- Notifications
You must be signed in to change notification settings - Fork906
feat: add prebuilt workspaces to non-default organizations#18010
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Uh oh!
There was an error while loading.Please reload this page.
| rbac.ResourceOrganizationMember.Type: { | ||
| policy.ActionCreate, | ||
| }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think you also need read here todetermine which organizations the prebuild system user is a member of.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Overall looks good to me 👍 just a few questions, mainly because I'm not too familiar with the RBAC code.
Also, I agree on using a map to store memberships, that seems like a cleaner approach.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
user a better db call, avoid an inner loop.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM, just a couple of minor suggestions to improve the readability of the tests (mostly around naming and comments). I’m not very familiar with the RBAC code, so I’ll defer formal approval to someone with more experience in this area.
| Roles: []string{}, | ||
| }) | ||
| if err != nil { | ||
| membershipInsertionErrors = errors.Join(membershipInsertionErrors, xerrors.Errorf("insert membership for prebuilt workspaces: %w", err)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
nit: maybe it would be useful to add the presetOrganizationID to the error message for further debugging?
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM 🚀 Just some small non-blocking comments
| // If the prebuilds system user is a member of an organization that doesn't have need any prebuilds, | ||
| // then it must have required prebuilds in the past. The membership is not currently necessary, but | ||
| // the reconciler won't remove it, because there's little cost to keeping it and prebuilds might be | ||
| // enabled again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Perfect 🥇
Just a small typo:
| // If the prebuilds system user is a member of an organization that doesn'thave need any prebuilds, | |
| // then it must have required prebuilds in the past. The membership is not currently necessary, but | |
| // the reconciler won't remove it, because there's little cost to keeping it and prebuilds might be | |
| // enabled again. | |
| // If the prebuilds system user is a member of an organization that doesn'tcurrently need any prebuilds, | |
| // then it must have required prebuilds in the past. The membership is not currently necessary, but | |
| // the reconciler won't remove it, because there's little cost to keeping it and prebuilds might be | |
| // enabled again. |
| func (s StoreMembershipReconciler) ReconcileAll(ctx context.Context, userID uuid.UUID, presets []database.GetTemplatePresetsWithPrebuildsRow) error { | ||
| organizationMemberships, err := s.store.GetOrganizationsByUserID(ctx, database.GetOrganizationsByUserIDParams{ | ||
| UserID: userID, | ||
| Deleted: sql.NullBool{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I might have missed it, but do we have tests covering the case where a user is deleted?
Non-blocking, just something that might be worth considering in a future PR if not already covered.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
covering the case where a user is deleted
We don't. Although we allow the userID here is a parameter, it is guaranteed to be the prebuilds system user, so the risk of deletion is low.
coder/internal#526 will ensure that the prebuilds system user is not deleted whenever the reconciliation loop runs.
5f7e5d7 intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
closescoder/internal#527