Rule, BypassActor, Conditions models
  • Includes docs at docs/tables/github_organization_ruleset.md

Example query results

Details
select
  name,
  enforcement,
  created_at
from
  github_organization_ruleset
where
  organization = 'my-org';
Results
+--------------------+-------------+---------------------------+
| name               | enforcement | created_at                |
+--------------------+-------------+---------------------------+
| Corp-Rule-Infra    | EVALUATE    | 2026-02-06T10:47:41+01:00 |
| Branche protection | DISABLED    | 2025-07-18T11:38:12+02:00 |
+--------------------+-------------+---------------------------+

I used AI to generate most of the code following the documentation, then reviewed and verified manually the compilation and the results.

@cbruno10 cbruno10 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@romain-pix-cyber Thanks for raising this PR! I've added a few suggestions, and can you please also share the results of running each of the example queries (just for 1 engine is ok), as some of them seem like they wouldn't return the expected set of rows.

{Name: "organization", Require: plugin.Required},
},
},
Columns: gitHubOrganizationRulesetColumns(),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you wrap this in commonColumns(...)? Almost every table in the plugin adds the standard login_id column via commonColumns(), and it looks like this was copied from github_repository_ruleset, which is one of the few tables that accidentally omits it.

For instance: https://github.com/turbot/steampipe-plugin-github/blob/main/github/table_github_organization.go#L113

return nil, nil
}

func getAdditionalOrgRules(ctx context.Context, d *plugin.QueryData, client *githubv4.Client, databaseID int, org string, initialCursor githubv4.String) []models.Rule {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is d *plugin.QueryData used, do we need it?

Also, for this function and getAdditionalOrgBypassActors, can we order the args to be consistent between the 2 functions?


To query this table using a [fine-grained access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token), the following permissions are required:
- Organization permissions:
- Members (Read-only): Required to access organization rulesets.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please double check the required permissions? Reading organization rulesets generally needs organization Administration (Read-only), or admin:org for a classic PAT, not Members (Read-only).

github_organization_ruleset
where
organization = 'my-org'
and enforcement = 'active';

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the GraphQL schema, the values would be uppercase for enforcement, e.g., EVALUATE, DISABLED. Does this example return rows as expected?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants