-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpowerHub.psm1
276 lines (226 loc) · 9.2 KB
/
powerHub.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
<#
.SYNOPSIS PowerShell Module for Active Directory and GitHub API Automation
.DESCRIPTION
This module provides a number of tools for helping to automate the provisioning, editing and removal
of GitHub users from your GitHub Organisation, as well as some reporting functions.
It's aimed at small businesses who want to manage and automate provisioning without a GitHub Enterprise
account or SAML/SSO infrastructure. I'd always recommend a dedicated SSO app (ADFS, etc) where possible.
The user's GitHub username is stored in an Active Directory attribute (Default: 'info'). For the brave,
I'd recommend creating a custom AD user attibute by editing the schema to make it obvious to future
administrators what the attribute is storing (ie. 'contoso-github-username').
You'll need a GitHub API Token for most of the functions in this module to work. I'd highly recommend
creating a dedicated 'service' user account in your organisation for this or using an OAuth ID and
Secret so any scripts are not reliant on a named user.
#>
# Script Variables
$script:gitHubApi = "https://api.github.com"
$script:powerHubConfig = "$PSScriptRoot\powerHubConfig.txt"
<#
IMPORT CONFIG CHECK
-------------------
Checks to see if a config file exists when the module is imported. If there is an existing config it pulls the details in.
If not, it offers to set one up.
#>
if (!(Test-Path $script:powerHubConfig))
{
Write-Host "`nWelcome to powerHub!`n"
Write-Host "No configuration file was found.`nIn order to use the functions in this module we'll need your GitHub organisation and an API Token`n"
$option = Read-Host "Would you like to enter these now?(y/n)"
if ($option -eq "y")
{
$apiToken = Read-Host "Paste your GitHub API Token here"
$org = Read-Host "Enter your GitHub organisation name"
New-Item $script:powerHubConfig -Value "APIToken:$apiToken`nOrganisation:$org" -Type File
# Get API Token from config
$apiTokenString = Select-String $script:powerHubConfig -Pattern "APIToken"
$apiTokenDelimiter = $apiTokenString.Line.IndexOf(":")
$script:gitHubAPIToken = $apiTokenString.Line.Substring($apiTokenDelimiter+1)
# Get organisation from config
$orgString = Select-String $script:powerHubConfig -Pattern "Organisation"
$orgDelimiter = $orgString.Line.IndexOf(":")
$script:gitHubOrganisation = $orgString.Line.Substring($orgDelimiter+1)
}
else
{
Write-Host "Skipping. You can create the config file later by using New-powerHubConfig"
}
}
else
{
# Get API Token from config
$apiTokenString = Select-String $script:powerHubConfig -Pattern "APIToken"
$apiTokenDelimiter = $apiTokenString.Line.IndexOf(":")
$script:gitHubAPIToken = $apiTokenString.Line.Substring($apiTokenDelimiter+1)
# Get organisation from config
$orgString = Select-String $script:powerHubConfig -Pattern "Organisation"
$orgDelimiter = $orgString.Line.IndexOf(":")
$script:gitHubOrganisation = $orgString.Line.Substring($orgDelimiter+1)
}
function Get-powerHubConfig
{
<#
.SYNOPSIS Gets the existing value for the GitHubApiToken stored in $PSScriptRoot\ApiToken.txt
#>
if (Test-Path $script:powerHubConfig)
{
Write-Output "`nConfig file exists, change it using New-powerHubConfig`n"
Get-Content $script:powerHubConfig
Write-Output "`n"
}
else
{
$option = Read-Host "No config file present, would you like to create one?"
if ($option -eq "y")
{
$apiToken = Read-Host "Paste your GitHub API Token here"
$org = Read-Host "Enter your GitHub organisation name"
New-Item $script:powerHubConfig -Value "APIToken:$apiToken`nOrganisation:$org" -Type File
# Get API Token from config
$apiTokenString = Select-String $script:powerHubConfig -Pattern "APIToken"
$apiTokenDelimiter = $apiTokenString.Line.IndexOf(":")
$script:gitHubAPIToken = $apiTokenString.Line.Substring($apiTokenDelimiter+1)
# Get organisation from config
$orgString = Select-String $script:powerHubConfig -Pattern "Organisation"
$orgDelimiter = $orgString.Line.IndexOf(":")
$script:gitHubOrganisation = $orgString.Line.Substring($orgDelimiter+1)
}
else
{
Write-Host "Skipping. You can create the config file later by using New-powerHubConfig"
}
}
}
function New-powerHubConfig
{
<#
.SYNOPSIS Replaces the GitHub config saved in $PSScriptRoot\powerHubConfig.txt
.PARAMETER apiToken
Paste the API token you create from your GitHub account in here.
