Commit140768f

cstyan

and

claude

committed

Add deployment-wide agent metadata minimum interval enforcement

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

1 parent05b02cf commit140768fCopy full SHA for 140768f

File tree

12 files changed

+512

-2

lines changed

cli/testdata
- coder_server_--help.golden
- server-config.yaml.golden
coderd
- apidoc
  - docs.go
  - swagger.json
- provisionerdserver
  - provisionerdserver.go
  - provisionerdserver_test.go
codersdk
- deployment.go
docs/reference
- api
  - general.md
  - schemas.md
- cli
  - server.md
enterprise/cli/testdata
- coder_server_--help.golden
site/src/api
- typesGenerated.ts

12 files changed

+512

-2

lines changed

`‎cli/testdata/coder_server_--help.golden‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,12 @@ SUBCOMMANDS:`
`14`	`14`	`PostgreSQL deployment.`
`15`	`15`
`16`	`16`	`OPTIONS:`
	`17`	`+ --agent-metadata-min-interval duration, $CODER_AGENT_METADATA_MIN_INTERVAL (default: 0s)`
	`18`	`+ Minimum interval for agent metadata collection. Template-defined`
	`19`	`+ intervals below this value will cause template import to fail.`
	`20`	`+ Existing workspaces with lower intervals will be silently upgraded on`
	`21`	`+ restart. Set to 0 to disable enforcement.`
	`22`	`+`
`17`	`23`	`--allow-workspace-renames bool, $CODER_ALLOW_WORKSPACE_RENAMES (default: false)`
`18`	`24`	`DEPRECATED: Allow users to rename their workspaces. Use only for`
`19`	`25`	`temporary compatibility reasons, this will be removed in a future`

`‎cli/testdata/server-config.yaml.golden‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -485,6 +485,11 @@ sshKeygenAlgorithm: ed25519`
`485`	`485`	`# URL to use for agent troubleshooting when not set in the template.`
`486`	`486`	`# (default: https://coder.com/docs/admin/templates/troubleshooting, type: url)`
`487`	`487`	`agentFallbackTroubleshootingURL: https://coder.com/docs/admin/templates/troubleshooting`
	`488`	`+# Minimum interval for agent metadata collection. Template-defined intervals below`
	`489`	`+# this value will cause template import to fail. Existing workspaces with lower`
	`490`	`+# intervals will be silently upgraded on restart. Set to 0 to disable enforcement.`
	`491`	`+# (default: 0s, type: duration)`
	`492`	`+agentMetadataMinInterval: 0s`
`488`	`493`	`# Disable workspace apps that are not served from subdomains. Path-based apps can`
`489`	`494`	`# make requests to the Coder API and pose a security risk when the workspace`
`490`	`495`	`# serves malicious JavaScript. This is recommended for security purposes if a`

`‎coderd/apidoc/docs.go‎`

Lines changed: 3 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json‎`

Lines changed: 3 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/provisionerdserver/provisionerdserver.go‎`

