feat: Move workspaces under organizations (#1109)

This removes split ownership for workspaces. They are now a resource of organizations and have a designated owner, which is a user. This enables simple administration for commands like: - `coder stop ben/dev` - `coder build logs colin/arch` or if we decide to allow administrators to access workspaces, they could even SSH using this syntax: `coder ssh colin/dev`.
2025-07-15 22:20:27 +00:00 · 2022-04-25 16:11:03 -05:00
parent 759fa5f626
commit 88669fd578
51 changed files with 885 additions and 671 deletions
--- a/coderd/database/databasefake/databasefake.go
+++ b/coderd/database/databasefake/databasefake.go
@ -263,7 +263,7 @@ func (q *fakeQuerier) GetWorkspaceByID(_ context.Context, id uuid.UUID) (databas
 	return database.Workspace{}, sql.ErrNoRows
 }

-func (q *fakeQuerier) GetWorkspaceByUserIDAndName(_ context.Context, arg database.GetWorkspaceByUserIDAndNameParams) (database.Workspace, error) {
+func (q *fakeQuerier) GetWorkspaceByOwnerIDAndName(_ context.Context, arg database.GetWorkspaceByOwnerIDAndNameParams) (database.Workspace, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()

@ -412,7 +412,27 @@ func (q *fakeQuerier) GetWorkspaceBuildByWorkspaceIDAndName(_ context.Context, a
 	return database.WorkspaceBuild{}, sql.ErrNoRows
 }

-func (q *fakeQuerier) GetWorkspacesByUserID(_ context.Context, req database.GetWorkspacesByUserIDParams) ([]database.Workspace, error) {
+func (q *fakeQuerier) GetWorkspacesByOrganizationID(_ context.Context, req database.GetWorkspacesByOrganizationIDParams) ([]database.Workspace, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	workspaces := make([]database.Workspace, 0)
+	for _, workspace := range q.workspaces {
+		if workspace.OrganizationID != req.OrganizationID {
+			continue
+		}
+		if workspace.Deleted != req.Deleted {
+			continue
+		}
+		workspaces = append(workspaces, workspace)
+	}
+	if len(workspaces) == 0 {
+		return nil, sql.ErrNoRows
+	}
+	return workspaces, nil
+}
+
+func (q *fakeQuerier) GetWorkspacesByOwnerID(_ context.Context, req database.GetWorkspacesByOwnerIDParams) ([]database.Workspace, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()

@ -1145,12 +1165,13 @@ func (q *fakeQuerier) InsertWorkspace(_ context.Context, arg database.InsertWork

 	//nolint:gosimple
 	workspace := database.Workspace{
-		ID:         arg.ID,
-		CreatedAt:  arg.CreatedAt,
-		UpdatedAt:  arg.UpdatedAt,
-		OwnerID:    arg.OwnerID,
-		TemplateID: arg.TemplateID,
-		Name:       arg.Name,
+		ID:             arg.ID,
+		CreatedAt:      arg.CreatedAt,
+		UpdatedAt:      arg.UpdatedAt,
+		OwnerID:        arg.OwnerID,
+		OrganizationID: arg.OrganizationID,
+		TemplateID:     arg.TemplateID,
+		Name:           arg.Name,
 	}
 	q.workspaces = append(q.workspaces, workspace)
 	return workspace, nil
--- a/coderd/database/dump.sql
+++ b/coderd/database/dump.sql
@ -272,6 +272,7 @@ CREATE TABLE workspaces (
    created_at timestamp with time zone NOT NULL,
    updated_at timestamp with time zone NOT NULL,
    owner_id uuid NOT NULL,
+    organization_id uuid NOT NULL,
    template_id uuid NOT NULL,
    deleted boolean DEFAULT false NOT NULL,
    name character varying(64) NOT NULL,
@ -423,6 +424,9 @@ ALTER TABLE ONLY workspace_builds
 ALTER TABLE ONLY workspace_resources
    ADD CONSTRAINT workspace_resources_job_id_fkey FOREIGN KEY (job_id) REFERENCES provisioner_jobs(id) ON DELETE CASCADE;

+ALTER TABLE ONLY workspaces
+    ADD CONSTRAINT workspaces_organization_id_fkey FOREIGN KEY (organization_id) REFERENCES organizations(id) ON DELETE RESTRICT;
+
 ALTER TABLE ONLY workspaces
    ADD CONSTRAINT workspaces_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES users(id) ON DELETE RESTRICT;

--- a/coderd/database/migrations/000003_workspaces.up.sql
+++ b/coderd/database/migrations/000003_workspaces.up.sql
@ -5,6 +5,7 @@ CREATE TABLE workspaces (
    -- Use ON DELETE RESTRICT so that we can cleanup external workspace
    -- resources first.
    owner_id uuid NOT NULL REFERENCES users (id) ON DELETE RESTRICT,
+    organization_id uuid NOT NULL REFERENCES organizations (id) ON DELETE RESTRICT,
    template_id uuid NOT NULL REFERENCES templates (id) ON DELETE RESTRICT,
    deleted boolean NOT NULL DEFAULT FALSE,
    name varchar(64) NOT NULL,
--- a/coderd/database/models.go
+++ b/coderd/database/models.go
@ -385,6 +385,7 @@ type Workspace struct {
 	CreatedAt         time.Time      `db:"created_at" json:"created_at"`
 	UpdatedAt         time.Time      `db:"updated_at" json:"updated_at"`
 	OwnerID           uuid.UUID      `db:"owner_id" json:"owner_id"`
+	OrganizationID    uuid.UUID      `db:"organization_id" json:"organization_id"`
 	TemplateID        uuid.UUID      `db:"template_id" json:"template_id"`
 	Deleted           bool           `db:"deleted" json:"deleted"`
 	Name              string         `db:"name" json:"name"`
--- a/coderd/database/querier.go
+++ b/coderd/database/querier.go
@ -51,12 +51,13 @@ type querier interface {
 	GetWorkspaceBuildByWorkspaceIDWithoutAfter(ctx context.Context, workspaceID uuid.UUID) (WorkspaceBuild, error)
 	GetWorkspaceBuildsByWorkspaceIDsWithoutAfter(ctx context.Context, ids []uuid.UUID) ([]WorkspaceBuild, error)
 	GetWorkspaceByID(ctx context.Context, id uuid.UUID) (Workspace, error)
-	GetWorkspaceByUserIDAndName(ctx context.Context, arg GetWorkspaceByUserIDAndNameParams) (Workspace, error)
+	GetWorkspaceByOwnerIDAndName(ctx context.Context, arg GetWorkspaceByOwnerIDAndNameParams) (Workspace, error)
 	GetWorkspaceOwnerCountsByTemplateIDs(ctx context.Context, ids []uuid.UUID) ([]GetWorkspaceOwnerCountsByTemplateIDsRow, error)
 	GetWorkspaceResourceByID(ctx context.Context, id uuid.UUID) (WorkspaceResource, error)
 	GetWorkspaceResourcesByJobID(ctx context.Context, jobID uuid.UUID) ([]WorkspaceResource, error)
+	GetWorkspacesByOrganizationID(ctx context.Context, arg GetWorkspacesByOrganizationIDParams) ([]Workspace, error)
+	GetWorkspacesByOwnerID(ctx context.Context, arg GetWorkspacesByOwnerIDParams) ([]Workspace, error)
 	GetWorkspacesByTemplateID(ctx context.Context, arg GetWorkspacesByTemplateIDParams) ([]Workspace, error)
-	GetWorkspacesByUserID(ctx context.Context, arg GetWorkspacesByUserIDParams) ([]Workspace, error)
 	InsertAPIKey(ctx context.Context, arg InsertAPIKeyParams) (APIKey, error)
 	InsertFile(ctx context.Context, arg InsertFileParams) (File, error)
 	InsertGitSSHKey(ctx context.Context, arg InsertGitSSHKeyParams) (GitSSHKey, error)
--- a/coderd/database/queries.sql.go
+++ b/coderd/database/queries.sql.go
@ -2686,7 +2686,7 @@ func (q *sqlQuerier) InsertWorkspaceResource(ctx context.Context, arg InsertWork

 const getWorkspaceByID = `-- name: GetWorkspaceByID :one
 SELECT
-	id, created_at, updated_at, owner_id, template_id, deleted, name, autostart_schedule, autostop_schedule
+	id, created_at, updated_at, owner_id, organization_id, template_id, deleted, name, autostart_schedule, autostop_schedule
 FROM
 	workspaces
 WHERE
@ -2703,6 +2703,7 @@ func (q *sqlQuerier) GetWorkspaceByID(ctx context.Context, id uuid.UUID) (Worksp
 		&i.CreatedAt,
 		&i.UpdatedAt,
 		&i.OwnerID,
+		&i.OrganizationID,
 		&i.TemplateID,
 		&i.Deleted,
 		&i.Name,
@ -2712,9 +2713,9 @@ func (q *sqlQuerier) GetWorkspaceByID(ctx context.Context, id uuid.UUID) (Worksp
 	return i, err
 }

-const getWorkspaceByUserIDAndName = `-- name: GetWorkspaceByUserIDAndName :one
+const getWorkspaceByOwnerIDAndName = `-- name: GetWorkspaceByOwnerIDAndName :one
 SELECT
-	id, created_at, updated_at, owner_id, template_id, deleted, name, autostart_schedule, autostop_schedule
+	id, created_at, updated_at, owner_id, organization_id, template_id, deleted, name, autostart_schedule, autostop_schedule
 FROM
 	workspaces
 WHERE
@ -2723,20 +2724,21 @@ WHERE
 	AND LOWER("name") = LOWER($3)
 `

-type GetWorkspaceByUserIDAndNameParams struct {
+type GetWorkspaceByOwnerIDAndNameParams struct {
 	OwnerID uuid.UUID `db:"owner_id" json:"owner_id"`
 	Deleted bool      `db:"deleted" json:"deleted"`
 	Name    string    `db:"name" json:"name"`
 }

-func (q *sqlQuerier) GetWorkspaceByUserIDAndName(ctx context.Context, arg GetWorkspaceByUserIDAndNameParams) (Workspace, error) {
-	row := q.db.QueryRowContext(ctx, getWorkspaceByUserIDAndName, arg.OwnerID, arg.Deleted, arg.Name)
+func (q *sqlQuerier) GetWorkspaceByOwnerIDAndName(ctx context.Context, arg GetWorkspaceByOwnerIDAndNameParams) (Workspace, error) {
+	row := q.db.QueryRowContext(ctx, getWorkspaceByOwnerIDAndName, arg.OwnerID, arg.Deleted, arg.Name)
 	var i Workspace
 	err := row.Scan(
 		&i.ID,
 		&i.CreatedAt,
 		&i.UpdatedAt,
 		&i.OwnerID,
+		&i.OrganizationID,
 		&i.TemplateID,
 		&i.Deleted,
 		&i.Name,
@ -2787,9 +2789,101 @@ func (q *sqlQuerier) GetWorkspaceOwnerCountsByTemplateIDs(ctx context.Context, i
 	return items, nil
 }

