admin

package
v0.78.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2025 License: Apache-2.0 Imports: 50 Imported by: 0

README

admin

This directory contains the control-plane for the managed, multi-user version of Rill (currently available on ui.rilldata.com).

Running in development

Run the following command from the repository root to start a full development environment except the admin service:

rill devtool start cloud --except admin # optional: --reset

For as long as the devtool is running, rill commands will target your local development environment instead of rilldata.com (you can manually switch environments using rill devtool switch-env.)

Then separately start the admin service (and start/stop it when you make code changes):

go run ./cli admin start
Using Github webhooks in development

The local development environment is not capable of receiving Github webhooks. In most cases, you can just run rill project refresh --parser to manually trigger a pull after pushing changes to Github.

Continue reading only if you are making changes to the Github webhooks code and need to these changes specifically.

We use a Github App to listen to pushes on repositories connected to Rill to do automated deployments. The app has access to read contents and receives webhooks on git push.

Github relies on webhooks to deliver information about new connections, pushes, etc. In development, in order for webhooks to be received on localhost, we use this proxy service: https://github.com/probot/smee.io.

Setup instructions:

  1. Install Smee
npm install --global smee-client
  1. Run it (get IDENTIFIER from the Github App info or a team member):
smee --port 8080 --path /github/webhook --url https://smee.io/IDENTIFIER

Adding endpoints

We define our APIs using gRPC and use gRPC-Gateway to map the RPCs to a RESTful API. See proto/README.md for details.

To add a new endpoint:

  1. Describe the endpoint in proto/rill/admin/v1/api.proto
  2. Re-generate gRPC and OpenAPI interfaces by running make proto.generate
  3. Copy the new handler signature from the AdminServiceServer interface in proto/gen/rill/admin/v1/api_grpc_pb.go
  4. Paste the handler signature and implement it in a relevant file in admin/server/

Adding a new user preferences field

To add a new preference field for the user, follow these steps:

  1. Include a new column named preference_<name> in the users table. This can be accomplished by appending an appropriate ALTER TABLE query to a newly created .sql file located within the postgres/migrations folder.
  2. In the admin api.proto file, incorporate the optional preference field within the message UserPreferences definition.
  3. Revise the method definition for UpdateUserPreferences to encompass the handling of the new preference in the respective service.
  4. Adjust the UpdateUser SQL query to encompass the new preference field, ensuring that it is included during the update operation.
  5. Identify all instances where the UpdateUser method is called and update them to include the new preference value.

By meticulously following these steps, the new preference field can be successfully incorporated for the user. Remember to update the database schema, proto file, service method, SQL query, and method invocations to properly accommodate the new preference field.

Documentation

Index

Constants

View Source 
const DeviceAuthCodeTTL = 10 * time.Minute

Variables

View Source 
var (
	ErrUserIsNotCollaborator      = fmt.Errorf("user is not a collaborator for the repository")
	ErrGithubInstallationNotFound = fmt.Errorf("github installation not found")
)

Functions

func UnionOrgRoles added in v0.58.0 

func UnionOrgRoles(a *adminv1.OrganizationPermissions, b *database.OrganizationRole) *adminv1.OrganizationPermissions

UnionOrgRoles merges an organization role's permissions into the given permissions object.

func UnionProjectRoles added in v0.58.0 

func UnionProjectRoles(a *adminv1.ProjectPermissions, b *database.ProjectRole) *adminv1.ProjectPermissions

UnionProjectRoles merges a project role's permissions into the given permissions object.

Types

type AuthToken added in v0.23.0 

type AuthToken interface {
	Token() *authtoken.Token
	TokenModel() any
	OwnerID() string
}

AuthToken is the interface package admin uses to provide a consolidated view of a token string and its DB model.

type CreateDeploymentOptions added in v0.52.0 

type CreateDeploymentOptions struct {
	ProjectID   string
	OwnerUserID *string
	Environment string
	Branch      string
	Editable    bool
}

type DeploymentAnnotations added in v0.43.0 

type DeploymentAnnotations struct {
	// contains filtered or unexported fields
}

func (*DeploymentAnnotations) ToMap added in v0.47.4 

func (da *DeploymentAnnotations) ToMap() map[string]string

type Github added in v0.25.0 

type Github interface {
	AppClient() *github.Client
	InstallationClient(installationID int64, repoID *int64) *github.Client
	// InstallationToken returns a token for the installation ID limited to the repoID.
	InstallationToken(ctx context.Context, installationID, repoID int64) (token string, expiresAt time.Time, err error)
	InstallationTokenForOrg(ctx context.Context, org string) (token string, expiresAt time.Time, err error)