Lines changed: 71 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1613,7 +1613,11 @@ func (s *server) completeTemplateImportJob(ctx context.Context, job database.Pro`
`1613`	`1613`	`slog.F("resource_type",resource.Type),`
`1614`	`1614`	`slog.F("transition",transition))`
`1615`	`1615`
`1616`		`-iferr:=InsertWorkspaceResource(ctx,db,jobID,transition,resource,telemetrySnapshot);err!=nil {`
	`1616`	`+iferr:=InsertWorkspaceResource(ctx,db,jobID,transition,resource,telemetrySnapshot,`
	`1617`	`+InsertWorkspaceResourceWithValidationMode(ValidationModeStrict),`
	`1618`	`+InsertWorkspaceResourceWithDeploymentValues(s.DeploymentValues),`
	`1619`	`+InsertWorkspaceResourceWithLogger(s.Logger),`
	`1620`	`+);err!=nil {`
`1617`	`1621`	`returnxerrors.Errorf("insert resource: %w",err)`
`1618`	`1622`	`}`
`1619`	`1623`	`}`
`@@ -2014,6 +2018,9 @@ func (s *server) completeWorkspaceBuildJob(ctx context.Context, job database.Pro`
`2014`	`2018`	`// Ensure that the agent IDs we set previously`
`2015`	`2019`	`// are written to the database.`
`2016`	`2020`	`InsertWorkspaceResourceWithAgentIDsFromProto(),`
	`2021`	`+InsertWorkspaceResourceWithValidationMode(ValidationModeUpgrade),`
	`2022`	`+InsertWorkspaceResourceWithDeploymentValues(s.DeploymentValues),`
	`2023`	`+InsertWorkspaceResourceWithLogger(s.Logger),`
`2017`	`2024`	`)`
`2018`	`2025`	`iferr!=nil {`
`2019`	`2026`	`returnxerrors.Errorf("insert provisioner job: %w",err)`
`@@ -2623,8 +2630,23 @@ func InsertWorkspacePresetAndParameters(ctx context.Context, db database.Store,`
`2623`	`2630`	`returnnil`
`2624`	`2631`	`}`
`2625`	`2632`
	`2633`	`+// ValidationMode determines how agent metadata interval validation is enforced.`
	`2634`	`+typeValidationModeint`
	`2635`	`+`
	`2636`	`+const (`
	`2637`	`+// ValidationModeStrict fails the operation if metadata intervals are below the minimum.`
	`2638`	`+// Used for template imports.`
	`2639`	`+ValidationModeStrictValidationMode=iota`
	`2640`	`+// ValidationModeUpgrade silently upgrades metadata intervals to meet the minimum.`
	`2641`	`+// Used for workspace builds.`
	`2642`	`+ValidationModeUpgrade`
	`2643`	`+)`
	`2644`	`+`
`2626`	`2645`	`typeinsertWorkspaceResourceOptionsstruct {`
`2627`	`2646`	`useAgentIDsFromProtobool`
	`2647`	`+validationModeValidationMode`
	`2648`	`+deploymentValues*codersdk.DeploymentValues`
	`2649`	`+logger slog.Logger`
`2628`	`2650`	`}`
`2629`	`2651`
`2630`	`2652`	`// InsertWorkspaceResourceOption represents a functional option for`
`@@ -2639,6 +2661,27 @@ func InsertWorkspaceResourceWithAgentIDsFromProto() InsertWorkspaceResourceOptio`
`2639`	`2661`	`}`
`2640`	`2662`	`}`
`2641`	`2663`
	`2664`	`+// InsertWorkspaceResourceWithValidationMode sets the validation mode for agent metadata intervals.`
	`2665`	`+funcInsertWorkspaceResourceWithValidationMode(modeValidationMode)InsertWorkspaceResourceOption {`
	`2666`	`+returnfunc(opts*insertWorkspaceResourceOptions) {`
	`2667`	`+opts.validationMode=mode`
	`2668`	`+}`
	`2669`	`+}`
	`2670`	`+`
	`2671`	`+// InsertWorkspaceResourceWithDeploymentValues sets the deployment values for validation.`
	`2672`	`+funcInsertWorkspaceResourceWithDeploymentValues(dv*codersdk.DeploymentValues)InsertWorkspaceResourceOption {`
	`2673`	`+returnfunc(opts*insertWorkspaceResourceOptions) {`
	`2674`	`+opts.deploymentValues=dv`
	`2675`	`+}`
	`2676`	`+}`
	`2677`	`+`
	`2678`	`+// InsertWorkspaceResourceWithLogger sets the logger for logging validation actions.`
	`2679`	`+funcInsertWorkspaceResourceWithLogger(logger slog.Logger)InsertWorkspaceResourceOption {`
	`2680`	`+returnfunc(opts*insertWorkspaceResourceOptions) {`
	`2681`	`+opts.logger=logger`
	`2682`	`+}`
	`2683`	`+}`
	`2684`	`+`
`2642`	`2685`	`funcInsertWorkspaceResource(ctx context.Context,db database.Store,jobID uuid.UUID,transition database.WorkspaceTransition,protoResourcesdkproto.Resource,snapshottelemetry.Snapshot,opt...InsertWorkspaceResourceOption)error {`
`2643`	`2686`	`opts:=&insertWorkspaceResourceOptions{}`
`2644`	`2687`	`for_,o:=rangeopt {`
`@@ -2776,13 +2819,39 @@ func InsertWorkspaceResource(ctx context.Context, db database.Store, jobID uuid.`
`2776`	`2819`	`snapshot.WorkspaceAgents=append(snapshot.WorkspaceAgents,telemetry.ConvertWorkspaceAgent(dbAgent))`
`2777`	`2820`
`2778`	`2821`	`for_,md:=rangeprAgent.Metadata {`
	`2822`	`+interval:=md.Interval`
	`2823`	`+`
	`2824`	`+// Apply minimum interval validation if configured`
	`2825`	`+ifopts.deploymentValues!=nil&&opts.deploymentValues.AgentMetadataMinInterval.Value()>0 {`
	`2826`	`+minInterval:=opts.deploymentValues.AgentMetadataMinInterval.Value()`
	`2827`	`+minIntervalSeconds:=int64(minInterval.Seconds())`
	`2828`	`+`
	`2829`	`+ifinterval<minIntervalSeconds {`
	`2830`	`+ifopts.validationMode==ValidationModeStrict {`
	`2831`	`+// Template import - fail the operation`
	`2832`	`+returnxerrors.Errorf(`
	`2833`	`+"agent %q metadata %q interval %ds is below minimum required %ds",`
	`2834`	`+prAgent.Name,md.Key,interval,minIntervalSeconds,`
	`2835`	`+)`
	`2836`	`+}`
	`2837`	`+// Workspace build - upgrade silently`
	`2838`	`+opts.logger.Info(ctx,"upgrading agent metadata interval to meet minimum",`
	`2839`	`+slog.F("agent",prAgent.Name),`
	`2840`	`+slog.F("metadata_key",md.Key),`
	`2841`	`+slog.F("original_interval_seconds",interval),`
	`2842`	`+slog.F("upgraded_interval_seconds",minIntervalSeconds),`
	`2843`	`+)`
	`2844`	`+interval=minIntervalSeconds`
	`2845`	`+}`
	`2846`	`+}`
	`2847`	`+`
`2779`	`2848`	`p:= database.InsertWorkspaceAgentMetadataParams{`
`2780`	`2849`	`WorkspaceAgentID:agentID,`
`2781`	`2850`	`DisplayName:md.DisplayName,`
`2782`	`2851`	`Script:md.Script,`
`2783`	`2852`	`Key:md.Key,`
`2784`	`2853`	`Timeout:md.Timeout,`
`2785`		`-Interval:md.Interval,`
	`2854`	`+Interval:interval,`
`2786`	`2855`	`// #nosec G115 - Order represents a display order value that's always small and fits in int32`
`2787`	`2856`	`DisplayOrder:int32(md.Order),`
`2788`	`2857`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit140768f

File tree

12 files changed

12 files changed

`‎cli/testdata/coder_server_--help.golden‎`

`‎cli/testdata/server-config.yaml.golden‎`

`‎coderd/apidoc/docs.go‎`

`‎coderd/apidoc/swagger.json‎`

`‎coderd/provisionerdserver/provisionerdserver.go‎`

0 commit comments