Merge pull request #27 from github/primetheus/environment-secrets

Added support for environment secrets
3rd-party-integrations · Mar 31, 2020 · 48a2ae6 · 48a2ae6
2 parents 4250b42 + fc7588d
commit 48a2ae6
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -49,7 +49,9 @@ github:
   # GitHub. To use on github.com, simply use https://api.github.com
   #server_url: https://api.github.com
   server_url: https://github.example.com/api/v3
-  token: <token>
+  # This is an optional override for the environment secret
+  # GITHUB_TOKEN=
+  #token: <token>
 
 ldap:
   # A list of server hostnames or IP addresses to try connecting to
@@ -79,7 +81,9 @@ ldap:
   # Active Directory bind user. This must be in <user>@<domain> format
   bind_user: [email protected]
   # The password to use for binding
-  bind_password: asqw!234
+  # This is an optional override for the environment secret
+  # AD_BIND_PASSWORD=
+  #bind_password: asqw!234
   # Set the page size (default is 1000)
   page_size: 1000
 ```
@@ -104,7 +108,8 @@ optional arguments:
                         team that are not present in the AD group, and adding
                         users to the GitHub Team that are in the AD group
                         missing in the Team
-  -t TEAM, --team TEAM  The name of the GitHub Team to sync users with
+  -t TEAM, --team TEAM  The name of the GitHub Team to sync users with. 
+                        This is case-sensitve, and needs quotations if the team name has spaces.
   -o ORG, --org ORG     The name of the GitHub Organization where the Teams
                         reside
   -l, --list            List users in groups/teams and exit. No changes are

diff --git a/SAMLTeamSyncAD.py b/SAMLTeamSyncAD.py
@@ -2,6 +2,7 @@
 import sys
 import yaml
 import argparse
+import os
 from ldap3 import Server, Connection, ALL
 from github import Github, GithubException
 from urllib.parse import urlparse
@@ -12,7 +13,6 @@ def __init__(self, settings_file):
             # Read settings from the config file and store them as constants
             settings = yaml.load(stream, Loader=yaml.FullLoader)
             self.GITHUB_SERVER = settings['github']['server_url']
-            self.GITHUB_TOKEN = settings['github']['token']
             self.AD_SERVERS = settings['ldap']['servers']
             self.AD_SERVER_PORT = settings['ldap']['port']
             self.AD_BASEDN = settings['ldap']['base_dn']
@@ -21,8 +21,20 @@ def __init__(self, settings_file):
             self.AD_USER_FILTER = settings['ldap']['user_filter']
             self.AD_GROUP_FILTER = settings['ldap']['group_filter']
             self.AD_BIND_USER = settings['ldap']['bind_user']
-            self.AD_BIND_PWD = settings['ldap']['bind_password']
             self.AD_PAGE_SIZE = settings['ldap']['page_size']
+            if 'token' in settings['github']:
+                if settings['github']['token']:
+                    self.GITHUB_TOKEN = settings['github']['token']
+            elif os.environ['GITHUB_TOKEN']:
+                self.GITHUB_TOKEN = os.environ['GITHUB_TOKEN']
+            else:
+                print('Please set a GitHub token')
+                os.exit(255)
+            if 'bind_password' in settings['ldap']:
+                if settings['ldap']['bind_password']:
+                    self.AD_BIND_PWD = settings['ldap']['bind_password']
+            elif os.environ['AD_BIND_PASSWORD']:
+                self.AD_BIND_PWD = os.environ['AD_BIND_PASSWORD']
             self.SERVER = urlparse(self.GITHUB_SERVER)
 
         self.conn = Connection(self.AD_SERVERS[0],

diff --git a/settings.yml.sample b/settings.yml.sample
@@ -14,7 +14,9 @@ github:
   # GitHub. To use on github.com, simply use https://api.github.com
   #server_url: https://api.github.com
   server_url: https://github.example.com/api/v3
-  token: <token>
+  # This is an optional override for the environment secret
+  # GITHUB_TOKEN=
+  #token: <token>
 
 ldap:
   # A list of server hostnames or IP addresses to try connecting to
@@ -42,6 +44,8 @@ ldap:
   # Active Directory bind user. This must be in <user>@<domain> format
   bind_user: [email protected]
   # The password to use for binding
-  bind_password: asqw!234
+  # This is an optional override for the environment secret
+  # AD_BIND_PASSWORD=
+  #bind_password: asqw!234
   # Page size for paginating LDAP query (default is 1000 for Active Directory)
   page_size: 1000