+const getWorkspacesByOrganizationID = `-- name: GetWorkspacesByOrganizationID :many
+SELECT id, created_at, updated_at, owner_id, organization_id, template_id, deleted, name, autostart_schedule, autostop_schedule FROM workspaces WHERE organization_id = $1 AND deleted = $2
+`
+
+type GetWorkspacesByOrganizationIDParams struct {
+	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
+	Deleted        bool      `db:"deleted" json:"deleted"`
+}
+
+func (q *sqlQuerier) GetWorkspacesByOrganizationID(ctx context.Context, arg GetWorkspacesByOrganizationIDParams) ([]Workspace, error) {
+	rows, err := q.db.QueryContext(ctx, getWorkspacesByOrganizationID, arg.OrganizationID, arg.Deleted)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []Workspace
+	for rows.Next() {
+		var i Workspace
+		if err := rows.Scan(
+			&i.ID,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+			&i.OwnerID,
+			&i.OrganizationID,
+			&i.TemplateID,
+			&i.Deleted,
+			&i.Name,
+			&i.AutostartSchedule,
+			&i.AutostopSchedule,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getWorkspacesByOwnerID = `-- name: GetWorkspacesByOwnerID :many
+SELECT
+	id, created_at, updated_at, owner_id, organization_id, template_id, deleted, name, autostart_schedule, autostop_schedule
+FROM
+	workspaces
+WHERE
+	owner_id = $1
+	AND deleted = $2
+`
+
+type GetWorkspacesByOwnerIDParams struct {
+	OwnerID uuid.UUID `db:"owner_id" json:"owner_id"`
+	Deleted bool      `db:"deleted" json:"deleted"`
+}
+
+func (q *sqlQuerier) GetWorkspacesByOwnerID(ctx context.Context, arg GetWorkspacesByOwnerIDParams) ([]Workspace, error) {
+	rows, err := q.db.QueryContext(ctx, getWorkspacesByOwnerID, arg.OwnerID, arg.Deleted)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []Workspace
+	for rows.Next() {
+		var i Workspace
+		if err := rows.Scan(
+			&i.ID,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+			&i.OwnerID,
+			&i.OrganizationID,
+			&i.TemplateID,
+			&i.Deleted,
+			&i.Name,
+			&i.AutostartSchedule,
+			&i.AutostopSchedule,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
 const getWorkspacesByTemplateID = `-- name: GetWorkspacesByTemplateID :many
 SELECT
-	id, created_at, updated_at, owner_id, template_id, deleted, name, autostart_schedule, autostop_schedule
+	id, created_at, updated_at, owner_id, organization_id, template_id, deleted, name, autostart_schedule, autostop_schedule
 FROM
 	workspaces
 WHERE
@ -2816,54 +2910,7 @@ func (q *sqlQuerier) GetWorkspacesByTemplateID(ctx context.Context, arg GetWorks
 			&i.CreatedAt,
 			&i.UpdatedAt,
 			&i.OwnerID,
-			&i.TemplateID,
-			&i.Deleted,
-			&i.Name,
-			&i.AutostartSchedule,
-			&i.AutostopSchedule,
-		); err != nil {
-			return nil, err
-		}
-		items = append(items, i)
-	}
-	if err := rows.Close(); err != nil {
-		return nil, err
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	return items, nil
-}
-
-const getWorkspacesByUserID = `-- name: GetWorkspacesByUserID :many
-SELECT
-	id, created_at, updated_at, owner_id, template_id, deleted, name, autostart_schedule, autostop_schedule
-FROM
-	workspaces
-WHERE
-	owner_id = $1
-	AND deleted = $2
-`
-
-type GetWorkspacesByUserIDParams struct {
-	OwnerID uuid.UUID `db:"owner_id" json:"owner_id"`
-	Deleted bool      `db:"deleted" json:"deleted"`
-}
-
-func (q *sqlQuerier) GetWorkspacesByUserID(ctx context.Context, arg GetWorkspacesByUserIDParams) ([]Workspace, error) {
-	rows, err := q.db.QueryContext(ctx, getWorkspacesByUserID, arg.OwnerID, arg.Deleted)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var items []Workspace
-	for rows.Next() {
-		var i Workspace
-		if err := rows.Scan(
-			&i.ID,
-			&i.CreatedAt,
-			&i.UpdatedAt,
-			&i.OwnerID,
+			&i.OrganizationID,
 			&i.TemplateID,
 			&i.Deleted,
 			&i.Name,
@ -2890,20 +2937,22 @@ INSERT INTO
 		created_at,
 		updated_at,
 		owner_id,
+		organization_id,
 		template_id,
 		name
 	)
 VALUES
-	($1, $2, $3, $4, $5, $6) RETURNING id, created_at, updated_at, owner_id, template_id, deleted, name, autostart_schedule, autostop_schedule
+	($1, $2, $3, $4, $5, $6, $7) RETURNING id, created_at, updated_at, owner_id, organization_id, template_id, deleted, name, autostart_schedule, autostop_schedule
 `

