Move prebuilds code to enterprise top-level package, refactor into agpl pointers

dannykopping · dannykopping · commit 0a94405c3ff8 · 2025-02-18T08:20:17.000Z
Signed-off-by: Danny Kopping &lt;danny@coder.com&gt;
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -19,6 +19,8 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/coder/coder/v2/coderd/prebuilds"
+
 	"github.com/andybalholm/brotli"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
@@ -1476,6 +1478,7 @@ type API struct {
 	// passed to dbauthz.
 	AccessControlStore *atomic.Pointer[dbauthz.AccessControlStore]
 	PortSharer         atomic.Pointer[portsharing.PortSharer]
+	PrebuildsClaimer   atomic.Pointer[prebuilds.Claimer]
 
 	UpdatesProvider tailnet.WorkspaceUpdatesProvider
 
diff --git a/coderd/prebuilds/api.go b/coderd/prebuilds/api.go
@@ -0,0 +1,27 @@
+package prebuilds
+
+import (
+	"context"
+
+	"github.com/google/uuid"
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/v2/coderd/database"
+)
+
+type Claimer interface {
+	Claim(ctx context.Context, store database.Store, userID uuid.UUID, name string, presetID uuid.UUID) (*uuid.UUID, error)
+	Initiator() uuid.UUID
+}
+
+type AGPLPrebuildClaimer struct{}
+
+func (c AGPLPrebuildClaimer) Claim(context.Context, database.Store, uuid.UUID, string, uuid.UUID) (*uuid.UUID, error) {
+	return nil, xerrors.Errorf("not entitled to claim prebuilds")
+}
+
+func (c AGPLPrebuildClaimer) Initiator() uuid.UUID {
+	return uuid.Nil
+}
+
+var DefaultClaimer Claimer = AGPLPrebuildClaimer{}
diff --git a/coderd/prebuilds/id.go b/coderd/prebuilds/id.go
diff --git a/coderd/workspaces.go b/coderd/workspaces.go
@@ -11,8 +11,6 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/coder/coder/v2/coderd/prebuilds"
-
 	"github.com/dustin/go-humanize"
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
@@ -30,6 +28,7 @@ import (
 	"github.com/coder/coder/v2/coderd/httpapi"
 	"github.com/coder/coder/v2/coderd/httpmw"
 	"github.com/coder/coder/v2/coderd/notifications"
+	"github.com/coder/coder/v2/coderd/prebuilds"
 	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/rbac/policy"
 	"github.com/coder/coder/v2/coderd/schedule"
@@ -632,6 +631,9 @@ func createWorkspace(
 
 		runningWorkspaceAgentID uuid.UUID
 	)
+
+	prebuilds := (*api.PrebuildsClaimer.Load()).(prebuilds.Claimer)
+
 	err = api.Database.InTx(func(db database.Store) error {
 		var (
 			workspaceID      uuid.UUID
@@ -641,7 +643,7 @@ func createWorkspace(
 		// If a template preset was chosen, try claim a prebuild.
 		if req.TemplateVersionPresetID != uuid.Nil {
 			// Try and claim an eligible prebuild, if available.
-			claimedWorkspace, err = claimPrebuild(ctx, db, api.Logger, req, owner)
+			claimedWorkspace, err = claimPrebuild(ctx, prebuilds, db, api.Logger, req, owner)
 			if err != nil {
 				return xerrors.Errorf("claim prebuild: %w", err)
 			}
@@ -674,8 +676,7 @@ func createWorkspace(
 		} else {
 			// Prebuild found!
 			workspaceID = claimedWorkspace.ID
-			initiatorID = prebuilds.PrebuildOwnerUUID
-
+			initiatorID = prebuilds.Initiator()
 			agents, err := api.Database.GetWorkspaceAgentsInLatestBuildByWorkspaceID(ctx, claimedWorkspace.ID)
 			if err != nil {
 				api.Logger.Error(ctx, "failed to retrieve running agents of claimed prebuilt workspace",
@@ -806,9 +807,9 @@ func createWorkspace(
 	httpapi.Write(ctx, rw, http.StatusCreated, w)
 }
 
