Commit Graph

65 Commits

Author SHA1 Message Date
c6e0ba12d3 feat: graduate prebuilds to general availability (#18607)
This PR removes the prebuilds experiment and allows the use of prebuilds
without opting into an experiment.
2025-06-26 15:54:52 +02:00
341b54e604 fix: allow dynamic parameters without requiring org membership (#18531) 2025-06-24 10:33:10 -05:00
f6e4ba6ed9 chore: remove per request dynamic parameters opt in and rely on template (#18505)
When in experimental this was used as an escape hatch. Removed to be
consistent with the template author's intentions

Backwards compatible, removing an experimental api field that is no longer used.
2025-06-23 15:04:09 -05:00
49fcffc266 fix!: stop workspace before update (#18425)
Fixes https://github.com/coder/coder/issues/17840

NOTE: calling this out as a breaking change so that it is highly visible
in the changelog.

* CLI: Modifies `coder update` to stop the workspace if already running.
* UI: Modifies "update" button to always stop the workspace if already
running.
2025-06-23 09:12:37 +01:00
fae30a00fd chore: remove unnecessary redeclarations in for loops (#18440) 2025-06-20 13:16:55 -06:00
72f7d70bab feat: allow TemplateAdmin to delete prebuilds via auth layer (#18333)
## Description

This PR adds support for deleting prebuilt workspaces via the
authorization layer. It introduces special-case handling to ensure that
`prebuilt_workspace` permissions are evaluated when attempting to delete
a prebuilt workspace, falling back to the standard `workspace` resource
as needed.

Prebuilt workspaces are a subset of workspaces, identified by having
`owner_id` set to `PREBUILD_SYSTEM_USER`.
This means:
* A user with `prebuilt_workspace.delete` permission is allowed to
**delete only prebuilt workspaces**.
* A user with `workspace.delete` permission can **delete both normal and
prebuilt workspaces**.

⚠️ This implementation is scoped to **deletion operations only**. No
other operations are currently supported for the `prebuilt_workspace`
resource.

To delete a workspace, users must have the following permissions:
* `workspace.read`: to read the current workspace state
* `update`: to modify workspace metadata and related resources during
deletion (e.g., updating the `deleted` field in the database)
* `delete`: to perform the actual deletion of the workspace

## Changes

* Introduced `authorizeWorkspace()` helper to handle prebuilt workspace
authorization logic.
* Ensured both `prebuilt_workspace` and `workspace` permissions are
checked.
* Added comments to clarify the current behavior and limitations.
* Moved `SystemUserID` constant from the `prebuilds` package to the
`database` package `PrebuildsSystemUserID` to resolve an import cycle
(commit
f24e4ab4b6).
* Update middleware `ExtractOrganizationMember` to include system user
members.
2025-06-20 17:36:32 +01:00
f126931219 chore: remove dynamic-parameters experiment (#18290)
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: jaaydenh <1858163+jaaydenh@users.noreply.github.com>
Co-authored-by: Steven Masley <stevenmasley@gmail.com>
2025-06-12 12:15:05 -04:00
e76d58f2b6 chore: disable parameter validatation for dynamic params for all transitions (#17926)
Dynamic params skip parameter validation in coder/coder.
This is because conditional parameters cannot be validated 
with the static parameters in the database.
2025-05-20 10:09:53 -05:00
425ee6fa55 feat: reinitialize agents when a prebuilt workspace is claimed (#17475)
This pull request allows coder workspace agents to be reinitialized when
a prebuilt workspace is claimed by a user. This facilitates the transfer
of ownership between the anonymous prebuilds system user and the new
owner of the workspace.

Only a single agent per prebuilt workspace is supported for now, but
plumbing has already been done to facilitate the seamless transition to
multi-agent support.

