Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0a12ec5

Browse files
johnstcnjohnstcn
authored
fix(enterprise/coderd): skip org membership check for prebuilds user on group patch (#18329)
Currently, the prebuilds documentation states: ``` ### Managing resource quotas Prebuilt workspaces can be used in conjunction with [resource quotas](../../users/quotas.md). Because unclaimed prebuilt workspaces are owned by the `prebuilds` user, you can: 1. Configure quotas for any group that includes this user. 1. Set appropriate limits to balance prebuilt workspace availability with resource constraints. If a quota is exceeded, the prebuilt workspace will fail provisioning the same way other workspaces do. ``` If you need to have a separate quota for prebuilds as opposed to regular users, you are required to create a separate group, as quotas are applied to groups. Currently it is not possible to create a separate 'prebuilds' group with only the prebuilds user to add a quota. This PR skips the org membership check specifically for the prebuilds user when patching a group. ![image](https://github.com/user-attachments/assets/2ff566bb-97bd-4c73-917a-903ea54dd7a6)
1 parent 66e8dbb commit 0a12ec5

File tree

2 files changed

+32
-0
lines changed

2 files changed

+32
-0
lines changed

enterprise/coderd/groups.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,12 @@ func (api *API) patchGroup(rw http.ResponseWriter, r *http.Request) {
171171
})
172172
return
173173
}
174+
// Skip membership checks for the prebuilds user. There is a valid use case
175+
// for adding the prebuilds user to a single group: in order to set a quota
176+
// allowance specifically for prebuilds.
177+
if id == database.PrebuildsSystemUserID.String() {
178+
continue
179+
}
174180
_, err := database.ExpectOne(api.Database.OrganizationMembers(ctx, database.OrganizationMembersParams{
175181
OrganizationID: group.OrganizationID,
176182
UserID: uuid.MustParse(id),

enterprise/coderd/groups_test.go

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -463,6 +463,32 @@ func TestPatchGroup(t *testing.T) {
463463
require.Equal(t, http.StatusBadRequest, cerr.StatusCode())
464464
})
465465

466+
// For quotas to work with prebuilds, it's currently required to add the
467+
// prebuilds user into a group with a quota allowance.
468+
// See: docs/admin/templates/extending-templates/prebuilt-workspaces.md
469+
t.Run("PrebuildsUser", func(t *testing.T) {
470+
t.Parallel()
471+
472+
client, user := coderdenttest.New(t, &coderdenttest.Options{LicenseOptions: &coderdenttest.LicenseOptions{
473+
Features: license.Features{
474+
codersdk.FeatureTemplateRBAC: 1,
475+
},
476+
}})
477+
userAdminClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleUserAdmin())
478+
ctx := testutil.Context(t, testutil.WaitLong)
479+
group, err := userAdminClient.CreateGroup(ctx, user.OrganizationID, codersdk.CreateGroupRequest{
480+
Name: "prebuilds",
481+
QuotaAllowance: 123,
482+
})
483+
require.NoError(t, err)
484+
485+
group, err = userAdminClient.PatchGroup(ctx, group.ID, codersdk.PatchGroupRequest{
486+
Name: "prebuilds",
487+
AddUsers: []string{database.PrebuildsSystemUserID.String()},
488+
})
489+
require.NoError(t, err)
490+
})
491+
466492
t.Run("Everyone", func(t *testing.T) {
467493
t.Parallel()
468494
t.Run("NoUpdateName", func(t *testing.T) {

0 commit comments

Comments
 (0)