fix: disallow lifecycle endpoints for prebuilt workspaces #19264
Conversation
| // Prebuild lifecycle is managed by the reconciliation loop, with scheduling behavior | ||
| // defined per preset at the template level, not per workspace. | ||
| if workspace.IsPrebuild() { | ||
| httpapi.Write(ctx, rw, http.StatusConflict, codersdk.Response{ |
There was a problem hiding this comment.
409 Conflict based on discussion: #19252 (comment)
## Description This PR ensures that prebuilt workspaces are properly excluded from the lifecycle executor and treated as a separate class of workspaces, fully managed by the prebuild reconciliation loop. It introduces two lifecycle guarantees: * When a prebuilt workspace is created (i.e., when the workspace build completes), all lifecycle-related fields are unset, ensuring the workspace does not participate in TTL, autostop, autostart, dormancy, or auto-deletion logic. * When a prebuilt workspace is claimed, it transitions into a regular user workspace. At this point, all lifecycle fields are correctly populated according to template-level configurations, allowing the workspace to be managed by the lifecycle executor as expected. ## Changes * Prebuilt workspaces now have all lifecycle-relevant fields unset during creation * When a prebuild is claimed: * Lifecycle fields are set based on template and workspace level configurations. This ensures a clean transition into the standard workspace lifecycle flow. * Updated lifecycle-related SQL update queries to explicitly exclude prebuilt workspaces. ## Relates Related issue: #18898 To reduce the scope of this PR and make the review process more manageable, the original implementation has been split into the following focused PRs: * #19259 * #19263 * #19264 * #19265 These PRs should be considered in conjunction with this one to understand the complete set of lifecycle separation changes for prebuilt workspaces.
| @@ -1115,12 +1126,20 @@ func (api *API) putWorkspaceAutostart(rw http.ResponseWriter, r *http.Request) { | |||
| return | |||
| } | |||
|
|
|||
| // Use injected Clock to allow time mocking in tests | |||
| now := api.Clock.Now() | |||
There was a problem hiding this comment.
If I understand correctly, all timestamps in the database are stored in UTC.
Do we need to explicitly set this to UTC? I see it being done in other places, for instance, in setting nextStartAt: https://github.com/coder/coder/blob/main/coderd/workspaces.go#L574
There was a problem hiding this comment.
Generally it's recommended to use dbtime.Time as this also rounds to the microsecond which is the smallest unit of precision supported by Postgres.
But if you're just using it as an initial reference point I'd say it should be OK.
There was a problem hiding this comment.
Yes, the pattern I have been following is using the Clock.Now() on the application layer, and dtime.Time for database operations.
| @@ -1115,12 +1126,20 @@ func (api *API) putWorkspaceAutostart(rw http.ResponseWriter, r *http.Request) { | |||
| return | |||
| } | |||
|
|
|||
| // Use injected Clock to allow time mocking in tests | |||
| now := api.Clock.Now() | |||
There was a problem hiding this comment.
Generally it's recommended to use dbtime.Time as this also rounds to the microsecond which is the smallest unit of precision supported by Postgres.
But if you're just using it as an initial reference point I'd say it should be OK.
Description
This PR updates the API to prevent lifecycle configuration endpoints from being used on prebuilt workspaces. Since prebuilds are managed by the reconciliation loop and do not participate in the regular workspace lifecycle, they must not support per-workspace overrides for fields like deadline, TTL, autostart, or dormancy.
Attempting to use these endpoints on a prebuilt workspace will now return a clear validation error (
409 Conflict) with an appropriate explanation. This prevents accidental misconfiguration and preserves the lifecycle separation between prebuilds and regular workspaces.Changes
The following endpoints now return an error if the target workspace is a prebuild:
PUT /workspaces/{workspace}/extendPUT /workspaces/{workspace}/ttlPUT /workspaces/{workspace}/autostartPUT /workspaces/{workspace}/dormantUpdate endpoints logic to use the API clock in order to allow time mocking in tests.
Related with: