fix: disallow lifecycle endpoints for prebuilt workspaces #19264
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ssncferreira
commented
Aug 8, 2025
| // Prebuild lifecycle is managed by the reconciliation loop, with scheduling behavior | ||
| // defined per preset at the template level, not per workspace. | ||
| if workspace.IsPrebuild() { | ||
| httpapi.Write(ctx, rw, http.StatusConflict, codersdk.Response{ |
There was a problem hiding this comment.
409 Conflict based on discussion: #19252 (comment)
ssncferreira
added a commit
that referenced
this pull request
Aug 13, 2025
## Description This PR ensures that prebuilt workspaces are properly excluded from the lifecycle executor and treated as a separate class of workspaces, fully managed by the prebuild reconciliation loop. It introduces two lifecycle guarantees: * When a prebuilt workspace is created (i.e., when the workspace build completes), all lifecycle-related fields are unset, ensuring the workspace does not participate in TTL, autostop, autostart, dormancy, or auto-deletion logic. * When a prebuilt workspace is claimed, it transitions into a regular user workspace. At this point, all lifecycle fields are correctly populated according to template-level configurations, allowing the workspace to be managed by the lifecycle executor as expected. ## Changes * Prebuilt workspaces now have all lifecycle-relevant fields unset during creation * When a prebuild is claimed: * Lifecycle fields are set based on template and workspace level configurations. This ensures a clean transition into the standard workspace lifecycle flow. * Updated lifecycle-related SQL update queries to explicitly exclude prebuilt workspaces. ## Relates Related issue: #18898 To reduce the scope of this PR and make the review process more manageable, the original implementation has been split into the following focused PRs: * #19259 * #19263 * #19264 * #19265 These PRs should be considered in conjunction with this one to understand the complete set of lifecycle separation changes for prebuilt workspaces.
ssncferreira
commented
Aug 13, 2025
| @@ -1115,12 +1126,20 @@ func (api *API) putWorkspaceAutostart(rw http.ResponseWriter, r *http.Request) { | |||
| return | |||
| } | |||
|
|
|||
| // Use injected Clock to allow time mocking in tests | |||
| now := api.Clock.Now() | |||
There was a problem hiding this comment.
If I understand correctly, all timestamps in the database are stored in UTC.
Do we need to explicitly set this to UTC? I see it being done in other places, for instance, in setting nextStartAt: https://github.com/coder/coder/blob/main/coderd/workspaces.go#L574
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR updates the API to prevent lifecycle configuration endpoints from being used on prebuilt workspaces. Since prebuilds are managed by the reconciliation loop and do not participate in the regular workspace lifecycle, they must not support per-workspace overrides for fields like deadline, TTL, autostart, or dormancy.
Attempting to use these endpoints on a prebuilt workspace will now return a clear validation error (
409 Conflict) with an appropriate explanation. This prevents accidental misconfiguration and preserves the lifecycle separation between prebuilds and regular workspaces.Changes
The following endpoints now return an error if the target workspace is a prebuild:
PUT /workspaces/{workspace}/extendPUT /workspaces/{workspace}/ttlPUT /workspaces/{workspace}/autostartPUT /workspaces/{workspace}/dormantUpdate endpoints logic to use the API clock in order to allow time mocking in tests.
Related with: