MCPcopy Index your code
hub / github.com/rilldata/rill / GetDeploymentCredentials

Method GetDeploymentCredentials

admin/server/deployment.go:507–581  ·  view source on GitHub ↗

GetDeploymentCredentials returns runtime info and JWT on behalf of a specific user, or alternatively for a raw set of JWT attributes

(ctx context.Context, req *adminv1.GetDeploymentCredentialsRequest)

Source from the content-addressed store, hash-verified

505
506// GetDeploymentCredentials returns runtime info and JWT on behalf of a specific user, or alternatively for a raw set of JWT attributes
507func (s *Server) GetDeploymentCredentials(ctx context.Context, req *adminv1.GetDeploymentCredentialsRequest) (*adminv1.GetDeploymentCredentialsResponse, error) {
508 observability.AddRequestAttributes(ctx,
509 attribute.String("args.organization", req.Org),
510 attribute.String("args.project", req.Project),
511 attribute.String("args.branch", req.Branch),
512 attribute.String("args.ttl_seconds", strconv.FormatUint(uint64(req.TtlSeconds), 10)),
513 )
514
515 proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project)
516 if err != nil {
517 return nil, err
518 }
519
520 if proj.PrimaryDeploymentID == nil {
521 return nil, status.Error(codes.FailedPrecondition, "project does not have a deployment")
522 }
523
524 prodDepl, err := s.admin.DB.FindDeployment(ctx, *proj.PrimaryDeploymentID)
525 if err != nil {
526 return nil, err
527 }
528
529 if req.Branch != "" && req.Branch != prodDepl.Branch {
530 return nil, status.Error(codes.FailedPrecondition, "project does not have a deployment for given branch")
531 }
532
533 claims := auth.GetClaims(ctx)
534 forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess
535 permissions := claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID)
536
537 if !forceAccess && !permissions.ManageProd {
538 return nil, status.Error(codes.PermissionDenied, "does not have permission to manage deployment")
539 }
540
541 ttlDuration := runtimeAccessTokenEmbedTTL
542 if req.TtlSeconds > 0 {
543 ttlDuration = time.Duration(req.TtlSeconds) * time.Second
544 }
545
546 opts := &issueRuntimeTokenOptions{
547 project: proj,
548 deployment: prodDepl,
549 projectPermissions: permissions,
550 externalUserID: req.ExternalUserId,
551 ttl: ttlDuration,
552 }
553 switch forVal := req.For.(type) {
554 case nil:
555 if req.ExternalUserId == "" {
556 opts.forOwner = true
557 }
558 case *adminv1.GetDeploymentCredentialsRequest_UserId:
559 opts.forUserID = forVal.UserId
560 case *adminv1.GetDeploymentCredentialsRequest_UserEmail:
561 opts.forUserEmail = forVal.UserEmail
562 case *adminv1.GetDeploymentCredentialsRequest_Attributes:
563 opts.forUserAttributes = forVal.Attributes.AsMap()
564 default:

Callers

nothing calls this directly

Calls 11

issueRuntimeTokenMethod · 0.95
AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
DeploymentMethod · 0.80
StringMethod · 0.65
FindProjectByNameMethod · 0.65
FindDeploymentMethod · 0.65
SuperuserMethod · 0.65
ProjectPermissionsMethod · 0.65
ErrorMethod · 0.45
AsMapMethod · 0.45

Tested by

no test coverage detected