github.com/google/go-github/v74@v74.0.0/github/orgs_personal_access_tokens.go

github.com/google/go-github/v74@v74.0.0/github/orgs_personal_access_tokens.go (about)

     1  // Copyright 2023 The go-github AUTHORS. All rights reserved.
     2  //
     3  // Use of this source code is governed by a BSD-style
     4  // license that can be found in the LICENSE file.
     5  
     6  package github
     7  
     8  import (
     9  	"context"
    10  	"fmt"
    11  	"net/http"
    12  	"net/url"
    13  	"strings"
    14  )
    15  
    16  // PersonalAccessToken represents the minimal representation of an organization programmatic access grant.
    17  //
    18  // GitHub API docs: https://docs.github.com/en/rest/orgs/personal-access-tokens?apiVersion=2022-11-28
    19  type PersonalAccessToken struct {
    20  	// "Unique identifier of the fine-grained personal access token.
    21  	// The `pat_id` used to get details about an approved fine-grained personal access token.
    22  	ID *int64 `json:"id"`
    23  
    24  	// Owner is the GitHub user associated with the token.
    25  	Owner *User `json:"owner"`
    26  
    27  	// RepositorySelection is the type of repository selection requested.
    28  	// Possible values are: "none", "all", "subset".
    29  	RepositorySelection *string `json:"repository_selection"`
    30  
    31  	// URL to the list of repositories the fine-grained personal access token can access.
    32  	// Only follow when `repository_selection` is `subset`.
    33  	RepositoriesURL *string `json:"repositories_url"`
    34  
    35  	// Permissions are the permissions requested, categorized by type.
    36  	Permissions *PersonalAccessTokenPermissions `json:"permissions"`
    37  
    38  	// Date and time when the fine-grained personal access token was approved to access the organization.
    39  	AccessGrantedAt *Timestamp `json:"access_granted_at"`
    40  
    41  	// Whether the associated fine-grained personal access token has expired.
    42  	TokenExpired *bool `json:"token_expired"`
    43  
    44  	// Date and time when the associated fine-grained personal access token expires.
    45  	TokenExpiresAt *Timestamp `json:"token_expires_at"`
    46  
    47  	// TokenID
    48  	TokenID *int64 `json:"token_id"`
    49  
    50  	// TokenName
    51  	TokenName *string `json:"token_name"`
    52  
    53  	// Date and time when the associated fine-grained personal access token was last used for authentication.
    54  	TokenLastUsedAt *Timestamp `json:"token_last_used_at"`
    55  }
    56  
    57  // ListFineGrainedPATOptions specifies optional parameters to ListFineGrainedPersonalAccessTokens.
    58  type ListFineGrainedPATOptions struct {
    59  	// The property by which to sort the results.
    60  	// Default: created_at
    61  	// Value: created_at
    62  	Sort string `url:"sort,omitempty"`
    63  
    64  	// The direction to sort the results by.
    65  	// Default: desc
    66  	// Value: asc, desc
    67  	Direction string `url:"direction,omitempty"`
    68  
    69  	// A list of owner usernames to use to filter the results.
    70  	Owner []string `url:"-"`
    71  
    72  	// The name of the repository to use to filter the results.
    73  	Repository string `url:"repository,omitempty"`
    74  
    75  	// The permission to use to filter the results.
    76  	Permission string `url:"permission,omitempty"`
    77  
    78  	// Only show fine-grained personal access tokens used before the given time.
    79  	// This is a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
    80  	LastUsedBefore string `url:"last_used_before,omitempty"`
    81  
    82  	// Only show fine-grained personal access tokens used after the given time.
    83  	// This is a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
    84  	LastUsedAfter string `url:"last_used_after,omitempty"`
    85  
    86  	ListOptions
    87  }
    88  
    89  // ListFineGrainedPersonalAccessTokens lists approved fine-grained personal access tokens owned by organization members that can access organization resources.
    90  // Only GitHub Apps can call this API, using the `Personal access tokens` organization permissions (read).
    91  //
    92  // GitHub API docs: https://docs.github.com/rest/orgs/personal-access-tokens#list-fine-grained-personal-access-tokens-with-access-to-organization-resources
    93  //
    94  //meta:operation GET /orgs/{org}/personal-access-tokens
    95  func (s *OrganizationsService) ListFineGrainedPersonalAccessTokens(ctx context.Context, org string, opts *ListFineGrainedPATOptions) ([]*PersonalAccessToken, *Response, error) {
    96  	u := fmt.Sprintf("orgs/%v/personal-access-tokens", org)
    97  	// The `owner` parameter is a special case that uses the `owner[]=...` format and needs a custom function to format it correctly.
    98  	u, err := addListFineGrainedPATOptions(u, opts)
    99  	if err != nil {
   100  		return nil, nil, err
   101  	}
   102  
   103  	req, err := s.client.NewRequest(http.MethodGet, u, opts)
   104  	if err != nil {
   105  		return nil, nil, err
   106  	}
   107  
   108  	var pats []*PersonalAccessToken
   109  
   110  	resp, err := s.client.Do(ctx, req, &pats)
   111  	if err != nil {
   112  		return nil, resp, err
   113  	}
   114  
   115  	return pats, resp, nil
   116  }
   117  
   118  // ReviewPersonalAccessTokenRequestOptions specifies the parameters to the ReviewPersonalAccessTokenRequest method.
   119  type ReviewPersonalAccessTokenRequestOptions struct {
   120  	Action string  `json:"action"`
   121  	Reason *string `json:"reason,omitempty"`
   122  }
   123  
   124  // ReviewPersonalAccessTokenRequest approves or denies a pending request to access organization resources via a fine-grained personal access token.
   125  // Only GitHub Apps can call this API, using the `organization_personal_access_token_requests: write` permission.
   126  // `action` can be one of `approve` or `deny`.
   127  //
   128  // GitHub API docs: https://docs.github.com/rest/orgs/personal-access-tokens#review-a-request-to-access-organization-resources-with-a-fine-grained-personal-access-token
   129  //
   130  //meta:operation POST /orgs/{org}/personal-access-token-requests/{pat_request_id}
   131  func (s *OrganizationsService) ReviewPersonalAccessTokenRequest(ctx context.Context, org string, requestID int64, opts ReviewPersonalAccessTokenRequestOptions) (*Response, error) {
   132  	u := fmt.Sprintf("orgs/%v/personal-access-token-requests/%v", org, requestID)
   133  
   134  	req, err := s.client.NewRequest(http.MethodPost, u, &opts)
   135  	if err != nil {
   136  		return nil, err
   137  	}
   138  
   139  	return s.client.Do(ctx, req, nil)
   140  }
   141  
   142  // addListFineGrainedPATOptions adds the owner parameter to the URL query string with the correct format if it is set.
   143  //
   144  // GitHub API expects the owner parameter to be a list of strings in the `owner[]=...` format.
   145  // For multiple owner values, the owner parameter is repeated in the query string.
   146  //
   147  // Example:
   148  // owner[]=user1&owner[]=user2
   149  // This will filter the results to only include fine-grained personal access tokens owned by `user1` and `user2`.
   150  //
   151  // This function ensures the owner parameter is formatted correctly in the URL query string.
   152  func addListFineGrainedPATOptions(s string, opts *ListFineGrainedPATOptions) (string, error) {
   153  	u, err := addOptions(s, opts)
   154  	if err != nil {
   155  		return s, err
   156  	}
   157  
   158  	if len(opts.Owner) > 0 {
   159  		ownerVals := make([]string, len(opts.Owner))
   160  		for i, owner := range opts.Owner {
   161  			ownerVals[i] = fmt.Sprintf("owner[]=%s", url.QueryEscape(owner))
   162  		}
   163  		ownerQuery := strings.Join(ownerVals, "&")
   164  
   165  		if strings.Contains(u, "?") {
   166  			u += "&" + ownerQuery
   167  		} else {
   168  			u += "?" + ownerQuery
   169  		}
   170  	}
   171  
   172  	return u, nil
   173  }