Skip to content

feat: add cli support for --require-active-version #10337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 19, 2023
Merged

feat: add cli support for --require-active-version #10337

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
825b827
feat: add cli support for --require-active-version
sreya Oct 18, 2023
8644201
add support for template edit
sreya Oct 19, 2023
e9c7b2f
make gen
sreya Oct 19, 2023
e0e28a2
golden files
sreya Oct 19, 2023
de17520
add test for start
sreya Oct 19, 2023
202d29a
add tests for start/restart
sreya Oct 19, 2023
a67768f
fix race
sreya Oct 19, 2023
8e19b79
pr comments
sreya Oct 19, 2023
9b96767
pr comments
sreya Oct 19, 2023
0ed711e
fix tests
sreya Oct 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 32 additions & 6 deletions cli/restart.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,19 +40,44 @@ func (r *RootCmd) restart() *clibase.Cmd {
return err
}

template, err := client.Template(inv.Context(), workspace.TemplateID)
buildOptions, err := asWorkspaceBuildParameters(parameterFlags.buildOptions)
if err != nil {
return err
return xerrors.Errorf("can't parse build options: %w", err)
}

buildOptions, err := asWorkspaceBuildParameters(parameterFlags.buildOptions)
template, err := client.Template(inv.Context(), workspace.TemplateID)
if err != nil {
return xerrors.Errorf("can't parse build options: %w", err)
return xerrors.Errorf("get template: %w", err)
}

versionID := workspace.LatestBuild.TemplateVersionID
if template.RequireActiveVersion {
key := "template"
resp, err := client.AuthCheck(inv.Context(), codersdk.AuthorizationRequest{
Checks: map[string]codersdk.AuthorizationCheck{
key: {
Object: codersdk.AuthorizationObject{
ResourceType: codersdk.ResourceTemplate,
OwnerID: workspace.OwnerID.String(),
OrganizationID: workspace.OrganizationID.String(),
ResourceID: template.ID.String(),
},
Action: "update",
},
},
})
if err != nil {
return xerrors.Errorf("auth check: %w", err)
}
// We don't have template admin privileges.
if !resp[key] {
versionID = template.ActiveVersionID
}
}

buildParameters, err := prepStartWorkspace(inv, client, prepStartWorkspaceArgs{
Action: WorkspaceRestart,
Template: template,
Action: WorkspaceRestart,
TemplateVersionID: versionID,

LastBuildParameters: lastBuildParameters,

Expand Down Expand Up @@ -85,6 +110,7 @@ func (r *RootCmd) restart() *clibase.Cmd {
build, err = client.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{
Transition: codersdk.WorkspaceTransitionStart,
RichParameterValues: buildParameters,
TemplateVersionID: versionID,
})
if err != nil {
return err
Expand Down
40 changes: 34 additions & 6 deletions cli/start.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (

"golang.org/x/xerrors"

"github.com/google/uuid"

"github.com/coder/coder/v2/cli/clibase"
"github.com/coder/coder/v2/cli/cliui"
"github.com/coder/coder/v2/codersdk"
Expand Down Expand Up @@ -37,7 +39,32 @@ func (r *RootCmd) start() *clibase.Cmd {

template, err := client.Template(inv.Context(), workspace.TemplateID)
if err != nil {
return err
return xerrors.Errorf("get template: %w", err)
}

versionID := workspace.LatestBuild.TemplateVersionID
if template.RequireActiveVersion {
key := "template"
resp, err := client.AuthCheck(inv.Context(), codersdk.AuthorizationRequest{
Checks: map[string]codersdk.AuthorizationCheck{
key: {
Object: codersdk.AuthorizationObject{
ResourceType: codersdk.ResourceTemplate,
OwnerID: workspace.OwnerID.String(),
OrganizationID: workspace.OrganizationID.String(),
ResourceID: template.ID.String(),
},
Action: "update",
},
},
})
if err != nil {
return xerrors.Errorf("auth check: %w", err)
}
// We don't have template admin privileges.
if !resp[key] {
versionID = template.ActiveVersionID
}
}

buildOptions, err := asWorkspaceBuildParameters(parameterFlags.buildOptions)
Expand All @@ -46,8 +73,8 @@ func (r *RootCmd) start() *clibase.Cmd {
}

buildParameters, err := prepStartWorkspace(inv, client, prepStartWorkspaceArgs{
Action: WorkspaceStart,
Template: template,
Action: WorkspaceStart,
TemplateVersionID: versionID,

