- Notifications
You must be signed in to change notification settings - Fork928
feat: add migrations and queries to support prebuilds#16891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
77 commits Select commitHold shift + click to select a range
300e80f add prebuilds system user database changes and associated changes
SasSwartb788237 optionally prevent system users from counting to user count
dannykopping8122595 appease the linter
dannykoppingbfb7c28 add unit test for system user behaviour
dannykopping6639167 reverting RBAC changes; not relevant here
dannykopping769ae1d removing unnecessary changes
dannykoppinge7e9c27 exclude system user db tests from non-linux OSs
dannykopping3936047 Rename prebuild system user reference
SasSwart8bdcafb ensure that users.IsSystem is not nullable
SasSwart412d198 feat: add migrations and queries to support prebuilds
SasSwart51773ec Simplify workspace_latest_build view
dannykopping23773c2 Revert test change
dannykoppingbc3ff44 make gen
dannykoppingbaa3076 refactor: add comments to SQL queries
evgeniy-scherbinaed14fb3 test: added get-presets-backoff test
evgeniy-scherbina3cc74fb refactor: add comment to SQL query
evgeniy-scherbinafc32154 refactor: add comments + improve tests
evgeniy-scherbinad7b4ec4 fix: bug in SQL
evgeniy-scherbinae8b53f7 test: minor changes to the test
evgeniy-scherbina9df6554 refactor: remove job_status from SQL query
evgeniy-scherbinaccc309e refactor: embed preset_prebuilds table into presets table
evgeniy-scherbinaee1f16a refactor: rename sql table
evgeniy-scherbinad040ddd refactor: remove unnecessary JOIN
evgeniy-scherbina83a6722 refactor: remove unnecessary JOIN
evgeniy-scherbinacd70710 refactor: use INNER JOIN for consistency
evgeniy-scherbina97cc4ff refactor: simplify GetPresetsBackoff SQL Query
evgeniy-scherbina4d59039 Revert "refactor: simplify GetPresetsBackoff SQL Query"
evgeniy-scherbina205d6af refactor: improve GetPresetsBackoff query
evgeniy-scherbinae489e1b Merge remote-tracking branch 'origin/main' into prebuilds-db
evgeniy-scherbina1b29686 Merge remote-tracking branch 'origin/main' into prebuilds-db
evgeniy-scherbina20470e4 fix: bump migration numbers
evgeniy-scherbina7b9c8ce test: remove deprecated test
evgeniy-scherbinae189a0b fix: fix linter
evgeniy-scherbina692c0e5 fix: fix 000310_prebuilds.down migration
evgeniy-scherbinaf747db0 fix: fix fixture migration
evgeniy-scherbina3166a42 fix: fix get-presets-backoff test
evgeniy-scherbinaaa6b490 fix: fix linter
evgeniy-scherbinabc4e7d2 fix: fix linter
evgeniy-scherbinaf167b92 correctly select for the latest built with a preset in latest_prebuil…
SasSwart8fd34ab Merge remote-tracking branch 'origin/main' into prebuilds-db
SasSwart7a8ec49 Properly label and filter metrics for prebuilds
SasSwarta64d661 test: fix db tests
evgeniy-scherbinac787cd2 test: added tests for workspaces with multiple agents
evgeniy-scherbinabd38603 refactor: avoid code duplication
evgeniy-scherbina097f9c3 clarify query clause
SasSwart4cfdd6f tidy up dbauthz_test.go
SasSwart4a34d52 refactor: remove * usage from prebuilds.sql queries
evgeniy-scherbina8d9cd45 refactor: remove * usage from prebuilds views
evgeniy-scherbinaf870d7e refactor: join wlb with pj
evgeniy-scherbina18ad931 refactor: Rename SQL query
evgeniy-scherbina4667171 Added comments for SQL query
evgeniy-scherbinaa26c094 refactor: fix down migration
evgeniy-scherbina6ed4121 Merge remote-tracking branch 'origin/main' into prebuilds-db
SasSwart2312f41 renumber migrations
SasSwart5150a5c refactor: clarify comment for SQL query
evgeniy-scherbinabff34ea refactor: fix indentations
evgeniy-scherbinaef462b6 refactor: rename helper func in test package
evgeniy-scherbinadc45165 refactor: database level tests
