feat: add support for assigning teams to heroku apps (#75)

electron · Sep 6, 2024 · d42f1c6 · d42f1c6
1 parent cdeaefe
commit d42f1c6
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 10 deletions.
diff --git a/src/permissions/plugins/heroku/index.ts b/src/permissions/plugins/heroku/index.ts
@@ -36,6 +36,21 @@ class HerokuPlugin implements Plugin {
     const { heroku } = repo;
     if (!heroku) return;
 
+    const userEmails: string[] = [];
+    if (heroku.access) {
+      for (const user of heroku.access) {
+        if (user.startsWith('team:')) {
+          const teamName = user.slice('team:'.length);
+          const targetTeam = teams.find((t) => t.name === teamName)!;
+          for (const member of [...targetTeam.members, ...targetTeam.maintainers]) {
+            userEmails.push(`${member}@${SHERIFF_GSUITE_DOMAIN}`);
+          }
+        } else {
+          userEmails.push(`${user}@${SHERIFF_GSUITE_DOMAIN}`);
+        }
+      }
+    }
+
     const collaborators = (
       (await this.client.get(`/teams/apps/${heroku.app_name}/collaborators`)) as HerokuCollab[]
     ).filter(
@@ -56,9 +71,7 @@ class HerokuPlugin implements Plugin {
       });
     }
 
-    for (const user of heroku.access) {
-      const email = `${user}@${SHERIFF_GSUITE_DOMAIN}`;
-
+    for (const email of userEmails) {
       // If this user is not a collab and not an admin, we need to add them
       if (
         !collaborators.find((c) => this.emailSame(c.user.email, email)) &&
@@ -86,11 +99,7 @@ class HerokuPlugin implements Plugin {
 
     for (const collab of collaborators) {
       // If this collab is not supposed to have access, nuke em
-      if (
-        !heroku.access.find((user) =>
-          this.emailSame(collab.user.email, `${user}@${SHERIFF_GSUITE_DOMAIN}`),
-        )
-      ) {
+      if (!userEmails.find((email) => this.emailSame(collab.user.email, email))) {
         builder.addContext(
           `:skull_and_crossbones: Evicting \`${collab.user.email}\` out of Heroku app \`${heroku.app_name}\``,
         );

diff --git a/src/permissions/run.ts b/src/permissions/run.ts
@@ -170,7 +170,7 @@ const validateConfigFast = async (config: PermissionsConfig): Promise<Organizati
             heroku: Joi.object({
               app_name: Joi.string().min(1).required(),
               team_name: Joi.string().min(1).required(),
-              access: Joi.array().items(Joi.string().min(1)).min(1).required(),
+              access: Joi.array().items(Joi.string().min(1)).optional(),
             }).optional(),
           })
           .required(),
@@ -262,6 +262,18 @@ const validateConfigFast = async (config: PermissionsConfig): Promise<Organizati
             `Team "${team}" assigned to "${repo.name}" does not exist in the "teams" config for "${orgConfig.organization}"`,
           );
       }
+
+      if (repo.heroku && repo.heroku.access) {
+        for (const user of repo.heroku.access) {
+          if (user.startsWith('team:')) {
+            if (!orgConfig.teams.find((t) => t.name === user.slice('team:'.length))) {
+              throw new Error(
+                `Team "${user}" assigned to heroku for "${repo.name}" does not exist in the "teams" config for "${orgConfig.organization}"`,
+              );
+            }
+          }
+        }
+      }
     }
   }
 

diff --git a/src/permissions/types.ts b/src/permissions/types.ts
@@ -16,7 +16,7 @@ export interface RepositoryConfig {
   heroku?: {
     app_name: string;
     team_name: string;
-    access: string[];
+    access?: string[];
   };
 }