mirror of
https://github.com/coder/coder.git
synced 2026-06-03 13:08:25 +00:00
Garrett Delfosse
6c16794173
Fixes #22030 ## Problem When a template has `require_active_version = true` and a workspace is outdated, the web UI always shows "Update and start" as the **only** button (for all users including admins), but `coder start` starts with the old version. For admins, this silently succeeds on the stale version. For non-admins, it goes through a clunky 403→retry path. This also affects the VS Code extension, which calls `coder start --yes` under the hood. ## Root Cause `buildWorkspaceStartRequest()` in `cli/start.go` checks `workspace.AutomaticUpdates == "always"` but ignores `workspace.TemplateRequireActiveVersion`. The server-side autostart already ORs both settings together: ```go // coderd/autobuild/lifecycle_executor.go func useActiveVersion(opts, ws) bool { return opts.RequireActiveVersion || ws.AutomaticUpdates == "always" } ``` The CLI was missing the `RequireActiveVersion` check. ## Fix Add `workspace.TemplateRequireActiveVersion` to the existing OR condition: ```go // Before: if workspace.AutomaticUpdates == codersdk.AutomaticUpdatesAlways || action == WorkspaceUpdate { // After: if workspace.AutomaticUpdates == codersdk.AutomaticUpdatesAlways || workspace.TemplateRequireActiveVersion || action == WorkspaceUpdate { ``` Now `coder start` and `coder restart` proactively use the active template version when `require_active_version` is set, matching the web UI and server autostart behavior. The 403→retry fallback remains as a safety net but is no longer the primary path for any user. ## Testing Updated `enterprise/cli/start_test.go` — all user types (owner, template admin, ACL admin, group ACL admin, member) now expect the active version when `require_active_version` is set, and verify the 403→retry message does NOT appear.
206 lines
7.0 KiB
Go
206 lines
7.0 KiB
Go
package cli
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/coder/coder/v2/cli/cliui"
|
|
"github.com/coder/coder/v2/cli/cliutil"
|
|
"github.com/coder/coder/v2/codersdk"
|
|
"github.com/coder/serpent"
|
|
)
|
|
|
|
func (r *RootCmd) start() *serpent.Command {
|
|
var (
|
|
parameterFlags workspaceParameterFlags
|
|
bflags buildFlags
|
|
|
|
noWait bool
|
|
)
|
|
|
|
cmd := &serpent.Command{
|
|
Annotations: workspaceCommand,
|
|
Use: "start <workspace>",
|
|
Short: "Start a workspace",
|
|
Middleware: serpent.Chain(
|
|
serpent.RequireNArgs(1),
|
|
),
|
|
Options: serpent.OptionSet{
|
|
{
|
|
Flag: "no-wait",
|
|
Description: "Return immediately after starting the workspace.",
|
|
Value: serpent.BoolOf(&noWait),
|
|
Hidden: false,
|
|
},
|
|
cliui.SkipPromptOption(),
|
|
},
|
|
Handler: func(inv *serpent.Invocation) error {
|
|
client, err := r.InitClient(inv)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
workspace, err := namedWorkspace(inv.Context(), client, inv.Args[0])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
var build codersdk.WorkspaceBuild
|
|
switch workspace.LatestBuild.Status {
|
|
case codersdk.WorkspaceStatusPending:
|
|
// The above check is technically duplicated in cliutil.WarnmatchedProvisioners
|
|
// but we still want to avoid users spamming multiple builds that will
|
|
// not be picked up.
|
|
_, _ = fmt.Fprintf(
|
|
inv.Stdout,
|
|
"\nThe %s workspace is waiting to start!\n",
|
|
cliui.Keyword(workspace.Name),
|
|
)
|
|
cliutil.WarnMatchedProvisioners(inv.Stderr, workspace.LatestBuild.MatchedProvisioners, workspace.LatestBuild.Job)
|
|
if _, err := cliui.Prompt(inv, cliui.PromptOptions{
|
|
Text: "Enqueue another start?",
|
|
IsConfirm: true,
|
|
Default: cliui.ConfirmNo,
|
|
}); err != nil {
|
|
return err
|
|
}
|
|
case codersdk.WorkspaceStatusRunning:
|
|
_, _ = fmt.Fprintf(
|
|
inv.Stdout, "\nThe %s workspace is already running!\n",
|
|
cliui.Keyword(workspace.Name),
|
|
)
|
|
return nil
|
|
case codersdk.WorkspaceStatusStarting:
|
|
_, _ = fmt.Fprintf(
|
|
inv.Stdout, "\nThe %s workspace is already starting.\n",
|
|
cliui.Keyword(workspace.Name),
|
|
)
|
|
build = workspace.LatestBuild
|
|
default:
|
|
build, err = startWorkspace(inv, client, workspace, parameterFlags, bflags, WorkspaceStart)
|
|
// It's possible for a workspace build to fail due to the template requiring starting
|
|
// workspaces with the active version.
|
|
if cerr, ok := codersdk.AsError(err); ok && cerr.StatusCode() == http.StatusForbidden {
|
|
_, _ = fmt.Fprintln(inv.Stdout, "Unable to start the workspace with the template version from the last build. Policy may require you to restart with the current active template version.")
|
|
build, err = startWorkspace(inv, client, workspace, parameterFlags, bflags, WorkspaceUpdate)
|
|
if err != nil {
|
|
return xerrors.Errorf("start workspace with active template version: %w", err)
|
|
}
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if noWait {
|
|
_, _ = fmt.Fprintf(inv.Stdout, "The %s workspace has been started in no-wait mode. Workspace is building in the background.\n", cliui.Keyword(workspace.Name))
|
|
return nil
|
|
}
|
|
|
|
err = cliui.WorkspaceBuild(inv.Context(), inv.Stdout, client, build.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, _ = fmt.Fprintf(
|
|
inv.Stdout, "\nThe %s workspace has been started at %s!\n",
|
|
cliui.Keyword(workspace.Name), cliui.Timestamp(time.Now()),
|
|
)
|
|
return nil
|
|
},
|
|
}
|
|
|
|
cmd.Options = append(cmd.Options, parameterFlags.allOptions()...)
|
|
cmd.Options = append(cmd.Options, bflags.cliOptions()...)
|
|
|
|
return cmd
|
|
}
|
|
|
|
func buildWorkspaceStartRequest(inv *serpent.Invocation, client *codersdk.Client, workspace codersdk.Workspace, parameterFlags workspaceParameterFlags, buildFlags buildFlags, action WorkspaceCLIAction) (codersdk.CreateWorkspaceBuildRequest, error) {
|
|
version := workspace.LatestBuild.TemplateVersionID
|
|
|
|
if workspace.AutomaticUpdates == codersdk.AutomaticUpdatesAlways || workspace.TemplateRequireActiveVersion || action == WorkspaceUpdate {
|
|
version = workspace.TemplateActiveVersionID
|
|
if version != workspace.LatestBuild.TemplateVersionID {
|
|
action = WorkspaceUpdate
|
|
}
|
|
}
|
|
|
|
lastBuildParameters, err := client.WorkspaceBuildParameters(inv.Context(), workspace.LatestBuild.ID)
|
|
if err != nil {
|
|
return codersdk.CreateWorkspaceBuildRequest{}, err
|
|
}
|
|
|
|
ephemeralParameters, err := asWorkspaceBuildParameters(parameterFlags.ephemeralParameters)
|
|
if err != nil {
|
|
return codersdk.CreateWorkspaceBuildRequest{}, xerrors.Errorf("unable to parse build options: %w", err)
|
|
}
|
|
|
|
cliRichParameters, err := asWorkspaceBuildParameters(parameterFlags.richParameters)
|
|
if err != nil {
|
|
return codersdk.CreateWorkspaceBuildRequest{}, xerrors.Errorf("unable to parse rich parameters: %w", err)
|
|
}
|
|
|
|
cliRichParameterDefaults, err := asWorkspaceBuildParameters(parameterFlags.richParameterDefaults)
|
|
if err != nil {
|
|
return codersdk.CreateWorkspaceBuildRequest{}, xerrors.Errorf("unable to parse rich parameter defaults: %w", err)
|
|
}
|
|
|
|
buildParameters, err := prepWorkspaceBuild(inv, client, prepWorkspaceBuildArgs{
|
|
Action: action,
|
|
TemplateVersionID: version,
|
|
NewWorkspaceName: workspace.Name,
|
|
LastBuildParameters: lastBuildParameters,
|
|
Owner: workspace.OwnerID.String(),
|
|
|
|
PromptEphemeralParameters: parameterFlags.promptEphemeralParameters,
|
|
EphemeralParameters: ephemeralParameters,
|
|
PromptRichParameters: parameterFlags.promptRichParameters,
|
|
RichParameters: cliRichParameters,
|
|
RichParameterFile: parameterFlags.richParameterFile,
|
|
RichParameterDefaults: cliRichParameterDefaults,
|
|
})
|
|
if err != nil {
|
|
return codersdk.CreateWorkspaceBuildRequest{}, err
|
|
}
|
|
|
|
wbr := codersdk.CreateWorkspaceBuildRequest{
|
|
Transition: codersdk.WorkspaceTransitionStart,
|
|
RichParameterValues: buildParameters,
|
|
TemplateVersionID: version,
|
|
}
|
|
if buildFlags.provisionerLogDebug {
|
|
wbr.LogLevel = codersdk.ProvisionerLogLevelDebug
|
|
}
|
|
if buildFlags.reason != "" {
|
|
wbr.Reason = codersdk.CreateWorkspaceBuildReason(buildFlags.reason)
|
|
}
|
|
|
|
return wbr, nil
|
|
}
|
|
|
|
func startWorkspace(inv *serpent.Invocation, client *codersdk.Client, workspace codersdk.Workspace, parameterFlags workspaceParameterFlags, buildFlags buildFlags, action WorkspaceCLIAction) (codersdk.WorkspaceBuild, error) {
|
|
if workspace.DormantAt != nil {
|
|
_, _ = fmt.Fprintln(inv.Stdout, "Activating dormant workspace...")
|
|
err := client.UpdateWorkspaceDormancy(inv.Context(), workspace.ID, codersdk.UpdateWorkspaceDormancy{
|
|
Dormant: false,
|
|
})
|
|
if err != nil {
|
|
return codersdk.WorkspaceBuild{}, xerrors.Errorf("activate workspace: %w", err)
|
|
}
|
|
}
|
|
req, err := buildWorkspaceStartRequest(inv, client, workspace, parameterFlags, buildFlags, action)
|
|
if err != nil {
|
|
return codersdk.WorkspaceBuild{}, err
|
|
}
|
|
|
|
build, err := client.CreateWorkspaceBuild(inv.Context(), workspace.ID, req)
|
|
if err != nil {
|
|
return codersdk.WorkspaceBuild{}, xerrors.Errorf("create workspace build: %w", err)
|
|
}
|
|
cliutil.WarnMatchedProvisioners(inv.Stderr, build.MatchedProvisioners, build.Job)
|
|
|
|
return build, nil
|
|
}
|