Request temporary permissions (limited to an hour by default), with required justification, from the Glean security team to invoke the operation
If your request is approved, then the debug operations store in scio-apps will be updated to grant you temporary permission to invoke the specific debug operation
The scio-apps debug operation client is checking the permission store to verify that you have non-expired permissiosn to invoke the debug operation
if permissions check out, the debug operation client makes a signed API call over https to the debug operation server that runs in the customer’s GCP project.
The API call is signed using a private key that’s stored in the
in scio-apps. Using GCP roles for KMS, the key is then restricted so that only the scio-apps service account has the ability to sign using the private key, and the customer GCP’s service account has the ability to verify the signature of the API call
Call the debug operation API with the query you want
NOTE: If you don’t have access check to see if they have their