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Danny Kopping <dannykopping@gmail.com>
2025-05-14 14:15:36 +02:00
d5360a6da0 chore: fetch workspaces by username with organization permissions (#17707)
Closes https://github.com/coder/coder/issues/17691

`ExtractOrganizationMembersParam` will allow fetching a user with only
organization permissions. If the user belongs to 0 orgs, then the user "does not exist" 
from an org perspective. But if you are a site-wide admin, then the user does exist.
2025-05-08 14:41:17 -05:00
0b58798a1a feat: remove site wide perms from creating a workspace (#17296)
Creating a workspace required `read` on site wide `user`. 
Only organization permissions should be required.
2025-04-09 14:35:43 -05:00
76adde91dc fix(provisioner/terraform/tfparse): allow empty values in coder_workspace_tag defaults (#16303)
* chore(docs): update docs re workspace tag default values
* chore(coderdenttest): use random name instead of t.Name() in newExternalProvisionerDaemon
* fix(provisioner/terraform/tfparse): allow empty values in coder_workspace_tag defaults
2025-01-28 09:11:39 +00:00
f34e6fd92c chore: implement 'use' verb to template object, read has less scope now (#16075)
Template `use` is now a verb.
- Template admins can `use` all templates (org template admins same in
org)
- Members get the `use` perm from the `everyone` group in the
`group_acl`.
2025-01-17 11:55:41 -06:00
f32f7c6862 test(enterprise/coderd): fix ctx init in multiple workspace tests (#16176) 2025-01-17 14:33:58 +00:00
3a81aac318 chore(enterprise/coderd): use filesystem mirror for providers in TestWorkspaceTagsTerraform (#16155)
Fixes https://github.com/coder/internal/issues/266 (hopefully)

Each instance of this test has to download the coder/coder Terraform
provider.
To mitigate this, only download the providers once using a
`filesystem_mirror` (ref:
https://developer.hashicorp.com/terraform/cli/config/config-file#provider-installation)
2025-01-15 20:27:18 +00:00
12991ff43e fix(coderd): change the order of precedence between coder_workspace_tags and request tags (#16119)
This PR switches the order of precedence of workspace tags when posting
a template version.
Previously, user-specified tags in the request could not override those
detected from our parsing of the template file. Now, they can do.

This addresses a customer issue where were attempting to set a workspace
tag via variable.

Note: there is a possible follow-up item here where we could pass in the
workspace tag values from the request into `tfparse` and let it take
those user-specified values into account. This is covered in a separate
test.
2025-01-14 16:43:42 +00:00
5e88289493 chore(enterprise/coderd): conditionally disable parallelism on windows (#16072)
Fixes https://github.com/coder/internal/issues/266
2025-01-09 09:14:20 +00:00
1ab10cf80c fix(provisioner/terraform/tfparse): skip evaluation of unrelated parameters (#16023)
* Improves tfparse test coverage to include more parameter types and values
* Adds tests with unrelated parameters that should be ignored by tfparse
* Modifies tfparse to only attempt evaluation of parameters referenced by coder_workspace_tags
2025-01-03 19:32:17 +00:00
91875c2b47 fix: allow users to extend their running workspace's deadline (#15895)
Fixes https://github.com/coder/coder/issues/15515

This change effectively reverts the changes introduced by
https://github.com/coder/coder/pull/13182 (for
https://github.com/coder/coder/issues/13078).

We also rename the `override-stop` command name to `extend` to match the
API endpoint's name (keeping an alias to allow `override-stop` to be used).
2024-12-18 10:58:33 +00:00
dcf51535bb fix(coderd/wsbuilder): correctly evaluate dynamic workspace tag values (#15897)
Relates to https://github.com/coder/coder/issues/15894:

- Adds `coderdenttest.NewExternalProvisionerDaemonTerraform`
- Adds integration-style test coverage for creating a workspace with
`coder_workspace_tags` specified in `main.tf`
- Modifies `coderd/wsbuilder` to fetch template version variables and
  includes them in eval context for evaluating `coder_workspace_tags`
2024-12-17 21:57:03 +00:00
b39becba66 feat(site): add a provisioner warning to workspace builds (#15686)
This PR adds warnings about provisioner health to workspace build pages.
It closes https://github.com/coder/coder/issues/15048


![image](https://github.com/user-attachments/assets/fa54d0e8-c51f-427a-8f66-7e5dbbc9baca)