-func claimPrebuild(ctx context.Context, db database.Store, logger slog.Logger, req codersdk.CreateWorkspaceRequest, owner workspaceOwner) (*database.Workspace, error) {
+func claimPrebuild(ctx context.Context, claimer prebuilds.Claimer, db database.Store, logger slog.Logger, req codersdk.CreateWorkspaceRequest, owner workspaceOwner) (*database.Workspace, error) {
 	// TODO: authz // Can't use existing profiles (i.e. AsSystemRestricted) because of dbauthz rules
-	var ownerCtx = dbauthz.As(ctx, rbac.Subject{
+	ownerCtx := dbauthz.As(ctx, rbac.Subject{
 		ID:     "owner",
 		Roles:  rbac.RoleIdentifiers{rbac.RoleOwner()},
 		Groups: []string{},
@@ -819,7 +820,7 @@ func claimPrebuild(ctx context.Context, db database.Store, logger slog.Logger, r
 	claimCtx, cancel := context.WithTimeout(ownerCtx, time.Second*10) // TODO: don't use elevated authz context
 	defer cancel()
 
-	claimedID, err := prebuilds.Claim(claimCtx, db, owner.ID, req.Name, req.TemplateVersionPresetID)
+	claimedID, err := claimer.Claim(claimCtx, db, owner.ID, req.Name, req.TemplateVersionPresetID)
 	if err != nil {
 		// TODO: enhance this by clarifying whether this *specific* prebuild failed or whether there are none to claim.
 		return nil, xerrors.Errorf("claim prebuild: %w", err)
diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/ed25519"
 	"fmt"
-	"github.com/coder/coder/v2/coderd/prebuilds"
 	"math"
 	"net/http"
 	"net/url"
@@ -19,6 +18,7 @@ import (
 	"github.com/coder/coder/v2/coderd/entitlements"
 	"github.com/coder/coder/v2/coderd/idpsync"
 	agplportsharing "github.com/coder/coder/v2/coderd/portsharing"
+	agplprebuilds "github.com/coder/coder/v2/coderd/prebuilds"
 	"github.com/coder/coder/v2/coderd/rbac/policy"
 	"github.com/coder/coder/v2/enterprise/coderd/enidpsync"
 	"github.com/coder/coder/v2/enterprise/coderd/portsharing"
@@ -44,6 +44,7 @@ import (
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/enterprise/coderd/dbauthz"
 	"github.com/coder/coder/v2/enterprise/coderd/license"
+	"github.com/coder/coder/v2/enterprise/coderd/prebuilds"
 	"github.com/coder/coder/v2/enterprise/coderd/proxyhealth"
 	"github.com/coder/coder/v2/enterprise/coderd/schedule"
 	"github.com/coder/coder/v2/enterprise/dbcrypt"
@@ -583,6 +584,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
 	go api.runEntitlementsLoop(ctx)
 
 	if api.AGPL.Experiments.Enabled(codersdk.ExperimentWorkspacePrebuilds) {
+		// TODO: future enhancement, start this up without restarting coderd when entitlement is updated.
 		if !api.Entitlements.Enabled(codersdk.FeatureWorkspacePrebuilds) {
 			options.Logger.Warn(ctx, "prebuilds experiment enabled but not entitled to use")
 		} else {
@@ -883,6 +885,14 @@ func (api *API) updateEntitlements(ctx context.Context) error {
 			api.AGPL.PortSharer.Store(&ps)
 		}
 
