Merge pull request #757 from github/jusuchin85/2024-11-19_graphql_ip-…

…allow-lists

Add GraphQL Queries for Managing the IP Allow List (and Other Small Usability Fixes)

graphql/queries/enterprise-get-ip-allow-list.graphql

@@ -0,0 +1,25 @@
+# Grab current IP allow list settings for an enterprise.
+# This includes:
+# - The IP allow list entries
+# - The IP allow list enabled setting
+# - The IP allow list for GitHub Apps enabled setting
+
+query GetEnterpriseIPAllowList {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    owner_id: id
+    enterprise_slug: slug
+    enterprise_owner_info: ownerInfo {
+      is_ip_allow_list_enabled: ipAllowListEnabledSetting
+      is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting
+      ipAllowListEntries(first: 100) {
+        nodes {
+          ip_allow_list_entry_id: id
+          ip_allow_list_entry_name: name
+          ip_allow_list_entry_value: allowListValue
+          ip_allow_list_entry_created: createdAt
+          is_ip_allow_list_entry_active: isActive
+        }
+      }
+    }
+  }
+}

graphql/queries/saml-identities-enterprise-level.graphql → graphql/queries/enterprise-saml-identities.graphql

@@ -3,8 +3,8 @@
 # If the Identity Provider has sent an `emails` attribute/value in a previous SAML response for enterprise member(s), it also possible to add the `emails` attribute in the `samlIdentity` section right below `nameID` and query for this SAML identity attribute value as well. 
 # If there are a large number of identities/users (greater than 100), pagination will need to be used. See https://graphql.org/learn/pagination/ for details on pagination. There is an example of pagination in simple-pagination-example.graphql.
 
-query listSSOUserIdentities($enterpriseSlug: String!) {
-  enterprise(slug: $enterpriseSlug) {
+query listSSOUserIdentities {
+  enterprise(slug: "ENTERPRISE_SLUG") {
     ownerInfo {
       samlIdentityProvider {
         externalIdentities(first: 100) {

graphql/queries/ip-allow-list-add-ip.graphql

@@ -0,0 +1,29 @@
+# This query is used to add an IP address to the IP allow list.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation AddIPAddressToIPAllowList {
+  createIpAllowListEntry(
+    input: {
+      ownerId: "OWNER_ID"
+      name: "DESCRIPTION_OF_IP_ADDRESS"
+      allowListValue: "IP_ADDRESS"
+      isActive: true
+    }
+  ) {
+    ipAllowListEntry {
+      ip_allow_list_entry_id: id
+      ip_allow_list_entry_name: name
+      ip_allow_list_entry_ip_address: allowListValue
+      ip_allow_list_entry_created: createdAt
+      ip_allow_list_entry_updated: updatedAt
+      is_ip_allow_list_entry_active: isActive
+    }
+  }
+}

graphql/queries/ip-allow-list-disable-github-apps-only.graphql

@@ -0,0 +1,17 @@
+# This query is used to disable the IP allow list feature. This will apply to GitHub Apps only.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation DisableIPAllowListForGitHubAppsOnly {
+  updateIpAllowListForInstalledAppsEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: DISABLED }
+  ) {
+    clientMutationId
+  }
+}

graphql/queries/ip-allow-list-disable-ip-address-only.graphql

@@ -0,0 +1,17 @@
+# This query is used to disable the IP allow list feature. This will apply to IP addresses only.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation DisableAllowListForIpsOnly {
+  updateIpAllowListEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: DISABLED }
+  ) {
+    clientMutationId
+  }
+}

graphql/queries/ip-allow-list-disable.graphql

@@ -0,0 +1,22 @@
+# This query is used to disable the IP allow list feature. This will apply to both IP addresses and GitHub Apps.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation DisableIPAllowList {
+  updateIpAllowListEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: DISABLED }
+  ) {
+    clientMutationId
+  }
+  updateIpAllowListForInstalledAppsEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: DISABLED }
+  ) {
+    clientMutationId
+  }
+}

graphql/queries/ip-allow-list-enable-github-apps-only.graphql

@@ -0,0 +1,17 @@
+# This query is used to enable the IP allow list feature. This will apply to GitHub Apps only.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation EnableIPAllowListForGitHubAppsOnly {
+  updateIpAllowListForInstalledAppsEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: ENABLED }
+  ) {
+    clientMutationId
+  }
+}

graphql/queries/ip-allow-list-enable-ip-address-only.graphql

@@ -0,0 +1,17 @@
+# This query is used to enable the IP allow list feature. This will apply to IP addresses only.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation EnableAllowListForIpsOnly {
+  updateIpAllowListEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: ENABLED }
+  ) {
+    clientMutationId
+  }
+}

graphql/queries/ip-allow-list-enable.graphql

@@ -0,0 +1,22 @@
+# This query is used to enable the IP allow list feature. This will apply to both IP addresses and GitHub Apps.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `OWNER_ID` is the ID of the organization or enterprise account. You can
+# get the ID of an organization or enterprise account by executing either of
+# the following queries and referring to the value from `owner_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation EnableIPAllowList {
+  updateIpAllowListEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: ENABLED }
+  ) {
+    clientMutationId
+  }
+  updateIpAllowListForInstalledAppsEnabledSetting(
+    input: { ownerId: "OWNER_ID", settingValue: ENABLED }
+  ) {
+    clientMutationId
+  }
+}

graphql/queries/ip-allow-list-remove-ip-entry.graphql

@@ -0,0 +1,15 @@
+# This query is used to remove an IP allow list entry from the IP allow list.
+# This can be used on both organizations and enterprise accounts.
+#
+# The `IP_ENTRY_ID` is the ID of the IP allow list entry. You can
+# get the ID for this by executing either of the following queries
+# and referring to the value from `ip_allow_list_entry_id` field:
+#
+# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql
+# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql
+
+mutation DeleteIPAddressFromIPAllowList {
+  deleteIpAllowListEntry(input: { ipAllowListEntryId: "IP_ENTRY_ID" }) {
+    clientMutationId
+  }
+}

graphql/queries/11-mutation-issue-comment-add.graphql → graphql/queries/issue-add-comment.graphql

@@ -1,4 +1,4 @@
-# Get ISSUE_ID from graphql/queries/10-query-issue-comment-get-issue.graphql
+# Get ISSUE_ID from graphql/queries/repos-get-last-issue-comment.graphql
 
 mutation {
     addComment (

graphql/queries/branches-and-commits-by-repository.graphql → graphql/queries/org-branches-and-commits-by-repository.graphql

@@ -1,7 +1,7 @@
-query getCommitsByBranchByRepo($orgName:String!, $repoName:String!) {
-  organization(login:$orgName) {
+query getCommitsByBranchByRepo {
+  organization(login: "ORG_NAME") {
     name
-    repository(name:$repoName) {
+    repository(name: "REPO_NAME") {
       name
       refs(refPrefix: "refs/heads/", first: 10) {
         nodes {

graphql/queries/org-get-ip-allow-list.graphql

@@ -0,0 +1,24 @@
+# Grab current IP allow list settings for an organization.
+# This includes:
+# - The IP allow list entries
+# - The IP allow list enabled setting
+# - The IP allow list for GitHub Apps enabled setting
+
+query GetOrganizationIPAllowList {
+  organization(login: "ORG_NAME") {
+    owner_id: id
+    organization_slug: login
+    is_ip_allow_list_enabled: ipAllowListEnabledSetting
+    is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting
+    ipAllowListEntries(first: 100) {
+      totalCount
+      nodes {
+        ip_allow_list_entry_id: id
+        ip_allow_list_entry_name: name
+        ip_allow_list_entry_ip_address: allowListValue
+        ip_allow_list_entry_created: createdAt
+        is_ip_allow_list_entry_active: isActive
+      }
+    }
+  }
+}

graphql/queries/org-members-by-team.graphql

@@ -1,8 +1,8 @@
-query getMembersByTeam($orgName: String!, $teamName: String!) {
-  organization(login: $orgName) {
+query getMembersByTeam {
+  organization(login: "ORG_NAME") {
     id
     name
-    teams(first: 1, query: $teamName) {
+    teams(first: 1, query: "TEAM_NAME") {
       edges {
         node {
           id

graphql/queries/pr-merged-info-by-repository.graphql → graphql/queries/org-pr-merged-info-by-repository.graphql

@@ -1,5 +1,5 @@
-query getRepoMergedPRDetails($orgName: String!, $repoName: String!) {
-  repository(owner: $orgName, name: $repoName) {
+query getRepoMergedPRDetails {
+  repository(owner: "ORG_NAME, name: "REPO_NAME") {
     pullRequests(first: 100, states: MERGED) {
       pageInfo {
 				endCursor #use this value in the pullRequests argument list

graphql/queries/9-org-repos-fragment-directive-2.graphql → graphql/queries/org-repos-fragment-directive-2.graphql

@@ -1,5 +1,5 @@
 query orgInfo($showRepoInfo: Boolean!) {
-    organization(login: "github") {
+    organization(login: "ORG_NAME") {
         ...orgFrag
     }
 }

graphql/queries/8-org-repos-fragment-directive.graphql → graphql/queries/org-repos-fragment-directive.graphql

@@ -1,5 +1,5 @@
 query orgInfo($showRepoInfo: Boolean!) {
-    organization(login: "github") {
+    organization(login: "ORG_NAME") {
         login
         name
         repositories @include(if: $showRepoInfo) {

graphql/queries/repo-get-all-branches.graphql

@@ -1,6 +1,6 @@
-query getExistingRepoBranches($orgName: String!, $repoName: String!) {
-  organization(login: $orgName) {
-    repository(name: $repoName) {
+query getExistingRepoBranches {
+  organization(login: "ORG_NAME") {
+    repository(name: "REPO_NAME") {
       id
       name
       refs(refPrefix: "refs/heads/", first: 10) {

graphql/queries/10-query-issue-comment-get-issue.graphql → graphql/queries/repos-get-last-issue-comment.graphql

@@ -1,5 +1,5 @@
-query getRepoIssue($orgName: String!, $repoName: String!) {
-  repository(owner: $orgName, name: $repoName) {
+query getRepoIssue {
+  repository(owner: "ORG_NAME", name: "REPO_NAME") {
     issues(last: 1) {
       edges {
         node {