	CreateManagedRepo(ctx context.Context, repoPrefix string) (*github.Repository, error)
	ManagedOrgInstallationID() (int64, error)
}

Github exposes the features we require from the Github API.

func NewGithub added in v0.25.0 

func NewGithub(ctx context.Context, appID int64, appPrivateKey, githubManagedAcct string, logger *zap.Logger) (Github, error)

NewGithub returns a new client for connecting to Github.

type GithubToken added in v0.78.0 

type GithubToken struct {
	AccessToken  string
	Expiry       time.Time
	RefreshToken string
}

type IssueMagicAuthTokenOptions added in v0.47.0 

type IssueMagicAuthTokenOptions struct {
	ProjectID       string
	TTL             *time.Duration
	CreatedByUserID *string
	Attributes      map[string]any
	FilterJSON      string
	Fields          []string
	State           string
	DisplayName     string
	Internal        bool
	Resources       []database.ResourceName
}

IssueMagicAuthTokenOptions provides options for IssueMagicAuthToken.

type Options 

type Options struct {
	DatabaseDriver            string
	DatabaseDSN               string
	DatabaseEncryptionKeyring string
	ExternalURL               string
	FrontendURL               string
	ProvisionerSetJSON        string
	ProvisionerMaxConcurrency int
	DefaultProvisioner        string
	Version                   version.Version
	MetricsProjectOrg         string
	MetricsProjectName        string
	AutoscalerCron            string
	ScaleDownConstraint       int
}

type ProvisionOptions added in v0.53.0 

type ProvisionOptions struct {
	DeploymentID string
	Type         provisioner.ResourceType
	Name         string
	Provisioner  string
	Args         map[string]any
	Annotations  map[string]string
}

type Service 

type Service struct {
	DB                        database.DB
	Jobs                      jobs.Client
	URLs                      *URLs
	ProvisionerSet            map[string]provisioner.Provisioner
	ProvisionerMaxConcurrency int
	Email                     *email.Client
	Github                    Github
	AI                        ai.Client
	Assets                    *storage.BucketHandle
	Used                      *usedFlusher
	Logger                    *zap.Logger

	Version             version.Version
	MetricsProjectID    string
	AutoscalerCron      string
	ScaleDownConstraint int
	Biller              billing.Biller
	PaymentProvider     payment.Provider
	// contains filtered or unexported fields
}

func New 

func New(ctx context.Context, opts *Options, logger *zap.Logger, issuer *auth.Issuer, emailClient *email.Client, github Github, aiClient ai.Client, assets *storage.BucketHandle, biller billing.Biller, p payment.Provider) (*Service, error)

func (*Service) CheckBlockingBillingErrors added in v0.50.0 

func (s *Service) CheckBlockingBillingErrors(ctx context.Context, orgID string) error

func (*Service) CheckProvisionerResource added in v0.52.0 

func (s *Service) CheckProvisionerResource(ctx context.Context, pr *database.ProvisionerResource, annotations DeploymentAnnotations) error

func (*Service) CleanupSubscriptionBillingIssues added in v0.50.0 

func (s *Service) CleanupSubscriptionBillingIssues(ctx context.Context, orgID string) error

CleanupSubscriptionBillingIssues removes subscription related billing issues

func (*Service) CleanupTrialBillingIssues added in v0.50.0 

func (s *Service) CleanupTrialBillingIssues(ctx context.Context, orgID string) error

CleanupTrialBillingIssues removes trial related billing issues

func (*Service) Close 

func (s *Service) Close() error

func (*Service) CreateDeployment added in v0.52.0 

func (s *Service) CreateDeployment(ctx context.Context, opts *CreateDeploymentOptions) (*database.Deployment, error)

func (*Service) CreateManagedGitRepo added in v0.62.0 

func (s *Service) CreateManagedGitRepo(ctx context.Context, org *database.Organization, name, ownerID string) (*github.Repository, error)

func (*Service) CreateOrUpdateUser added in v0.23.0 

func (s *Service) CreateOrUpdateUser(ctx context.Context, email, name, photoURL string) (*database.User, error)

CreateOrUpdateUser creates or updates a user with the given email, name, and photo URL. If the user doesn't exist, it creates a new user and simultaneously adds them to any orgs and projects they have been invited to.

func (*Service) CreateOrganizationForUser added in v0.24.0 

func (s *Service) CreateOrganizationForUser(ctx context.Context, userID, email, orgName, displayName, description string) (*database.Organization, error)

