MCPcopy Index your code
hub / github.com/rilldata/rill / GetDeployment

Method GetDeployment

admin/server/deployment.go:156–246  ·  view source on GitHub ↗

GetDeployment returns runtime info and JWT on behalf of a specific user, or alternatively for a raw set of JWT attributes

(ctx context.Context, req *adminv1.GetDeploymentRequest)

Source from the content-addressed store, hash-verified

154
155// GetDeployment returns runtime info and JWT on behalf of a specific user, or alternatively for a raw set of JWT attributes
156func (s *Server) GetDeployment(ctx context.Context, req *adminv1.GetDeploymentRequest) (*adminv1.GetDeploymentResponse, error) {
157 observability.AddRequestAttributes(ctx,
158 attribute.String("args.deployment_id", req.DeploymentId),
159 attribute.String("args.access_token_ttl_seconds", strconv.FormatUint(uint64(req.AccessTokenTtlSeconds), 10)),
160 )
161
162 depl, err := s.admin.DB.FindDeployment(ctx, req.DeploymentId)
163 if err != nil {
164 return nil, err
165 }
166
167 proj, err := s.admin.DB.FindProject(ctx, depl.ProjectID)
168 if err != nil {
169 return nil, err
170 }
171
172 claims := auth.GetClaims(ctx)
173 forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess
174 permissions := claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID)
175
176 if !forceAccess {
177 if depl.Environment == "dev" {
178 if !permissions.ReadDev {
179 return nil, status.Error(codes.PermissionDenied, "does not have permission to read dev deployment")
180 }
181 if !permissions.ReadDevStatus {
182 depl.StatusMessage = ""
183 }
184 } else {
185 if !permissions.ReadProd {
186 return nil, status.Error(codes.PermissionDenied, "does not have permission to read prod deployment")
187 }
188 if !permissions.ReadProdStatus {
189 depl.StatusMessage = ""
190 }
191 }
192
193 if req.For != nil || req.ExternalUserId != "" {
194 if depl.Environment == "dev" {
195 if !permissions.ReadDevStatus {
196 return nil, status.Error(codes.PermissionDenied, "does not have permission to manage dev deployment")
197 }
198 } else {
199 if !permissions.ReadProdStatus {
200 return nil, status.Error(codes.PermissionDenied, "does not have permission to manage prod deployment")
201 }
202 }
203 }
204 }
205
206 ttlDuration := runtimeAccessTokenEmbedTTL
207 if req.AccessTokenTtlSeconds > 0 {
208 ttlDuration = time.Duration(req.AccessTokenTtlSeconds) * time.Second
209 }
210
211 opts := &issueRuntimeTokenOptions{
212 project: proj,
213 deployment: depl,

Callers

nothing calls this directly

Calls 11

issueRuntimeTokenMethod · 0.95
AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
DeploymentMethod · 0.80
StringMethod · 0.65
FindDeploymentMethod · 0.65
FindProjectMethod · 0.65
SuperuserMethod · 0.65
ProjectPermissionsMethod · 0.65
ErrorMethod · 0.45
AsMapMethod · 0.45

Tested by

no test coverage detected