opengovern
diff --git a/‎cloudql/github/plugin.go‎
Lines changed: 1 addition & 0 deletions b/‎cloudql/github/plugin.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cloudql/github/table_github_organization_role.go‎
Lines changed: 71 additions & 0 deletions b/‎cloudql/github/table_github_organization_role.go‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎discovery/describers/organization_role.go‎
Lines changed: 91 additions & 0 deletions b/‎discovery/describers/organization_role.go‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎discovery/pkg/es/resources_clients.go‎
Lines changed: 209 additions & 0 deletions b/‎discovery/pkg/es/resources_clients.go‎
Lines changed: 209 additions & 0 deletions
@@ -64,6 +64,7 @@ func Plugin(ctx context.Context) *plugin.Plugin {
 			"github_artifact_dockerfile": tableGitHubArtifactDockerFile(),
 			"github_repository_webhook":  tableGithubRepositoryWebhook(),
 			"github_artifact_ai_model":   tableGitHubArtifactAIModel(),
+			"github_organization_role":   tableGitHubOrganizationRole(),
 		},
 	}
 	for key, table := range p.TableMap {
 
@@ -0,0 +1,71 @@
+package github
+
+import (
+	opengovernance "github.com/opengovern/og-describer-github/discovery/pkg/es"
+
+	"github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto"
+	"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
+	"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"
+)
+
+func gitHubOrganizationRoleColumns() []*plugin.Column {
+	tableCols := []*plugin.Column{
+		{
+			Name:        "id",
+			Type:        proto.ColumnType_STRING,
+			Description: "The organization the member is associated with.",
+			Transform:   transform.FromField("Description.ID")},
+		{
+			Name:        "name",
+			Type:        proto.ColumnType_STRING,
+			Description: "The role this user has in the organization. Returns null if information is not available to viewer.",
+			Transform:   transform.FromField("Description.Name")},
+		{
+			Name:      "description",
+			Type:      proto.ColumnType_STRING,
+			Transform: transform.FromField("Description.Description")},
+		{
+			Name:        "permissions",
+			Type:        proto.ColumnType_JSON,
+			Description: "permissions",
+			Transform:   transform.FromField("Description.Permissions")},
+		{
+			Name:        "organization",
+			Type:        proto.ColumnType_JSON,
+			Description: "permissions",
+			Transform:   transform.FromField("Description.Organization")},
+		{
+			Name:        "source",
+			Description: "permissions",
+			Type:        proto.ColumnType_STRING,
+			Transform:   transform.FromField("Description.Source")},
+		{
+			Name:        "base_role",
+			Type:        proto.ColumnType_STRING,
+			Description: "permissions",
+			Transform:   transform.FromField("Description.BaseRole")},
+		{
+			Name:        "created_at",
+			Type:        proto.ColumnType_TIMESTAMP,
+			Description: "permissions",
+			Transform:   transform.FromField("Description.CreatedAt")},
+		{
+			Name:        "updated_at",
+			Type:        proto.ColumnType_TIMESTAMP,
+			Description: "permissions",
+			Transform:   transform.FromField("Description.UpdatedAt")},
+	}
+
+	return append(tableCols, sharedUserColumns()...)
+}
+
+func tableGitHubOrganizationRole() *plugin.Table {
+	return &plugin.Table{
+		Name:        "github_organization_role",
+		Description: "GitHub roles for a given organization. GitHub Users are user accounts in GitHub.",
+		List: &plugin.ListConfig{
+			Hydrate: opengovernance.ListOrganizationRole,
+		},
+		Columns: commonColumns(gitHubOrganizationRoleColumns()),
+	}
+}
@@ -0,0 +1,91 @@
+package describers
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/opengovern/og-describer-github/discovery/pkg/models"
+	model "github.com/opengovern/og-describer-github/discovery/provider"
+	resilientbridge "github.com/opengovern/resilient-bridge"
+	"github.com/opengovern/resilient-bridge/adapters"
+	"strconv"
+	"time"
+)
+
+func ListOrganizationRoles(ctx context.Context,
+	githubClient model.GitHubClient,
+	organizationName string,
+	stream *models.StreamSender) ([]models.Resource, error) {
+	sdk := resilientbridge.NewResilientBridge()
+	sdk.RegisterProvider("github", adapters.NewGitHubAdapter(githubClient.Token), &resilientbridge.ProviderConfig{
+		UseProviderLimits: true,
+		MaxRetries:        3,
+		BaseBackoff:       0,
+	})
+
+	var values []models.Resource
+
+	endpoint := fmt.Sprintf("/orgs/%s/organization-roles", organizationName)
+	req := &resilientbridge.NormalizedRequest{
+		Method:   "GET",
+		Endpoint: endpoint,
+		Headers:  map[string]string{"Accept": "application/vnd.github+json"},
+	}
+
+	resp, err := sdk.Request("github", req)
+	if err != nil {
+		return nil, fmt.Errorf("error fetching repos: %w", err)
+	}
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("HTTP error %d: %s", resp.StatusCode, string(resp.Data))
+	}
+
+	// Decode into a slice of generic maps. We'll only parse name, archived, disabled, etc.
+	var rolesResponse OrganizationRolesResponse
+	if err := json.Unmarshal(resp.Data, &rolesResponse); err != nil {
+		return nil, fmt.Errorf("error decoding repos list: %w", err)
+	}
+
+	for _, r := range rolesResponse.Roles {
+		value := models.Resource{
+			ID:   strconv.Itoa(r.ID),
+			Name: r.Name,
+			Description: model.OrganizationRoleDescription{
+				Organization: r.Organization,
+				Name:         r.Name,
+				ID:           r.ID,
+				Source:       r.Source,
+				BaseRole:     r.BaseRole,
+				Permissions:  r.Permissions,
+				Description:  r.Description,
+				CreatedAt:    r.CreatedAt,
+				UpdatedAt:    r.UpdatedAt,
+			},
+		}
+		if stream != nil {
+			if err := (*stream)(value); err != nil {
+				return nil, err
+			}
+		} else {
+			values = append(values, value)
+		}
+	}
+
+	return values, nil
+}
+
+type OrganizationRole struct {
+	ID           int         `json:"id"`
+	Name         string      `json:"name"`
+	Description  string      `json:"description"`
+	Organization interface{} `json:"organization"`
+	Permissions  []string    `json:"permissions"`
+	BaseRole     string      `json:"base_role"`
+	Source       string      `json:"source"`
+	CreatedAt    time.Time   `json:"created_at"`
+	UpdatedAt    time.Time   `json:"updated_at"`
+}
+
+type OrganizationRolesResponse struct {
+	Roles []OrganizationRole `json:"roles"`
+}
@@ -8531,3 +8531,212 @@ func GetArtifactAIModel(ctx context.Context, d *plugin.QueryData, _ *plugin.Hydr
 }
 
 // ==========================  END: ArtifactAIModel =============================
+
+// ==========================  START: OrganizationRole =============================
+
+type OrganizationRole struct {
+	ResourceID      string                             `json:"resource_id"`
+	PlatformID      string                             `json:"platform_id"`
+	Description     github.OrganizationRoleDescription `json:"Description"`
+	Metadata        github.Metadata                    `json:"metadata"`
+	DescribedBy     string                             `json:"described_by"`
+	ResourceType    string                             `json:"resource_type"`
+	IntegrationType string                             `json:"integration_type"`
+	IntegrationID   string                             `json:"integration_id"`
+}
+
+type OrganizationRoleHit struct {
+	ID      string           `json:"_id"`
+	Score   float64          `json:"_score"`
+	Index   string           `json:"_index"`
+	Type    string           `json:"_type"`
+	Version int64            `json:"_version,omitempty"`
+	Source  OrganizationRole `json:"_source"`
+	Sort    []interface{}    `json:"sort"`
+}
+
+type OrganizationRoleHits struct {
+	Total essdk.SearchTotal     `json:"total"`
+	Hits  []OrganizationRoleHit `json:"hits"`
+}
+
+type OrganizationRoleSearchResponse struct {
+	PitID string               `json:"pit_id"`
+	Hits  OrganizationRoleHits `json:"hits"`
+}
+
+type OrganizationRolePaginator struct {
+	paginator *essdk.BaseESPaginator
+}
+
+func (k Client) NewOrganizationRolePaginator(filters []essdk.BoolFilter, limit *int64) (OrganizationRolePaginator, error) {
+	paginator, err := essdk.NewPaginator(k.ES(), "github_organization_role", filters, limit)
+	if err != nil {
+		return OrganizationRolePaginator{}, err
+	}
+
+	p := OrganizationRolePaginator{
+		paginator: paginator,
+	}
+
+	return p, nil
+}
+
+func (p OrganizationRolePaginator) HasNext() bool {
+	return !p.paginator.Done()
+}
+
+func (p OrganizationRolePaginator) Close(ctx context.Context) error {
+	return p.paginator.Deallocate(ctx)
+}
+
+func (p OrganizationRolePaginator) NextPage(ctx context.Context) ([]OrganizationRole, error) {
+	var response OrganizationRoleSearchResponse
+	err := p.paginator.Search(ctx, &response)
+	if err != nil {
+		return nil, err
+	}
+
+	var values []OrganizationRole
+	for _, hit := range response.Hits.Hits {
+		values = append(values, hit.Source)
+	}
+
+	hits := int64(len(response.Hits.Hits))
+	if hits > 0 {
+		p.paginator.UpdateState(hits, response.Hits.Hits[hits-1].Sort, response.PitID)
+	} else {
+		p.paginator.UpdateState(hits, nil, "")
+	}
+
+	return values, nil
+}
+
+var listOrganizationRoleFilters = map[string]string{
+	"has_two_factor_enabled": "Description.HasTwoFactorEnabled",
+	"login_id":               "Description.LoginID",
+	"organization":           "Description.Organization",