CreateOrganizationForUser creates a new organization with the given name and description, and adds the user as an admin.

func (*Service) CreateProject added in v0.23.0 

func (s *Service) CreateProject(ctx context.Context, org *database.Organization, opts *database.InsertProjectOptions, deploy bool) (*database.Project, error)

CreateProject creates a new project and provisions and reconciles a prod deployment for it.

func (*Service) DeleteOrganizationMemberUser added in v0.58.0 

func (s *Service) DeleteOrganizationMemberUser(ctx context.Context, orgID, userID string) error

DeleteOrganizationMemberUser deletes a user as a member of an organization. It transactionally also removes the user from all user groups in the org and all projects in the org. It may be called with or without holding an existing transaction.

func (*Service) GetGithubInstallation added in v0.24.0 

func (s *Service) GetGithubInstallation(ctx context.Context, remote string) (int64, error)

GetGithubInstallation returns a non zero Github installation ID if the Github App is installed on the repository and is not in suspended state. The remote should be a HTTPS URL for a github.com repository with the .git suffix.

func (*Service) HibernateProject added in v0.47.4 

func (s *Service) HibernateProject(ctx context.Context, proj *database.Project) (*database.Project, error)

HibernateProject hibernates a project by tearing down its deployment.

func (*Service) InitOrganizationBilling added in v0.48.0 

func (s *Service) InitOrganizationBilling(ctx context.Context, org *database.Organization) (*database.Organization, error)

func (*Service) InsertOrganizationMemberUser added in v0.58.0 

func (s *Service) InsertOrganizationMemberUser(ctx context.Context, orgID, userID, roleID string, attributes map[string]interface{}, ifNotExists bool) error

InsertOrganizationMemberUser inserts a user as a member of an organization. If ifNotExists is true, it acts as a no-op if the user is already a member of the org.

The function transactionally also adds the user to the relevant managed usergroups in the org. It may be called with or without holding an existing transaction.

func (*Service) InsertProjectMemberUser added in v0.58.0 

func (s *Service) InsertProjectMemberUser(ctx context.Context, orgID, projectID, userID, roleID string, attributes map[string]interface{}) error

InsertProjectMemberUser inserts a user as a member of a project. If the user is not already a member of the project's organization, it transactionally adds them as a guest of the org as well. It may be called with or without holding an existing transaction.

func (*Service) IssueDeploymentAuthToken added in v0.36.0 

func (s *Service) IssueDeploymentAuthToken(ctx context.Context, deploymentID string, ttl *time.Duration) (AuthToken, error)

IssueDeploymentAuthToken generates and persists a new auth token for a deployment.

func (*Service) IssueDeviceAuthCode added in v0.24.0 

func (s *Service) IssueDeviceAuthCode(ctx context.Context, clientID string) (*database.DeviceAuthCode, error)

func (*Service) IssueMagicAuthToken added in v0.47.0 

func (s *Service) IssueMagicAuthToken(ctx context.Context, opts *IssueMagicAuthTokenOptions) (AuthToken, error)

IssueMagicAuthToken generates and persists a new magic auth token for a project.

func (*Service) IssueRuntimeManagementToken added in v0.47.5 

func (s *Service) IssueRuntimeManagementToken(aud string) (string, error)

func (*Service) IssueServiceAuthToken added in v0.31.0 

func (s *Service) IssueServiceAuthToken(ctx context.Context, serviceID string, ttl *time.Duration) (AuthToken, error)

IssueServiceAuthToken generates and persists a new auth token for a service.

func (*Service) IssueUserAuthToken added in v0.23.0 

func (s *Service) IssueUserAuthToken(ctx context.Context, userID, clientID, displayName string, representingUserID *string, ttl *time.Duration, refresh bool) (AuthToken, error)

IssueUserAuthToken generates and persists a new auth token for a user.

func (*Service) LookupAlert added in v0.41.0 

func (s *Service) LookupAlert(ctx context.Context, depl *database.Deployment, alertName string) (*runtimev1.AlertSpec, error)

LookupAlert fetches a alert's spec from a runtime deployment.

func (*Service) LookupGithubRepoForUser added in v0.24.0 

func (s *Service) LookupGithubRepoForUser(ctx context.Context, installationID int64, remote, gitUsername string) (*github.Repository, error)

LookupGithubRepoForUser returns a Github repository iff the Github App is installed on the repository and user is a collaborator of the project. The remote should be a HTTPS URL for a github.com repository with the .git suffix.