+		if initial, changed, enabled := featureChanged(codersdk.FeatureWorkspacePrebuilds); shouldUpdate(initial, changed, enabled) {
+			c := agplprebuilds.DefaultClaimer
+			if enabled {
+				c = prebuilds.EnterpriseClaimer{}
+			}
+			api.AGPL.PrebuildsClaimer.Store(&c)
+		}
+
 		// External token encryption is soft-enforced
 		featureExternalTokenEncryption := reloadedEntitlements.Features[codersdk.FeatureExternalTokenEncryption]
 		featureExternalTokenEncryption.Enabled = len(api.ExternalTokenEncryption) > 0
diff --git a/enterprise/coderd/prebuilds/claim.go b/enterprise/coderd/prebuilds/claim.go
@@ -4,12 +4,18 @@ import (
 	"context"
 	"database/sql"
 	"errors"
-	"github.com/coder/coder/v2/coderd/database"
+
+	"github.com/coder/coder/v2/coderd/prebuilds"
+
 	"github.com/google/uuid"
 	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/v2/coderd/database"
 )
 
-func Claim(ctx context.Context, store database.Store, userID uuid.UUID, name string, presetID uuid.UUID) (*uuid.UUID, error) {
+type EnterpriseClaimer struct{}
+
+func (e EnterpriseClaimer) Claim(ctx context.Context, store database.Store, userID uuid.UUID, name string, presetID uuid.UUID) (*uuid.UUID, error) {
 	var prebuildID *uuid.UUID
 	err := store.InTx(func(db database.Store) error {
 		// TODO: do we need this?
@@ -44,3 +50,9 @@ func Claim(ctx context.Context, store database.Store, userID uuid.UUID, name str
 
 	return prebuildID, err
 }
+
+func (e EnterpriseClaimer) Initiator() uuid.UUID {
+	return ownerID
+}
+
+var _ prebuilds.Claimer = &EnterpriseClaimer{}
diff --git a/enterprise/coderd/prebuilds/controller.go b/enterprise/coderd/prebuilds/controller.go
@@ -312,7 +312,7 @@ func (c *Controller) reconcileTemplate(ctx context.Context, template database.Te
 			}
 
 			// TODO: authz // Can't use existing profiles (i.e. AsSystemRestricted) because of dbauthz rules
-			var ownerCtx = dbauthz.As(ctx, rbac.Subject{
+			ownerCtx := dbauthz.As(ctx, rbac.Subject{
 				ID:     "owner",
 				Roles:  rbac.RoleIdentifiers{rbac.RoleOwner()},
 				Groups: []string{},
@@ -375,7 +375,7 @@ func (c *Controller) createPrebuild(ctx context.Context, db database.Store, preb
 		ID:               prebuildID,
 		CreatedAt:        now,
 		UpdatedAt:        now,
-		OwnerID:          PrebuildOwnerUUID,
+		OwnerID:          ownerID,
 		OrganizationID:   template.OrganizationID,
 		TemplateID:       template.ID,
 		Name:             name,
@@ -397,6 +397,7 @@ func (c *Controller) createPrebuild(ctx context.Context, db database.Store, preb
 
 	return c.provision(ctx, db, prebuildID, template, presetID, database.WorkspaceTransitionStart, workspace)
 }
+
 func (c *Controller) deletePrebuild(ctx context.Context, db database.Store, prebuildID uuid.UUID, template database.Template, presetID uuid.UUID) error {
 	workspace, err := db.GetWorkspaceByID(ctx, prebuildID)
 	if err != nil {
@@ -430,7 +431,7 @@ func (c *Controller) provision(ctx context.Context, db database.Store, prebuildI
 
 	builder := wsbuilder.New(workspace, transition).
 		Reason(database.BuildReasonInitiator).
-		Initiator(PrebuildOwnerUUID).
+		Initiator(ownerID).
 		ActiveVersion().
 		VersionID(template.ActiveVersionID).
 		MarkPrebuild().
diff --git a/enterprise/coderd/prebuilds/id.go b/enterprise/coderd/prebuilds/id.go
@@ -0,0 +1,5 @@
+package prebuilds
+
+import "github.com/google/uuid"
+
+var ownerID = uuid.MustParse("c42fdf75-3097-471c-8c33-fb52454d81c0")
diff --git a/provisioner/terraform/executor.go b/provisioner/terraform/executor.go
@@ -6,7 +6,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/coder/terraform-provider-coder/provider"
 	"io"
 	"os"
 	"os/exec"
