GetDeployment returns runtime info and JWT on behalf of a specific user, or alternatively for a raw set of JWT attributes
(ctx context.Context, req *adminv1.GetDeploymentRequest)
| 154 | |
| 155 | // GetDeployment returns runtime info and JWT on behalf of a specific user, or alternatively for a raw set of JWT attributes |
| 156 | func (s *Server) GetDeployment(ctx context.Context, req *adminv1.GetDeploymentRequest) (*adminv1.GetDeploymentResponse, error) { |
| 157 | observability.AddRequestAttributes(ctx, |
| 158 | attribute.String("args.deployment_id", req.DeploymentId), |
| 159 | attribute.String("args.access_token_ttl_seconds", strconv.FormatUint(uint64(req.AccessTokenTtlSeconds), 10)), |
| 160 | ) |
| 161 | |
| 162 | depl, err := s.admin.DB.FindDeployment(ctx, req.DeploymentId) |
| 163 | if err != nil { |
| 164 | return nil, err |
| 165 | } |
| 166 | |
| 167 | proj, err := s.admin.DB.FindProject(ctx, depl.ProjectID) |
| 168 | if err != nil { |
| 169 | return nil, err |
| 170 | } |
| 171 | |
| 172 | claims := auth.GetClaims(ctx) |
| 173 | forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess |
| 174 | permissions := claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID) |
| 175 | |
| 176 | if !forceAccess { |
| 177 | if depl.Environment == "dev" { |
| 178 | if !permissions.ReadDev { |
| 179 | return nil, status.Error(codes.PermissionDenied, "does not have permission to read dev deployment") |
| 180 | } |
| 181 | if !permissions.ReadDevStatus { |
| 182 | depl.StatusMessage = "" |
| 183 | } |
| 184 | } else { |
| 185 | if !permissions.ReadProd { |
| 186 | return nil, status.Error(codes.PermissionDenied, "does not have permission to read prod deployment") |
| 187 | } |
| 188 | if !permissions.ReadProdStatus { |
| 189 | depl.StatusMessage = "" |
| 190 | } |
| 191 | } |
| 192 | |
| 193 | if req.For != nil || req.ExternalUserId != "" { |
| 194 | if depl.Environment == "dev" { |
| 195 | if !permissions.ReadDevStatus { |
| 196 | return nil, status.Error(codes.PermissionDenied, "does not have permission to manage dev deployment") |
| 197 | } |
| 198 | } else { |
| 199 | if !permissions.ReadProdStatus { |
| 200 | return nil, status.Error(codes.PermissionDenied, "does not have permission to manage prod deployment") |
| 201 | } |
| 202 | } |
| 203 | } |
| 204 | } |
| 205 | |
| 206 | ttlDuration := runtimeAccessTokenEmbedTTL |
| 207 | if req.AccessTokenTtlSeconds > 0 { |
| 208 | ttlDuration = time.Duration(req.AccessTokenTtlSeconds) * time.Second |
| 209 | } |
| 210 | |
| 211 | opts := &issueRuntimeTokenOptions{ |
| 212 | project: proj, |
| 213 | deployment: depl, |
nothing calls this directly
no test coverage detected