func (*Service) LookupReport added in v0.37.0 

func (s *Service) LookupReport(ctx context.Context, depl *database.Deployment, reportName string) (*runtimev1.ReportSpec, error)

LookupReport fetches a report's spec from a runtime deployment.

func (*Service) NewDeploymentAnnotations added in v0.43.0 

func (s *Service) NewDeploymentAnnotations(org *database.Organization, proj *database.Project) DeploymentAnnotations

func (*Service) OpenMetricsProject added in v0.43.0 

func (s *Service) OpenMetricsProject(ctx context.Context) (*metrics.Client, bool, error)

OpenMetricsProject opens a client for accessing the metrics project. If a metrics project is not configured, it returns false for the second return value. The returned client has a TTL of 30 minutes. TODO: Encapsulate token refresh logic in the metrics client.

func (*Service) OpenRuntimeClient added in v0.47.0 

func (s *Service) OpenRuntimeClient(depl *database.Deployment) (*client.Client, error)

func (*Service) OrganizationPermissionsForDeployment added in v0.36.0 

func (s *Service) OrganizationPermissionsForDeployment(ctx context.Context, orgID, deploymentID string) (*adminv1.OrganizationPermissions, error)

OrganizationPermissionsForDeployment resolves organization permissions for a deployment. A deployment does not get any permissions on the org it belongs to. It only has permissions on the project it belongs to.

func (*Service) OrganizationPermissionsForMagicAuthToken added in v0.47.0 

func (s *Service) OrganizationPermissionsForMagicAuthToken(ctx context.Context, orgID, tokenProjectID string) (*adminv1.OrganizationPermissions, error)

OrganizationPermissionsForMagicAuthToken resolves organization permissions for a magic auth token in the specified project. It grants basic read access to only the org of the project the token belongs to.

func (*Service) OrganizationPermissionsForService added in v0.33.2 

func (s *Service) OrganizationPermissionsForService(ctx context.Context, orgID, serviceID string) (*adminv1.OrganizationPermissions, error)

OrganizationPermissionsForService resolves organization permissions for a service. If the service has roles, it uses those roles to determine permissions. If no role is found, it falls back to the legacy behavior of giving full permissions to services in their org.

func (*Service) OrganizationPermissionsForUser added in v0.33.2 

func (s *Service) OrganizationPermissionsForUser(ctx context.Context, orgID, userID string) (*adminv1.OrganizationPermissions, error)

OrganizationPermissionsForUser resolves organization permissions for a user.

func (*Service) ProcessGithubEvent added in v0.23.0 

func (s *Service) ProcessGithubEvent(ctx context.Context, rawEvent any) error

ProcessGithubEvent processes a Github event (usually received over webhooks). After validating that the event is a valid Github event, it moves further processing to the background and returns a nil error.

func (*Service) ProjectPermissionsForDeployment added in v0.36.0 

func (s *Service) ProjectPermissionsForDeployment(ctx context.Context, projectID, deploymentID string, orgPerms *adminv1.OrganizationPermissions) (*adminv1.ProjectPermissions, error)

ProjectPermissionsForDeployment resolves project permissions for a deployment. A deployment currently gets full read and no write permissions on the project it belongs to.

func (*Service) ProjectPermissionsForMagicAuthToken added in v0.47.0 

func (s *Service) ProjectPermissionsForMagicAuthToken(ctx context.Context, projectID string, tkn *database.MagicAuthToken) (*adminv1.ProjectPermissions, error)

ProjectPermissionsForMagicAuthToken resolves project permissions for a magic auth token.

func (*Service) ProjectPermissionsForService added in v0.33.2 

func (s *Service) ProjectPermissionsForService(ctx context.Context, projectID, serviceID string, orgPerms *adminv1.OrganizationPermissions) (*adminv1.ProjectPermissions, error)

ProjectPermissionsForService resolves project permissions for a service. If the service has roles, it uses those roles to determine permissions. If no roles are found, then it falls back to just giving read permissions to project if the service is in the org.

func (*Service) ProjectPermissionsForUser added in v0.33.2 

func (s *Service) ProjectPermissionsForUser(ctx context.Context, projectID, userID string, orgPerms *adminv1.OrganizationPermissions) (*adminv1.ProjectPermissions, error)

ProjectPermissionsForUser resolves project permissions for a user.

func (*Service) Provision added in v0.53.0 

func (s *Service) Provision(ctx context.Context, opts *ProvisionOptions) (*database.ProvisionerResource, error)

func (*Service) PurgeAuthTokenCache added in v0.78.0 

func (s *Service) PurgeAuthTokenCache()

