From d48e08e9d2aba81f397899edfc051e37aef050b3 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Wed, 11 Jun 2025 17:35:22 +0100 Subject: [PATCH 1/3] fix(enterprise/coderd): skip org membership check for prebuilds user on group patch --- enterprise/coderd/groups.go | 7 +++++++ enterprise/coderd/groups_test.go | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/enterprise/coderd/groups.go b/enterprise/coderd/groups.go index cfe5d081271e3..862761a52cd29 100644 --- a/enterprise/coderd/groups.go +++ b/enterprise/coderd/groups.go @@ -14,6 +14,7 @@ import ( "github.com/coder/coder/v2/coderd/database/db2sdk" "github.com/coder/coder/v2/coderd/httpapi" "github.com/coder/coder/v2/coderd/httpmw" + "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/codersdk" ) @@ -171,6 +172,12 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) { }) return } + // Skip membership checks for the prebuilds user. There is a valid use case + // for adding the prebuilds user to a single group: in order to set a quota + // allowance specifically for prebuilds. + if id == prebuilds.SystemUserID.String() { + continue + } _, err := database.ExpectOne(api.Database.OrganizationMembers(ctx, database.OrganizationMembersParams{ OrganizationID: group.OrganizationID, UserID: uuid.MustParse(id), diff --git a/enterprise/coderd/groups_test.go b/enterprise/coderd/groups_test.go index f87a9193f5fa4..64589e83c28b2 100644 --- a/enterprise/coderd/groups_test.go +++ b/enterprise/coderd/groups_test.go @@ -463,6 +463,32 @@ func TestPatchGroup(t *testing.T) { require.Equal(t, http.StatusBadRequest, cerr.StatusCode()) }) + // For quotas to work with prebuilds, it's currently required to add the + // prebuilds user into a group with a quota allowance. + // See: docs/admin/templates/extending-templates/prebuilt-workspaces.md + t.Run("PrebuildsUser", func(t *testing.T) { + t.Parallel() + + client, user := coderdenttest.New(t, &coderdenttest.Options{LicenseOptions: &coderdenttest.LicenseOptions{ + Features: license.Features{ + codersdk.FeatureTemplateRBAC: 1, + }, + }}) + userAdminClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleUserAdmin()) + ctx := testutil.Context(t, testutil.WaitLong) + group, err := userAdminClient.CreateGroup(ctx, user.OrganizationID, codersdk.CreateGroupRequest{ + Name: "prebuilds", + QuotaAllowance: 123, + }) + require.NoError(t, err) + + group, err = userAdminClient.PatchGroup(ctx, group.ID, codersdk.PatchGroupRequest{ + Name: "prebuilds", + AddUsers: []string{prebuilds.SystemUserID.String()}, + }) + require.NoError(t, err) + }) + t.Run("Everyone", func(t *testing.T) { t.Parallel() t.Run("NoUpdateName", func(t *testing.T) { From 19dda7cf9d15e0d051619c58b295066520d8f085 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 23 Jun 2025 09:46:54 +0100 Subject: [PATCH 2/3] fixup! fix(enterprise/coderd): skip org membership check for prebuilds user on group patch --- enterprise/coderd/groups.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/enterprise/coderd/groups.go b/enterprise/coderd/groups.go index 862761a52cd29..89671e00bd65c 100644 --- a/enterprise/coderd/groups.go +++ b/enterprise/coderd/groups.go @@ -14,7 +14,6 @@ import ( "github.com/coder/coder/v2/coderd/database/db2sdk" "github.com/coder/coder/v2/coderd/httpapi" "github.com/coder/coder/v2/coderd/httpmw" - "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/codersdk" ) @@ -175,7 +174,7 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) { // Skip membership checks for the prebuilds user. There is a valid use case // for adding the prebuilds user to a single group: in order to set a quota // allowance specifically for prebuilds. - if id == prebuilds.SystemUserID.String() { + if id == database.PrebuildsSystemUserID.String() { continue } _, err := database.ExpectOne(api.Database.OrganizationMembers(ctx, database.OrganizationMembersParams{ From d8c770be092f8f9cad07b0a59984868eac7531f9 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 23 Jun 2025 09:53:28 +0100 Subject: [PATCH 3/3] fixup! fixup! fix(enterprise/coderd): skip org membership check for prebuilds user on group patch --- enterprise/coderd/groups_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enterprise/coderd/groups_test.go b/enterprise/coderd/groups_test.go index 64589e83c28b2..568825adcd0ea 100644 --- a/enterprise/coderd/groups_test.go +++ b/enterprise/coderd/groups_test.go @@ -484,7 +484,7 @@ func TestPatchGroup(t *testing.T) { group, err = userAdminClient.PatchGroup(ctx, group.ID, codersdk.PatchGroupRequest{ Name: "prebuilds", - AddUsers: []string{prebuilds.SystemUserID.String()}, + AddUsers: []string{database.PrebuildsSystemUserID.String()}, }) require.NoError(t, err) }) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy