Remove full org member code from repository (#106)

* Commit changes made by code formatters --------- Co-authored-by: Operations Engineering Bot <github-actions[bot]@users.noreply.github.com>
moj-analytical-services · Nov 15, 2023 · 2a93cae · 2a93cae
1 parent 1728b38
commit 2a93cae
Show file tree

Hide file tree

Showing 30 changed files with 111 additions and 3,461 deletions.
diff --git a/README.md b/README.md
@@ -12,14 +12,6 @@ If you are not confident working with Terraform, you can raise an issue using th
 
 > PRs from forks do NOT work with the current automated process, please only create PRs from a branch.
 
-## Full Org Members who are Collaborators
-
-Certain Collaborators need full MoJ GitHub Organization membership so that they can be added to a GitHub team for various reasons. These users still need to be tracked within this repository. Once the collaborator is added to one .tf file in the terraform folder the application will detect that the user is both a collaborator and a full Org member. The application will track which repositories the user has access to and create either a pull request to add or remove the collaborator from the matching .tf file in the terraform folder.
-
-These pull requests can be automatically approved by a member of the team because access has already been granted via a team or access has been revoked for the team. When a pull request to add a user to a .tf is merged in and tf apply is executed, Terraform adds the collaborator to the repository as a direct user. This means the user will have direct access and access via a team to the repository.
-
-A member of the team **must** manually remove the users direct access to the repository after tf apply has finished. Failure to remove the user will result in the Operations-Engineering repository automation moving that user into a new or existing repository autogenerated team. This will mean the user will be added to the repository via two teams. If the user is removed from the original team then the application will not be able to tell that the user's original access has been reverted and their access in the .tf file should be revoked as well. Full Org members still have a review date. When the review date is ready for renewal a PR to remove the user will be created one week before. This is time to review whether the user still requires access to the repository and full Org membership.
-
 ## Background
 
 Sometimes we need to grant access to one of more of our GitHub repositories to people who are not part of the "moj-analytical-services" GitHub organisation. This often happens when we engage third-party suppliers to carry out work on our behalf.
@@ -101,7 +93,7 @@ Here's an example:
       email        = "[email protected]"
       org          = "Acme. Corp."
       reason       = "Acme are building some stuff for us"
-      added_by     = "Team Name <[email protected]>"
+      added_by     = "[email protected]"
       review_after = "2021-11-26"
     },
   ]

diff --git a/lib/constants.rb b/lib/constants.rb
@@ -9,20 +9,14 @@ module Constants
   # Name of the repository
   REPO_NAME = "github-outside-collaborators"
 
-  # Operations Engineering Bot account email address
-  ADDED_BY_EMAIL = "[email protected]"
-
   # GitHub Bot account email address
   GITHUB_BOT_EMAIL = "github-actions[bot]@users.noreply.github.com"
 
   # Operations Engineering Bot name
   OPS_ENG_BOT_NAME = "Operations Engineering Bot"
 
-  # The reason why a full organisation collaborator is missing from a Terraform file
-  REASON1 = "Full Org member / collaborator missing from Terraform file"
-
   # The reason why a collaborator is missing from a Terraform file
-  REASON2 = "Collaborator missing from Terraform file"
+  REASON1 = "Collaborator missing from Terraform file"
 
   # The Terraform files to exclude, these are not part of the app
   EXCLUDE_FILES = ["main.tf", "variables.tf", "versions.tf", "backend.tf"]
@@ -45,15 +39,6 @@ module Constants
   # Pull request type
   TYPE_REMOVE = "remove"
 
-  # Pull request type
-  TYPE_REMOVE_FULL_ORG_MEMBER = "remove_full_org_member"
-
-  # Pull request type
-  TYPE_PERMISSION = "permission"
-
-  # Pull request type
-  TYPE_ADD = "add"
-
   # Pull request type
   TYPE_ADD_FROM_ISSUE = "add_from_issue"
 
@@ -66,15 +51,9 @@ module Constants
   # Github issue title
   COLLABORATOR_EXPIRES_SOON = "Collaborator review date expires soon for user"
 
-  # Github issue title
-  COLLABORATOR_EXPIRY_UPCOMING = "Review after date expiry is upcoming for user"
-
   # Github issue title
   DEFINE_COLLABORATOR_IN_CODE = "Please define outside collaborators in code"
 
-  # Github issue title
-  USE_TEAM_ACCESS = "User access removed, access is now via a team"
-
   # App internal issue
   REVIEW_DATE_WITHIN_MONTH = "Review after date is within a month"
 
@@ -90,12 +69,6 @@ module Constants
   # Pull request title
   EMPTY_FILES_PR_TITLE = "Delete empty Terraform file/s"
 
-  # Pull request title
-  ADD_FULL_ORG_MEMBER_PR_TITLE = "Add full Org member / collaborator to Terraform file/s for"
-
-  # Pull request title
-  REMOVE_FULL_ORG_MEMBER_PR_TITLE = "Remove full Org member collaborator from Terraform file/s for"
-
   # Pull request title
   ADD_COLLAB_FROM_ISSUE = "Add collaborator to Terraform file/s from Issue for"
 
@@ -105,9 +78,6 @@ module Constants
   # Pull request title
   REMOVE_EXPIRED_COLLABORATOR_PR_TITLE = "Remove expired collaborator from Terraform file/s for"
 
-  # Pull request title
-  CHANGE_PERMISSION_PR_TITLE = "Modify permission in Terraform file/s for"
-
   # Pull request title
   ARCHIVED_REPOSITORY_PR_TITLE = "Delete archived repository Terraform file/s"
 
@@ -162,15 +132,6 @@ module Constants
   # Branch name
   REMOVE_EXPIRED_COLLABORATORS_BRANCH_NAME = "remove-expired-collaborator-"
 
-  # Branch name
-  MODIFY_COLLABORATORS_BRANCH_NAME = "modify-collaborator-permission-"
-
-  # Branch name
-  ADD_COLLABORATOR_BRANCH_NAME = "add-collaborator-"
-
-  # Branch name
-  REMOVE_FULL_ORG_MEMBER_BRANCH_NAME = "remove-full-org-member-"
-
   # Organization name
   ORG = "moj-analytical-services"
 
@@ -234,9 +195,6 @@ module Constants
   # Line offset number
   REVIEW_AFTER = 7
 
-  # Description given to automated generated teams
-  AUTOMATED_GENERATED_TEAM = "Automated generated team to grant users access to this repository"
-
   # Notify template ID value
   EXPIRE_EMAIL_TEMPLATE_ID = "7a23a323-5b67-4793-a682-3cb2c6bae9b7"
 

diff --git a/lib/github_collaborators.rb b/lib/github_collaborators.rb
@@ -10,28 +10,23 @@
 require "uuidtools"
 require "logger"
 require "notifications/client"
-require_relative "./constants"
-require_relative "./logging"
-require_relative "./helper_module"
-require_relative "./github_collaborators/archived_repositories"
-require_relative "./github_collaborators/branch_creator"
-require_relative "./github_collaborators/collaborator"
-require_relative "./github_collaborators/expired"
-require_relative "./github_collaborators/expires_soon"
-require_relative "./github_collaborators/full_org_member_expired"
-require_relative "./github_collaborators/full_org_member_expires_soon"
-require_relative "./github_collaborators/full_org_member"
-require_relative "./github_collaborators/github_graph_ql_client"
-require_relative "./github_collaborators/http_client"
-require_relative "./github_collaborators/notify_client"
-require_relative "./github_collaborators/odd_full_org_members"
-require_relative "./github_collaborators/organization"
-require_relative "./github_collaborators/outside_collaborators"
-require_relative "./github_collaborators/removed"
-require_relative "./github_collaborators/repository"
-require_relative "./github_collaborators/slack_notifier"
-require_relative "./github_collaborators/terraform_files"
-require_relative "./github_collaborators/unknown_collaborators"
-require_relative "./github_collaborators/undelivered_approver_notify_email"
-require_relative "./github_collaborators/undelivered_expire_notify_email"
-require_relative "./create_pr_from_issue"
+require_relative "constants"
+require_relative "logging"
+require_relative "helper_module"
+require_relative "github_collaborators/branch_creator"
+require_relative "github_collaborators/collaborator"
+require_relative "github_collaborators/expired"
+require_relative "github_collaborators/expires_soon"
+require_relative "github_collaborators/github_graph_ql_client"
+require_relative "github_collaborators/http_client"
+require_relative "github_collaborators/notify_client"
+require_relative "github_collaborators/organization"
+require_relative "github_collaborators/outside_collaborators"
+require_relative "github_collaborators/removed"
+require_relative "github_collaborators/repository"
+require_relative "github_collaborators/slack_notifier"
+require_relative "github_collaborators/terraform_files"
+require_relative "github_collaborators/unknown_collaborators"
+require_relative "github_collaborators/undelivered_approver_notify_email"
+require_relative "github_collaborators/undelivered_expire_notify_email"
+require_relative "create_pr_from_issue"
diff --git a/lib/github_collaborators/archived_repositories.rb b/lib/github_collaborators/archived_repositories.rb