PurgeAuthTokenCache purges the short-term in-memory auth token cache.

func (*Service) RaiseNewOrgBillingIssues added in v0.50.0 

func (s *Service) RaiseNewOrgBillingIssues(ctx context.Context, orgID string, creationTime time.Time, hasPaymentMethod, hasBillableAddress, hasSubscription bool) error

RaiseNewOrgBillingIssues raises billing issues for a new organization

func (*Service) RedeployProject added in v0.49.0 

func (s *Service) RedeployProject(ctx context.Context, proj *database.Project, prevDepl *database.Deployment) (*database.Project, error)

RedeployProject de-provisions and re-provisions a project's deployment. If prevDepl is nil, it provisions a new prod deployment based on prodBranch.

func (*Service) RepairOrganizationBilling added in v0.50.0 

func (s *Service) RepairOrganizationBilling(ctx context.Context, org *database.Organization, initSub bool) (*database.Organization, *billing.Subscription, error)

RepairOrganizationBilling repairs billing for an organization by checking if customer exists in billing systems, if not creating new. Useful for migrating existing orgs to billing system and in rare case when InitOrganizationBilling fails in the middle

func (*Service) ResolveVariables added in v0.51.0 

func (s *Service) ResolveVariables(ctx context.Context, projectID, environment string, forWriting bool) (map[string]string, error)

ResolveVariables resolves the project's variables for the given environment. It fetches the variable specific to the environment plus the default variables not set exclusively for the environment.

func (*Service) RevokeAuthToken added in v0.23.0 

func (s *Service) RevokeAuthToken(ctx context.Context, token string) error

RevokeAuthToken removes an auth token from persistent storage.

func (*Service) StartDeployment added in v0.78.0 

func (s *Service) StartDeployment(ctx context.Context, depl *database.Deployment) (*database.Deployment, error)

func (*Service) StartDeploymentInner added in v0.78.0 

func (s *Service) StartDeploymentInner(ctx context.Context, depl *database.Deployment) error

StartDeploymentInner provisions a runtime and initializes an instance on it. The implementation is idempotent, enabling it to be called from a retryable background job.

func (*Service) StartTrial added in v0.50.0 

func (s *Service) StartTrial(ctx context.Context, org *database.Organization) (*database.Organization, *billing.Subscription, error)

func (*Service) StopDeployment added in v0.78.0 

func (s *Service) StopDeployment(ctx context.Context, depl *database.Deployment) error

func (*Service) StopDeploymentInner added in v0.78.0 

func (s *Service) StopDeploymentInner(ctx context.Context, depl *database.Deployment) error

StopDeploymentInner stops a deployment by tearing down its runtime instance and resources. The implementation is idempotent, enabling it to be called from a retryable background job.

func (*Service) TeardownDeployment added in v0.47.2 

func (s *Service) TeardownDeployment(ctx context.Context, depl *database.Deployment) error

func (*Service) TeardownProject added in v0.23.0 

func (s *Service) TeardownProject(ctx context.Context, p *database.Project) error

TeardownProject tears down a project and all its deployments.

func (*Service) TriggerParser added in v0.49.0 

func (s *Service) TriggerParser(ctx context.Context, depl *database.Deployment) (err error)

TriggerParser triggers the deployment's project parser to do a new pull and parse.

func (*Service) TriggerParserAndAwaitResource added in v0.49.0 

func (s *Service) TriggerParserAndAwaitResource(ctx context.Context, depl *database.Deployment, name, kind string) error

TriggerParserAndAwaitResource triggers the parser and polls the runtime until the given resource's spec version has been updated (or ctx is canceled).

func (*Service) TriggerReport added in v0.37.0 

func (s *Service) TriggerReport(ctx context.Context, depl *database.Deployment, report string) (err error)

TriggerReport triggers an ad-hoc run of a report

func (*Service) UpdateDeployment added in v0.43.0 

func (s *Service) UpdateDeployment(ctx context.Context, depl *database.Deployment, branch string) error

func (*Service) UpdateDeploymentInner added in v0.78.0 

func (s *Service) UpdateDeploymentInner(ctx context.Context, d *database.Deployment) error

UpdateDeploymentInner updates a deployment by updating its runtime instance and resources. The implementation is idempotent, enabling it to be called from a retryable background job.

func (*Service) UpdateDeploymentsForProject added in v0.60.7 

func (s *Service) UpdateDeploymentsForProject(ctx context.Context, p *database.Project) error

