Skip to content

Commit 948070d

Browse files
amreshhamreshh
committed
feature for api. and /api
1 parent 754bdee commit 948070d

File tree

5 files changed

+126
-106
lines changed

5 files changed

+126
-106
lines changed

example/auditlogstream/main.go

Lines changed: 31 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -6,28 +6,24 @@
66
// The auditlogstream command demonstrates managing enterprise audit log
77
// streams for Azure Blob Storage using the go-github library.
88
//
9-
// Usage — create (github.com):
9+
// The GitHub API base URL is read from the GITHUB_API_URL environment
10+
// variable. When running inside a GitHub Actions workflow this is set
11+
// automatically.
1012
//
11-
// export GITHUB_AUTH_TOKEN=<your token>
12-
// go run main.go create \
13-
// -enterprise=my-enterprise \
14-
// -container=my-container \
15-
// -sas-url=<plain-text-sas-url>
16-
//
17-
// Usage — create (GitHub Enterprise Server):
13+
// Usage — create:
1814
//
1915
// export GITHUB_AUTH_TOKEN=<your token>
16+
// export GITHUB_API_URL=https://api.<domain>.ghe.com/ or https://domain/api/v3/
2017
// go run main.go create \
21-
// -base-url=https://github.example.com/api/v3/ \
2218
// -enterprise=my-enterprise \
2319
// -container=my-container \
2420
// -sas-url=<plain-text-sas-url>
2521
//
2622
// Usage — delete:
2723
//
2824
// export GITHUB_AUTH_TOKEN=<your token>
25+
// export GITHUB_API_URL=https://api.<domain>.ghe.com/ or https://domain/api/v3/
2926
// go run main.go delete \
30-
// -base-url=https://github.example.com/api/v3/ \
3127
// -enterprise=my-enterprise \
3228
// -stream-id=42
3329
package main
@@ -53,7 +49,7 @@ func encryptSecret(publicKeyB64, secret string) (string, error) {
5349
return "", fmt.Errorf("decoding public key: %w", err)
5450
}
5551
if len(publicKeyBytes) != 32 {
56-
return "", fmt.Errorf("public key must be 32 bytes, got %d", len(publicKeyBytes))
52+
return "", fmt.Errorf("public key must be 32 bytes, got %v", len(publicKeyBytes))
5753
}
5854
var publicKey [32]byte
5955
copy(publicKey[:], publicKeyBytes)
@@ -68,7 +64,7 @@ func encryptSecret(publicKeyB64, secret string) (string, error) {
6864

6965
func main() {
7066
if len(os.Args) < 2 {
71-
fmt.Fprintf(os.Stderr, "Usage: %s <create|delete> [flags]\n", os.Args[0])
67+
fmt.Fprintf(os.Stderr, "Usage: %v <create|delete> [flags]\n", os.Args[0])
7268
os.Exit(1)
7369
}
7470

@@ -85,30 +81,32 @@ func main() {
8581

8682
func runCreate(args []string) {
8783
fs := flag.NewFlagSet("create", flag.ExitOnError)
88-
baseURL := fs.String("base-url", "https://api.github.com/", "GitHub API base URL. For GitHub Enterprise Server use https://HOSTNAME/api/v3/.")
89-
enterprise := fs.String("enterprise", "", "Name of the GitHub enterprise slug (required).")
84+
enterprise := fs.String("enterprise", "", "Enterprise slug (required).")
9085
container := fs.String("container", "", "Azure Blob Storage container name (required).")
9186
sasURL := fs.String("sas-url", "", "Plain-text Azure SAS URL to encrypt and submit (required).")
9287
enabled := fs.Bool("enabled", true, "Whether the stream should be enabled immediately.")
93-
fs.Parse(args)
88+
if err := fs.Parse(args); err != nil {
89+
log.Fatalf("Error parsing flags: %v", err)
90+
}
9491

9592
token := requireEnv("GITHUB_AUTH_TOKEN")
93+
apiURL := requireEnv("GITHUB_API_URL")
9694
requireFlag("enterprise", *enterprise)
9795
requireFlag("container", *container)
9896
requireFlag("sas-url", *sasURL)
9997

10098
ctx := context.Background()
101-
client := newClient(token, *baseURL)
99+
client := newClient(token, apiURL)
102100

103101
// Step 1: Fetch the enterprise's public streaming key.
104102
streamKey, _, err := client.Enterprise.GetAuditLogStreamKey(ctx, *enterprise)
105103
if err != nil {
106104
log.Fatalf("Error fetching audit log stream key: %v", err)
107105
}
108-
fmt.Printf("Retrieved stream key ID: %s\n", streamKey.GetKeyID())
106+
fmt.Printf("Retrieved stream key ID: %v\n", streamKey.GetKeyID())
109107

110108
// Step 2: Encrypt the SAS URL using the public key (sealed box / crypto_box_seal).
111-
encryptedSASURL, err := encryptSecret(streamKey.GetPublicKey(), *sasURL)
109+
encryptedSASURL, err := encryptSecret(streamKey.GetKey(), *sasURL)
112110
if err != nil {
113111
log.Fatalf("Error encrypting SAS URL: %v", err)
114112
}
@@ -118,47 +116,49 @@ func runCreate(args []string) {
118116
config := github.NewAzureBlobStreamConfig(*enabled, &github.AzureBlobConfig{
119117
KeyID: streamKey.KeyID,
120118
Container: github.Ptr(*container),
121-
EncryptedSASURL: github.Ptr(encryptedSASURL),
119+
EncryptedSasURL: github.Ptr(encryptedSASURL),
122120
})
123121

124122
stream, _, err := client.Enterprise.CreateAuditLogStream(ctx, *enterprise, config)
125123
if err != nil {
126124
log.Fatalf("Error creating audit log stream: %v", err)
127125
}
128126

129-
fmt.Printf("Successfully created audit log stream:\n")
130-
fmt.Printf(" ID: %d\n", stream.GetID())
131-
fmt.Printf(" Type: %s\n", stream.GetStreamType())
127+
fmt.Println("Successfully created audit log stream:")
128+
fmt.Printf(" ID: %v\n", stream.GetID())
129+
fmt.Printf(" Type: %v\n", stream.GetStreamType())
132130
fmt.Printf(" Enabled: %v\n", stream.GetEnabled())
133131
fmt.Printf(" Created at: %v\n", stream.GetCreatedAt())
134132
}
135133

136134
func runDelete(args []string) {
137135
fs := flag.NewFlagSet("delete", flag.ExitOnError)
138-
baseURL := fs.String("base-url", "https://api.github.com/", "GitHub API base URL. For GitHub Enterprise Server use https://HOSTNAME/api/v3/.")
139-
enterprise := fs.String("enterprise", "", "Name of the GitHub enterprise slug (required).")
136+
enterprise := fs.String("enterprise", "", "Enterprise slug (required).")
140137
streamID := fs.Int64("stream-id", 0, "ID of the audit log stream to delete (required).")
141-
fs.Parse(args)
138+
if err := fs.Parse(args); err != nil {
139+
log.Fatalf("Error parsing flags: %v", err)
140+
}
142141

143142
token := requireEnv("GITHUB_AUTH_TOKEN")
143+
apiURL := requireEnv("GITHUB_API_URL")
144144
requireFlag("enterprise", *enterprise)
145145
if *streamID == 0 {
146146
log.Fatal("flag -stream-id is required")
147147
}
148148

149149
ctx := context.Background()
150-
client := newClient(token, *baseURL)
150+
client := newClient(token, apiURL)
151151

152152
_, err := client.Enterprise.DeleteAuditLogStream(ctx, *enterprise, *streamID)
153153
if err != nil {
154154
log.Fatalf("Error deleting audit log stream: %v", err)
155155
}
156156

157-
fmt.Printf("Successfully deleted audit log stream %d.\n", *streamID)
157+
fmt.Printf("Successfully deleted audit log stream %v.\n", *streamID)
158158
}
159159

