coderd/wsbuilder: pass template variable values to workspace tag evaluation context

johnstcn · johnstcn · commit 2279385f995d · 2024-12-17T15:20:10.000Z
diff --git a/coderd/wsbuilder/wsbuilder.go b/coderd/wsbuilder/wsbuilder.go
@@ -12,9 +12,9 @@ import (
 
 	"github.com/hashicorp/hcl/v2"
 	"github.com/hashicorp/hcl/v2/hclsyntax"
-	"github.com/zclconf/go-cty/cty"
 
 	"github.com/coder/coder/v2/coderd/rbac/policy"
+	"github.com/coder/coder/v2/provisioner/terraform/tfparse"
 	"github.com/coder/coder/v2/provisionersdk"
 
 	"github.com/google/uuid"
@@ -64,6 +64,7 @@ type Builder struct {
 	templateVersion              *database.TemplateVersion
 	templateVersionJob           *database.ProvisionerJob
 	templateVersionParameters    *[]database.TemplateVersionParameter
+	templateVersionVariables     *[]database.TemplateVersionVariable
 	templateVersionWorkspaceTags *[]database.TemplateVersionWorkspaceTag
 	lastBuild                    *database.WorkspaceBuild
 	lastBuildErr                 *error
@@ -617,6 +618,22 @@ func (b *Builder) getTemplateVersionParameters() ([]database.TemplateVersionPara
 	return tvp, nil
 }
 
+func (b *Builder) getTemplateVersionVariables() ([]database.TemplateVersionVariable, error) {
+	if b.templateVersionVariables != nil {
+		return *b.templateVersionVariables, nil
+	}
+	tvID, err := b.getTemplateVersionID()
+	if err != nil {
+		return nil, xerrors.Errorf("get template version ID to get variables: %w", err)
+	}
+	tvs, err := b.store.GetTemplateVersionVariables(b.ctx, tvID)
+	if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
+		return nil, xerrors.Errorf("get template version %s variables: %w", tvID, err)
+	}
+	b.templateVersionVariables = &tvs
+	return tvs, nil
+}
+
 // verifyNoLegacyParameters verifies that initiator can't start the workspace build
 // if it uses legacy parameters (database.ParameterSchemas).
 func (b *Builder) verifyNoLegacyParameters() error {
@@ -678,17 +695,35 @@ func (b *Builder) getProvisionerTags() (map[string]string, error) {
 		tags[name] = value
 	}
 
-	// Step 2: Mutate workspace tags
+	// Step 2: Mutate workspace tags:
+	// - Get workspace tags from the template version job
+	// - Get template version variables from the template version as they can be
+	//   referenced in workspace tags
+	// - Get parameters from the workspace build as they can also be referenced
+	//   in workspace tags
+	// - Evaluate workspace tags given the above inputs
 	workspaceTags, err := b.getTemplateVersionWorkspaceTags()
 	if err != nil {
 		return nil, BuildError{http.StatusInternalServerError, "failed to fetch template version workspace tags", err}
 	}
+	tvs, err := b.getTemplateVersionVariables()
+	if err != nil {
+		return nil, BuildError{http.StatusInternalServerError, "failed to fetch template version variables", err}
+	}
+	varsM := make(map[string]string)
+	for _, tv := range tvs {
+		varsM[tv.Name] = tv.Value
+	}
 	parameterNames, parameterValues, err := b.getParameters()
 	if err != nil {
 		return nil, err // already wrapped BuildError
 	}
+	paramsM := make(map[string]string)
+	for i, name := range parameterNames {
+		paramsM[name] = parameterValues[i]
+	}
 
-	evalCtx := buildParametersEvalContext(parameterNames, parameterValues)
+	evalCtx := tfparse.BuildEvalContext(varsM, paramsM)
 	for _, workspaceTag := range workspaceTags {
 		expr, diags := hclsyntax.ParseExpression([]byte(workspaceTag.Value), "expression.hcl", hcl.InitialPos)
 		if diags.HasErrors() {
@@ -701,7 +736,7 @@ func (b *Builder) getProvisionerTags() (map[string]string, error) {
 		}
 
 		// Do not use "val.AsString()" as it can panic
-		str, err := ctyValueString(val)
+		str, err := tfparse.CtyValueString(val)
 		if err != nil {
 			return nil, BuildError{http.StatusBadRequest, "failed to marshal cty.Value as string", err}
 		}
@@ -710,44 +745,6 @@ func (b *Builder) getProvisionerTags() (map[string]string, error) {
 	return tags, nil
 }
 
-func buildParametersEvalContext(names, values []string) *hcl.EvalContext {
-	m := map[string]cty.Value{}
-	for i, name := range names {
-		m[name] = cty.MapVal(map[string]cty.Value{
-			"value": cty.StringVal(values[i]),
-		})
-	}
-
-	if len(m) == 0 {
-		return nil // otherwise, panic: must not call MapVal with empty map
-	}
-
-	return &hcl.EvalContext{
-		Variables: map[string]cty.Value{
-			"data": cty.MapVal(map[string]cty.Value{
-				"coder_parameter": cty.MapVal(m),
-			}),
-		},
-	}
-}
-
-func ctyValueString(val cty.Value) (string, error) {
-	switch val.Type() {
-	case cty.Bool:
-		if val.True() {
-			return "true", nil
-		} else {
-			return "false", nil
-		}
-	case cty.Number:
-		return val.AsBigFloat().String(), nil
-	case cty.String:
-		return val.AsString(), nil
-	default:
-		return "", xerrors.Errorf("only primitive types are supported - bool, number, and string")
-	}
-}
-
 func (b *Builder) getTemplateVersionWorkspaceTags() ([]database.TemplateVersionWorkspaceTag, error) {
 	if b.templateVersionWorkspaceTags != nil {
 		return *b.templateVersionWorkspaceTags, nil
diff --git a/enterprise/coderd/workspaces_test.go b/enterprise/coderd/workspaces_test.go
@@ -1527,7 +1527,7 @@ func TestWorkspaceTagsTerraform(t *testing.T) {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
-			ctx := testutil.Context(t, testutil.WaitShort)
+			ctx := testutil.Context(t, testutil.WaitSuperLong)
 
 			client, owner := coderdenttest.New(t, &coderdenttest.Options{
 				Options: &coderdtest.Options{
@@ -1559,7 +1559,6 @@ func TestWorkspaceTagsTerraform(t *testing.T) {
 			})
 			require.NoError(t, err, "failed to create template version")
 			coderdtest.AwaitTemplateVersionJobCompleted(t, templateAdmin, tv.ID)
-			require.NoError(t, err, "failed to create template version")
 			tpl := coderdtest.CreateTemplate(t, templateAdmin, owner.OrganizationID, tv.ID)
 
 			// Creating a workspace as a non-privileged user must succeed
diff --git a/provisioner/terraform/tfparse/tfparse.go b/provisioner/terraform/tfparse/tfparse.go
@@ -327,13 +327,13 @@ func (p *Parser) CoderParameterDefaults(ctx context.Context, varsDefaults map[st
 				// Issue #15795: the "default" value could also be an expression we need
 				// to evaluate.
 				// TODO: should we support coder_parameter default values that reference other coder_parameter data sources?
-				evalCtx := buildEvalContext(varsDefaults, nil)
+				evalCtx := BuildEvalContext(varsDefaults, nil)
 				val, diags := expr.Value(evalCtx)
 				if diags.HasErrors() {
 					return nil, xerrors.Errorf("failed to evaluate coder_parameter %q default value %q: %s", dataResource.Name, value, diags.Error())
 				}
 				// Do not use "val.AsString()" as it can panic
-				strVal, err := ctyValueString(val)
+				strVal, err := CtyValueString(val)
 				if err != nil {
 					return nil, xerrors.Errorf("failed to marshal coder_parameter %q default value %q as string: %s", dataResource.Name, value, err)
 				}
@@ -355,7 +355,7 @@ func evaluateWorkspaceTags(varsDefaults, paramsDefaults, workspaceTags map[strin
 	}
 	// We only add variables and coder_parameter data sources. Anything else will be
 	// undefined and will raise a Terraform error.
-	evalCtx := buildEvalContext(varsDefaults, paramsDefaults)
+	evalCtx := BuildEvalContext(varsDefaults, paramsDefaults)
 	tags := make(map[string]string)
 	for workspaceTagKey, workspaceTagValue := range workspaceTags {
 		expr, diags := hclsyntax.ParseExpression([]byte(workspaceTagValue), "expression.hcl", hcl.InitialPos)
@@ -369,7 +369,7 @@ func evaluateWorkspaceTags(varsDefaults, paramsDefaults, workspaceTags map[strin
 		}
 
 		// Do not use "val.AsString()" as it can panic
-		str, err := ctyValueString(val)
+		str, err := CtyValueString(val)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to marshal workspace tag key %q value %q as string: %s", workspaceTagKey, workspaceTagValue, err)
 		}
@@ -395,16 +395,17 @@ func validWorkspaceTagValues(tags map[string]string) error {
 	return nil
 }
 
-func buildEvalContext(varDefaults map[string]string, paramDefaults map[string]string) *hcl.EvalContext {
+// BuildEvalContext builds an evaluation context for the given variable and parameter defaults.
+func BuildEvalContext(vars map[string]string, params map[string]string) *hcl.EvalContext {
 	varDefaultsM := map[string]cty.Value{}
-	for varName, varDefault := range varDefaults {
+	for varName, varDefault := range vars {
 		varDefaultsM[varName] = cty.MapVal(map[string]cty.Value{
 			"value": cty.StringVal(varDefault),
 		})
 	}
 
 	paramDefaultsM := map[string]cty.Value{}
-	for paramName, paramDefault := range paramDefaults {
+	for paramName, paramDefault := range params {
 		paramDefaultsM[paramName] = cty.MapVal(map[string]cty.Value{
 			"value": cty.StringVal(paramDefault),
 		})
@@ -496,7 +497,10 @@ func compareSourcePos(x, y tfconfig.SourcePos) bool {
 	return x.Line < y.Line
 }
 
-func ctyValueString(val cty.Value) (string, error) {
+// CtyValueString converts a cty.Value to a string.
+// It supports only primitive types - bool, number, and string.
+// As a special case, it also supports map[string]interface{} with key "value".
+func CtyValueString(val cty.Value) (string, error) {
 	switch val.Type() {
 	case cty.Bool:
 		if val.True() {
@@ -514,7 +518,7 @@ func ctyValueString(val cty.Value) (string, error) {
 		if !ok {
 			return "", xerrors.Errorf("map does not have key 'value'")
 		}
-		return ctyValueString(valval)
+		return CtyValueString(valval)
 	default:
 		return "", xerrors.Errorf("only primitive types are supported - bool, number, and string")
 	}
