-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathorg_access_audit.py
103 lines (81 loc) · 2.62 KB
/
org_access_audit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/usr/bin/env python
# Copyright 2022 VMware, Inc.
# SPDX-License-Identifier: BSD-2-Clause
# Author: Dawn M. Foster <[email protected]>
"""GitHub Organization Access Audit
This script uses the GitHub GraphQL API to retrieve relevant
information about all enterprise owners and org members from
one or more GitHub orgs.
Note that you must have appropriate access to this data in the
orgs requested. Missing data likely means that you don't have
access.
As input, this script requires a file named 'orgs.txt' containing
the name of one GitHub org per line residing in the same folder
as this script.
Your API key should be stored in a file called gh_key in the
same folder as this script.
As output:
* JSON data is currently printed to the screen as way to do this
quickly.
"""
import sys
from common_functions import read_key
def make_query(after_cursor = None):
"""Creates and returns a GraphQL query with cursor for pagination"""
return """query ($org_name: String!){
organization(login: $org_name){
url
enterpriseOwners(first:100){
nodes{
login
}
}
membersWithRole(first:100){
nodes{
login
name
}
}
}
}
"""
# Read GitHub key from file using the read_key function in
# common_functions.py
try:
api_token = read_key('gh_key')
except:
print("Error reading GH Key. This script depends on the existance of a file called gh_key containing your GitHub API token. Exiting")
sys.exit()
def get_org_data(api_token):
"""Executes the GraphQL query to get owner / member data from one or more GitHub orgs.
Parameters
----------
api_token : str
The GH API token retrieved from the gh_key file.
Returns
-------
repo_info_df : pandas.core.frame.DataFrame
"""
import requests
import json
import pandas as pd
from common_functions import read_orgs
import sys
url = 'https://api.github.com/graphql'
headers = {'Authorization': 'token %s' % api_token}
# Read list of orgs from a file
try:
org_list = read_orgs('orgs.txt')
except:
print("Error reading orgs. This script depends on the existance of a file called orgs.txt containing one org per line. Exiting")
sys.exit()
for org_name in org_list:
try:
query = make_query()
variables = {"org_name": org_name}
r = requests.post(url=url, json={'query': query, 'variables': variables}, headers=headers)
json_data = json.loads(r.text)
print(json_data)
except:
print("ERROR Cannot process", org_name)
get_org_data(api_token)