160-
func newClient(token, baseURL string) *github.Client {
161-
client, err := github.NewClient(nil).WithAuthToken(token).WithEnterpriseURLs(baseURL, baseURL)
160+
func newClient(token, apiURL string) *github.Client {
161+
client, err := github.NewClient(nil).WithAuthToken(token).WithEnterpriseURLs(apiURL, apiURL)
162162
if err != nil {
163163
log.Fatalf("Error creating GitHub client: %v", err)
164164
}
@@ -168,13 +168,13 @@ func newClient(token, baseURL string) *github.Client {
168168
func requireEnv(name string) string {
169169
val := os.Getenv(name)
170170
if val == "" {
171-
log.Fatalf("environment variable %s is not set", name)
171+
log.Fatalf("environment variable %v is not set", name)
172172
}
173173
return val
174174
}
175175

176176
func requireFlag(name, val string) {
177177
if val == "" {
178-
log.Fatalf("flag -%s is required", name)
178+
log.Fatalf("flag -%v is required", name)
179179
}
180180
}

github/enterprise_audit_log_stream.go

Lines changed: 24 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,9 @@ type AuditLogStream struct {
2323

2424
// AuditLogStreamConfig represents a configuration for creating or updating an audit log stream.
2525
type AuditLogStreamConfig struct {
26-
Enabled *bool `json:"enabled,omitempty"`
27-
StreamType *string `json:"stream_type,omitempty"`
28-
VendorSpecific AuditLogStreamVendorConfig `json:"vendor_specific,omitempty"`
26+
Enabled *bool `json:"enabled,omitempty"`
27+
StreamType *string `json:"stream_type,omitempty"`
28+
VendorSpecific *AuditLogStreamVendorConfig `json:"vendor_specific,omitempty"`
2929
}
3030

3131
// AuditLogStreamVendorConfig is a marker interface for vendor-specific audit log
@@ -36,21 +36,21 @@ type AuditLogStreamVendorConfig interface {
3636

3737
// AuditLogStreamKey represents the public key used to encrypt secrets for audit log streaming.
3838
type AuditLogStreamKey struct {
39-
KeyID *string `json:"key_id,omitempty"`
40-
PublicKey *string `json:"key,omitempty"`
39+
KeyID *string `json:"key_id,omitempty"`
40+
Key *string `json:"key,omitempty"`
4141
}
4242

4343
// AzureBlobConfig represents vendor-specific config for Azure Blob Storage.
4444
type AzureBlobConfig struct {
4545
KeyID *string `json:"key_id,omitempty"`
46-
EncryptedSASURL *string `json:"encrypted_sas_url,omitempty"`
46+
EncryptedSasURL *string `json:"encrypted_sas_url,omitempty"`
4747
Container *string `json:"container,omitempty"`
4848
}
4949

5050
// AzureHubConfig represents vendor-specific config for Azure Event Hubs.
5151
type AzureHubConfig struct {
5252
Name *string `json:"name,omitempty"`
53-
EncryptedConnString *string `json:"encrypted_connstring,omitempty"`
53+
EncryptedConnstring *string `json:"encrypted_connstring,omitempty"`
5454
KeyID *string `json:"key_id,omitempty"`
5555
}
5656

@@ -60,7 +60,7 @@ type AmazonS3OIDCConfig struct {
6060
Region *string `json:"region,omitempty"`
6161
KeyID *string `json:"key_id,omitempty"`
6262
AuthenticationType *string `json:"authentication_type,omitempty"` // Value: "oidc"
63-
ARNRole *string `json:"arn_role,omitempty"`
63+
ArnRole *string `json:"arn_role,omitempty"`
6464
}
6565

6666
// AmazonS3AccessKeysConfig represents vendor-specific config for Amazon S3 with access key authentication.
@@ -121,49 +121,57 @@ func (*DatadogConfig) isAuditLogStreamVendorConfig() {}
121121
// NewAzureBlobStreamConfig returns an AuditLogStreamConfig for Azure Blob Storage.
122122
func NewAzureBlobStreamConfig(enabled bool, cfg *AzureBlobConfig) *AuditLogStreamConfig {
123123
streamType := "Azure Blob Storage"
124-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
124+
v := AuditLogStreamVendorConfig(cfg)
125+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
125126
}
126127