 type InsertWorkspaceParams struct {
-	ID         uuid.UUID `db:"id" json:"id"`
-	CreatedAt  time.Time `db:"created_at" json:"created_at"`
-	UpdatedAt  time.Time `db:"updated_at" json:"updated_at"`
-	OwnerID    uuid.UUID `db:"owner_id" json:"owner_id"`
-	TemplateID uuid.UUID `db:"template_id" json:"template_id"`
-	Name       string    `db:"name" json:"name"`
+	ID             uuid.UUID `db:"id" json:"id"`
+	CreatedAt      time.Time `db:"created_at" json:"created_at"`
+	UpdatedAt      time.Time `db:"updated_at" json:"updated_at"`
+	OwnerID        uuid.UUID `db:"owner_id" json:"owner_id"`
+	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
+	TemplateID     uuid.UUID `db:"template_id" json:"template_id"`
+	Name           string    `db:"name" json:"name"`
 }

 func (q *sqlQuerier) InsertWorkspace(ctx context.Context, arg InsertWorkspaceParams) (Workspace, error) {
@ -2912,6 +2961,7 @@ func (q *sqlQuerier) InsertWorkspace(ctx context.Context, arg InsertWorkspacePar
 		arg.CreatedAt,
 		arg.UpdatedAt,
 		arg.OwnerID,
+		arg.OrganizationID,
 		arg.TemplateID,
 		arg.Name,
 	)
@ -2921,6 +2971,7 @@ func (q *sqlQuerier) InsertWorkspace(ctx context.Context, arg InsertWorkspacePar
 		&i.CreatedAt,
 		&i.UpdatedAt,
 		&i.OwnerID,
+		&i.OrganizationID,
 		&i.TemplateID,
 		&i.Deleted,
 		&i.Name,
--- a/coderd/database/queries/workspaces.sql
+++ b/coderd/database/queries/workspaces.sql
@ -8,6 +8,9 @@ WHERE
 LIMIT
 	1;

+-- name: GetWorkspacesByOrganizationID :many
+SELECT * FROM workspaces WHERE organization_id = $1 AND deleted = $2;
+
 -- name: GetWorkspacesByTemplateID :many
 SELECT
 	*
@ -17,7 +20,7 @@ WHERE
 	template_id = $1
 	AND deleted = $2;

-- name: GetWorkspacesByUserID :many
+-- name: GetWorkspacesByOwnerID :many
 SELECT
 	*
 FROM
@ -26,7 +29,7 @@ WHERE
 	owner_id = $1
 	AND deleted = $2;

-- name: GetWorkspaceByUserIDAndName :one
+-- name: GetWorkspaceByOwnerIDAndName :one
 SELECT
 	*
 FROM
@ -55,11 +58,12 @@ INSERT INTO
 		created_at,
 		updated_at,
 		owner_id,
+		organization_id,
 		template_id,
 		name
 	)
 VALUES
-	($1, $2, $3, $4, $5, $6) RETURNING *;
+	($1, $2, $3, $4, $5, $6, $7) RETURNING *;

 -- name: UpdateWorkspaceDeletedByID :exec
 UPDATE