Skip to content

Commit

Permalink
Allow superusers to reset any project (#6346)
Browse files Browse the repository at this point in the history
  • Loading branch information
begelundmuller authored Jan 3, 2025
1 parent 0c941ae commit 4a4f30b
Show file tree
Hide file tree
Showing 10 changed files with 3,358 additions and 3,295 deletions.
19 changes: 10 additions & 9 deletions admin/server/projects.go
Original file line number Diff line number Diff line change
Expand Up @@ -1539,18 +1539,24 @@ func (s *Server) RedeployProject(ctx context.Context, req *adminv1.RedeployProje
attribute.String("args.project", req.Project),
)

org, err := s.admin.DB.FindOrganizationByName(ctx, req.Organization)
proj, err := s.admin.DB.FindProjectByName(ctx, req.Organization, req.Project)
if err != nil {
return nil, status.Error(codes.InvalidArgument, err.Error())
}

// check if org has blocking billing errors
err = s.admin.CheckBlockingBillingErrors(ctx, org.ID)
claims := auth.GetClaims(ctx)
forceAccess := req.SuperuserForceAccess && claims.Superuser(ctx)
if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProd && !forceAccess {
return nil, status.Error(codes.PermissionDenied, "does not have permission to manage deployment")
}

org, err := s.admin.DB.FindOrganizationByName(ctx, req.Organization)
if err != nil {
return nil, status.Error(codes.InvalidArgument, err.Error())
}

proj, err := s.admin.DB.FindProjectByName(ctx, req.Organization, req.Project)
// check if org has blocking billing errors
err = s.admin.CheckBlockingBillingErrors(ctx, org.ID)
if err != nil {
return nil, status.Error(codes.InvalidArgument, err.Error())
}
Expand All @@ -1563,11 +1569,6 @@ func (s *Server) RedeployProject(ctx context.Context, req *adminv1.RedeployProje
}
}

claims := auth.GetClaims(ctx)
if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProd {
return nil, status.Error(codes.PermissionDenied, "does not have permission to manage deployment")
}

_, err = s.admin.RedeployProject(ctx, proj, depl)
if err != nil {
return nil, status.Error(codes.InvalidArgument, err.Error())
Expand Down
5 changes: 3 additions & 2 deletions cli/cmd/sudo/project/reset.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,9 @@ func ResetCmd(ch *cmdutil.Helper) *cobra.Command {
}

_, err = client.RedeployProject(cmd.Context(), &adminv1.RedeployProjectRequest{
Organization: org,
Project: project,
Organization: org,
Project: project,
SuperuserForceAccess: true,
})
if err != nil {
return err
Expand Down
4 changes: 4 additions & 0 deletions proto/gen/rill/admin/v1/admin.swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1318,6 +1318,10 @@ paths:
in: path
required: true
type: string
- name: superuserForceAccess
in: query
required: false
type: boolean
tags:
- AdminService
/v1/organizations/{organization}/projects/{project}/reports:
Expand Down
6,569 changes: 3,290 additions & 3,279 deletions proto/gen/rill/admin/v1/api.pb.go

Large diffs are not rendered by default.

18 changes: 18 additions & 0 deletions proto/gen/rill/admin/v1/api.pb.gw.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions proto/gen/rill/admin/v1/api.pb.validate.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions proto/rill/admin/v1/api.proto
Original file line number Diff line number Diff line change
Expand Up @@ -1196,6 +1196,7 @@ message CreateAssetResponse {
message RedeployProjectRequest {
string organization = 1;
string project = 2;
bool superuser_force_access = 3;
}

message RedeployProjectResponse {}
Expand Down
25 changes: 20 additions & 5 deletions web-admin/src/client/gen/admin-service/admin-service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ import type {
V1RemoveProjectMemberUserResponse,
V1SetProjectMemberUserRoleResponse,
V1RedeployProjectResponse,
AdminServiceRedeployProjectParams,
V1CreateReportResponse,
AdminServiceCreateReportBodyBody,
V1GenerateReportYAMLResponse,
Expand Down Expand Up @@ -2928,10 +2929,12 @@ This RPC can be used to redeploy a project that has been hibernated.
export const adminServiceRedeployProject = (
organization: string,
project: string,
params?: AdminServiceRedeployProjectParams,
) => {
return httpClient<V1RedeployProjectResponse>({
url: `/v1/organizations/${organization}/projects/${project}/redeploy`,
method: "post",
params,
});
};

Expand All @@ -2948,25 +2951,37 @@ export const createAdminServiceRedeployProject = <
mutation?: CreateMutationOptions<
Awaited<ReturnType<typeof adminServiceRedeployProject>>,
TError,
{ organization: string; project: string },
{
organization: string;
project: string;
params?: AdminServiceRedeployProjectParams;
},
TContext
>;
}) => {
const { mutation: mutationOptions } = options ?? {};

const mutationFn: MutationFunction<
Awaited<ReturnType<typeof adminServiceRedeployProject>>,
{ organization: string; project: string }
{
organization: string;
project: string;
params?: AdminServiceRedeployProjectParams;
}
> = (props) => {
const { organization, project } = props ?? {};
const { organization, project, params } = props ?? {};

return adminServiceRedeployProject(organization, project);
return adminServiceRedeployProject(organization, project, params);
};

return createMutation<
Awaited<ReturnType<typeof adminServiceRedeployProject>>,
TError,
{ organization: string; project: string },
{
organization: string;
project: string;
params?: AdminServiceRedeployProjectParams;
},
TContext
>(mutationFn, mutationOptions);
};
Expand Down
4 changes: 4 additions & 0 deletions web-admin/src/client/gen/index.schemas.ts
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,10 @@ export type AdminServiceListMagicAuthTokensParams = {
pageToken?: string;
};

export type AdminServiceRedeployProjectParams = {
superuserForceAccess?: boolean;
};

export type AdminServiceAddProjectMemberUserBody = {
email?: string;
role?: string;
Expand Down
6 changes: 6 additions & 0 deletions web-common/src/proto/gen/rill/admin/v1/api_pb.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2724,6 +2724,11 @@ export class RedeployProjectRequest extends Message<RedeployProjectRequest> {
*/
project = "";

/**
* @generated from field: bool superuser_force_access = 3;
*/
superuserForceAccess = false;

constructor(data?: PartialMessage<RedeployProjectRequest>) {
super();
proto3.util.initPartial(data, this);
Expand All @@ -2734,6 +2739,7 @@ export class RedeployProjectRequest extends Message<RedeployProjectRequest> {
static readonly fields: FieldList = proto3.util.newFieldList(() => [
{ no: 1, name: "organization", kind: "scalar", T: 9 /* ScalarType.STRING */ },
{ no: 2, name: "project", kind: "scalar", T: 9 /* ScalarType.STRING */ },
{ no: 3, name: "superuser_force_access", kind: "scalar", T: 8 /* ScalarType.BOOL */ },
]);

static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): RedeployProjectRequest {
Expand Down

1 comment on commit 4a4f30b

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.