127128
// NewAzureHubStreamConfig returns an AuditLogStreamConfig for Azure Event Hubs.
128129
func NewAzureHubStreamConfig(enabled bool, cfg *AzureHubConfig) *AuditLogStreamConfig {
129130
streamType := "Azure Event Hubs"
130-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
131+
v := AuditLogStreamVendorConfig(cfg)
132+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
131133
}
132134

133135
// NewAmazonS3OIDCStreamConfig returns an AuditLogStreamConfig for Amazon S3 with OIDC auth.
134136
func NewAmazonS3OIDCStreamConfig(enabled bool, cfg *AmazonS3OIDCConfig) *AuditLogStreamConfig {
135137
streamType := "Amazon S3"
136-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
138+
v := AuditLogStreamVendorConfig(cfg)
139+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
137140
}
138141

139142
// NewAmazonS3AccessKeysStreamConfig returns an AuditLogStreamConfig for Amazon S3 with access key auth.
140143
func NewAmazonS3AccessKeysStreamConfig(enabled bool, cfg *AmazonS3AccessKeysConfig) *AuditLogStreamConfig {
141144
streamType := "Amazon S3"
142-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
145+
v := AuditLogStreamVendorConfig(cfg)
146+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
143147
}
144148

145149
// NewSplunkStreamConfig returns an AuditLogStreamConfig for Splunk.
146150
func NewSplunkStreamConfig(enabled bool, cfg *SplunkConfig) *AuditLogStreamConfig {
147151
streamType := "Splunk"
148-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
152+
v := AuditLogStreamVendorConfig(cfg)
153+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
149154
}
150155

151156
// NewHecStreamConfig returns an AuditLogStreamConfig for an HTTPS Event Collector endpoint.
152157
func NewHecStreamConfig(enabled bool, cfg *HecConfig) *AuditLogStreamConfig {
153158
streamType := "HTTPS Event Collector"
154-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
159+
v := AuditLogStreamVendorConfig(cfg)
160+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
155161
}
156162

157163
// NewGoogleCloudStreamConfig returns an AuditLogStreamConfig for Google Cloud Storage.
158164
func NewGoogleCloudStreamConfig(enabled bool, cfg *GoogleCloudConfig) *AuditLogStreamConfig {
159165
streamType := "Google Cloud Storage"
160-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
166+
v := AuditLogStreamVendorConfig(cfg)
167+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
161168
}
162169

163170
// NewDatadogStreamConfig returns an AuditLogStreamConfig for Datadog.
164171
func NewDatadogStreamConfig(enabled bool, cfg *DatadogConfig) *AuditLogStreamConfig {
165172
streamType := "Datadog"
166-
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: cfg}
173+
v := AuditLogStreamVendorConfig(cfg)
174+
return &AuditLogStreamConfig{Enabled: &enabled, StreamType: &streamType, VendorSpecific: &v}
167175
}
168176

169177
// GetAuditLogStreamKey retrieves the public key used to encrypt secrets for audit log streaming.

github/enterprise_audit_log_stream_test.go

Lines changed: 10 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@
66
package github
77

88
import (
9-
"context"
109
"fmt"
1110
"net/http"
1211
"testing"
@@ -23,15 +22,15 @@ func TestEnterpriseService_GetAuditLogStreamKey(t *testing.T) {
2322
fmt.Fprint(w, `{"key_id":"1234","key":"2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234"}`)
2423
})
2524

26-
ctx := context.Background()
25+
ctx := t.Context()
2726
key, _, err := client.Enterprise.GetAuditLogStreamKey(ctx, "e")
2827
if err != nil {
2928
t.Errorf("Enterprise.GetAuditLogStreamKey returned error: %v", err)
3029
}
3130

