Skip to content

Commit 4c847c9

Browse files
ssncferreirassncferreira
committed
fix: add database constraints to prevent invalid lifecycle fields on prebuilt workspaces
1 parent 2761b7e commit 4c847c9

File tree

5 files changed

+510
-698
lines changed

5 files changed

+510
-698
lines changed

coderd/database/querier.go

Lines changed: 0 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 25 additions & 16 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/workspacebuilds.sql

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -135,16 +135,21 @@ WHERE
135135
id = $1;
136136

137137
-- name: UpdateWorkspaceBuildDeadlineByID :exec
138-
-- NOTE: This query should only be called for regular user workspaces.
139-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
140-
-- executor which handles deadline and max_deadline.
141138
UPDATE
142139
workspace_builds
143140
SET
144141
deadline = @deadline::timestamptz,
145142
max_deadline = @max_deadline::timestamptz,
146143
updated_at = @updated_at::timestamptz
147-
WHERE id = @id::uuid;
144+
FROM
145+
workspaces
146+
WHERE
147+
workspace_builds.id = @id::uuid
148+
AND workspace_builds.workspace_id = workspaces.id
149+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
150+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
151+
-- deadline and max_deadline
152+
AND workspaces.owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
148153

149154
-- name: UpdateWorkspaceBuildProvisionerStateByID :exec
150155
UPDATE

coderd/database/queries/workspaces.sql

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -512,27 +512,29 @@ WHERE
512512
RETURNING *;
513513

514514
-- name: UpdateWorkspaceAutostart :exec
515-
-- NOTE: This query should only be called for regular user workspaces.
516-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
517-
-- executor which handles autostart_schedule and next_start_at.
518515
UPDATE
519516
workspaces
520517
SET
521518
autostart_schedule = $2,
522519
next_start_at = $3
523520
WHERE
524-
id = $1;
521+
id = $1
522+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
523+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
524+
-- autostart_schedule and next_start_at
525+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
525526

526527
-- name: UpdateWorkspaceNextStartAt :exec
527-
-- NOTE: This query should only be called for regular user workspaces.
528-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
529-
-- executor which handles next_start_at.
530528
UPDATE
531529
workspaces
532530
SET
533531
next_start_at = $2
534532
WHERE
535-
id = $1;
533+
id = $1
534+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
535+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
536+
-- next_start_at
537+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
536538

537539
-- name: BatchUpdateWorkspaceNextStartAt :exec
538540
UPDATE
@@ -551,15 +553,16 @@ WHERE
551553
workspaces.id = batch.id;
552554

553555
-- name: UpdateWorkspaceTTL :exec
554-
-- NOTE: This query should only be called for regular user workspaces.
555-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
556-
-- executor which handles regular workspace's TTL.
557556
UPDATE
558557
workspaces
559558
SET
560559
ttl = $2
561560
WHERE
562-
id = $1;
561+
id = $1
562+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
563+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
564+
-- ttl
565+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
563566

564567
-- name: UpdateWorkspacesTTLByTemplateID :exec
565568
UPDATE
@@ -777,9 +780,6 @@ WHERE
777780
AND workspaces.owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID;
778781

779782
-- name: UpdateWorkspaceDormantDeletingAt :one
780-
-- NOTE: This query should only be called for regular user workspaces.
781-
-- Prebuilds are managed by the reconciliation loop, not the lifecycle
782-
-- executor which handles dormant_at and deleting_at.
783783
UPDATE
784784
workspaces
785785
SET
@@ -803,6 +803,10 @@ FROM
803803
WHERE
804804
workspaces.id = $1
805805
AND templates.id = workspaces.template_id
806+
-- Prebuilt workspaces (identified by having the prebuilds system user as owner_id)
807+
-- are managed by the reconciliation loop, not the lifecycle executor which handles
808+
-- dormant_at and deleting_at
809+
AND owner_id != 'c42fdf75-3097-471c-8c33-fb52454d81c0'::UUID
806810
RETURNING
807811
workspaces.*;
808812

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy