fix(cli): proactively use active template version when require_active_version is set#22033
fix(cli): proactively use active template version when require_active_version is set#22033
Conversation
|
Do we need a DB migration to make sure already existing workspaces are fixed too? Otherwise they won't be fixed until the admin re-toggles the setting for the template? |
coderd/templates.go
Outdated
| if req.RequireActiveVersion && !template.RequireActiveVersion { | ||
| err = tx.UpdateWorkspaceAutomaticUpdatesByTemplateID(ctx, database.UpdateWorkspaceAutomaticUpdatesByTemplateIDParams{ | ||
| TemplateID: template.ID, | ||
| AutomaticUpdates: database.AutomaticUpdatesAlways, | ||
| }) | ||
| if err != nil { | ||
| return xerrors.Errorf("update workspace automatic updates: %w", err) | ||
| } |
There was a problem hiding this comment.
The only issue with doing this is that you lose the state of the workspace-scoped setting. So if someone toggles the template-scoped requiring automatic updates then you lose whatever setting the user set on the workspace. If someone toggles this off then all the workspaces will still be set to true right?
There was a problem hiding this comment.
Yes this would be a force on, manual opt out
There was a problem hiding this comment.
Ideally we keep the user's previously selected value. But at the same time, if toggling it in the template changes the user's value, I don't think that is a huge deal.
Right now when the template takes control, the user has a disabled field in the UI. So they can't change it, even if they wanted to change their user chosen fallback.
If someone is toggling the template setting and annoying users, we could revisit 🤷
|
@sreya I think so, but I'm going to look more into the workspace scoped |
9c21b08 to
6ac0244
Compare
johnstcn
left a comment
There was a problem hiding this comment.
This is a better solution (making the CLI behaviour match the UI).
|
We may still not be addressing the user's issue. Based on the issue description and the conversation with @uzair-coder07, it seems the user is running I think the misunderstanding is that the "Start" button behaves like |
|
Thanks for the context @geokat , I see that the UI doesn't give the option to start with the old version at all, so by having this option it's acting as a footgun. We can suggest using update, or maybe we can have start behave differently. Do you have a suggested UX change that could help align these? |
AFAICS template admins can pick an older version via meatball -> Change version, but it still requires changing the current version (even to an old one) before it takes effect. So the option is there, but it's hidden and not easy to use (you have to change to another version and then back to the one you want). In general, I think having similar flows across frontends is the way to go. For example, the "Start" button in the webui could be a split button (depending on whether the user is a template admin) that starts on the current version by default but also allows updating (or the other way around). I'm not sure about the best CLI UX... Maybe deprecate EDIT: Maybe we could also add |
This comment was marked as resolved.
This comment was marked as resolved.
…_version is set When a template has require_active_version enabled, coder start and coder restart now proactively use the active template version for all users (including admins), matching the web UI behavior where the only button shown is 'Update and start'. Previously, the CLI only checked workspace.AutomaticUpdates but ignored TemplateRequireActiveVersion. This caused admins using the CLI or VS Code extension to silently start on stale template versions. The fix adds TemplateRequireActiveVersion to the existing OR condition in buildWorkspaceStartRequest(), matching how server-side autostart already handles it. The 403->retry fallback remains as a safety net but is no longer the primary path for any user. Fixes #22030
a0a98a4 to
9e792bf
Compare
Fixes #22030
Problem
When a template has
require_active_version = trueand a workspace is outdated, the web UI always shows "Update and start" as the only button (for all users including admins), butcoder startstarts with the old version. For admins, this silently succeeds on the stale version. For non-admins, it goes through a clunky 403→retry path. This also affects the VS Code extension, which callscoder start --yesunder the hood.Root Cause
buildWorkspaceStartRequest()incli/start.gochecksworkspace.AutomaticUpdates == "always"but ignoresworkspace.TemplateRequireActiveVersion. The server-side autostart already ORs both settings together:The CLI was missing the
RequireActiveVersioncheck.Fix
Add
workspace.TemplateRequireActiveVersionto the existing OR condition:Now
coder startandcoder restartproactively use the active template version whenrequire_active_versionis set, matching the web UI and server autostart behavior. The 403→retry fallback remains as a safety net but is no longer the primary path for any user.Testing
Updated
enterprise/cli/start_test.go— all user types (owner, template admin, ACL admin, group ACL admin, member) now expect the active version whenrequire_active_versionis set, and verify the 403→retry message does NOT appear.