feat: add orphan support (#3849)

* feat: add resource orphanage * feat: deny custom state in build for regular users * Minor protoc improvements
2025-07-09 11:45:56 +00:00 · 2022-09-06 12:07:00 -05:00
parent 209e011404
commit 4f0105ef7e
16 changed files with 334 additions and 51 deletions
--- a/coderd/coderdtest/coderdtest.go
+++ b/coderd/coderdtest/coderdtest.go
@ -13,6 +13,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"math/big"
@ -75,8 +76,10 @@ type Options struct {
 	AutobuildStats       chan<- executor.Stats

 	// IncludeProvisionerDaemon when true means to start an in-memory provisionerD
-	IncludeProvisionerDaemon bool
-	APIBuilder               func(*coderd.Options) *coderd.API
+	IncludeProvisionerDaemon    bool
+	APIBuilder                  func(*coderd.Options) *coderd.API
+	MetricsCacheRefreshInterval time.Duration
+	AgentStatsRefreshInterval   time.Duration
 }

 // New constructs a codersdk client connected to an in-memory API instance.
@ -235,8 +238,8 @@ func newWithAPI(t *testing.T, options *Options) (*codersdk.Client, io.Closer, *c
 			},
 		},
 		AutoImportTemplates:         options.AutoImportTemplates,
-		MetricsCacheRefreshInterval: time.Millisecond * 100,
-		AgentStatsRefreshInterval:   time.Millisecond * 100,
+		MetricsCacheRefreshInterval: options.MetricsCacheRefreshInterval,
+		AgentStatsRefreshInterval:   options.AgentStatsRefreshInterval,
 	})
 	t.Cleanup(func() {
 		_ = coderAPI.Close()
@ -752,3 +755,10 @@ func (r roundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 type nopcloser struct{}

 func (nopcloser) Close() error { return nil }
+
+// SDKError coerces err into an SDK error.
+func SDKError(t *testing.T, err error) *codersdk.Error {
+	var cerr *codersdk.Error
+	require.True(t, errors.As(err, &cerr))
+	return cerr
+}
--- a/coderd/templates_test.go
+++ b/coderd/templates_test.go
@ -549,7 +549,9 @@ func TestTemplateDAUs(t *testing.T) {
 	t.Parallel()

 	client := coderdtest.New(t, &coderdtest.Options{
-		IncludeProvisionerDaemon: true,
+		IncludeProvisionerDaemon:    true,
+		AgentStatsRefreshInterval:   time.Millisecond * 100,
+		MetricsCacheRefreshInterval: time.Millisecond * 100,
 	})

 	user := coderdtest.CreateFirstUser(t, client)
--- a/coderd/workspacebuilds.go
+++ b/coderd/workspacebuilds.go
@ -318,6 +318,7 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		}
 		createBuild.TemplateVersionID = latestBuild.TemplateVersionID
 	}
+
 	templateVersion, err := api.Database.GetTemplateVersionByID(r.Context(), createBuild.TemplateVersionID)
 	if errors.Is(err, sql.ErrNoRows) {
 		httpapi.Write(rw, http.StatusBadRequest, codersdk.Response{
@ -336,6 +337,47 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		})
 		return
 	}
+
+	template, err := api.Database.GetTemplateByID(r.Context(), templateVersion.TemplateID.UUID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to get template",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	var state []byte
+	// If custom state, deny request since user could be corrupting or leaking
+	// cloud state.
+	if createBuild.ProvisionerState != nil || createBuild.Orphan {
+		if !api.Authorize(r, rbac.ActionUpdate, template.RBACObject()) {
+			httpapi.Write(rw, http.StatusForbidden, codersdk.Response{
+				Message: "Only template managers may provide custom state",
+			})
+			return
+		}
+		state = createBuild.ProvisionerState
+	}
+
+	if createBuild.Orphan {
+		if createBuild.Transition != codersdk.WorkspaceTransitionDelete {
+			httpapi.Write(rw, http.StatusBadRequest, codersdk.Response{
+				Message: "Orphan is only permitted when deleting a workspace.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+
+		if createBuild.ProvisionerState != nil && createBuild.Orphan {
+			httpapi.Write(rw, http.StatusBadRequest, codersdk.Response{
+				Message: "ProvisionerState cannot be set alongside Orphan since state intent is unclear.",
+			})
+			return
+		}
+		state = []byte{}
+	}
+
 	templateVersionJob, err := api.Database.GetProvisionerJobByID(r.Context(), templateVersion.JobID)
 	if err != nil {
 		httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
@ -363,15 +405,6 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	template, err := api.Database.GetTemplateByID(r.Context(), templateVersion.TemplateID.UUID)
-	if err != nil {
-		httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
-			Message: "Internal error fetching template job.",
-			Detail:  err.Error(),
-		})
-		return
-	}
-
 	// Store prior build number to compute new build number
 	var priorBuildNum int32
 	priorHistory, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(r.Context(), workspace.ID)
@ -393,6 +426,10 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if state == nil {
+		state = priorHistory.ProvisionerState
+	}
+
 	var workspaceBuild database.WorkspaceBuild
 	var provisionerJob database.ProvisionerJob
 	// This must happen in a transaction to ensure history can be inserted, and
@ -457,10 +494,6 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		if err != nil {
 			return xerrors.Errorf("insert provisioner job: %w", err)
 		}
-		state := createBuild.ProvisionerState
-		if len(state) == 0 {
-			state = priorHistory.ProvisionerState
-		}

