Documentation
¶
Overview ¶
Package admin implements the Repository Administrators security policy.
Index ¶
- func NewAdmin() policydef.Policy
- type Admin
- func (a Admin) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
- func (a Admin) Fix(ctx context.Context, c *github.Client, owner, repo string) error
- func (a Admin) GetAction(ctx context.Context, c *github.Client, owner, repo string) string
- func (a Admin) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)
- func (a Admin) Name() string
- type AdministratorExemption
- type OrgConfig
- type RepoConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Admin ¶
type Admin bool
Admin is the Repository Administrator policy object, implements policydef.Policy.
func (Admin) Check ¶
func (a Admin) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
Check performs the policy check for Repository Administrators based on the configuration stored in the org/repo, implementing policydef.Policy.Check()
func (Admin) Fix ¶
Fix implementing policydef.Policy.Fix(). Currently not supported. Plan to support this TODO.
func (Admin) GetAction ¶
GetAction returns the configured action from this policy's configuration stored in the org-level repo, default log. Implementing policydef.Policy.GetAction()
type AdministratorExemption ¶
type AdministratorExemption struct {
// Repo is a GitHub repo name. Globs are allowed.
Repo string `json:"repo"`
// OwnerlessAllowed defines if repositories are allowed to have no
// administrators, default false.
OwnerlessAllowed bool `json:"ownerlessAllowed"`
// Whether to allow users to be admins on a repo. If false then only teams can be admins. Default true.
UserAdminsAllowed bool `json:"userAdminsAllowed"`
// Allow specific users to be admins on this repository. It overrides the boolean value UserAdminsAllowed.
UserAdmins []string `json:"userAdmins"`
// The maximum number of users with admin permissions on this repo that are allowed. It overrides the int value MaxNumberUserAdmins.
// It only takes effect if a value > 0 is specified. If you wish to disallow user admins in general, please use the userAdminsAllowed bool instead.
MaxNumberUserAdmins int `json:"maxNumberUserAdmins"`
// Whether to allow teams to be admins on a repo. If false then only users can be admins. Default true.
TeamAdminsAllowed bool `json:"teamAdminsAllowed"`
// Allow specific teams to be admins on this repository. It overrides the boolean value TeamAdminsAllowed.
TeamAdmins []string `json:"teamAdmins"`
// The maximum number of teams with admin permissions on this repo that are allowed. It overrides the int value MaxNumberAdminTeams.
// It only takes effect if a value > 0 is specified. If you wish to disallow admin teams in general, please use the teamAdminsAllowed bool instead.
MaxNumberAdminTeams int `json:"maxNumberAdminTeams"`
}
AdministratorExemption is an exemption entry for the Repository Administrators policy.
type OrgConfig ¶
type OrgConfig struct {
// OptConfig is the standard org-level opt in/out config, RepoOverride
// applies to all config.
OptConfig config.OrgOptConfig `json:"optConfig"`
// Action defines which action to take, default log, other: issue...
Action string `json:"action"`
// OwnerlessAllowed defines if repositories are allowed to have no
// administrators, default false.
OwnerlessAllowed bool `json:"ownerlessAllowed"`
// Whether to allow users to be admins on a repo. If false then only teams can be admins. Default true.
UserAdminsAllowed bool `json:"userAdminsAllowed"`
// The maximum number of users with admin permissions on a repo that are allowed.
// It only takes effect if a value > 0 is specified. If you wish to disallow user admins in general, please use the userAdminsAllowed bool instead.
MaxNumberUserAdmins int `json:"maxNumberUserAdmins"`
// Whether to allow teams to be admins on a repo. If false then only users can be admins. Default true.
TeamAdminsAllowed bool `json:"teamAdminsAllowed"`
// The maximum number of teams with admin permissions on a repo that are allowed.
// It only takes effect if a value > 0 is specified. If you wish to disallow admin teams in general, please use the teamAdminsAllowed bool instead.
MaxNumberAdminTeams int `json:"maxNumberAdminTeams"`
// Exemptions is a list of repo-bool pairings to exempt.
// Exemptions are only defined at the org level because they should be made
// obvious to org security managers.
Exemptions []*AdministratorExemption `json:"exemptions"`
}
OrgConfig is the org-level config definition for Repository Administrators security policy.
type RepoConfig ¶
type RepoConfig struct {
// OptConfig is the standard repo-level opt in/out config.
OptConfig config.RepoOptConfig `json:"optConfig"`
// Action overrides the same setting in org-level, only if present.
Action *string `json:"action"`
// OwnerlessAllowed overrides the same setting in org-level, only if present.
OwnerlessAllowed *bool `json:"ownerlessAllowed"`
// UserAdminsAllowed overrides the same setting in org-level, only if present.
UserAdminsAllowed *bool `json:"userAdminsAllowed"`
// MaxNumberUserAdmins overrides the same setting in org-level, only if present.
MaxNumberUserAdmins *int `json:"maxNumberUserAdmins"`
// TeamAdminsAllowed overrides the same setting in org-level, only if present.
TeamAdminsAllowed *bool `json:"teamAdminsAllowed"`
// MaxNumberAdminTeams overrides the same setting in org-level, only if present.
MaxNumberAdminTeams *int `json:"maxNumberAdminTeams"`
}
RepoConfig is the repo-level config for Repository Administrators security policy.
Source Files
Click to show internal directories.
Click to hide internal directories.