Skip to content

fix: stop updating agent stats from deleted workspaces #11026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Dec 7, 2023
Merged

fix: stop updating agent stats from deleted workspaces #11026

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4150a99
fix: prevent deleted workspaces from updating agent stats
f0ssel Dec 4, 2023
7721b2d
remove comment
f0ssel Dec 4, 2023
f1d3279
lint
f0ssel Dec 4, 2023
f3b7b9a
use query over route logic
f0ssel Dec 7, 2023
0e36f03
Apply suggestions from code review
f0ssel Dec 7, 2023
44deada
fix
f0ssel Dec 7, 2023
dd08f2f
fix AuthzUserSubject to include member and org member role
Emyrk Dec 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion coderd/coderdtest/coderdtest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -617,11 +617,15 @@ func CreateAnotherUserMutators(t testing.TB, client *codersdk.Client, organizati
}

// AuthzUserSubject does not include the user's groups.
func AuthzUserSubject(user codersdk.User) rbac.Subject {
func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
roles := make(rbac.RoleNames, 0, len(user.Roles))
// Member role is always implied
roles = append(roles, rbac.RoleMember())
for _, r := range user.Roles {
roles = append(roles, r.Name)
}
// We assume only 1 org exists
roles = append(roles, rbac.RoleOrgMember(orgID))

return rbac.Subject{
ID: user.ID.String(),
Expand Down
3 changes: 3 additions & 0 deletions coderd/database/dbmem/dbmem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3704,6 +3704,9 @@ func (q *FakeQuerier) GetWorkspaceAgentAndOwnerByAuthToken(_ context.Context, au
if build.WorkspaceID != ws.ID {
continue
}
if ws.Deleted {
continue
}
var row database.GetWorkspaceAgentAndOwnerByAuthTokenRow
row.WorkspaceID = ws.ID
usr, err := q.getUserByIDNoLock(ws.OwnerID)
Expand Down
5 changes: 3 additions & 2 deletions coderd/database/queries.sql.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions coderd/database/queries/workspaceagents.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,9 +252,10 @@ FROM users
WHERE
-- TODO: we can add more conditions here, such as:
-- 1) The user must be active
-- 2) The user must not be deleted
-- 3) The workspace must be running
-- 2) The workspace must be running
workspace_agents.auth_token = @auth_token
AND
workspaces.deleted = FALSE
GROUP BY
workspace_agents.id,
workspaces.id,
Expand Down
2 changes: 1 addition & 1 deletion coderd/templates_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -560,7 +560,7 @@ func TestPatchTemplateMeta(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
// nolint:gocritic // Setting up unit test data
err := db.UpdateTemplateAccessControlByID(dbauthz.As(ctx, coderdtest.AuthzUserSubject(tplAdmin)), database.UpdateTemplateAccessControlByIDParams{
err := db.UpdateTemplateAccessControlByID(dbauthz.As(ctx, coderdtest.AuthzUserSubject(tplAdmin, user.OrganizationID)), database.UpdateTemplateAccessControlByIDParams{
ID: template.ID,
RequireActiveVersion: false,
Deprecated: "Some deprecated message",
Expand Down
59 changes: 59 additions & 0 deletions coderd/workspaceagents_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,12 @@ import (
"github.com/coder/coder/v2/coderd"
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbauthz"
"github.com/coder/coder/v2/coderd/database/dbfake"
"github.com/coder/coder/v2/coderd/database/dbmem"
"github.com/coder/coder/v2/coderd/database/dbtime"
"github.com/coder/coder/v2/coderd/database/pubsub"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/codersdk/agentsdk"
"github.com/coder/coder/v2/provisioner/echo"
Expand Down Expand Up @@ -876,6 +878,63 @@ func TestWorkspaceAgentReportStats(t *testing.T) {
"%s is not after %s", newWorkspace.LastUsedAt, r.Workspace.LastUsedAt,
)
})

t.Run("FailDeleted", func(t *testing.T) {
t.Parallel()

owner, db := coderdtest.NewWithDatabase(t, nil)
ownerUser := coderdtest.CreateFirstUser(t, owner)
client, admin := coderdtest.CreateAnotherUser(t, owner, ownerUser.OrganizationID, rbac.RoleTemplateAdmin(), rbac.RoleUserAdmin())
r := dbfake.WorkspaceBuild(t, db, database.Workspace{
OrganizationID: admin.OrganizationIDs[0],
OwnerID: admin.ID,
}).WithAgent().Do()

agentClient := agentsdk.New(client.URL)
agentClient.SetSessionToken(r.AgentToken)

_, err := agentClient.PostStats(context.Background(), &agentsdk.Stats{
ConnectionsByProto: map[string]int64{"TCP": 1},
ConnectionCount: 1,
RxPackets: 1,
RxBytes: 1,
TxPackets: 1,
TxBytes: 1,
SessionCountVSCode: 0,
SessionCountJetBrains: 0,
SessionCountReconnectingPTY: 0,
SessionCountSSH: 0,
ConnectionMedianLatencyMS: 10,
})
require.NoError(t, err)

newWorkspace, err := client.Workspace(context.Background(), r.Workspace.ID)
require.NoError(t, err)

// nolint:gocritic // using db directly over creating a delete job
err = db.UpdateWorkspaceDeletedByID(dbauthz.As(context.Background(),
coderdtest.AuthzUserSubject(admin, ownerUser.OrganizationID)),
database.UpdateWorkspaceDeletedByIDParams{
ID: newWorkspace.ID,
Deleted: true,
})
require.NoError(t, err)

_, err = agentClient.PostStats(context.Background(), &agentsdk.Stats{
ConnectionsByProto: map[string]int64{"TCP": 1},
ConnectionCount: 1,
RxPackets: 1,
RxBytes: 1,
TxPackets: 1,
TxBytes: 1,
SessionCountVSCode: 1,
SessionCountJetBrains: 0,
SessionCountReconnectingPTY: 0,
SessionCountSSH: 0,
ConnectionMedianLatencyMS: 10,
})
require.ErrorContains(t, err, "agent is invalid")
})
}

func TestWorkspaceAgent_LifecycleState(t *testing.T) {
Expand Down