3231
want := &AuditLogStreamKey{
33-
KeyID: Ptr("1234"),
34-
PublicKey: Ptr("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234"),
32+
KeyID: Ptr("1234"),
33+
Key: Ptr("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234"),
3534
}
3635
if !cmp.Equal(key, want) {
3736
t.Errorf("Enterprise.GetAuditLogStreamKey returned %+v, want %+v", key, want)
@@ -60,7 +59,7 @@ func TestEnterpriseService_ListAuditLogStreams(t *testing.T) {
6059
fmt.Fprint(w, `[{"id":1,"stream_type":"Splunk","stream_details":"US","enabled":true}]`)
6160
})
6261

63-
ctx := context.Background()
62+
ctx := t.Context()
6463
streams, _, err := client.Enterprise.ListAuditLogStreams(ctx, "e")
6564
if err != nil {
6665
t.Errorf("Enterprise.ListAuditLogStreams returned error: %v", err)
@@ -101,7 +100,7 @@ func TestEnterpriseService_GetAuditLogStream(t *testing.T) {
101100
fmt.Fprint(w, `{"id":1,"stream_type":"Datadog","stream_details":"US","enabled":true}`)
102101
})
103102

104-
ctx := context.Background()
103+
ctx := t.Context()
105104
stream, _, err := client.Enterprise.GetAuditLogStream(ctx, "e", 1)
106105
if err != nil {
107106
t.Errorf("Enterprise.GetAuditLogStream returned error: %v", err)
@@ -146,7 +145,7 @@ func TestEnterpriseService_CreateAuditLogStream(t *testing.T) {
146145
KeyID: Ptr("v1"),
147146
})
148147

149-
ctx := context.Background()
148+
ctx := t.Context()
150149
stream, _, err := client.Enterprise.CreateAuditLogStream(ctx, "e", input)
151150
if err != nil {
152151
t.Errorf("Enterprise.CreateAuditLogStream returned error: %v", err)
@@ -193,7 +192,7 @@ func TestEnterpriseService_UpdateAuditLogStream(t *testing.T) {
193192
SSLVerify: Ptr(true),
194193
})
195194

196-
ctx := context.Background()
195+
ctx := t.Context()
197196
stream, _, err := client.Enterprise.UpdateAuditLogStream(ctx, "e", 1, input)
198197
if err != nil {
199198
t.Errorf("Enterprise.UpdateAuditLogStream returned error: %v", err)
@@ -227,11 +226,11 @@ func TestEnterpriseService_DeleteAuditLogStream(t *testing.T) {
227226
t.Parallel()
228227
client, mux, _ := setup(t)
229228

230-
mux.HandleFunc("/enterprises/e/audit-log/streams/1", func(w http.ResponseWriter, r *http.Request) {
229+
mux.HandleFunc("/enterprises/e/audit-log/streams/1", func(_ http.ResponseWriter, r *http.Request) {
231230
testMethod(t, r, "DELETE")
232231
})
233232

234-
ctx := context.Background()
233+
ctx := t.Context()
235234
_, err := client.Enterprise.DeleteAuditLogStream(ctx, "e", 1)
236235
if err != nil {
237236
t.Errorf("Enterprise.DeleteAuditLogStream returned error: %v", err)
@@ -251,7 +250,7 @@ func TestNewAzureBlobStreamConfig(t *testing.T) {
251250
t.Parallel()
252251
cfg := &AzureBlobConfig{
253252
KeyID: Ptr("v1"),
254-
EncryptedSASURL: Ptr("ENCRYPTED"),
253+
EncryptedSasURL: Ptr("ENCRYPTED"),
255254
Container: Ptr("my-container"),
256255
}
257256
got := NewAzureBlobStreamConfig(true, cfg)
@@ -261,9 +260,6 @@ func TestNewAzureBlobStreamConfig(t *testing.T) {
261260
if got.Enabled == nil || !*got.Enabled {
262261
t.Errorf("NewAzureBlobStreamConfig Enabled = %v, want true", got.Enabled)
263262
}
264-
if got.VendorSpecific != cfg {
265-
t.Errorf("NewAzureBlobStreamConfig VendorSpecific = %v, want %v", got.VendorSpecific, cfg)
266-
}
267263
}
268264

269265
func TestNewDatadogStreamConfig(t *testing.T) {

0 commit comments

Comments
 (0)