![image](https://github.com/user-attachments/assets/b5169669-ab05-43d5-8553-315a3099b4fd)
2024-12-11 13:38:13 +02:00
67553a7bbe chore: fix TestWorkspaceAutobuild/NextStartAtIsValid flake (#15772)
Fixes https://github.com/coder/internal/issues/238

It appears we haven't got quartz piped through to enough of Coder for
the test to work as I had expected. Using the current time should be
sufficient for this test.
2024-12-06 10:41:31 +00:00
e21a301682 fix: make GetWorkspacesEligibleForTransition return even less false positives (#15594)
Relates to https://github.com/coder/coder/issues/15082

Further to https://github.com/coder/coder/pull/15429, this reduces the
amount of false-positives returned by the 'is eligible for autostart'
part of the query. We achieve this by calculating the 'next start at'
time of the workspace, storing it in the database, and using it in our
`GetWorkspacesEligibleForTransition` query.

The prior implementation of the 'is eligible for autostart' query would
return _all_ workspaces that at some point in the future _might_ be
eligible for autostart. This now ensures we only return workspaces that
_should_ be eligible for autostart.

We also now pass `currentTick` instead of `t` to the
`GetWorkspacesEligibleForTransition` query as otherwise we'll have one
round of workspaces that are skipped by `isEligibleForTransition` due to
`currentTick` being a truncated version of `t`.
2024-12-02 21:02:36 +00:00
343f8ec9ab chore: join owner, template, and org in new workspace view (#15116)
Joins in fields like `username`, `avatar_url`, `organization_name`,
`template_name` to `workspaces` via a **view**. 
The view must be maintained moving forward, but this prevents needing to
add RBAC permissions to fetch related workspace fields.
2024-10-22 09:20:54 -05:00
2c8b264d78 chore: remove multi-organization and custom role experiment (#14862)
Closes https://github.com/coder/coder/issues/14704

---------

Co-authored-by: Kayla Washburn-Love <mckayla@hey.com>
2024-09-27 14:06:16 -05:00
bf4b7abf14 chore(coderd): allow creating workspaces without specifying an organization (#14048) 2024-07-30 10:44:02 -06:00
7ea1a4c686 chore: protect organization endpoints with license (#14001)
* chore: move multi-org endpoints into enterprise directory

All multi-organization features are gated behind "premium" licenses. Enterprise licenses can no longer
access organization CRUD.
2024-07-25 16:07:53 -05:00
0d9615b4fd feat(coderd): notify when workspace is marked as dormant (#13868) 2024-07-24 13:38:21 -03:00
24448e79fe fix: prevent extending if template disallows (#13182) 2024-05-08 12:58:14 -03:00
2ad7fcc0b7 fix: show template autostop setting when it overrides the workspace setting (#12910) 2024-04-11 13:08:51 -06:00
56cbd47082 chore: fix TestWorkspaceAutobuild/DormancyThresholdOK flake (#11251) 2023-12-18 09:23:06 -06:00
e73a202aed feat: show dormant workspaces by default (#11053) 2023-12-07 18:09:35 -06:00
ce49a55f56 chore: update build_reason 'autolock' -> 'dormancy' (#11074) 2023-12-07 17:11:57 -06:00
967db2801b chore: refactor ResolveAutostart tests to use dbfake (#10603) 2023-11-30 19:33:04 -06:00
12a4b114de fix: fix TestWorkspaceAutobuild/InactiveTTLOK flake (#10965) 2023-11-30 18:29:41 -06:00
329aa45c16 fix: fix TestWorkspaceAutobuild/DormantNoAutostart flake (#10963) 2023-11-30 15:45:27 -06:00
48d69c9e60 fix: update autostart context to include querying users (#10929) 2023-11-28 17:56:49 -06:00
75ab16d19a fix: prevent db deadlock when workspaces go dormant (#10618) 2023-11-13 13:40:20 -06:00
e23873ff8f feat: add endpoint for resolving autostart status (#10507) 2023-11-08 23:24:56 -06:00
cf8ee78547 fix: disable autostart for flakey test (#10598) 2023-11-08 17:56:36 -06:00
26740cf00d chore(scripts/rules.go): broaden scope of testingWithOwnerUser linter (#10548)
* Updated testingWithOwnerUser ruleguard rule to detect:
  a) Passing client from coderdenttest.New() to clitest.SetupConfig() similar to what already exists for AGPL code
  b) Usage of any method of the owner client from coderdenttest.New() - all usages of the owner client must be justified with a `//nolint:gocritic` comment.
* Fixed resulting linter complaints.
* Added new coderdtest helpers CreateGroup and UpdateTemplateMeta.
* Modified check_enterprise_import.sh to ignore scripts/rules.go.
2023-11-08 14:54:48 +00:00
997493d4ae feat: add template setting to require active template version (#10277) 2023-10-18 17:07:21 -05:00
39c0539d42 feat: add controls to template for determining startup days (#10226)
* feat: template controls which days can autostart
* Add unit test to test blocking autostart with DaysOfWeek
2023-10-13 11:57:18 -05:00
ec9b480ac0 fix: use is-dormant instead of dormant_at (#10191) 2023-10-10 19:00:09 -05:00
b32d79ef0b fix: fix failed workspaces continuously auto-deleting (#10069)
- Fixes an issue where workspaces that are eligible for auto-deletion
  are retried every tick (1 minute) even if the previous deletion
  transition failed.

