(ctx context.Context, req *adminv1.GetCloneCredentialsRequest)
| 1492 | } |
| 1493 | |
| 1494 | func (s *Server) GetCloneCredentials(ctx context.Context, req *adminv1.GetCloneCredentialsRequest) (*adminv1.GetCloneCredentialsResponse, error) { |
| 1495 | observability.AddRequestAttributes(ctx, |
| 1496 | attribute.String("args.org", req.Org), |
| 1497 | attribute.String("args.project", req.Project), |
| 1498 | ) |
| 1499 | |
| 1500 | proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project) |
| 1501 | if err != nil { |
| 1502 | return nil, err |
| 1503 | } |
| 1504 | |
| 1505 | claims := auth.GetClaims(ctx) |
| 1506 | forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess |
| 1507 | if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProject && !forceAccess { |
| 1508 | // neither a superuser nor can manage the project |
| 1509 | return nil, status.Error(codes.PermissionDenied, "does not have permission to get clone credentials") |
| 1510 | } |
| 1511 | |
| 1512 | if proj.ArchiveAssetID != nil { |
| 1513 | asset, err := s.admin.DB.FindAsset(ctx, *proj.ArchiveAssetID) |
| 1514 | if err != nil { |
| 1515 | return nil, err |
| 1516 | } |
| 1517 | downloadURL, err := s.generateSignedDownloadURL(asset) |
| 1518 | if err != nil { |
| 1519 | return nil, status.Error(codes.Internal, err.Error()) |
| 1520 | } |
| 1521 | return &adminv1.GetCloneCredentialsResponse{ArchiveDownloadUrl: downloadURL}, nil |
| 1522 | } |
| 1523 | |
| 1524 | if proj.GitRemote == nil || proj.GithubInstallationID == nil { |
| 1525 | return nil, status.Error(codes.FailedPrecondition, "project's repository is not managed by Rill, and it does not have a GitHub integration") |
| 1526 | } |
| 1527 | |
| 1528 | repoID, err := s.githubRepoIDForProject(ctx, proj) |
| 1529 | if err != nil { |
| 1530 | return nil, err |
| 1531 | } |
| 1532 | |
| 1533 | token, expiresAt, err := s.admin.Github.InstallationToken(ctx, *proj.GithubInstallationID, repoID) |
| 1534 | if err != nil { |
| 1535 | return nil, err |
| 1536 | } |
| 1537 | |
| 1538 | return &adminv1.GetCloneCredentialsResponse{ |
| 1539 | GitRepoUrl: *proj.GitRemote, |
| 1540 | GitUsername: "x-access-token", |
| 1541 | GitPassword: token, |
| 1542 | GitPasswordExpiresAt: timestamppb.New(expiresAt), |
| 1543 | GitSubpath: proj.Subpath, |
| 1544 | GitPrimaryBranch: proj.PrimaryBranch, |
| 1545 | GitManagedRepo: proj.ManagedGitRepoID != nil, |
| 1546 | }, nil |
| 1547 | } |
| 1548 | |
| 1549 | func (s *Server) RequestProjectAccess(ctx context.Context, req *adminv1.RequestProjectAccessRequest) (*adminv1.RequestProjectAccessResponse, error) { |
| 1550 | observability.AddRequestAttributes(ctx, |
nothing calls this directly
no test coverage detected