.PARAMETER gitHubOrganisation
The name of your GitHub organisation
#>
param
(
[Parameter(Mandatory=$True)]
[ValidateNotNull()]
$apiToken,
[Parameter(Mandatory=$True)]
[ValidateNotNull()]
$gitHubOrganisation
)
if (Test-Path $script:powerHubConfig)
{
$option = Read-Host "Do you want to replace the existing configuration?(y/n)"
if ($option -eq 'y')
{
New-Item $script:powerHubConfig -Value "APIToken:$apiToken`nOrganisation:$gitHubOrganisation" -Type File -Force
}
else {exit}
}
else
{
New-Item $script:powerHubConfig -Value "APIToken:$apiToken`nOrganisation:$gitHubOrganisation" -Type File
}
}
function Get-GitHubOrgMembers
{
<#
.SYNOPSIS Gets a full list of current memberships/
#>
$gitHubUrl = $script:gitHubApi + "/orgs/" +$script:gitHubOrganisation + "/members" + "?access_token=" + $script:gitHubApiToken
Invoke-RestMethod -Uri $gitHubUrl
}
function Add-GitHubUser
{
<#
.SYNOPSIS Invites GitHub users to your GitHub organisation.
.DESCRIPTION
Invite GitHub users to your GitHub organisation and store their login name in AD under
a user attribute.
.PARAMETER gitHubUsername
The GitHub username that you want to invite to your organisation.
.PARAMETER ADUsername
The username in Active Directory that you want to be associated with the GitHub username.
.EXAMPLE
Add-GitHubUser -GitHubOrganisation 'Contoso' -GitHubUsername 'contoso-geoff' -ADUsername 'geoff' -GitHubAPIToken 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
#>
param
(
[Parameter(Mandatory=$True)]
[ValidateNotNull()]
[string]
$ADUsername,
[Parameter(Mandatory=$True)]
[ValidateNotNull()]
[string]
$gitHubUsername
)
#Invites the GitHub user to the Organisation
$gitHubURL = $script:gitHubApi + "/orgs/" + $script:gitHubOrganisation + "/memberships/" + $gitHubUsername + "?access_token=" + $script:gitHubApiToken
Write-Output "Calling GitHub's API at $gitHubURL"
Invoke-RestMethod -Uri $gitHubURL -Method Put
#Adds their GitHub username to the 'info' AD Attribute
Set-ADUser $ADUsername -Replace @{'info'="$GitUser"}
# Obtains a current list of users
Write-Output "--- The following users were added and their 'info' attribute set ---"
Get-ADUser $ADUsername -Property 'info' | Select Name,'info'
}
function Remove-GitHubUser
{
<#
.SYNOPSIS Removes a GitHub user from your GitHub organisation.
.DESCRIPTION
Remove a GitHub user from your GitHub organisation and delete their login name from the AD attribute.
.PARAMETER gitHubUsername
The GitHub username that you want to remove from your organisation.
.PARAMETER ADUsername
Alternatively you can specifiy the user's AD SamAccountName if they'd been invited to GitHub
using the New-GitHubUser command previously. This will search their AD account for the
AD attribute where their GitHub username is stored (Default is 'info')
.EXAMPLE
Remove-GitHubUser -GitHubUsername 'contoso-geoff'
Remove-GitHubUser -ADUsername 'geoff'
#>
param
(
[Parameter(Mandatory=$False)]
[ValidateNotNull()]
[string]
$ADUsername,
[Parameter(Mandatory=$False)]
[ValidateNotNull()]
[string]
$gitHubUsername
)
if (!($ADUsername) -and !($gitHubUsername))
{
Write-Output "You must specify either a GitHub username or AD username to remove"
}
elseif (($ADUsername) -and !($gitHubUsername))
{
Write-Output "Searching for GitHub Username"
$ADUser = Get-ADUser -Identity $ADUsername -Property SamAccountName,DisplayName,'giffgaff-GitHub-Username'
$gitHubUsername = $ADUser.'giffgaff-GitHub-Username'
$gitHubURL = $script:gitHubApi + "/orgs/" + $script:gitHubOrganisation + "/memberships/" + $gitHubUsername + "?access_token=" + $script:gitHubApiToken
Write-Output "Removing $gitHubUsername from the $gitHubOrganisation organisation on GitHub"
}
elseif (($gitHubUsername) -and !($ADUsername))
{
Write-Output "Removing $gitHubUsername from the $gitHubOrganisation organisation on GitHub"
$gitHubURL = $script:gitHubApi + "/orgs/" + $script:gitHubOrganisation + "/memberships/" + $gitHubUsername + "?access_token=" + $script:gitHubApiToken
}
else
{
Write-Output "Removing $gitHubUsername from the $gitHubOrganisation organisation on GitHub"
$gitHubURL = $script:gitHubApi + "/orgs/" + $script:gitHubOrganisation + "/memberships/" + $gitHubUsername + "?access_token=" + $script:gitHubApiToken
}
<#Invites the GitHub user to the Organisation
$gitHubURL = $script:gitHubApi + "/orgs/" + $script:gitHubOrganisation + "/memberships/" + $gitHubUsername + "?access_token=" + $script:gitHubApiToken
Write-Output "Calling GitHub's API at $gitHubURL"
Invoke-RestMethod -Uri $gitHubURL -Method Put
#Adds their GitHub username to the 'info' AD Attribute
Set-ADUser $ADUsername -Replace @{'info'="$GitUser"}
# Obtains a current list of users
Write-Output "--- The following users were added and their 'info' attribute set ---"
Get-ADUser $ADUsername -Property 'info' | Select Name,'info' #>
}