UpdateDeploymentsForProject updates the deployments of a project. Care must be taken to avoid one broken deployment from blocking updates to other healthy deployments.

func (*Service) UpdateOrgDeploymentAnnotations added in v0.32.0 

func (s *Service) UpdateOrgDeploymentAnnotations(ctx context.Context, org *database.Organization) error

UpdateOrgDeploymentAnnotations iterates over projects of the given org and updates annotations of corresponding deployments with the new organization name NOTE : this does not trigger reconcile.

func (*Service) UpdateOrganizationMemberUserRole added in v0.58.0 

func (s *Service) UpdateOrganizationMemberUserRole(ctx context.Context, orgID, userID, roleID string) error

UpdateOrganizationMemberUserRole updates the role of a user in an organization. It transactionally also updates the user's membership of relevant managed usergroups in the org.

func (*Service) UpdateProject added in v0.23.0 

func (s *Service) UpdateProject(ctx context.Context, proj *database.Project, opts *database.UpdateProjectOptions) (*database.Project, error)

UpdateProject updates a project and any impacted deployments. It runs a reconcile if deployment parameters (like branch or variables) have been changed and reconcileDeployment is set.

func (*Service) UpdateProjectVariables added in v0.28.0 

func (s *Service) UpdateProjectVariables(ctx context.Context, project *database.Project, environment string, vars map[string]string, unsetVars []string, userID string) error

UpdateProjectVariables updates a project's variables and runs reconcile on the deployments.

func (*Service) ValidateAuthToken added in v0.23.0 

func (s *Service) ValidateAuthToken(ctx context.Context, token string) (AuthToken, error)

ValidateAuthToken validates an auth token against persistent storage. It includes a short-term in-memory cache to prevent

type URLs added in v0.49.0 

type URLs struct {
	// contains filtered or unexported fields
}

URLs centralizes parsing and formatting of URLs for the admin service.

There are several complexities around URL handling in Rill:

  1. The frontend may run on a different host than the admin service (e.g. ui.rilldata.com vs. admin.rilldata.com).
  2. We support custom domains for specific orgs (e.g. analytics.mycompany.com instead of ui.rilldata.com/mycompany).
  3. The admin service sends transactional emails that link to the frontend, such as project invites.
  4. The admin service is also responsible for sending transactional emails on behalf of the runtime, which also link to the frontend, such as for alerts and reports.
  5. We need to ensure correct redirects and callbacks for the auth service (on auth.rilldata.com) and Github. These services have fixed callback URLs on the admin service's primary external URL, which complicates custom domain handling.

For orgs with a custom domain configured (using the CLI command `rill sudo org set-custom-domain`), we require the admin service and frontend to be reachable on the custom domain using the following load balancer rules:

  1. The admin service must be reachable at the `/api` path prefix on the custom domain. The `/api` prefix should be removed by the load balancer before proxying to the admin service.
  2. The frontend must be reachable at all other paths on the custom domain.

func NewURLs added in v0.49.0 

func NewURLs(externalURL, frontendURL string) (*URLs, error)

NewURLs creates a new URLs. The provided URLs should include the scheme, host, optional port, and optional path prefix. The provided URLs should be the primary external and frontend URL for the Rill service. The returned *URLs will rewrite them as needed for custom domains.

func (*URLs) AlertEdit added in v0.49.0 

func (u *URLs) AlertEdit(org, project, alert string) string

AlertEdit returns the URL for editing an alert in the frontend.

func (*URLs) AlertOpen added in v0.49.0 

func (u *URLs) AlertOpen(org, project, alert, token string) string

AlertOpen returns the URL for opening an alert in the frontend.

func (*URLs) AlertUnsubscribe added in v0.78.0 

func (u *URLs) AlertUnsubscribe(org, project, alert, token string) string

AlertUnsubscribe returns the URL for unsubscribing from an alert.

func (*URLs) ApproveProjectAccess added in v0.49.0 

func (u *URLs) ApproveProjectAccess(org, project, id, role string) string

ApproveProjectAccess returns the frontend URL for approving a project access request.

func (*URLs) Asset added in v0.53.0 

func (u *URLs) Asset(assetID string) string

Asset creates a URL for downloading the user-uploaded asset with the given ID.

func (*URLs) AuthCLISuccessUI added in v0.49.0 

func (u *URLs) AuthCLISuccessUI() string

AuthCLISuccessUI returns the frontend URL to redirect to after successful CLI authentication.