 		workspaceBuild, err = db.InsertWorkspaceBuild(r.Context(), database.InsertWorkspaceBuildParams{
 			ID:                workspaceBuildID,
--- a/coderd/workspacebuilds_test.go
+++ b/coderd/workspacebuilds_test.go
@ -2,6 +2,7 @@ package coderd_test

 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"strconv"
@ -230,6 +231,95 @@ func TestWorkspaceBuilds(t *testing.T) {
 	})
 }

+func TestWorkspaceBuildsProvisionerState(t *testing.T) {
+	t.Parallel()
+
+	t.Run("Permissions", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true})
+		first := coderdtest.CreateFirstUser(t, client)
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		version := coderdtest.CreateTemplateVersion(t, client, first.OrganizationID, nil)
+		template := coderdtest.CreateTemplate(t, client, first.OrganizationID, version.ID)
+		coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
+
+		workspace := coderdtest.CreateWorkspace(t, client, first.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
+
+		build, err := client.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{
+			TemplateVersionID: workspace.LatestBuild.TemplateVersionID,
+			Transition:        codersdk.WorkspaceTransitionDelete,
+			ProvisionerState:  []byte(" "),
+		})
+		require.Nil(t, err)
+
+		coderdtest.AwaitWorkspaceBuildJob(t, client, build.ID)
+
+		// A regular user on the very same template must not be able to modify the
+		// state.
+		regularUser := coderdtest.CreateAnotherUser(t, client, first.OrganizationID)
+
+		workspace = coderdtest.CreateWorkspace(t, regularUser, first.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJob(t, regularUser, workspace.LatestBuild.ID)
+
+		_, err = regularUser.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{
+			TemplateVersionID: workspace.LatestBuild.TemplateVersionID,
+			Transition:        workspace.LatestBuild.Transition,
+			ProvisionerState:  []byte(" "),
+		})
+		require.Error(t, err)
+
+		var cerr *codersdk.Error
+		require.True(t, errors.As(err, &cerr))
+
+		code := cerr.StatusCode()
+		require.Equal(t, http.StatusForbidden, code, "unexpected status %s", http.StatusText(code))
+	})
+
+	t.Run("Orphan", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true})
+		first := coderdtest.CreateFirstUser(t, client)
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		version := coderdtest.CreateTemplateVersion(t, client, first.OrganizationID, nil)
+		template := coderdtest.CreateTemplate(t, client, first.OrganizationID, version.ID)
+		coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
+
+		workspace := coderdtest.CreateWorkspace(t, client, first.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
+
+		// Providing both state and orphan fails.
+		_, err := client.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{
+			TemplateVersionID: workspace.LatestBuild.TemplateVersionID,
+			Transition:        codersdk.WorkspaceTransitionDelete,
+			ProvisionerState:  []byte(" "),
+			Orphan:            true,
+		})
+		require.Error(t, err)
+		cerr := coderdtest.SDKError(t, err)
+		require.Equal(t, http.StatusBadRequest, cerr.StatusCode())
+
+		// Regular orphan operation succeeds.
+		build, err := client.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{
+			TemplateVersionID: workspace.LatestBuild.TemplateVersionID,
+			Transition:        codersdk.WorkspaceTransitionDelete,
+			Orphan:            true,
+		})
+		require.NoError(t, err)
+		coderdtest.AwaitWorkspaceBuildJob(t, client, build.ID)
+
+		_, err = client.Workspace(ctx, workspace.ID)
+		require.Error(t, err)
+		require.Equal(t, http.StatusGone, coderdtest.SDKError(t, err).StatusCode())
+	})
+}
+
 func TestPatchCancelWorkspaceBuild(t *testing.T) {
 	t.Parallel()
 	client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true})