Skip to content

Commit 37f6b38

Browse files
sreyasreya
authored
fix: return 403 when rebuilding workspace with require_active_version (#11114)
1 parent 8488afa commit 37f6b38

File tree

6 files changed

+7
-6
lines changed

6 files changed

+7
-6
lines changed

cli/restart.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ func (r *RootCmd) restart() *clibase.Cmd {
6363
build, err = client.CreateWorkspaceBuild(ctx, workspace.ID, startReq)
6464
// It's possible for a workspace build to fail due to the template requiring starting
6565
// workspaces with the active version.
66-
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusUnauthorized {
66+
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusForbidden {
6767
_, _ = fmt.Fprintln(inv.Stdout, "Failed to restart with the template version from your last build. Policy may require you to restart with the current active template version.")
6868
build, err = startWorkspace(inv, client, workspace, parameterFlags, WorkspaceUpdate)
6969
if err != nil {

cli/ssh.go

+2-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ import (
1414
"sync"
1515
"time"
1616

17-
"github.com/coder/retry"
1817
"github.com/gen2brain/beeep"
1918
"github.com/gofrs/flock"
2019
"github.com/google/uuid"
@@ -25,6 +24,8 @@ import (
2524
"golang.org/x/xerrors"
2625
"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
2726

27+
"github.com/coder/retry"
28+
2829
"cdr.dev/slog"
2930
"cdr.dev/slog/sloggers/sloghuman"
3031

cli/start.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ func (r *RootCmd) start() *clibase.Cmd {
3434
build, err := startWorkspace(inv, client, workspace, parameterFlags, WorkspaceStart)
3535
// It's possible for a workspace build to fail due to the template requiring starting
3636
// workspaces with the active version.
37-
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusUnauthorized {
37+
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusForbidden {
3838
_, _ = fmt.Fprintln(inv.Stdout, "Failed to restart with the template version from your last build. Policy may require you to restart with the current active template version.")
3939
build, err = startWorkspace(inv, client, workspace, parameterFlags, WorkspaceUpdate)
4040
if err != nil {

coderd/workspacebuilds.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -379,7 +379,7 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
379379
if xerrors.As(err, &buildErr) {
380380
var authErr dbauthz.NotAuthorizedError
381381
if xerrors.As(err, &authErr) {
382-
buildErr.Status = http.StatusUnauthorized
382+
buildErr.Status = http.StatusForbidden
383383
}
384384

385385
if buildErr.Status == http.StatusInternalServerError {

coderd/wsbuilder/wsbuilder.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -353,7 +353,7 @@ func (b *Builder) buildTx(authFunc func(action rbac.Action, object rbac.Objecter
353353
if err != nil {
354354
code := http.StatusInternalServerError
355355
if rbac.IsUnauthorizedError(err) {
356-
code = http.StatusUnauthorized
356+
code = http.StatusForbidden
357357
}
358358
return BuildError{code, "insert workspace build", err}
359359
}

enterprise/coderd/workspacebuilds_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ func TestWorkspaceBuild(t *testing.T) {
103103
{
104104
Name: "MemberFails",
105105
Client: memberClient,
106-
ExpectedStatusCode: http.StatusUnauthorized,
106+
ExpectedStatusCode: http.StatusForbidden,
107107
},
108108
}
109109

0 commit comments

Comments
 (0)