evgeniy-scherbina9c8a352 refactor: database level tests
evgeniy-scherbinaeb80919 refactor: helper funcs in db-level tests
evgeniy-scherbina0b2bbee refactor: minor improvement in SQL query
evgeniy-scherbina3a97bf6 refactor: rename SQL queries
evgeniy-scherbina2eeb884 refactor: rename SQL queries
evgeniy-scherbina73f99e8 refactor: rename fields in SQL query
evgeniy-scherbina113e12b fix: improve rbac policies
evgeniy-scherbina217cae0 fix: minor fix in filtered_builds CTE
evgeniy-scherbinab0bf220 fix: formatting
evgeniy-scherbinaff72a00 refactor: minor refactoring
evgeniy-scherbinaa007d4a fix: handle presets with the same tv.id and name
evgeniy-scherbinaea9c53b fix: redefine RBAC permissions for prebuilds
evgeniy-scherbina66d44ed Merge remote-tracking branch 'origin/main' into prebuilds-db
evgeniy-scherbina29e121f fix: fix migration numbers
evgeniy-scherbinaf64754f test: fix dbmem tests
evgeniy-scherbina7e02397 test: fix dbmem tests
evgeniy-scherbina55d9827 fix: linter
evgeniy-scherbina866454b fix: linter
evgeniy-scherbina4fa959a fix: linter
evgeniy-scherbinaFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
113 changes: 111 additions & 2 deletionscoderd/database/dbauthz/dbauthz.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -18,6 +18,7 @@ import ( | ||
| "cdr.dev/slog" | ||
| "github.com/coder/coder/v2/coderd/prebuilds" | ||
| "github.com/coder/coder/v2/coderd/rbac/policy" | ||
| "github.com/coder/coder/v2/coderd/rbac/rolestore" | ||
| @@ -361,6 +362,27 @@ var ( | ||
| }), | ||
| Scope: rbac.ScopeAll, | ||
| }.WithCachedASTValue() | ||
| subjectPrebuildsOrchestrator = rbac.Subject{ | ||
| FriendlyName: "Prebuilds Orchestrator", | ||
| ID: prebuilds.SystemUserID.String(), | ||
| Roles: rbac.Roles([]rbac.Role{ | ||
| { | ||
| Identifier: rbac.RoleIdentifier{Name: "prebuilds-orchestrator"}, | ||
| DisplayName: "Coder", | ||
| Site: rbac.Permissions(map[string][]policy.Action{ | ||
| // May use template, read template-related info, & insert template-related resources (preset prebuilds). | ||
| rbac.ResourceTemplate.Type: {policy.ActionRead, policy.ActionUpdate, policy.ActionUse, policy.ActionViewInsights}, | ||
| // May CRUD workspaces, and start/stop them. | ||
| rbac.ResourceWorkspace.Type: { | ||
| policy.ActionCreate, policy.ActionDelete, policy.ActionRead, policy.ActionUpdate, | ||
| policy.ActionWorkspaceStart, policy.ActionWorkspaceStop, | ||
| }, | ||
| }), | ||
| }, | ||
| }), | ||
| Scope: rbac.ScopeAll, | ||
| }.WithCachedASTValue() | ||
| ) | ||
| // AsProvisionerd returns a context with an actor that has permissions required | ||
| @@ -415,6 +437,12 @@ func AsSystemReadProvisionerDaemons(ctx context.Context) context.Context { | ||
| return context.WithValue(ctx, authContextKey{}, subjectSystemReadProvisionerDaemons) | ||
| } | ||
| // AsPrebuildsOrchestrator returns a context with an actor that has permissions | ||
| // to read orchestrator workspace prebuilds. | ||
| func AsPrebuildsOrchestrator(ctx context.Context) context.Context { | ||
| return context.WithValue(ctx, authContextKey{}, subjectPrebuildsOrchestrator) | ||
| } | ||
| var AsRemoveActor = rbac.Subject{ | ||
| ID: "remove-actor", | ||
| } | ||
| @@ -1109,6 +1137,31 @@ func (q *querier) BulkMarkNotificationMessagesSent(ctx context.Context, arg data | ||
| return q.db.BulkMarkNotificationMessagesSent(ctx, arg) | ||
| } | ||
| func (q *querier) ClaimPrebuiltWorkspace(ctx context.Context, arg database.ClaimPrebuiltWorkspaceParams) (database.ClaimPrebuiltWorkspaceRow, error) { | ||
| empty := database.ClaimPrebuiltWorkspaceRow{} | ||
| preset, err := q.db.GetPresetByID(ctx, arg.PresetID) | ||
| if err != nil { | ||
| return empty, err | ||
| } | ||
| workspaceObject := rbac.ResourceWorkspace.WithOwner(arg.NewUserID.String()).InOrg(preset.OrganizationID) | ||
