Skip to content

fix: remove unnecessary user lookup in agent API calls #17934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2025
Merged

fix: remove unnecessary user lookup in agent API calls #17934

merged 1 commit into from
May 20, 2025

Conversation

ThomasK33
Copy link
Member

@ThomasK33 ThomasK33 commented May 20, 2025
edited
Loading

Use workspace.OwnerUsername instead of fetching the owner

This PR optimizes the agent API by using the workspace.OwnerUsername field directly instead of making an additional database query to fetch the owner's username. The change removes the need to call GetUserByID in the manifest API and workspace agent RPC endpoints.

An issue arose when the agent token was scoped without access to user data (api_key_scope = "no_user_data"), causing the agent to fail to fetch the manifest due to an RBAC issue.

Change-Id: I3b6e7581134e2374b364ee059e3b18ece3d98b41
Signed-off-by: Thomas Kosiewski tk@coder.com

@ThomasK33 ThomasK33 self-assigned this May 20, 2025
@ThomasK33 Graphite App
Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 requested a review from dannykopping May 20, 2025 11:05
@ThomasK33 ThomasK33 force-pushed the thomask33/05-20-fix_remove_unnecessary_user_lookup_in_agent_api_calls branch from e0f806f to b1f8370 Compare May 20, 2025 11:12
@ThomasK33 ThomasK33 marked this pull request as ready for review May 20, 2025 11:35
dannykopping
dannykopping approved these changes May 20, 2025
View reviewed changes
Copy link
Contributor

@dannykopping dannykopping left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, although I'm not sure how far this approach of restricting agent access with RBAC will take us.

@Emyrk
Copy link
Member

Emyrk commented May 20, 2025

We've had this issue that we need username, template name, workspace name, etc. So we fetch the original object for that 1 or two fields, but the caller might not have access to this related object.

We have created some views like workspace_build_with_user to just join in these fields, and not require the RBAC to the original user.

The views are awkward to manage, but solves the same issue you are hitting. Since agent keys can only hit a small subset of routes, I think we can manage its implications.

@ThomasK33 Graphite App
Copy link
Member Author

ThomasK33 commented May 20, 2025
edited
Loading

Oh, that's a great point. I just checked the SQL queries for the call of GetWorkspaceByID, and it uses the workspaces_expanded (view) (query) under the hood.

So the information is already getting joined as you suggested. I guess those follow-up calls were genuinely redundant.

@ThomasK33
fix: remove unnecessary user lookup in agent API calls
840c0db 
Change-Id: I3b6e7581134e2374b364ee059e3b18ece3d98b41
Signed-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33 ThomasK33 force-pushed the thomask33/05-20-fix_remove_unnecessary_user_lookup_in_agent_api_calls branch from b1f8370 to 840c0db Compare May 20, 2025 14:55
@Emyrk
Copy link
Member

Emyrk commented May 20, 2025

So the information is already getting joined as you suggested. I guess those follow-up calls were genuinely redundant.

Yup! I imagine there are a few other places that are redundant now with the view

@ThomasK33 ThomasK33 merged commit 93f17bc into main May 20, 2025
37 checks passed
@ThomasK33 Graphite App
Copy link
Member Author

Merge activity

@ThomasK33 ThomasK33 deleted the thomask33/05-20-fix_remove_unnecessary_user_lookup_in_agent_api_calls branch May 20, 2025 15:07
@github-actions github-actions bot locked and limited conversation to collaborators May 20, 2025
@bpmct
Copy link
Member

bpmct commented May 20, 2025

/cherry-pick release/2.22

1 similar comment
@bpmct
Copy link
Member

bpmct commented May 20, 2025

/cherry-pick release/2.22

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dannykopping dannykopping dannykopping approved these changes

@Emyrk Emyrk Emyrk approved these changes

Assignees

@ThomasK33 ThomasK33

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ThomasK33 @Emyrk @bpmct @dannykopping