From 4f3591ff1e9ab28cc48015f19219ea1e4284075d Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 08:10:05 +0200 Subject: [PATCH 01/12] Config field --- coderd/apidoc/docs.go | 3 +++ coderd/apidoc/swagger.json | 3 +++ codersdk/deployment.go | 15 +++++++++++++-- docs/api/general.md | 1 + docs/api/schemas.md | 3 +++ docs/cli/server.md | 11 +++++++++++ site/src/api/typesGenerated.ts | 1 + 7 files changed, 35 insertions(+), 2 deletions(-) diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index aef7e1b05f89d..91f2e19366041 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -7270,6 +7270,9 @@ const docTemplate = `{ "disable_session_expiry_refresh": { "type": "boolean" }, + "disable_terraform_debug_mode": { + "type": "boolean" + }, "experiments": { "type": "array", "items": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index c3570a10f9c36..e81be5d7568e0 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -6493,6 +6493,9 @@ "disable_session_expiry_refresh": { "type": "boolean" }, + "disable_terraform_debug_mode": { + "type": "boolean" + }, "experiments": { "type": "array", "items": { diff --git a/codersdk/deployment.go b/codersdk/deployment.go index dc758e5a76242..de9ad13367ca8 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -165,6 +165,7 @@ type DeploymentValues struct { WgtunnelHost clibase.String `json:"wgtunnel_host,omitempty" typescript:",notnull"` DisableOwnerWorkspaceExec clibase.Bool `json:"disable_owner_workspace_exec,omitempty" typescript:",notnull"` ProxyHealthStatusInterval clibase.Duration `json:"proxy_health_status_interval,omitempty" typescript:",notnull"` + DisableTerraformDebugMode clibase.Bool `json:"disable_terraform_debug_mode,omitempty" typescript:",notnull"` Config clibase.YAMLConfigPath `json:"config,omitempty" typescript:",notnull"` WriteConfig clibase.Bool `json:"write_config,omitempty" typescript:",notnull"` @@ -1215,10 +1216,20 @@ when required by your organization's security policy.`, YAML: "stackdriverPath", Annotations: clibase.Annotations{}.Mark(annotationExternalProxies, "true"), }, + { + Name: "Disable Terraform debug mode", + Description: "Disable debug mode while processing Terraform templates.", + Flag: "disable-terraform-debug-mode", + Env: "CODER_DISABLE_TERRAFORM_DEBUG_MODE", + Default: "false", + Value: &c.DisableTerraformDebugMode, + Group: &deploymentGroupIntrospectionLogging, + YAML: "disableTerraformDebugMode", + }, // ☢️ Dangerous settings { - Name: "DANGEROUS: Allow all CORs requests", - Description: "For security reasons, CORs requests are blocked except between workspace apps owned by the same user. If external requests are required, setting this to true will set all cors headers as '*'. This should never be used in production.", + Name: "DANGEROUS: Allow all CORS requests", + Description: "For security reasons, CORS requests are blocked except between workspace apps owned by the same user. If external requests are required, setting this to true will set all cors headers as '*'. This should never be used in production.", Flag: "dangerous-allow-cors-requests", Env: "CODER_DANGEROUS_ALLOW_CORS_REQUESTS", Hidden: true, // Hidden, should only be used by yarn dev server diff --git a/docs/api/general.md b/docs/api/general.md index 1655fb9d2fb00..c25b98959d631 100644 --- a/docs/api/general.md +++ b/docs/api/general.md @@ -196,6 +196,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \ "disable_password_auth": true, "disable_path_apps": true, "disable_session_expiry_refresh": true, + "disable_terraform_debug_mode": true, "experiments": ["string"], "git_auth": { "value": [ diff --git a/docs/api/schemas.md b/docs/api/schemas.md index 08b77eba69a11..4c6f62c33ec64 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -1873,6 +1873,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in "disable_password_auth": true, "disable_path_apps": true, "disable_session_expiry_refresh": true, + "disable_terraform_debug_mode": true, "experiments": ["string"], "git_auth": { "value": [ @@ -2204,6 +2205,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in "disable_password_auth": true, "disable_path_apps": true, "disable_session_expiry_refresh": true, + "disable_terraform_debug_mode": true, "experiments": ["string"], "git_auth": { "value": [ @@ -2398,6 +2400,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in | `disable_password_auth` | boolean | false | | | | `disable_path_apps` | boolean | false | | | | `disable_session_expiry_refresh` | boolean | false | | | +| `disable_terraform_debug_mode` | boolean | false | | | | `experiments` | array of string | false | | | | `git_auth` | [clibase.Struct-array_codersdk_GitAuthConfig](#clibasestruct-array_codersdk_gitauthconfig) | false | | | | `http_address` | string | false | | Http address is a string because it may be set to zero to disable. | diff --git a/docs/cli/server.md b/docs/cli/server.md index 61a1e052b0f10..70f6f70f51711 100644 --- a/docs/cli/server.md +++ b/docs/cli/server.md @@ -223,6 +223,17 @@ Disable workspace apps that are not served from subdomains. Path-based apps can Disable automatic session expiry bumping due to activity. This forces all sessions to become invalid after the session expiry duration has been reached. +### --disable-terraform-debug-mode + +| | | +| ----------- | ------------------------------------------------------------ | +| Type | bool | +| Environment | $CODER_DISABLE_TERRAFORM_DEBUG_MODE | +| YAML | introspection.logging.disableTerraformDebugMode | +| Default | false | + +Disable debug mode while processing Terraform templates. + ### --swagger-enable | | | diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index b026033973e1b..3544931373af2 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -374,6 +374,7 @@ export interface DeploymentValues { readonly wgtunnel_host?: string readonly disable_owner_workspace_exec?: boolean readonly proxy_health_status_interval?: number + readonly disable_terraform_debug_mode?: boolean // This is likely an enum in an external package ("github.com/coder/coder/cli/clibase.YAMLConfigPath") readonly config?: string readonly write_config?: boolean From bf4aace19f44159b5dd35f7e8d94a38735b999df Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 09:37:44 +0200 Subject: [PATCH 02/12] Disable debug mode --- coderd/workspacebuilds.go | 3 ++- coderd/workspacebuilds_test.go | 39 ++++++++++++++++++++++++++++++++++ coderd/wsbuilder/wsbuilder.go | 26 ++++++++++++++++++----- 3 files changed, 62 insertions(+), 6 deletions(-) diff --git a/coderd/workspacebuilds.go b/coderd/workspacebuilds.go index b999f4a4b52c0..18075b3d87cf7 100644 --- a/coderd/workspacebuilds.go +++ b/coderd/workspacebuilds.go @@ -316,7 +316,8 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { builder := wsbuilder.New(workspace, database.WorkspaceTransition(createBuild.Transition)). Initiator(apiKey.UserID). RichParameterValues(createBuild.RichParameterValues). - LogLevel(string(createBuild.LogLevel)) + LogLevel(string(createBuild.LogLevel)). + DeploymentValues(api.Options.DeploymentValues) if createBuild.TemplateVersionID != uuid.Nil { builder = builder.VersionID(createBuild.TemplateVersionID) diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index 780872a03aeec..6ef035ffd7431 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -640,6 +640,45 @@ func TestWorkspaceBuildStatus(t *testing.T) { func TestWorkspaceBuildDebugMode(t *testing.T) { t.Parallel() + t.Run("DebugModeDisabled", func(t *testing.T) { + t.Parallel() + + // Create user + deploymentValues := coderdtest.DeploymentValues(t) + deploymentValues.DisableTerraformDebugMode = true + + templateAuthorClient := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + DeploymentValues: deploymentValues, + }) + templateAuthor := coderdtest.CreateFirstUser(t, templateAuthorClient) + + // Template author: create a template + version := coderdtest.CreateTemplateVersion(t, templateAuthorClient, templateAuthor.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, templateAuthorClient, templateAuthor.OrganizationID, version.ID) + coderdtest.AwaitTemplateVersionJob(t, templateAuthorClient, version.ID) + + // Template author: create a workspace + workspace := coderdtest.CreateWorkspace(t, templateAuthorClient, templateAuthor.OrganizationID, template.ID) + coderdtest.AwaitWorkspaceBuildJob(t, templateAuthorClient, workspace.LatestBuild.ID) + + // Template author: try to start a workspace build in debug mode + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + _, err := templateAuthorClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ + TemplateVersionID: workspace.LatestBuild.TemplateVersionID, + Transition: codersdk.WorkspaceTransitionStart, + LogLevel: "debug", + }) + + // Template author: expect an error as the debug mode is disabled + require.NotNil(t, err) + var sdkError *codersdk.Error + isSdkError := xerrors.As(err, &sdkError) + require.True(t, isSdkError) + require.Contains(t, sdkError.Message, "Terraform debug mode is disabled in the deployment configuration.") + }) t.Run("AsRegularUser", func(t *testing.T) { t.Parallel() diff --git a/coderd/wsbuilder/wsbuilder.go b/coderd/wsbuilder/wsbuilder.go index e6980788cb9e8..ed2a60633e7e5 100644 --- a/coderd/wsbuilder/wsbuilder.go +++ b/coderd/wsbuilder/wsbuilder.go @@ -34,11 +34,13 @@ import ( // build, job, err := b.Build(...) type Builder struct { // settings that control the kind of build you get - workspace database.Workspace - trans database.WorkspaceTransition - version versionTarget - state stateTarget - logLevel string + workspace database.Workspace + trans database.WorkspaceTransition + version versionTarget + state stateTarget + logLevel string + deploymentValues *codersdk.DeploymentValues + richParameterValues []codersdk.WorkspaceBuildParameter initiator uuid.UUID reason database.BuildReason @@ -128,6 +130,12 @@ func (b Builder) LogLevel(l string) Builder { return b } +func (b Builder) DeploymentValues(dv *codersdk.DeploymentValues) Builder { + // nolint: revive + b.deploymentValues = dv + return b +} + func (b Builder) Initiator(u uuid.UUID) Builder { // nolint: revive b.initiator = u @@ -638,6 +646,14 @@ func (b *Builder) authorize(authFunc func(action rbac.Action, object rbac.Object } } + if b.logLevel != "" && b.deploymentValues != nil && b.deploymentValues.DisableTerraformDebugMode { + return BuildError{ + http.StatusBadRequest, + "Terraform debug mode is disabled in the deployment configuration.", + xerrors.New("Terraform debug mode is disabled in the deployment configuration."), + } + } + if b.logLevel != "" && !authFunc(rbac.ActionUpdate, template) { return BuildError{ http.StatusBadRequest, From ec5b3ffa7fb4ad8fe47cbc7156e9dd82536e1c74 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 09:57:17 +0200 Subject: [PATCH 03/12] fix --- cli/testdata/coder_server_--help.golden | 3 +++ cli/testdata/server-config.yaml.golden | 3 +++ enterprise/cli/testdata/coder_server_--help.golden | 3 +++ 3 files changed, 9 insertions(+) diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index 70e81cd42c997..892d9a5fe7e06 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -74,6 +74,9 @@ Use a YAML configuration file when your server launch become unwieldy. Write out the current server config as YAML to stdout. Introspection / Logging Options + --disable-terraform-debug-mode bool, $CODER_DISABLE_TERRAFORM_DEBUG_MODE (default: false) + Disable debug mode while processing Terraform templates. + --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden index bfd9ed467bca8..596403458c3b9 100644 --- a/cli/testdata/server-config.yaml.golden +++ b/cli/testdata/server-config.yaml.golden @@ -197,6 +197,9 @@ introspection: # Output Stackdriver compatible logs to a given file. # (default: , type: string) stackdriverPath: "" + # Disable debug mode while processing Terraform templates. + # (default: false, type: bool) + disableTerraformDebugMode: false oauth2: github: # Client ID for Login with GitHub. diff --git a/enterprise/cli/testdata/coder_server_--help.golden b/enterprise/cli/testdata/coder_server_--help.golden index 70e81cd42c997..892d9a5fe7e06 100644 --- a/enterprise/cli/testdata/coder_server_--help.golden +++ b/enterprise/cli/testdata/coder_server_--help.golden @@ -74,6 +74,9 @@ Use a YAML configuration file when your server launch become unwieldy. Write out the current server config as YAML to stdout. Introspection / Logging Options + --disable-terraform-debug-mode bool, $CODER_DISABLE_TERRAFORM_DEBUG_MODE (default: false) + Disable debug mode while processing Terraform templates. + --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. From b6185b2047657a2be337799b3d6b013f5b1634ef Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 12:17:06 +0200 Subject: [PATCH 04/12] WIP --- coderd/apidoc/docs.go | 2 +- coderd/apidoc/swagger.json | 2 +- coderd/workspacebuilds_test.go | 17 ++++++++++------- coderd/wsbuilder/wsbuilder.go | 2 +- codersdk/deployment.go | 14 +++++++------- docs/api/general.md | 2 +- docs/api/schemas.md | 6 +++--- docs/cli/server.md | 16 ++++++++-------- site/src/api/typesGenerated.ts | 2 +- 9 files changed, 33 insertions(+), 30 deletions(-) diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index 91f2e19366041..9561ab112e18b 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -7270,7 +7270,7 @@ const docTemplate = `{ "disable_session_expiry_refresh": { "type": "boolean" }, - "disable_terraform_debug_mode": { + "enable_terraform_debug_mode": { "type": "boolean" }, "experiments": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index e81be5d7568e0..3d928d115fc17 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -6493,7 +6493,7 @@ "disable_session_expiry_refresh": { "type": "boolean" }, - "disable_terraform_debug_mode": { + "enable_terraform_debug_mode": { "type": "boolean" }, "experiments": { diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index 6ef035ffd7431..9b31b7f5f3b79 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -645,12 +645,9 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { // Create user deploymentValues := coderdtest.DeploymentValues(t) - deploymentValues.DisableTerraformDebugMode = true + deploymentValues.EnableTerraformDebugMode = false - templateAuthorClient := coderdtest.New(t, &coderdtest.Options{ - IncludeProvisionerDaemon: true, - DeploymentValues: deploymentValues, - }) + templateAuthorClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) templateAuthor := coderdtest.CreateFirstUser(t, templateAuthorClient) // Template author: create a template @@ -683,7 +680,10 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { t.Parallel() // Create users - templateAuthorClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + deploymentValues := coderdtest.DeploymentValues(t) + deploymentValues.EnableTerraformDebugMode = true + + templateAuthorClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) templateAuthor := coderdtest.CreateFirstUser(t, templateAuthorClient) regularUserClient, _ := coderdtest.CreateAnotherUser(t, templateAuthorClient, templateAuthor.OrganizationID) @@ -717,7 +717,10 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { t.Parallel() // Create users - adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + deploymentValues := coderdtest.DeploymentValues(t) + deploymentValues.EnableTerraformDebugMode = true + + adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) admin := coderdtest.CreateFirstUser(t, adminClient) templateAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID, rbac.RoleTemplateAdmin()) diff --git a/coderd/wsbuilder/wsbuilder.go b/coderd/wsbuilder/wsbuilder.go index ed2a60633e7e5..224eacc02b013 100644 --- a/coderd/wsbuilder/wsbuilder.go +++ b/coderd/wsbuilder/wsbuilder.go @@ -646,7 +646,7 @@ func (b *Builder) authorize(authFunc func(action rbac.Action, object rbac.Object } } - if b.logLevel != "" && b.deploymentValues != nil && b.deploymentValues.DisableTerraformDebugMode { + if b.logLevel != "" && b.deploymentValues != nil && !b.deploymentValues.EnableTerraformDebugMode { return BuildError{ http.StatusBadRequest, "Terraform debug mode is disabled in the deployment configuration.", diff --git a/codersdk/deployment.go b/codersdk/deployment.go index de9ad13367ca8..27d0ac623cd48 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -165,7 +165,7 @@ type DeploymentValues struct { WgtunnelHost clibase.String `json:"wgtunnel_host,omitempty" typescript:",notnull"` DisableOwnerWorkspaceExec clibase.Bool `json:"disable_owner_workspace_exec,omitempty" typescript:",notnull"` ProxyHealthStatusInterval clibase.Duration `json:"proxy_health_status_interval,omitempty" typescript:",notnull"` - DisableTerraformDebugMode clibase.Bool `json:"disable_terraform_debug_mode,omitempty" typescript:",notnull"` + EnableTerraformDebugMode clibase.Bool `json:"enable_terraform_debug_mode,omitempty" typescript:",notnull"` Config clibase.YAMLConfigPath `json:"config,omitempty" typescript:",notnull"` WriteConfig clibase.Bool `json:"write_config,omitempty" typescript:",notnull"` @@ -1217,14 +1217,14 @@ when required by your organization's security policy.`, Annotations: clibase.Annotations{}.Mark(annotationExternalProxies, "true"), }, { - Name: "Disable Terraform debug mode", - Description: "Disable debug mode while processing Terraform templates.", - Flag: "disable-terraform-debug-mode", - Env: "CODER_DISABLE_TERRAFORM_DEBUG_MODE", + Name: "Enable Terraform debug mode", + Description: "Enable debug mode while processing Terraform templates.", + Flag: "enable-terraform-debug-mode", + Env: "CODER_ENABLE_TERRAFORM_DEBUG_MODE", Default: "false", - Value: &c.DisableTerraformDebugMode, + Value: &c.EnableTerraformDebugMode, Group: &deploymentGroupIntrospectionLogging, - YAML: "disableTerraformDebugMode", + YAML: "enableTerraformDebugMode", }, // ☢️ Dangerous settings { diff --git a/docs/api/general.md b/docs/api/general.md index c25b98959d631..ce36d1054fbed 100644 --- a/docs/api/general.md +++ b/docs/api/general.md @@ -196,7 +196,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \ "disable_password_auth": true, "disable_path_apps": true, "disable_session_expiry_refresh": true, - "disable_terraform_debug_mode": true, + "enable_terraform_debug_mode": true, "experiments": ["string"], "git_auth": { "value": [ diff --git a/docs/api/schemas.md b/docs/api/schemas.md index 4c6f62c33ec64..6db4b529d0587 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -1873,7 +1873,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in "disable_password_auth": true, "disable_path_apps": true, "disable_session_expiry_refresh": true, - "disable_terraform_debug_mode": true, + "enable_terraform_debug_mode": true, "experiments": ["string"], "git_auth": { "value": [ @@ -2205,7 +2205,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in "disable_password_auth": true, "disable_path_apps": true, "disable_session_expiry_refresh": true, - "disable_terraform_debug_mode": true, + "enable_terraform_debug_mode": true, "experiments": ["string"], "git_auth": { "value": [ @@ -2400,7 +2400,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in | `disable_password_auth` | boolean | false | | | | `disable_path_apps` | boolean | false | | | | `disable_session_expiry_refresh` | boolean | false | | | -| `disable_terraform_debug_mode` | boolean | false | | | +| `enable_terraform_debug_mode` | boolean | false | | | | `experiments` | array of string | false | | | | `git_auth` | [clibase.Struct-array_codersdk_GitAuthConfig](#clibasestruct-array_codersdk_gitauthconfig) | false | | | | `http_address` | string | false | | Http address is a string because it may be set to zero to disable. | diff --git a/docs/cli/server.md b/docs/cli/server.md index 70f6f70f51711..a50dfe47950b5 100644 --- a/docs/cli/server.md +++ b/docs/cli/server.md @@ -223,16 +223,16 @@ Disable workspace apps that are not served from subdomains. Path-based apps can Disable automatic session expiry bumping due to activity. This forces all sessions to become invalid after the session expiry duration has been reached. -### --disable-terraform-debug-mode +### --enable-terraform-debug-mode -| | | -| ----------- | ------------------------------------------------------------ | -| Type | bool | -| Environment | $CODER_DISABLE_TERRAFORM_DEBUG_MODE | -| YAML | introspection.logging.disableTerraformDebugMode | -| Default | false | +| | | +| ----------- | ----------------------------------------------------------- | +| Type | bool | +| Environment | $CODER_ENABLE_TERRAFORM_DEBUG_MODE | +| YAML | introspection.logging.enableTerraformDebugMode | +| Default | false | -Disable debug mode while processing Terraform templates. +Enable debug mode while processing Terraform templates. ### --swagger-enable diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 3544931373af2..0068cc192033e 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -374,7 +374,7 @@ export interface DeploymentValues { readonly wgtunnel_host?: string readonly disable_owner_workspace_exec?: boolean readonly proxy_health_status_interval?: number - readonly disable_terraform_debug_mode?: boolean + readonly enable_terraform_debug_mode?: boolean // This is likely an enum in an external package ("github.com/coder/coder/cli/clibase.YAMLConfigPath") readonly config?: string readonly write_config?: boolean From 9bd246b39f127ce7ff65ea85e19bce13fcf0f0cc Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 12:18:09 +0200 Subject: [PATCH 05/12] make update-golden-files --- cli/testdata/coder_server_--help.golden | 4 ++-- cli/testdata/server-config.yaml.golden | 4 ++-- enterprise/cli/testdata/coder_server_--help.golden | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index 892d9a5fe7e06..27c027bbe5fd9 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -74,8 +74,8 @@ Use a YAML configuration file when your server launch become unwieldy. Write out the current server config as YAML to stdout. Introspection / Logging Options - --disable-terraform-debug-mode bool, $CODER_DISABLE_TERRAFORM_DEBUG_MODE (default: false) - Disable debug mode while processing Terraform templates. + --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) + Enable debug mode while processing Terraform templates. --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden index 596403458c3b9..750bffac6b194 100644 --- a/cli/testdata/server-config.yaml.golden +++ b/cli/testdata/server-config.yaml.golden @@ -197,9 +197,9 @@ introspection: # Output Stackdriver compatible logs to a given file. # (default: , type: string) stackdriverPath: "" - # Disable debug mode while processing Terraform templates. + # Enable debug mode while processing Terraform templates. # (default: false, type: bool) - disableTerraformDebugMode: false + enableTerraformDebugMode: false oauth2: github: # Client ID for Login with GitHub. diff --git a/enterprise/cli/testdata/coder_server_--help.golden b/enterprise/cli/testdata/coder_server_--help.golden index 892d9a5fe7e06..27c027bbe5fd9 100644 --- a/enterprise/cli/testdata/coder_server_--help.golden +++ b/enterprise/cli/testdata/coder_server_--help.golden @@ -74,8 +74,8 @@ Use a YAML configuration file when your server launch become unwieldy. Write out the current server config as YAML to stdout. Introspection / Logging Options - --disable-terraform-debug-mode bool, $CODER_DISABLE_TERRAFORM_DEBUG_MODE (default: false) - Disable debug mode while processing Terraform templates. + --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) + Enable debug mode while processing Terraform templates. --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. From 0d5850fbf27eb23b435f8334bcf6de376181fd93 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 12:32:19 +0200 Subject: [PATCH 06/12] Adjust tests --- coderd/workspacebuilds_test.go | 56 ++++++++++++++++++++++++++++------ coderd/wsbuilder/wsbuilder.go | 12 ++++---- 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index 9b31b7f5f3b79..203510557c983 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -711,7 +711,7 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { var sdkError *codersdk.Error isSdkError := xerrors.As(err, &sdkError) require.True(t, isSdkError) - require.Contains(t, sdkError.Message, "Workspace builds with a custom log level are restricted to template authors only.") + require.Contains(t, sdkError.Message, "Workspace builds with a custom log level are restricted to administrators only.") }) t.Run("AsTemplateAuthor", func(t *testing.T) { t.Parallel() @@ -722,7 +722,43 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) admin := coderdtest.CreateFirstUser(t, adminClient) - templateAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID, rbac.RoleTemplateAdmin()) + templateAuthorClient, _ := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID, rbac.RoleTemplateAdmin()) + + // Template author: create a template + version := coderdtest.CreateTemplateVersion(t, templateAuthorClient, admin.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, templateAuthorClient, admin.OrganizationID, version.ID) + coderdtest.AwaitTemplateVersionJob(t, templateAuthorClient, version.ID) + + // Template author: create a workspace + workspace := coderdtest.CreateWorkspace(t, templateAuthorClient, admin.OrganizationID, template.ID) + coderdtest.AwaitWorkspaceBuildJob(t, templateAuthorClient, workspace.LatestBuild.ID) + + // Template author: try to start a workspace build in debug mode + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + _, err := templateAuthorClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ + TemplateVersionID: workspace.LatestBuild.TemplateVersionID, + Transition: codersdk.WorkspaceTransitionStart, + LogLevel: "debug", + }) + + // Template author: expect an error as the debug mode is disabled + require.NotNil(t, err) + var sdkError *codersdk.Error + isSdkError := xerrors.As(err, &sdkError) + require.True(t, isSdkError) + require.Contains(t, sdkError.Message, "Workspace builds with a custom log level are restricted to administrators