| Field | Tracked |
|---|---|
| app_id | false |
| created_at | false |
| display_secret | false |
| hashed_secret | false |
| id | false |
| last_used_at | false |
| secret_prefix | false |
| Field | Tracked |
|---|---|
| created_at | false |
| deleted | true |
| description | true |
| display_name | true |
| icon | true |
| id | false |
| is_default | true |
| name | true |
| updated_at | true |
| Field | Tracked |
|---|---|
| assign_default | true |
| field | true |
| mapping | true |
| Field | Tracked |
|---|---|
| id | false |
| reconciliation_paused | true |
| Field | Tracked |
|---|---|
| field | true |
| mapping | true |
| Field | Tracked |
|---|---|
| active_version_id | true |
| activity_bump | true |
| allow_user_autostart | true |
| allow_user_autostop | true |
| allow_user_cancel_workspace_jobs | true |
| autostart_block_days_of_week | true |
| autostop_requirement_days_of_week | true |
| autostop_requirement_weeks | true |
| created_at | false |
| created_by | true |
| created_by_avatar_url | false |
| created_by_name | false |
| created_by_username | false |
| default_ttl | true |
| deleted | false |
| deprecated | true |
| description | true |
| display_name | true |
| failure_ttl | true |
| group_acl | true |
| icon | true |
| id | true |
| max_port_sharing_level | true |
| name | true |
| organization_display_name | false |
| organization_icon | false |
| organization_id | false |
| organization_name | false |
| provisioner | true |
| require_active_version | true |
| time_til_dormant | true |
| time_til_dormant_autodelete | true |
| updated_at | false |
| use_classic_parameter_flow | true |
| user_acl | true |
| Field | Tracked |
|---|---|
| archived | true |
| created_at | false |
| created_by | true |
| created_by_avatar_url | false |
| created_by_name | false |
| created_by_username | false |
| external_auth_providers | false |
| has_ai_task | false |
| id | true |
| job_id | false |
| message | false |
| name | true |
| organization_id | false |
| readme | true |
| source_example_id | false |
| template_id | true |
| updated_at | false |
features](./features.md) | List Enterprise features |
| [licenses](./licenses.md) | Add, delete, and list licenses |
| [groups](./groups.md) | Manage groups |
+| [prebuilds](./prebuilds.md) | Manage Coder prebuilds |
| [provisioner](./provisioner.md) | View and manage provisioner daemons and jobs |
## Options
diff --git a/docs/reference/cli/prebuilds.md b/docs/reference/cli/prebuilds.md
new file mode 100644
index 0000000000000..90ee77dc91c1a
--- /dev/null
+++ b/docs/reference/cli/prebuilds.md
@@ -0,0 +1,34 @@
+
+# prebuilds
+
+Manage Coder prebuilds
+
+Aliases:
+
+* prebuild
+
+## Usage
+
+```console
+coder prebuilds
+```
+
+## Description
+
+```console
+Administrators can use these commands to manage prebuilt workspace settings.
+ - Pause Coder prebuilt workspace reconciliation.:
+
+ $ coder prebuilds pause
+
+ - Resume Coder prebuilt workspace reconciliation if it has been paused.:
+
+ $ coder prebuilds resume
+```
+
+## Subcommands
+
+| Name | Purpose |
+|----------------------------------------------|------------------|
+| [pause](./prebuilds_pause.md) | Pause prebuilds |
+| [resume](./prebuilds_resume.md) | Resume prebuilds |
diff --git a/docs/reference/cli/prebuilds_pause.md b/docs/reference/cli/prebuilds_pause.md
new file mode 100644
index 0000000000000..3aa8cf883a16f
--- /dev/null
+++ b/docs/reference/cli/prebuilds_pause.md
@@ -0,0 +1,10 @@
+
+# prebuilds pause
+
+Pause prebuilds
+
+## Usage
+
+```console
+coder prebuilds pause
+```
diff --git a/docs/reference/cli/prebuilds_resume.md b/docs/reference/cli/prebuilds_resume.md
new file mode 100644
index 0000000000000..00e9dadc6c578
--- /dev/null
+++ b/docs/reference/cli/prebuilds_resume.md
@@ -0,0 +1,10 @@
+
+# prebuilds resume
+
+Resume prebuilds
+
+## Usage
+
+```console
+coder prebuilds resume
+```
diff --git a/enterprise/audit/table.go b/enterprise/audit/table.go
index 120b4ed684bdf..edf805acb3cd4 100644
--- a/enterprise/audit/table.go
+++ b/enterprise/audit/table.go
@@ -236,6 +236,10 @@ var auditableResourcesTypes = map[any]map[string]Action{
"id": ActionIgnore,
"notifier_paused": ActionTrack,
},
+ &database.PrebuildsSettings{}: {
+ "id": ActionIgnore,
+ "reconciliation_paused": ActionTrack,
+ },
// TODO: track an ID here when the below ticket is completed:
// https://github.com/coder/coder/pull/6012
&database.License{}: {
diff --git a/enterprise/cli/prebuilds.go b/enterprise/cli/prebuilds.go
new file mode 100644
index 0000000000000..a75b14dd7023f
--- /dev/null
+++ b/enterprise/cli/prebuilds.go
@@ -0,0 +1,86 @@
+package cli
+
+import (
+ "fmt"
+
+ "golang.org/x/xerrors"
+
+ "github.com/coder/serpent"
+
+ "github.com/coder/coder/v2/cli"
+ "github.com/coder/coder/v2/codersdk"
+)
+
+func (r *RootCmd) prebuilds() *serpent.Command {
+ cmd := &serpent.Command{
+ Use: "prebuilds",
+ Short: "Manage Coder prebuilds",
+ Long: "Administrators can use these commands to manage prebuilt workspace settings.\n" + cli.FormatExamples(
+ cli.Example{
+ Description: "Pause Coder prebuilt workspace reconciliation.",
+ Command: "coder prebuilds pause",
+ },
+ cli.Example{
+ Description: "Resume Coder prebuilt workspace reconciliation if it has been paused.",
+ Command: "coder prebuilds resume",
+ },
+ ),
+ Aliases: []string{"prebuild"},
+ Handler: func(inv *serpent.Invocation) error {
+ return inv.Command.HelpHandler(inv)
+ },
+ Children: []*serpent.Command{
+ r.pausePrebuilds(),
+ r.resumePrebuilds(),
+ },
+ }
+ return cmd
+}
+
+func (r *RootCmd) pausePrebuilds() *serpent.Command {
+ client := new(codersdk.Client)
+ cmd := &serpent.Command{
+ Use: "pause",
+ Short: "Pause prebuilds",
+ Middleware: serpent.Chain(
+ serpent.RequireNArgs(0),
+ r.InitClient(client),
+ ),
+ Handler: func(inv *serpent.Invocation) error {
+ err := client.PutPrebuildsSettings(inv.Context(), codersdk.PrebuildsSettings{
+ ReconciliationPaused: true,
+ })
+ if err != nil {
+ return xerrors.Errorf("unable to pause prebuilds: %w", err)
+ }
+
+ _, _ = fmt.Fprintln(inv.Stderr, "Prebuilds are now paused.")
+ return nil
+ },
+ }
+ return cmd
+}
+
+func (r *RootCmd) resumePrebuilds() *serpent.Command {
+ client := new(codersdk.Client)
+ cmd := &serpent.Command{
+ Use: "resume",
+ Short: "Resume prebuilds",
+ Middleware: serpent.Chain(
+ serpent.RequireNArgs(0),
+ r.InitClient(client),
+ ),
+ Handler: func(inv *serpent.Invocation) error {
+ err := client.PutPrebuildsSettings(inv.Context(), codersdk.PrebuildsSettings{
+ ReconciliationPaused: false,
+ })
+ if err != nil {
+ return xerrors.Errorf("unable to resume prebuilds: %w", err)
+ }
+
+ _, _ = fmt.Fprintln(inv.Stderr, "Prebuilds are now resumed.")