| err = q.authorizeContext(ctx, policy.ActionCreate, workspaceObject.RBACObject()) | ||
| if err != nil { | ||
| return empty, err | ||
| } | ||
| tpl, err := q.GetTemplateByID(ctx, preset.TemplateID.UUID) | ||
| if err != nil { | ||
| return empty, xerrors.Errorf("verify template by id: %w", err) | ||
| } | ||
| if err := q.authorizeContext(ctx, policy.ActionUse, tpl); err != nil { | ||
| return empty, xerrors.Errorf("use template for workspace: %w", err) | ||
| } | ||
Comment on lines +1148 to +1160 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Just leave a comment this should match | ||
| return q.db.ClaimPrebuiltWorkspace(ctx, arg) | ||
| } | ||
| func (q *querier) CleanTailnetCoordinators(ctx context.Context) error { | ||
| if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceTailnetCoordinator); err != nil { | ||
| return err | ||
| @@ -1130,6 +1183,13 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error { | ||
| return q.db.CleanTailnetTunnels(ctx) | ||
| } | ||
| func (q *querier) CountInProgressPrebuilds(ctx context.Context) ([]database.CountInProgressPrebuildsRow, error) { | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspace.All()); err != nil { | ||
| return nil, err | ||
| } | ||
| return q.db.CountInProgressPrebuilds(ctx) | ||
| } | ||
Comment on lines +1186 to +1191 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. This query spans all organizations, and prebuilds are just workspaces 👍 | ||
| func (q *querier) CountUnreadInboxNotificationsByUserID(ctx context.Context, userID uuid.UUID) (int64, error) { | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceInboxNotification.WithOwner(userID.String())); err != nil { | ||
| return 0, err | ||
| @@ -2096,6 +2156,30 @@ func (q *querier) GetParameterSchemasByJobID(ctx context.Context, jobID uuid.UUI | ||
| return q.db.GetParameterSchemasByJobID(ctx, jobID) | ||
| } | ||
| func (q *querier) GetPrebuildMetrics(ctx context.Context) ([]database.GetPrebuildMetricsRow, error) { | ||
| // GetPrebuildMetrics returns metrics related to prebuilt workspaces, | ||
| // such as the number of created and failed prebuilt workspaces. | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspace.All()); err != nil { | ||
| return nil, err | ||
| } | ||
| return q.db.GetPrebuildMetrics(ctx) | ||
| } | ||
dannykopping marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| func (q *querier) GetPresetByID(ctx context.Context, presetID uuid.UUID) (database.GetPresetByIDRow, error) { | ||
| empty := database.GetPresetByIDRow{} | ||
| preset, err := q.db.GetPresetByID(ctx, presetID) | ||
| if err != nil { | ||
| return empty, err | ||
| } | ||
| _, err = q.GetTemplateByID(ctx, preset.TemplateID.UUID) | ||
| if err != nil { | ||
| return empty, err | ||
| } | ||
dannykopping marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| return preset, nil | ||
| } | ||
| func (q *querier) GetPresetByWorkspaceBuildID(ctx context.Context, workspaceID uuid.UUID) (database.TemplateVersionPreset, error) { | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceTemplate); err != nil { | ||
| return database.TemplateVersionPreset{}, err | ||
| @@ -2113,6 +2197,14 @@ func (q *querier) GetPresetParametersByTemplateVersionID(ctx context.Context, te | ||
| return q.db.GetPresetParametersByTemplateVersionID(ctx, templateVersionID) | ||
| } | ||
| func (q *querier) GetPresetsBackoff(ctx context.Context, lookback time.Time) ([]database.GetPresetsBackoffRow, error) { | ||
| // GetPresetsBackoff returns a list of template version presets along with metadata such as the number of failed prebuilds. | ||
| if err := q.authorizeContext(ctx, policy.ActionViewInsights, rbac.ResourceTemplate.All()); err != nil { | ||