+	"role":                   "Description.Role",
+}
+
+func ListOrganizationRole(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) {
+	plugin.Logger(ctx).Trace("ListOrganizationRole")
+	runtime.GC()
+
+	// create service
+	cfg := essdk.GetConfig(d.Connection)
+	ke, err := essdk.NewClientCached(cfg, d.ConnectionCache, ctx)
+	if err != nil {
+		plugin.Logger(ctx).Error("ListOrganizationRole NewClientCached", "error", err)
+		return nil, err
+	}
+	k := Client{Client: ke}
+
+	sc, err := steampipesdk.NewSelfClientCached(ctx, d.ConnectionCache)
+	if err != nil {
+		plugin.Logger(ctx).Error("ListOrganizationRole NewSelfClientCached", "error", err)
+		return nil, err
+	}
+	integrationId, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyIntegrationID)
+	if err != nil {
+		plugin.Logger(ctx).Error("ListOrganizationRole GetConfigTableValueOrNil for OpenGovernanceConfigKeyIntegrationID", "error", err)
+		return nil, err
+	}
+	encodedResourceCollectionFilters, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyResourceCollectionFilters)
+	if err != nil {
+		plugin.Logger(ctx).Error("ListOrganizationRole GetConfigTableValueOrNil for OpenGovernanceConfigKeyResourceCollectionFilters", "error", err)
+		return nil, err
+	}
+	clientType, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyClientType)
+	if err != nil {
+		plugin.Logger(ctx).Error("ListOrganizationRole GetConfigTableValueOrNil for OpenGovernanceConfigKeyClientType", "error", err)
+		return nil, err
+	}
+
+	paginator, err := k.NewOrganizationRolePaginator(essdk.BuildFilter(ctx, d.QueryContext, listOrganizationRoleFilters, integrationId, encodedResourceCollectionFilters, clientType), d.QueryContext.Limit)
+	if err != nil {
+		plugin.Logger(ctx).Error("ListOrganizationRole NewOrganizationRolePaginator", "error", err)
+		return nil, err
+	}
+
+	for paginator.HasNext() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			plugin.Logger(ctx).Error("ListOrganizationRole paginator.NextPage", "error", err)
+			return nil, err
+		}
+
+		for _, v := range page {
+			d.StreamListItem(ctx, v)
+		}
+	}
+
+	err = paginator.Close(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return nil, nil
+}
+
+var getOrganizationRoleFilters = map[string]string{
+	"has_two_factor_enabled": "Description.HasTwoFactorEnabled",
+	"login_id":               "Description.LoginID",
+	"organization":           "Description.Organization",
+	"role":                   "Description.Role",
+}
+
+func GetOrganizationRole(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) {
+	plugin.Logger(ctx).Trace("GetOrganizationRole")
+	runtime.GC()
+	// create service
+	cfg := essdk.GetConfig(d.Connection)
+	ke, err := essdk.NewClientCached(cfg, d.ConnectionCache, ctx)
+	if err != nil {
+		return nil, err
+	}
+	k := Client{Client: ke}
+
+	sc, err := steampipesdk.NewSelfClientCached(ctx, d.ConnectionCache)
+	if err != nil {
+		return nil, err
+	}
+	integrationId, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyIntegrationID)
+	if err != nil {
+		return nil, err
+	}
+	encodedResourceCollectionFilters, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyResourceCollectionFilters)
+	if err != nil {
+		return nil, err
+	}
+	clientType, err := sc.GetConfigTableValueOrNil(ctx, steampipesdk.OpenGovernanceConfigKeyClientType)
+	if err != nil {
+		return nil, err
+	}
+
+	limit := int64(1)
+	paginator, err := k.NewOrganizationRolePaginator(essdk.BuildFilter(ctx, d.QueryContext, getOrganizationRoleFilters, integrationId, encodedResourceCollectionFilters, clientType), &limit)
+	if err != nil {
+		return nil, err
+	}
+
+	for paginator.HasNext() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, v := range page {
+			return v, nil
+		}
+	}
+
+	err = paginator.Close(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return nil, nil
+}
+
+// ==========================  END: OrganizationRole =============================
Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ func Plugin(ctx context.Context) *plugin.Plugin {`
`64`	`64`	`"github_artifact_dockerfile": tableGitHubArtifactDockerFile(),`
`65`	`65`	`"github_repository_webhook": tableGithubRepositoryWebhook(),`
`66`	`66`	`"github_artifact_ai_model": tableGitHubArtifactAIModel(),`
	`67`	`+ "github_organization_role": tableGitHubOrganizationRole(),`
`67`	`68`	`},`
`68`	`69`	`}`
`69`	`70`	`for key, table := range p.TableMap {`