OpenMetricsProject opens a client for accessing the metrics project. If a metrics project is not configured, it returns false for the second return value. The returned client has a TTL of 30 minutes. TODO: Encapsulate token refresh logic in the metrics client.
(ctx context.Context)
| 17 | // The returned client has a TTL of 30 minutes. |
| 18 | // TODO: Encapsulate token refresh logic in the metrics client. |
| 19 | func (s *Service) OpenMetricsProject(ctx context.Context) (*metrics.Client, bool, error) { |
| 20 | // Check if a metrics project is configured |
| 21 | if s.MetricsProjectID == "" { |
| 22 | return nil, false, nil |
| 23 | } |
| 24 | |
| 25 | // Find the production deployment for the metrics project |
| 26 | proj, err := s.DB.FindProject(ctx, s.MetricsProjectID) |
| 27 | if err != nil { |
| 28 | return nil, false, err |
| 29 | } |
| 30 | if proj.PrimaryDeploymentID == nil { |
| 31 | return nil, false, fmt.Errorf("project does not have a production deployment") |
| 32 | } |
| 33 | depl, err := s.DB.FindDeployment(ctx, *proj.PrimaryDeploymentID) |
| 34 | if err != nil { |
| 35 | return nil, false, err |
| 36 | } |
| 37 | s.Used.Deployment(depl.ID) |
| 38 | |
| 39 | // Mint a JWT for the metrics project |
| 40 | jwt, err := s.issuer.NewToken(auth.TokenOptions{ |
| 41 | AudienceURL: depl.RuntimeAudience, |
| 42 | Subject: "admin-service", |
| 43 | TTL: metricsProjectClientTTL, |
| 44 | InstancePermissions: map[string][]runtime.Permission{ |
| 45 | depl.RuntimeInstanceID: { |
| 46 | runtime.ReadAPI, |
| 47 | runtime.ReadMetrics, |
| 48 | runtime.ReadObjects, |
| 49 | }, |
| 50 | }, |
| 51 | Attributes: map[string]any{"admin": true}, |
| 52 | }) |
| 53 | if err != nil { |
| 54 | return nil, false, fmt.Errorf("could not issue jwt: %w", err) |
| 55 | } |
| 56 | |
| 57 | // Create the metrics project client |
| 58 | client := metrics.NewClient(depl.RuntimeHost, depl.RuntimeInstanceID, jwt) |
| 59 | return client, true, nil |
| 60 | } |
no test coverage detected