| return nil, err | ||
| } | ||
| return q.db.GetPresetsBackoff(ctx, lookback) | ||
| } | ||
Comment on lines +2200 to +2206 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. @spikecurtis we decided to just lump in the preset metrics with template insights. Since template insights are metrics related to a template, prebuild metrics metadata is essentially the same imo. | ||
| func (q *querier) GetPresetsByTemplateVersionID(ctx context.Context, templateVersionID uuid.UUID) ([]database.TemplateVersionPreset, error) { | ||
| // An actor can read template version presets if they can read the related template version. | ||
| _, err := q.GetTemplateVersionByID(ctx, templateVersionID) | ||
| @@ -2164,13 +2256,13 @@ func (q *querier) GetProvisionerJobByID(ctx context.Context, id uuid.UUID) (data | ||
| // can read the job. | ||
| _, err := q.GetWorkspaceBuildByJobID(ctx, id) | ||
| if err != nil { | ||
| return database.ProvisionerJob{},xerrors.Errorf("fetch related workspace build: %w",err) | ||
SasSwart marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| } | ||
| case database.ProvisionerJobTypeTemplateVersionDryRun, database.ProvisionerJobTypeTemplateVersionImport: | ||
| // Authorized call to get template version. | ||
| _, err := authorizedTemplateVersionFromJob(ctx, q, job) | ||
| if err != nil { | ||
| return database.ProvisionerJob{},xerrors.Errorf("fetch related template version: %w",err) | ||
| } | ||
| default: | ||
| return database.ProvisionerJob{}, xerrors.Errorf("unknown job type: %q", job.Type) | ||
| @@ -2263,6 +2355,14 @@ func (q *querier) GetReplicasUpdatedAfter(ctx context.Context, updatedAt time.Ti | ||
| return q.db.GetReplicasUpdatedAfter(ctx, updatedAt) | ||
| } | ||
| func (q *querier) GetRunningPrebuiltWorkspaces(ctx context.Context) ([]database.GetRunningPrebuiltWorkspacesRow, error) { | ||
| // This query returns only prebuilt workspaces, but we decided to require permissions for all workspaces. | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspace.All()); err != nil { | ||
| return nil, err | ||
| } | ||
dannykopping marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| return q.db.GetRunningPrebuiltWorkspaces(ctx) | ||
| } | ||
| func (q *querier) GetRuntimeConfig(ctx context.Context, key string) (string, error) { | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil { | ||
| return "", err | ||
| @@ -2387,6 +2487,15 @@ func (q *querier) GetTemplateParameterInsights(ctx context.Context, arg database | ||
| return q.db.GetTemplateParameterInsights(ctx, arg) | ||
| } | ||
| func (q *querier) GetTemplatePresetsWithPrebuilds(ctx context.Context, templateID uuid.NullUUID) ([]database.GetTemplatePresetsWithPrebuildsRow, error) { | ||
| // GetTemplatePresetsWithPrebuilds retrieves template versions with configured presets and prebuilds. | ||
| // Presets and prebuilds are part of the template, so if you can access templates - you can access them as well. | ||
| if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceTemplate.All()); err != nil { | ||
| return nil, err | ||
| } | ||
| return q.db.GetTemplatePresetsWithPrebuilds(ctx, templateID) | ||
| } | ||
dannykopping marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| func (q *querier) GetTemplateUsageStats(ctx context.Context, arg database.GetTemplateUsageStatsParams) ([]database.TemplateUsageStat, error) { | ||
| if err := q.authorizeTemplateInsights(ctx, arg.TemplateIDs); err != nil { | ||
| return nil, err | ||
90 changes: 90 additions & 0 deletionscoderd/database/dbauthz/dbauthz_test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletionscoderd/database/dbgen/dbgen.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.