MCPcopy Index your code
hub / github.com/rilldata/rill / GetCloneCredentials

Method GetCloneCredentials

admin/server/projects.go:1494–1547  ·  view source on GitHub ↗
(ctx context.Context, req *adminv1.GetCloneCredentialsRequest)

Source from the content-addressed store, hash-verified

1492}
1493
1494func (s *Server) GetCloneCredentials(ctx context.Context, req *adminv1.GetCloneCredentialsRequest) (*adminv1.GetCloneCredentialsResponse, error) {
1495 observability.AddRequestAttributes(ctx,
1496 attribute.String("args.org", req.Org),
1497 attribute.String("args.project", req.Project),
1498 )
1499
1500 proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project)
1501 if err != nil {
1502 return nil, err
1503 }
1504
1505 claims := auth.GetClaims(ctx)
1506 forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess
1507 if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProject && !forceAccess {
1508 // neither a superuser nor can manage the project
1509 return nil, status.Error(codes.PermissionDenied, "does not have permission to get clone credentials")
1510 }
1511
1512 if proj.ArchiveAssetID != nil {
1513 asset, err := s.admin.DB.FindAsset(ctx, *proj.ArchiveAssetID)
1514 if err != nil {
1515 return nil, err
1516 }
1517 downloadURL, err := s.generateSignedDownloadURL(asset)
1518 if err != nil {
1519 return nil, status.Error(codes.Internal, err.Error())
1520 }
1521 return &adminv1.GetCloneCredentialsResponse{ArchiveDownloadUrl: downloadURL}, nil
1522 }
1523
1524 if proj.GitRemote == nil || proj.GithubInstallationID == nil {
1525 return nil, status.Error(codes.FailedPrecondition, "project's repository is not managed by Rill, and it does not have a GitHub integration")
1526 }
1527
1528 repoID, err := s.githubRepoIDForProject(ctx, proj)
1529 if err != nil {
1530 return nil, err
1531 }
1532
1533 token, expiresAt, err := s.admin.Github.InstallationToken(ctx, *proj.GithubInstallationID, repoID)
1534 if err != nil {
1535 return nil, err
1536 }
1537
1538 return &adminv1.GetCloneCredentialsResponse{
1539 GitRepoUrl: *proj.GitRemote,
1540 GitUsername: "x-access-token",
1541 GitPassword: token,
1542 GitPasswordExpiresAt: timestamppb.New(expiresAt),
1543 GitSubpath: proj.Subpath,
1544 GitPrimaryBranch: proj.PrimaryBranch,
1545 GitManagedRepo: proj.ManagedGitRepoID != nil,
1546 }, nil
1547}
1548
1549func (s *Server) RequestProjectAccess(ctx context.Context, req *adminv1.RequestProjectAccessRequest) (*adminv1.RequestProjectAccessResponse, error) {
1550 observability.AddRequestAttributes(ctx,

Callers

nothing calls this directly

Calls 11

AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
StringMethod · 0.65
FindProjectByNameMethod · 0.65
SuperuserMethod · 0.65
ProjectPermissionsMethod · 0.65
FindAssetMethod · 0.65
InstallationTokenMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected