Skip to content

Commit

Permalink
Merge pull request #757 from github/jusuchin85/2024-11-19_graphql_ip-…
Browse files Browse the repository at this point in the history
…allow-lists

Add GraphQL Queries for Managing the IP Allow List (and Other Small Usability Fixes)
  • Loading branch information
jusuchin85 authored Nov 20, 2024
2 parents e92f650 + 68de171 commit 5717604
Show file tree
Hide file tree
Showing 32 changed files with 223 additions and 18 deletions.
25 changes: 25 additions & 0 deletions graphql/queries/enterprise-get-ip-allow-list.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Grab current IP allow list settings for an enterprise.
# This includes:
# - The IP allow list entries
# - The IP allow list enabled setting
# - The IP allow list for GitHub Apps enabled setting

query GetEnterpriseIPAllowList {
enterprise(slug: "ENTERPRISE_SLUG") {
owner_id: id
enterprise_slug: slug
enterprise_owner_info: ownerInfo {
is_ip_allow_list_enabled: ipAllowListEnabledSetting
is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting
ipAllowListEntries(first: 100) {
nodes {
ip_allow_list_entry_id: id
ip_allow_list_entry_name: name
ip_allow_list_entry_value: allowListValue
ip_allow_list_entry_created: createdAt
is_ip_allow_list_entry_active: isActive
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
# If the Identity Provider has sent an `emails` attribute/value in a previous SAML response for enterprise member(s), it also possible to add the `emails` attribute in the `samlIdentity` section right below `nameID` and query for this SAML identity attribute value as well.
# If there are a large number of identities/users (greater than 100), pagination will need to be used. See https://graphql.org/learn/pagination/ for details on pagination. There is an example of pagination in simple-pagination-example.graphql.

query listSSOUserIdentities($enterpriseSlug: String!) {
enterprise(slug: $enterpriseSlug) {
query listSSOUserIdentities {
enterprise(slug: "ENTERPRISE_SLUG") {
ownerInfo {
samlIdentityProvider {
externalIdentities(first: 100) {
Expand Down
29 changes: 29 additions & 0 deletions graphql/queries/ip-allow-list-add-ip.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# This query is used to add an IP address to the IP allow list.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation AddIPAddressToIPAllowList {
createIpAllowListEntry(
input: {
ownerId: "OWNER_ID"
name: "DESCRIPTION_OF_IP_ADDRESS"
allowListValue: "IP_ADDRESS"
isActive: true
}
) {
ipAllowListEntry {
ip_allow_list_entry_id: id
ip_allow_list_entry_name: name
ip_allow_list_entry_ip_address: allowListValue
ip_allow_list_entry_created: createdAt
ip_allow_list_entry_updated: updatedAt
is_ip_allow_list_entry_active: isActive
}
}
}
17 changes: 17 additions & 0 deletions graphql/queries/ip-allow-list-disable-github-apps-only.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# This query is used to disable the IP allow list feature. This will apply to GitHub Apps only.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation DisableIPAllowListForGitHubAppsOnly {
updateIpAllowListForInstalledAppsEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: DISABLED }
) {
clientMutationId
}
}
17 changes: 17 additions & 0 deletions graphql/queries/ip-allow-list-disable-ip-address-only.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# This query is used to disable the IP allow list feature. This will apply to IP addresses only.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation DisableAllowListForIpsOnly {
updateIpAllowListEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: DISABLED }
) {
clientMutationId
}
}
22 changes: 22 additions & 0 deletions graphql/queries/ip-allow-list-disable.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# This query is used to disable the IP allow list feature. This will apply to both IP addresses and GitHub Apps.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation DisableIPAllowList {
updateIpAllowListEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: DISABLED }
) {
clientMutationId
}
updateIpAllowListForInstalledAppsEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: DISABLED }
) {
clientMutationId
}
}
17 changes: 17 additions & 0 deletions graphql/queries/ip-allow-list-enable-github-apps-only.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# This query is used to enable the IP allow list feature. This will apply to GitHub Apps only.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation EnableIPAllowListForGitHubAppsOnly {
updateIpAllowListForInstalledAppsEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: ENABLED }
) {
clientMutationId
}
}
17 changes: 17 additions & 0 deletions graphql/queries/ip-allow-list-enable-ip-address-only.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# This query is used to enable the IP allow list feature. This will apply to IP addresses only.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation EnableAllowListForIpsOnly {
updateIpAllowListEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: ENABLED }
) {
clientMutationId
}
}
22 changes: 22 additions & 0 deletions graphql/queries/ip-allow-list-enable.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# This query is used to enable the IP allow list feature. This will apply to both IP addresses and GitHub Apps.
# This can be used on both organizations and enterprise accounts.
#
# The `OWNER_ID` is the ID of the organization or enterprise account. You can
# get the ID of an organization or enterprise account by executing either of
# the following queries and referring to the value from `owner_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation EnableIPAllowList {
updateIpAllowListEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: ENABLED }
) {
clientMutationId
}
updateIpAllowListForInstalledAppsEnabledSetting(
input: { ownerId: "OWNER_ID", settingValue: ENABLED }
) {
clientMutationId
}
}
15 changes: 15 additions & 0 deletions graphql/queries/ip-allow-list-remove-ip-entry.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# This query is used to remove an IP allow list entry from the IP allow list.
# This can be used on both organizations and enterprise accounts.
#
# The `IP_ENTRY_ID` is the ID of the IP allow list entry. You can
# get the ID for this by executing either of the following queries
# and referring to the value from `ip_allow_list_entry_id` field:
#
# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql

mutation DeleteIPAddressFromIPAllowList {
deleteIpAllowListEntry(input: { ipAllowListEntryId: "IP_ENTRY_ID" }) {
clientMutationId
}
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Get ISSUE_ID from graphql/queries/10-query-issue-comment-get-issue.graphql
# Get ISSUE_ID from graphql/queries/repos-get-last-issue-comment.graphql

mutation {
addComment (
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
query getCommitsByBranchByRepo($orgName:String!, $repoName:String!) {
organization(login:$orgName) {
query getCommitsByBranchByRepo {
organization(login: "ORG_NAME") {
name
repository(name:$repoName) {
repository(name: "REPO_NAME") {
name
refs(refPrefix: "refs/heads/", first: 10) {
nodes {
Expand Down
24 changes: 24 additions & 0 deletions graphql/queries/org-get-ip-allow-list.graphql
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Grab current IP allow list settings for an organization.
# This includes:
# - The IP allow list entries
# - The IP allow list enabled setting
# - The IP allow list for GitHub Apps enabled setting

query GetOrganizationIPAllowList {
organization(login: "ORG_NAME") {
owner_id: id
organization_slug: login
is_ip_allow_list_enabled: ipAllowListEnabledSetting
is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting
ipAllowListEntries(first: 100) {
totalCount
nodes {
ip_allow_list_entry_id: id
ip_allow_list_entry_name: name
ip_allow_list_entry_ip_address: allowListValue
ip_allow_list_entry_created: createdAt
is_ip_allow_list_entry_active: isActive
}
}
}
}
6 changes: 3 additions & 3 deletions graphql/queries/org-members-by-team.graphql
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
query getMembersByTeam($orgName: String!, $teamName: String!) {
organization(login: $orgName) {
query getMembersByTeam {
organization(login: "ORG_NAME") {
id
name
teams(first: 1, query: $teamName) {
teams(first: 1, query: "TEAM_NAME") {
edges {
node {
id
Expand Down
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
query getRepoMergedPRDetails($orgName: String!, $repoName: String!) {
repository(owner: $orgName, name: $repoName) {
query getRepoMergedPRDetails {
repository(owner: "ORG_NAME, name: "REPO_NAME") {
pullRequests(first: 100, states: MERGED) {
pageInfo {
endCursor #use this value in the pullRequests argument list
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
query orgInfo($showRepoInfo: Boolean!) {
organization(login: "github") {
organization(login: "ORG_NAME") {
...orgFrag
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
query orgInfo($showRepoInfo: Boolean!) {
organization(login: "github") {
organization(login: "ORG_NAME") {
login
name
repositories @include(if: $showRepoInfo) {
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
6 changes: 3 additions & 3 deletions graphql/queries/repo-get-all-branches.graphql
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
query getExistingRepoBranches($orgName: String!, $repoName: String!) {
organization(login: $orgName) {
repository(name: $repoName) {
query getExistingRepoBranches {
organization(login: "ORG_NAME") {
repository(name: "REPO_NAME") {
id
name
refs(refPrefix: "refs/heads/", first: 10) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
query getRepoIssue($orgName: String!, $repoName: String!) {
repository(owner: $orgName, name: $repoName) {
query getRepoIssue {
repository(owner: "ORG_NAME", name: "REPO_NAME") {
issues(last: 1) {
edges {
node {
Expand Down

0 comments on commit 5717604

Please sign in to comment.