CreateService creates a new service account.
(ctx context.Context, req *adminv1.CreateServiceRequest)
| 19 | |
| 20 | // CreateService creates a new service account. |
| 21 | func (s *Server) CreateService(ctx context.Context, req *adminv1.CreateServiceRequest) (*adminv1.CreateServiceResponse, error) { |
| 22 | observability.AddRequestAttributes(ctx, |
| 23 | attribute.String("args.name", req.Name), |
| 24 | attribute.String("args.organization", req.Org), |
| 25 | attribute.String("args.org_role", req.OrgRoleName), |
| 26 | attribute.String("args.project", req.Project), |
| 27 | attribute.String("args.project_role", req.ProjectRoleName), |
| 28 | ) |
| 29 | |
| 30 | org, err := s.admin.DB.FindOrganizationByName(ctx, req.Org) |
| 31 | if err != nil { |
| 32 | return nil, err |
| 33 | } |
| 34 | |
| 35 | claims := auth.GetClaims(ctx) |
| 36 | if !claims.OrganizationPermissions(ctx, org.ID).ManageOrg { |
| 37 | return nil, status.Error(codes.PermissionDenied, "not allowed to create a service") |
| 38 | } |
| 39 | |
| 40 | if req.OrgRoleName == "" && req.ProjectRoleName == "" { |
| 41 | return nil, status.Error(codes.InvalidArgument, "at least one of org role or project role must be specified") |
| 42 | } |
| 43 | |
| 44 | // Check if project name and role are both provided or both empty |
| 45 | if (req.Project != "" && req.ProjectRoleName == "") || (req.Project == "" && req.ProjectRoleName != "") { |
| 46 | return nil, status.Error(codes.InvalidArgument, "both project name and project role must be specified together") |
| 47 | } |
| 48 | |
| 49 | ctx, tx, err := s.admin.DB.NewTx(ctx, true) |
| 50 | if err != nil { |
| 51 | return nil, err |
| 52 | } |
| 53 | defer func() { _ = tx.Rollback() }() |
| 54 | |
| 55 | opts := &database.InsertServiceOptions{ |
| 56 | OrgID: org.ID, |
| 57 | Name: req.Name, |
| 58 | Attributes: nil, |
| 59 | } |
| 60 | if req.Attributes != nil { |
| 61 | opts.Attributes = req.Attributes.AsMap() |
| 62 | } |
| 63 | // Create service with attributes |
| 64 | service, err := s.admin.DB.InsertService(ctx, opts) |
| 65 | if err != nil { |
| 66 | return nil, err |
| 67 | } |
| 68 | |
| 69 | // If org role is specified, assign it |
| 70 | if req.OrgRoleName != "" { |
| 71 | orgRole, err := s.admin.DB.FindOrganizationRole(ctx, req.OrgRoleName) |
| 72 | if err != nil { |
| 73 | return nil, err |
| 74 | } |
| 75 | err = s.admin.DB.InsertOrganizationMemberService(ctx, service.ID, org.ID, orgRole.ID) |
| 76 | if err != nil { |
| 77 | return nil, err |
| 78 | } |
nothing calls this directly
no test coverage detected