only.") + }) + t.Run("AsAdmin", func(t *testing.T) { + t.Parallel() + + // Create users + deploymentValues := coderdtest.DeploymentValues(t) + deploymentValues.EnableTerraformDebugMode = true + + adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) + admin := coderdtest.CreateFirstUser(t, adminClient) // Interact as template admin echoResponses := &echo.Responses{ @@ -755,19 +791,19 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { }, }}, } - version := coderdtest.CreateTemplateVersion(t, templateAdminClient, admin.OrganizationID, echoResponses) - template := coderdtest.CreateTemplate(t, templateAdminClient, admin.OrganizationID, version.ID) - coderdtest.AwaitTemplateVersionJob(t, templateAdminClient, version.ID) + version := coderdtest.CreateTemplateVersion(t, adminClient, admin.OrganizationID, echoResponses) + template := coderdtest.CreateTemplate(t, adminClient, admin.OrganizationID, version.ID) + coderdtest.AwaitTemplateVersionJob(t, adminClient, version.ID) // Create workspace - workspace := coderdtest.CreateWorkspace(t, templateAdminClient, admin.OrganizationID, template.ID) - coderdtest.AwaitWorkspaceBuildJob(t, templateAdminClient, workspace.LatestBuild.ID) + workspace := coderdtest.CreateWorkspace(t, adminClient, admin.OrganizationID, template.ID) + coderdtest.AwaitWorkspaceBuildJob(t, adminClient, workspace.LatestBuild.ID) // Create workspace build ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() - build, err := templateAdminClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ + build, err := adminClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ TemplateVersionID: workspace.LatestBuild.TemplateVersionID, Transition: codersdk.WorkspaceTransitionStart, ProvisionerState: []byte(" "), @@ -775,10 +811,10 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { }) require.Nil(t, err) - build = coderdtest.AwaitWorkspaceBuildJob(t, templateAdminClient, build.ID) + build = coderdtest.AwaitWorkspaceBuildJob(t, adminClient, build.ID) // Watch for incoming logs - logs, closer, err := templateAdminClient.WorkspaceBuildLogsAfter(ctx, build.ID, 0) + logs, closer, err := adminClient.WorkspaceBuildLogsAfter(ctx, build.ID, 0) require.NoError(t, err) defer closer.Close() diff --git a/coderd/wsbuilder/wsbuilder.go b/coderd/wsbuilder/wsbuilder.go index 224eacc02b013..a1f8948a25aa5 100644 --- a/coderd/wsbuilder/wsbuilder.go +++ b/coderd/wsbuilder/wsbuilder.go @@ -646,19 +646,19 @@ func (b *Builder) authorize(authFunc func(action rbac.Action, object rbac.Object } } - if b.logLevel != "" && b.deploymentValues != nil && !b.deploymentValues.EnableTerraformDebugMode { + if b.logLevel != "" && !authFunc(rbac.ActionRead, rbac.ResourceDeploymentValues) { return BuildError{ http.StatusBadRequest, - "Terraform debug mode is disabled in the deployment configuration.", - xerrors.New("Terraform debug mode is disabled in the deployment configuration."), + "Workspace builds with a custom log level are restricted to administrators only.", + xerrors.New("Workspace builds with a custom log level are restricted to administrators only."), } } - if b.logLevel != "" && !authFunc(rbac.ActionUpdate, template) { + if b.logLevel != "" && b.deploymentValues != nil && !b.deploymentValues.EnableTerraformDebugMode { return BuildError{ http.StatusBadRequest, - "Workspace builds with a custom log level are restricted to template authors only.", - xerrors.New("Workspace builds with a custom log level are restricted to template authors only."), + "Terraform debug mode is disabled in the deployment configuration.", + xerrors.New("Terraform debug mode is disabled in the deployment configuration."), } } return nil From 58e4f7444b8f68f29aad6018b1cc3f2372c5c8e6 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 12:50:11 +0200 Subject: [PATCH 07/12] Adjust UI --- site/src/components/Workspace/Workspace.tsx | 6 +++--- site/src/pages/WorkspacePage/WorkspaceReadyPage.tsx | 3 ++- site/src/xServices/workspace/workspaceXService.ts | 7 +++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/site/src/components/Workspace/Workspace.tsx b/site/src/components/Workspace/Workspace.tsx index 7b08798c74d54..4043ffa37039c 100644 --- a/site/src/components/Workspace/Workspace.tsx +++ b/site/src/components/Workspace/Workspace.tsx @@ -60,7 +60,7 @@ export interface WorkspaceProps { builds?: TypesGen.WorkspaceBuild[] templateWarnings?: TypesGen.TemplateVersionWarning[] canUpdateWorkspace: boolean - canUpdateTemplate: boolean + canRetryDebugMode: boolean canChangeVersions: boolean hideSSHButton?: boolean hideVSCodeDesktopButton?: boolean @@ -92,7 +92,7 @@ export const Workspace: FC> = ({ resources, builds, canUpdateWorkspace, - canUpdateTemplate, + canRetryDebugMode, canChangeVersions, workspaceErrors, hideSSHButton, @@ -236,7 +236,7 @@ export const Workspace: FC> = ({ Date: Thu, 29 Jun 2023 13:40:49 +0200 Subject: [PATCH 08/12] UI fixes --- site/src/pages/WorkspacePage/WorkspaceReadyPage.tsx | 7 +++++-- site/src/xServices/workspace/workspaceXService.ts | 9 +++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/site/src/pages/WorkspacePage/WorkspaceReadyPage.tsx b/site/src/pages/WorkspacePage/WorkspaceReadyPage.tsx index 7ae3f2dd294c6..2f545c1c7804f 100644 --- a/site/src/pages/WorkspacePage/WorkspaceReadyPage.tsx +++ b/site/src/pages/WorkspacePage/WorkspaceReadyPage.tsx @@ -61,6 +61,7 @@ export const WorkspaceReadyPage = ({ workspace, template, templateVersion, + deploymentValues, builds, getBuildsError, buildError, @@ -75,7 +76,9 @@ export const WorkspaceReadyPage = ({ const deadline = getDeadline(workspace) const canUpdateWorkspace = Boolean(permissions?.updateWorkspace) const canUpdateTemplate = Boolean(permissions?.updateTemplate) - const canViewDeploymentValues = Boolean(permissions?.viewDeploymentValues) + const canRetryDebugMode = + Boolean(permissions?.viewDeploymentValues) && + Boolean(deploymentValues?.enable_terraform_debug_mode) const { t } = useTranslation("workspacePage") const favicon = getFaviconByStatus(workspace.latest_build) const navigate = useNavigate() @@ -167,7 +170,7 @@ export const WorkspaceReadyPage = ({ resources={workspace.latest_build.resources} builds={builds} canUpdateWorkspace={canUpdateWorkspace} - canRetryDebugMode={canViewDeploymentValues} + canRetryDebugMode={canRetryDebugMode} canChangeVersions={canUpdateTemplate} hideSSHButton={featureVisibility["browser_only"]} hideVSCodeDesktopButton={featureVisibility["browser_only"]} diff --git a/site/src/xServices/workspace/workspaceXService.ts b/site/src/xServices/workspace/workspaceXService.ts index 63049c00118bd..ef568fd88ff03 100644 --- a/site/src/xServices/workspace/workspaceXService.ts +++ b/site/src/xServices/workspace/workspaceXService.ts @@ -55,6 +55,7 @@ export interface WorkspaceContext { template?: TypesGen.Template permissions?: Permissions templateVersion?: TypesGen.TemplateVersion + deploymentValues?: TypesGen.DeploymentValues build?: TypesGen.WorkspaceBuild // Builds builds?: TypesGen.WorkspaceBuild[] @@ -495,6 +496,7 @@ export const workspaceMachine = createMachine( template: (_, event) => event.data.template, templateVersion: (_, event) => event.data.templateVersion, permissions: (_, event) => event.data.permissions as Permissions, + deploymentValues: (_, event) => event.data.deploymentValues, }), assignError: assign({ error: (_, event) => event.data, @@ -747,10 +749,17 @@ async function loadInitialWorkspaceData({ }), ]) + const canViewDeploymentValues = Boolean( + (permissions as Permissions)?.viewDeploymentValues, + ) + const deploymentValues = canViewDeploymentValues + ? (await API.getDeploymentValues())?.config + : undefined return { workspace, template, templateVersion, permissions, + deploymentValues, } } From 7a2b1963c04bd0b16a9b531f1adc2a5d2e90353c Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 13:52:41 +0200 Subject: [PATCH 09/12] Fix tests --- site/src/pages/WorkspacePage/WorkspacePage.test.tsx | 4 ++++ site/src/testHelpers/entities.ts | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/site/src/pages/WorkspacePage/WorkspacePage.test.tsx b/site/src/pages/WorkspacePage/WorkspacePage.test.tsx index 06b451a1ac6e1..2919340261617 100644 --- a/site/src/pages/WorkspacePage/WorkspacePage.test.tsx +++ b/site/src/pages/WorkspacePage/WorkspacePage.test.tsx @@ -23,6 +23,7 @@ import { MockTemplateVersion3, MockUser, MockEntitlementsWithScheduling, + MockDeploymentConfig, } from "testHelpers/entities" import * as api from "../../api/api" import { Workspace } from "../../api/typesGenerated" @@ -39,6 +40,9 @@ const { t } = i18next const renderWorkspacePage = async () => { jest.spyOn(api, "getTemplate").mockResolvedValueOnce(MockTemplate) jest.spyOn(api, "getTemplateVersionRichParameters").mockResolvedValueOnce([]) + jest + .spyOn(api, "getDeploymentValues") + .mockResolvedValueOnce(MockDeploymentConfig) jest.spyOn(api, "watchStartupLogs").mockImplementation((_, options) => { options.onDone() return new WebSocket("") diff --git a/site/src/testHelpers/entities.ts b/site/src/testHelpers/entities.ts index e0507ea27ff66..e11947b4a845e 100644 --- a/site/src/testHelpers/entities.ts +++ b/site/src/testHelpers/entities.ts @@ -1583,6 +1583,13 @@ export const MockPermissions: Permissions = { viewDeploymentStats: true, } +export const MockDeploymentConfig: Types.DeploymentConfig = { + config: { + enable_terraform_debug_mode: true, + }, + options: [], +} + export const MockAppearance: TypesGen.AppearanceConfig = { logo_url: "", service_banner: { From a7545ed98b3d835a7bc8922cccc3527f9647e50f Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 13:55:38 +0200 Subject: [PATCH 10/12] storybook --- .../Workspace/Workspace.stories.tsx | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/site/src/components/Workspace/Workspace.stories.tsx b/site/src/components/Workspace/Workspace.stories.tsx index 0950b03f1edd3..2b2df5e5f6fcf 100644 --- a/site/src/components/Workspace/Workspace.stories.tsx +++ b/site/src/components/Workspace/Workspace.stories.tsx @@ -156,6 +156,25 @@ export const FailedWithLogs: Story = { }, } +export const FailedWithRetry: Story = { + args: { + ...Running.args, + workspace: { + ...Mocks.MockFailedWorkspace, + latest_build: { + ...Mocks.MockFailedWorkspace.latest_build, + job: { + ...Mocks.MockFailedWorkspace.latest_build.job, + error: + "recv workspace provision: plan terraform: terraform plan: exit status 1", + }, + }, + }, + failedBuildLogs: makeFailedBuildLogs(), + canRetryDebugMode: true, + }, +} + export const Deleting: Story = { args: { ...Running.args, From eb9f19ce907dc2f71bd4319b0c2b4fcc9b34c3c0 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 14:40:24 +0200 Subject: [PATCH 11/12] Use generic description --- cli/testdata/coder_server_--help.golden | 2 +- cli/testdata/server-config.yaml.golden | 2 +- codersdk/deployment.go | 2 +- docs/cli/server.md | 2 +- enterprise/cli/testdata/coder_server_--help.golden | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index 27c027bbe5fd9..d09060409c034 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -75,7 +75,7 @@ Use a YAML configuration file when your server launch become unwieldy. Introspection / Logging Options --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) - Enable debug mode while processing Terraform templates. + Allow administrators to enable Terraform debug output. --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden index 750bffac6b194..6a7062d56eebe 100644 --- a/cli/testdata/server-config.yaml.golden +++ b/cli/testdata/server-config.yaml.golden @@ -197,7 +197,7 @@ introspection: # Output Stackdriver compatible logs to a given file. # (default: , type: string) stackdriverPath: "" - # Enable debug mode while processing Terraform templates. + # Allow administrators to enable Terraform debug output. # (default: false, type: bool) enableTerraformDebugMode: false oauth2: diff --git a/codersdk/deployment.go b/codersdk/deployment.go index 27d0ac623cd48..f6d4a0baedfc8 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -1218,7 +1218,7 @@ when required by your organization's security policy.`, }, { Name: "Enable Terraform debug mode", - Description: "Enable debug mode while processing Terraform templates.", + Description: "Allow administrators to enable Terraform debug output.", Flag: "enable-terraform-debug-mode", Env: "CODER_ENABLE_TERRAFORM_DEBUG_MODE", Default: "false", diff --git a/docs/cli/server.md b/docs/cli/server.md index a50dfe47950b5..ef3db56cd6314 100644 --- a/docs/cli/server.md +++ b/docs/cli/server.md @@ -232,7 +232,7 @@ Disable automatic session expiry bumping due to activity. This forces all sessio | YAML | introspection.logging.enableTerraformDebugMode | | Default | false | -Enable debug mode while processing Terraform templates. +Allow administrators to enable Terraform debug output. ### --swagger-enable diff --git a/enterprise/cli/testdata/coder_server_--help.golden b/enterprise/cli/testdata/coder_server_--help.golden index 27c027bbe5fd9..d09060409c034 100644 --- a/enterprise/cli/testdata/coder_server_--help.golden +++ b/enterprise/cli/testdata/coder_server_--help.golden @@ -75,7 +75,7 @@ Use a YAML configuration file when your server launch become unwieldy. Introspection / Logging Options --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false) - Enable debug mode while processing Terraform templates. + Allow administrators to enable Terraform debug output. --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr) Output human-readable logs to a given file. From 53c83a2b1978337aecd1b4ce32159b10cb1c3006 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 29 Jun 2023 15:10:16 +0200 Subject: [PATCH 12/12] fix: user name --- coderd/workspacebuilds_test.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index 203510557c983..0fb5b03139224 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -647,23 +647,23 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { deploymentValues := coderdtest.DeploymentValues(t) deploymentValues.EnableTerraformDebugMode = false - templateAuthorClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) - templateAuthor := coderdtest.CreateFirstUser(t, templateAuthorClient) + adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) + owner := coderdtest.CreateFirstUser(t, adminClient) // Template author: create a template - version := coderdtest.CreateTemplateVersion(t, templateAuthorClient, templateAuthor.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, templateAuthorClient, templateAuthor.OrganizationID, version.ID) - coderdtest.AwaitTemplateVersionJob(t, templateAuthorClient, version.ID) + version := coderdtest.CreateTemplateVersion(t, adminClient, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, adminClient, owner.OrganizationID, version.ID) + coderdtest.AwaitTemplateVersionJob(t, adminClient, version.ID) // Template author: create a workspace - workspace := coderdtest.CreateWorkspace(t, templateAuthorClient, templateAuthor.OrganizationID, template.ID) - coderdtest.AwaitWorkspaceBuildJob(t, templateAuthorClient, workspace.LatestBuild.ID) + workspace := coderdtest.CreateWorkspace(t, adminClient, owner.OrganizationID, template.ID) + coderdtest.AwaitWorkspaceBuildJob(t, adminClient, workspace.LatestBuild.ID) // Template author: try to start a workspace build in debug mode ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() - _, err := templateAuthorClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ + _, err := adminClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ TemplateVersionID: workspace.LatestBuild.TemplateVersionID, Transition: codersdk.WorkspaceTransitionStart, LogLevel: "debug",