  The updated logic only attempts to delete workspaces that previously
  failed once a day (24 hours since last attempt).
2023-10-05 14:11:39 -05:00
91265678ad chore: add auditing to workspace dormancy (#10070)
- Adds an audit log for workspaces automatically transitioned to the dormant
  state.
- Imposes a mininum of 1 minute on cleanup-related fields. This is to
  prevent accidental API misuse from resulting in catastrophe.
2023-10-05 13:41:07 -05:00
c194119689 chore: rename AwaitTemplateVersionJobCompleted and AwaitWorkspaceBuildJobCompleted (#10003) 2023-10-03 11:02:56 -06:00
65db7a71b7 feat(coderd/database/dbtestutil): set default database timezone to non-UTC in unit tests (#9672)
- Adds dbtestutil.WithTimezone(tz) to allow setting the timezone for a test database.
- Modifies our test database setup code to pick a consistently weird timezone for the database.
- Adds the facility randtz.Name() to pick a random timezone which is consistent across subtests (via sync.Once).
- Adds a linter rule to warn against setting the test database timezone to UTC.
2023-09-15 09:01:32 +01:00
ad23d33f28 refactor(coderd/schedule): move cron schedule to cron package (#9507)
This removes an indirect import of `coderd/database` from the CLI and
results in a logical separation between server related and generalized
schedule.

No size change (yet).

Ref: #9380
2023-09-04 16:48:25 +03:00
60d5002eb6 refactor: change template archive extraction to be on provisioner (#9264)
* refactor provisionersdk protocol

Signed-off-by: Spike Curtis <spike@coder.com>

* refactor provisioners to use new protocol

Signed-off-by: Spike Curtis <spike@coder.com>

* refactor provisionerd to use new protocol

Signed-off-by: Spike Curtis <spike@coder.com>

* refactor tests & proto renames

* Fixes from self-review

Signed-off-by: Spike Curtis <spike@coder.com>

* appease fmt & link

Signed-off-by: Spike Curtis <spike@coder.com>

* code review fixes & e2e fixes

Signed-off-by: Spike Curtis <spike@coder.com>

* More fmt

Signed-off-by: Spike Curtis <spike@coder.com>

* Code review fixes

Signed-off-by: Spike Curtis <spike@coder.com>

* new gen; use uuid for session workdir

Signed-off-by: Spike Curtis <spike@coder.com>

* Revert nix-based gen CI task until dogfood is on nix

Signed-off-by: Spike Curtis <spike@coder.com>

* revert deleting dogfood Docker stuff

Signed-off-by: Spike Curtis <spike@coder.com>

* Revert "revert deleting dogfood Docker stuff"

This reverts commit 9762158167.

---------

Signed-off-by: Spike Curtis <spike@coder.com>
2023-08-25 06:10:15 +00:00