Skip to content

Commit 4c847c9

Browse files
ssncferreirassncferreira
committed
fix: add database constraints to prevent invalid lifecycle fields on prebuilt workspaces
1 parent 2761b7e commit 4c847c9

File tree

5 files changed

+510
-698
lines changed

5 files changed

+510
-698
lines changed

coderd/database/querier.go

Lines changed: 0 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 25 additions & 16 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/workspacebuilds.sql

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -135,16 +135,21 @@ WHERE
135135
id = $1;
136136

137137
-- name: UpdateWorkspaceBuildDeadlineByID :exec
138-
-- NOTE: This query should only be called for regular user workspaces.
139-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
140-
-- executor which handles deadline and max_deadline.
141138
UPDATE
142139
workspace_builds
143140
SET
144141
deadline = @deadline::timestamptz,
145142
max_deadline = @max_deadline::timestamptz,
146143
updated_at = @updated_at::timestamptz
147-
WHERE id = @id::uuid;
144+
FROM
145+
workspaces
146+
WHERE
147+
workspace_builds.id = @id::uuid
148+
AND workspace_builds.workspace_id = workspaces.id
149+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
150+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
151+
-- deadline and max_deadline
152+
AND workspaces.owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
148153

149154
-- name: UpdateWorkspaceBuildProvisionerStateByID :exec
150155
UPDATE

coderd/database/queries/workspaces.sql

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -512,27 +512,29 @@ WHERE
512512
RETURNING *;
513513

514514
-- name: UpdateWorkspaceAutostart :exec
515-
-- NOTE: This query should only be called for regular user workspaces.
516-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
517-
-- executor which handles autostart_schedule and next_start_at.
518515
UPDATE
519516
workspaces
520517
SET
521518
autostart_schedule = $2,
522519
next_start_at = $3
523520
WHERE
524-
id = $1;
521+
id = $1
522+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
523+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
524+
-- autostart_schedule and next_start_at
525+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
525526

526527
-- name: UpdateWorkspaceNextStartAt :exec
527-
-- NOTE: This query should only be called for regular user workspaces.
528-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
529-
-- executor which handles next_start_at.
530528
UPDATE
531529
workspaces
532530
SET
533531
next_start_at = $2
534532
WHERE
535-
id = $1;
533+
id = $1
534+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
535+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
536+
-- next_start_at
537+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
536538

537539
-- name: BatchUpdateWorkspaceNextStartAt :exec
538540
UPDATE
@@ -551,15 +553,16 @@ WHERE
551553
workspaces.id = batch.id;
552554

553555
-- name: UpdateWorkspaceTTL :exec
554-
-- NOTE: This query should only be called for regular user workspaces.
555-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
556-
-- executor which handles regular workspace's TTL.
557556
UPDATE
558557
workspaces
559558
SET
560559
ttl = $2
561560
WHERE
562-
id = $1;
561+
id = $1
562+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
563+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
564+
-- ttl
565+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
563566

564567
-- name: UpdateWorkspacesTTLByTemplateID :exec
565568
UPDATE
@@ -777,9 +780,6 @@ WHERE
777780
AND workspaces.owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
778781

779782
-- name: UpdateWorkspaceDormantDeletingAt :one
780-
-- NOTE: This query should only be called for regular user workspaces.
781-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
782-
-- executor which handles dormant_at and deleting_at.
783783
UPDATE
784784
workspaces
785785
SET
@@ -803,6 +803,10 @@ FROM
803803
WHERE
804804
workspaces.id = $1
805805
AND templates.id = workspaces.template_id
806+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
807+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
808+
-- dormant_at and deleting_at
809+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID
806810
RETURNING
807811
workspaces.*;
808812

0 commit comments

Comments
 (0)