func (*URLs) AuthCustomDomainCallback added in v0.78.0 

func (u *URLs) AuthCustomDomainCallback(state string) string

AuthCustomDomainCallback returns the URL with state for custom domain callback

func (*URLs) AuthLogin added in v0.49.0 

func (u *URLs) AuthLogin(redirect string, customDomainFlow bool) string

AuthLogin returns the URL that starts the redirects to the auth service for login.

func (*URLs) AuthLoginCallback added in v0.49.0 

func (u *URLs) AuthLoginCallback() string

AuthLoginCallback returns the URL for the OAuth2 callback.

func (*URLs) AuthLogout added in v0.49.0 

func (u *URLs) AuthLogout() string

AuthLogout returns the URL that starts the logout redirects.

func (*URLs) AuthLogoutCallback added in v0.49.0 

func (u *URLs) AuthLogoutCallback() string

AuthLogoutCallback returns the URL for the logout callback.

func (*URLs) AuthLogoutProvider added in v0.49.0 

func (u *URLs) AuthLogoutProvider(redirect string) string

AuthLogoutProvider returns the URL that starts the logout redirects against the external auth provider.

func (*URLs) AuthVerifyDeviceUI added in v0.49.0 

func (u *URLs) AuthVerifyDeviceUI(query map[string]string) string

AuthVerifyDeviceUI returns the frontend URL for the device auth verification page.

func (*URLs) AuthVerifyEmailUI added in v0.49.0 

func (u *URLs) AuthVerifyEmailUI() string

AuthVerifyEmailUI returns the frontend URL for the verify email page.

func (*URLs) AuthWithToken added in v0.49.0 

func (u *URLs) AuthWithToken(tokenStr, redirect string) string

AuthWithToken returns a URL that sets the auth cookie to the provided token. Providing a redirect URL is optional.

func (*URLs) Billing added in v0.51.1 

func (u *URLs) Billing(org string, upgrade bool) string

Billing returns the landing page url that optionally shows the upgrade modal.

func (*URLs) DenyProjectAccess added in v0.49.0 

func (u *URLs) DenyProjectAccess(org, project, id string) string

DenyProjectAccess returns the frontend URL for denying a project access request.

func (*URLs) Embed added in v0.49.0 

func (u *URLs) Embed(query map[string]string) (string, error)

Embed creates a URL for embedding the frontend in an iframe.

func (*URLs) External added in v0.49.0 

func (u *URLs) External() string

External returns the external URL for the admin service.

func (*URLs) Frontend added in v0.49.0 

func (u *URLs) Frontend() string

Frontend returns the frontend URL for the admin service.

func (*URLs) GithubAuth added in v0.49.0 

func (u *URLs) GithubAuth(remote string) string

GithubAuth returns the URL that starts the Github auth redirects.

func (*URLs) GithubAuthCallback added in v0.49.0 

func (u *URLs) GithubAuthCallback() string

GithubAuthCallback returns the URL for the Github auth callback.

func (*URLs) GithubConnect added in v0.49.0 

func (u *URLs) GithubConnect(remote string) string

GithubConnect returns the URL that starts the Github connect redirects.

func (*URLs) GithubConnectRequestUI added in v0.49.0 

func (u *URLs) GithubConnectRequestUI(remote string) string

GithubConnectRequestUI returns the page in the Rill frontend for requesting a Github connect.

func (*URLs) GithubConnectRetryUI added in v0.49.0 

func (u *URLs) GithubConnectRetryUI(remote, redirect string) string

GithubConnectRetryUI returns the page in the Rill frontend for retrying the Github connect flow.

func (*URLs) GithubConnectSuccessUI added in v0.49.0 

func (u *URLs) GithubConnectSuccessUI(autoclose bool) string

GithubConnectSuccessUI returns the page in the Rill frontend for a successful Github connect.

func (*URLs) GithubConnectUI added in v0.49.0 

func (u *URLs) GithubConnectUI(redirect string) string

GithubConnectUI returns the page in the Rill frontend for starting the Github connect flow.

func (*URLs) GithubRetryAuthUI added in v0.49.0 

func (u *URLs) GithubRetryAuthUI(remote, username, redirect string) string

GithubRetryAuthUI returns the page in the Rill frontend for retrying the Github auth flow.

func (*URLs) IsCustomDomain added in v0.78.0 

func (u *URLs) IsCustomDomain(domain string) bool

IsCustomDomain returns true if the given domain is a custom domain.

func (*URLs) IsHTTPS added in v0.49.0 

func (u *URLs) IsHTTPS() bool

IsHTTPS returns true if the admin service's external URL uses HTTPS.