LastBuildParameters: lastBuildParameters,

Expand All @@ -61,6 +88,7 @@ func (r *RootCmd) start() *clibase.Cmd {
build, err := client.CreateWorkspaceBuild(inv.Context(), workspace.ID, codersdk.CreateWorkspaceBuildRequest{
Transition: codersdk.WorkspaceTransitionStart,
RichParameterValues: buildParameters,
TemplateVersionID: versionID,
})
if err != nil {
return err
Expand All @@ -82,8 +110,8 @@ func (r *RootCmd) start() *clibase.Cmd {
}

type prepStartWorkspaceArgs struct {
Action WorkspaceCLIAction
Template codersdk.Template
Action WorkspaceCLIAction
TemplateVersionID uuid.UUID

LastBuildParameters []codersdk.WorkspaceBuildParameter

Expand All @@ -94,7 +122,7 @@ type prepStartWorkspaceArgs struct {
func prepStartWorkspace(inv *clibase.Invocation, client *codersdk.Client, args prepStartWorkspaceArgs) ([]codersdk.WorkspaceBuildParameter, error) {
ctx := inv.Context()

templateVersion, err := client.TemplateVersion(ctx, args.Template.ActiveVersionID)
templateVersion, err := client.TemplateVersion(ctx, args.TemplateVersionID)
if err != nil {
return nil, xerrors.Errorf("get template version: %w", err)
}
Expand Down
49 changes: 38 additions & 11 deletions cli/templatecreate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,12 @@ import (

func (r *RootCmd) templateCreate() *clibase.Cmd {
var (
provisioner string
provisionerTags []string
variablesFile string
variables []string
disableEveryone bool
provisioner string
provisionerTags []string
variablesFile string
variables []string
disableEveryone bool
requireActiveVersion bool

defaultTTL time.Duration
failureTTL time.Duration
Expand All @@ -46,17 +47,35 @@ func (r *RootCmd) templateCreate() *clibase.Cmd {
r.InitClient(client),
),
Handler: func(inv *clibase.Invocation) error {
if failureTTL != 0 || inactivityTTL != 0 || maxTTL != 0 {
isTemplateSchedulingOptionsSet := failureTTL != 0 || inactivityTTL != 0 || maxTTL != 0

if isTemplateSchedulingOptionsSet || requireActiveVersion {
entitlements, err := client.Entitlements(inv.Context())
var sdkErr *codersdk.Error
if xerrors.As(err, &sdkErr) && sdkErr.StatusCode() == http.StatusNotFound {
return xerrors.Errorf("your deployment appears to be an AGPL deployment, so you cannot set --failure-ttl or --inactivityTTL")
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusNotFound {
return xerrors.Errorf("your deployment appears to be an AGPL deployment, so you cannot set enterprise-only flags")
} else if err != nil {
return xerrors.Errorf("get entitlements: %w", err)
}

if !entitlements.Features[codersdk.FeatureAdvancedTemplateScheduling].Enabled {
return xerrors.Errorf("your license is not entitled to use advanced template scheduling, so you cannot set --failure-ttl or --inactivityTTL")
if isTemplateSchedulingOptionsSet {
if !entitlements.Features[codersdk.FeatureAdvancedTemplateScheduling].Enabled {
return xerrors.Errorf("your license is not entitled to use advanced template scheduling, so you cannot set --failure-ttl or --inactivityTTL")
}
}

if requireActiveVersion {
if !entitlements.Features[codersdk.FeatureAccessControl].Enabled {
return xerrors.Errorf("your license is not entitled to use template access control, so you cannot set --require-active-version")
}

experiments, exErr := client.Experiments(inv.Context())
if exErr != nil {
return xerrors.Errorf("get experiments: %w", exErr)
}

if !experiments.Enabled(codersdk.ExperimentTemplateUpdatePolicies) {
return xerrors.Errorf("--require-active-version is an experimental feature, pass 'template_update_policies' to the CODER_EXPERIMENTS env var to use this option")
}
}
}

Expand Down Expand Up @@ -129,6 +148,7 @@ func (r *RootCmd) templateCreate() *clibase.Cmd {
MaxTTLMillis: ptr.Ref(maxTTL.Milliseconds()),
TimeTilDormantMillis: ptr.Ref(inactivityTTL.Milliseconds()),
DisableEveryoneGroupAccess: disableEveryone,
RequireActiveVersion: requireActiveVersion,
}

_, err = client.CreateTemplate(inv.Context(), organization.ID, createReq)
Expand Down Expand Up @@ -205,6 +225,13 @@ func (r *RootCmd) templateCreate() *clibase.Cmd {
Value: clibase.StringOf(&provisioner),
Hidden: true,
},
{
Flag: "require-active-version",
Description: "Requires workspace builds to use the active template version. This setting does not apply to template admins. This is an enterprise-only feature.",
Value: clibase.BoolOf(&requireActiveVersion),
Default: "false",
},

cliui.SkipPromptOption(),
}
cmd.Options = append(cmd.Options, uploadFlags.options()...)
Expand Down
31 changes: 31 additions & 0 deletions cli/templatecreate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/coder/coder/v2/cli/clitest"
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/provisioner/echo"
"github.com/coder/coder/v2/provisionersdk/proto"
"github.com/coder/coder/v2/pty/ptytest"
Expand Down Expand Up @@ -393,6 +394,36 @@ func TestTemplateCreate(t *testing.T) {
}
}
})

t.Run("RequireActiveVersionInvalid", func(t *testing.T) {
t.Parallel()

dv := coderdtest.DeploymentValues(t)
dv.Experiments = []string{
string(codersdk.ExperimentTemplateUpdatePolicies),
}

client := coderdtest.New(t, &coderdtest.Options{
IncludeProvisionerDaemon: true,
DeploymentValues: dv,
})
coderdtest.CreateFirstUser(t, client)
source := clitest.CreateTemplateVersionSource(t, completeWithAgent())
args := []string{
"templates",
"create",
"my-template",
"--directory", source,
"--test.provisioner", string(database.ProvisionerTypeEcho),
"--require-active-version",
}
inv, root := clitest.New(t, args...)
clitest.SetupConfig(t, client, root)

err := inv.Run()
require.Error(t, err)
require.Contains(t, err.Error(), "your deployment appears to be an AGPL deployment, so you cannot set enterprise-only flags")
})
}

// Need this for Windows because of a known issue with Go:
Expand Down
36 changes: 31 additions & 5 deletions cli/templateedit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ func (r *RootCmd) templateEdit() *clibase.Cmd {
allowUserCancelWorkspaceJobs bool
allowUserAutostart bool
allowUserAutostop bool
requireActiveVersion bool
)
client := new(codersdk.Client)

Expand All @@ -43,7 +44,7 @@ func (r *RootCmd) templateEdit() *clibase.Cmd {
Short: "Edit the metadata of a template by name.",
Handler: func(inv *clibase.Invocation) error {
unsetAutostopRequirementDaysOfWeek := len(autostopRequirementDaysOfWeek) == 1 && autostopRequirementDaysOfWeek[0] == "none"
requiresEntitlement := (len(autostopRequirementDaysOfWeek) > 0 && !unsetAutostopRequirementDaysOfWeek) ||
requiresScheduling := (len(autostopRequirementDaysOfWeek) > 0 && !unsetAutostopRequirementDaysOfWeek) ||
autostopRequirementWeeks > 0 ||
!allowUserAutostart ||
!allowUserAutostop ||
Expand All @@ -52,18 +53,36 @@ func (r *RootCmd) templateEdit() *clibase.Cmd {
inactivityTTL != 0 ||
len(autostartRequirementDaysOfWeek) > 0

requiresEntitlement := requiresScheduling || requireActiveVersion
if requiresEntitlement {
entitlements, err := client.Entitlements(inv.Context())
var sdkErr *codersdk.Error
if xerrors.As(err, &sdkErr) && sdkErr.StatusCode() == http.StatusNotFound {
return xerrors.Errorf("your deployment appears to be an AGPL deployment, so you cannot set --max-ttl, --failure-ttl, --inactivityTTL, --allow-user-autostart=false or --allow-user-autostop=false")
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusNotFound {
return xerrors.Errorf("your deployment appears to be an AGPL deployment, so you cannot set enterprise-only flags")
} else if err != nil {
return xerrors.Errorf("get entitlements: %w", err)
}

if !entitlements.Features[codersdk.FeatureAdvancedTemplateScheduling].Enabled {
if requiresScheduling && !entitlements.Features[codersdk.FeatureAdvancedTemplateScheduling].Enabled {
return xerrors.Errorf("your license is not entitled to use advanced template scheduling, so you cannot set --max-ttl, --failure-ttl, --inactivityTTL, --allow-user-autostart=false or --allow-user-autostop=false")
}

if requireActiveVersion {
if !entitlements.Features[codersdk.FeatureAccessControl].Enabled {
return xerrors.Errorf("your license is not entitled to use template access control, so you cannot set --require-active-version")
}

experiments, exErr := client.Experiments(inv.Context())
if exErr != nil {
return xerrors.Errorf("get experiments: %w", exErr)
}

if !experiments.Enabled(codersdk.ExperimentTemplateUpdatePolicies) {
return xerrors.Errorf("--require-active-version is an experimental feature, pass 'template_update_policies' to the CODER_EXPERIMENTS env var to use this option")
}
if !entitlements.Features[codersdk.FeatureAccessControl].Enabled {
return xerrors.Errorf("your license is not entitled to use template access control, so you cannot set --require-active-version")
}
}
}

organization, err := CurrentOrganization(inv, client)
Expand Down Expand Up @@ -110,6 +129,7 @@ func (r *RootCmd) templateEdit() *clibase.Cmd {
AllowUserCancelWorkspaceJobs: allowUserCancelWorkspaceJobs,
AllowUserAutostart: allowUserAutostart,
AllowUserAutostop: allowUserAutostop,
RequireActiveVersion: requireActiveVersion,
}

_, err = client.UpdateTemplateMeta(inv.Context(), template.ID, req)
Expand Down Expand Up @@ -222,6 +242,12 @@ func (r *RootCmd) templateEdit() *clibase.Cmd {
Default: "true",
Value: clibase.BoolOf(&allowUserAutostop),
},
{
Flag: "require-active-version",
Description: "Requires workspace builds to use the active template version. This setting does not apply to template admins. This is an enterprise-only feature.",
Value: clibase.BoolOf(&requireActiveVersion),
Default: "false",
},
cliui.SkipPromptOption(),
}

Expand Down
26 changes: 26 additions & 0 deletions cli/templateedit_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1021,4 +1021,30 @@ func TestTemplateEdit(t *testing.T) {
assert.Equal(t, template.TimeTilDormantMillis, updated.TimeTilDormantMillis)
})
})

t.Run("RequireActiveVersion", func(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true})
owner := coderdtest.CreateFirstUser(t, client)

version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil)
_ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) {})

// Test the cli command with --allow-user-autostart.
cmdArgs := []string{
"templates",
"edit",
template.Name,
"--require-active-version",
}
inv, root := clitest.New(t, cmdArgs...)
//nolint
clitest.SetupConfig(t, client, root)

ctx := testutil.Context(t, testutil.WaitLong)
err := inv.WithContext(ctx).Run()
require.Error(t, err)
require.ErrorContains(t, err, "appears to be an AGPL deployment")
})
}
5 changes: 5 additions & 0 deletions cli/testdata/coder_templates_create_--help.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,11 @@ OPTIONS:
--provisioner-tag string-array
Specify a set of tags to target provisioner daemons.

--require-active-version bool (default: false)
Requires workspace builds to use the active template version. This
setting does not apply to template admins. This is an enterprise-only
feature.

--var string-array
Alias of --variable.

Expand Down
Loading