func (*URLs) MagicAuthTokenOpen added in v0.49.0 

func (u *URLs) MagicAuthTokenOpen(org, project, token string) string

MagicAuthTokenOpen returns the frontend URL for opening a magic auth token.

func (*URLs) OAuthAuthorize added in v0.78.0 

func (u *URLs) OAuthAuthorize() string

OAuthAuthorize returns the URL for the OAuth 2.0 Authorization endpoint.

func (*URLs) OAuthExternalResourceURL added in v0.78.0 

func (u *URLs) OAuthExternalResourceURL(r *http.Request) string

OAuthExternalResourceURL returns the external URL for OAuth 2.0 resource access. If a request is provided, it uses the request's Host header to construct the URL to make sure protected resource URLs origin matches with the resource URL being accessed by the client. This helps in cases, for example, where the MCP server url starts with api.rilldata.com instead of admin.rilldata.com.

func (*URLs) OAuthJWKS added in v0.78.0 

func (u *URLs) OAuthJWKS() string

func (*URLs) OAuthProtectedResourceMetadata added in v0.78.0 

func (u *URLs) OAuthProtectedResourceMetadata(r *http.Request) string

OAuthProtectedResourceMetadata returns the URL for the OAuth 2.0 Protected Resource Metadata endpoint. This endpoint is used by MCP clients to discover authorization server information.

func (*URLs) OAuthRegister added in v0.78.0 

func (u *URLs) OAuthRegister() string

OAuthRegister returns the URL for the OAuth 2.0 Dynamic Client Registration endpoint.

func (*URLs) OAuthToken added in v0.78.0 

func (u *URLs) OAuthToken() string

OAuthToken returns the URL for the OAuth 2.0 Token endpoint.

func (*URLs) Organization added in v0.49.0 

func (u *URLs) Organization(org string) string

Organization returns the URL for an org in the frontend.

func (*URLs) OrganizationInviteAccept added in v0.49.0 

func (u *URLs) OrganizationInviteAccept(org string) string

OrganizationInviteAccept returns the URL for accepting an organization invite.

func (*URLs) PaymentPortal added in v0.51.0 

func (u *URLs) PaymentPortal(org string) string

PaymentPortal returns the landing page url that redirects user to payment portal Since the payment link can expire it is generated in this landing page on demand.

func (*URLs) Project added in v0.49.0 

func (u *URLs) Project(org, project string) string

Project returns the URL for a project in the frontend.

func (*URLs) ProjectInviteAccept added in v0.49.0 

func (u *URLs) ProjectInviteAccept(org, project string) string

ProjectInviteAccept returns the URL for accepting a project invite.

func (*URLs) ReportEdit added in v0.49.0 

func (u *URLs) ReportEdit(org, project, report string) string

ReportEdit returns the URL for editing a report in the frontend.

func (*URLs) ReportExport added in v0.49.0 

func (u *URLs) ReportExport(org, project, report, token string) string

ReportExport returns the URL for exporting a report in the frontend.

func (*URLs) ReportOpen added in v0.49.0 

func (u *URLs) ReportOpen(org, project, report, token string, executionTime time.Time) string

ReportOpen returns the URL for opening a report in the frontend.

func (*URLs) ReportUnsubscribe added in v0.58.0 

func (u *URLs) ReportUnsubscribe(org, project, report, token, email string) string

ReportUnsubscribe returns the URL for unsubscribing from the report.

func (*URLs) WithCustomDomain added in v0.49.0 

func (u *URLs) WithCustomDomain(domain string) *URLs

WithCustomDomain returns a copy that generates URLs for the provided custom domain (as described in the type doc). The result automatically generates correct URLs also for the few endpoints that must always use the non-custom external URL (such as AuthLogin).

func (*URLs) WithCustomDomainFromRedirectURL added in v0.49.0 

func (u *URLs) WithCustomDomainFromRedirectURL(redirectURL string) *URLs

WithCustomDomainFromRedirectURL attempts to infer a custom domain from a redirect URL. If it succeeds, it passes the custom domain to WithCustomDomain and returns the result. If it does not detect a custom domain in the redirect URL, or the redirect URL is invalid, it fails silently by returning itself unchanged.

Source Files

View all Source files

Directories

Path Synopsis
payment
postgres
river
pkg
authtoken
gitutil
nameseeds
oauth
pgtestcontainer
publicemail
urlutil
clickhousestatic
kubernetes
static
auth
cookies

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.