+ return nil
+ },
+ }
+ return cmd
+}
diff --git a/enterprise/cli/prebuilds_test.go b/enterprise/cli/prebuilds_test.go
new file mode 100644
index 0000000000000..b5960436edcfb
--- /dev/null
+++ b/enterprise/cli/prebuilds_test.go
@@ -0,0 +1,343 @@
+package cli_test
+
+import (
+ "bytes"
+ "net/http"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "github.com/coder/coder/v2/cli/clitest"
+ "github.com/coder/coder/v2/coderd/coderdtest"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/enterprise/coderd/coderdenttest"
+ "github.com/coder/coder/v2/enterprise/coderd/license"
+)
+
+func TestPrebuildsPause(t *testing.T) {
+ t.Parallel()
+
+ t.Run("Success", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ inv, conf := newCLI(t, "prebuilds", "pause")
+ var buf bytes.Buffer
+ inv.Stderr = &buf
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.NoError(t, err)
+
+ // Verify the output message
+ assert.Contains(t, buf.String(), "Prebuilds are now paused.")
+
+ // Verify the settings were actually updated
+ //nolint:gocritic // Only owners can change deployment settings
+ settings, err := client.GetPrebuildsSettings(inv.Context())
+ require.NoError(t, err)
+ assert.True(t, settings.ReconciliationPaused)
+ })
+
+ t.Run("UnauthorizedUser", func(t *testing.T) {
+ t.Parallel()
+
+ adminClient, admin := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ // Create a regular user without admin privileges
+ client, _ := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID)
+
+ inv, conf := newCLI(t, "prebuilds", "pause")
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.Error(t, err)
+ var sdkError *codersdk.Error
+ require.ErrorAsf(t, err, &sdkError, "error should be of type *codersdk.Error")
+ assert.Equal(t, http.StatusForbidden, sdkError.StatusCode())
+ })
+
+ t.Run("NoLicense", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ DontAddLicense: true,
+ })
+
+ inv, conf := newCLI(t, "prebuilds", "pause")
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.Error(t, err)
+ // Should fail without license
+ var sdkError *codersdk.Error
+ require.ErrorAsf(t, err, &sdkError, "error should be of type *codersdk.Error")
+ assert.Equal(t, http.StatusForbidden, sdkError.StatusCode())
+ })
+
+ t.Run("AlreadyPaused", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ // First pause
+ inv1, conf := newCLI(t, "prebuilds", "pause")
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+ err := inv1.Run()
+ require.NoError(t, err)
+
+ // Try to pause again
+ inv2, conf2 := newCLI(t, "prebuilds", "pause")
+ clitest.SetupConfig(t, client, conf2)
+ err = inv2.Run()
+ require.NoError(t, err) // Should succeed even if already paused
+
+ // Verify still paused
+ //nolint:gocritic // Only owners can change deployment settings
+ settings, err := client.GetPrebuildsSettings(inv2.Context())
+ require.NoError(t, err)
+ assert.True(t, settings.ReconciliationPaused)
+ })
+}
+
+func TestPrebuildsResume(t *testing.T) {
+ t.Parallel()
+
+ t.Run("Success", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ // First pause prebuilds
+ inv1, conf := newCLI(t, "prebuilds", "pause")
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+ err := inv1.Run()
+ require.NoError(t, err)
+
+ // Then resume
+ inv2, conf2 := newCLI(t, "prebuilds", "resume")
+ var buf bytes.Buffer
+ inv2.Stderr = &buf
+ clitest.SetupConfig(t, client, conf2)
+
+ err = inv2.Run()
+ require.NoError(t, err)
+
+ // Verify the output message
+ assert.Contains(t, buf.String(), "Prebuilds are now resumed.")
+
+ // Verify the settings were actually updated
+ //nolint:gocritic // Only owners can change deployment settings
+ settings, err := client.GetPrebuildsSettings(inv2.Context())
+ require.NoError(t, err)
+ assert.False(t, settings.ReconciliationPaused)
+ })
+
+ t.Run("ResumeWhenNotPaused", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ // Resume without first pausing
+ inv, conf := newCLI(t, "prebuilds", "resume")
+ var buf bytes.Buffer
+ inv.Stderr = &buf
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.NoError(t, err)
+
+ // Should succeed and show the message
+ assert.Contains(t, buf.String(), "Prebuilds are now resumed.")
+
+ // Verify still not paused
+ //nolint:gocritic // Only owners can change deployment settings
+ settings, err := client.GetPrebuildsSettings(inv.Context())
+ require.NoError(t, err)
+ assert.False(t, settings.ReconciliationPaused)
+ })
+
+ t.Run("UnauthorizedUser", func(t *testing.T) {
+ t.Parallel()
+
+ adminClient, admin := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ // Create a regular user without admin privileges
+ client, _ := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID)
+
+ inv, conf := newCLI(t, "prebuilds", "resume")
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.Error(t, err)
+ var sdkError *codersdk.Error
+ require.ErrorAsf(t, err, &sdkError, "error should be of type *codersdk.Error")
+ assert.Equal(t, http.StatusForbidden, sdkError.StatusCode())
+ })
+
+ t.Run("NoLicense", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ DontAddLicense: true,
+ })
+
+ inv, conf := newCLI(t, "prebuilds", "resume")
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.Error(t, err)
+ // Should fail without license
+ var sdkError *codersdk.Error
+ require.ErrorAsf(t, err, &sdkError, "error should be of type *codersdk.Error")
+ assert.Equal(t, http.StatusForbidden, sdkError.StatusCode())
+ })
+}
+
+func TestPrebuildsCommand(t *testing.T) {
+ t.Parallel()
+
+ t.Run("Help", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ inv, conf := newCLI(t, "prebuilds", "--help")
+ var buf bytes.Buffer
+ inv.Stdout = &buf
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.NoError(t, err)
+
+ // Verify help output contains expected information
+ output := buf.String()
+ assert.Contains(t, output, "Manage Coder prebuilds")
+ assert.Contains(t, output, "pause")
+ assert.Contains(t, output, "resume")
+ assert.Contains(t, output, "Administrators can use these commands")
+ })
+
+ t.Run("NoSubcommand", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ inv, conf := newCLI(t, "prebuilds")
+ var buf bytes.Buffer
+ inv.Stdout = &buf
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+
+ err := inv.Run()
+ require.NoError(t, err)
+
+ // Should show help when no subcommand is provided
+ output := buf.String()
+ assert.Contains(t, output, "Manage Coder prebuilds")
+ assert.Contains(t, output, "pause")
+ assert.Contains(t, output, "resume")
+ })
+}
+
+func TestPrebuildsSettingsAPI(t *testing.T) {
+ t.Parallel()
+
+ t.Run("GetSettings", func(t *testing.T) {
+ t.Parallel()
+
+ client, _ := coderdenttest.New(t, &coderdenttest.Options{
+ LicenseOptions: &coderdenttest.LicenseOptions{
+ Features: license.Features{
+ codersdk.FeatureWorkspacePrebuilds: 1,
+ },
+ },
+ })
+
+ // Get initial settings
+ //nolint:gocritic // Only owners can change deployment settings
+ settings, err := client.GetPrebuildsSettings(t.Context())
+ require.NoError(t, err)
+ assert.False(t, settings.ReconciliationPaused)
+
+ // Pause prebuilds
+ inv1, conf := newCLI(t, "prebuilds", "pause")
+ //nolint:gocritic // Only owners can change deployment settings
+ clitest.SetupConfig(t, client, conf)
+ err = inv1.Run()
+ require.NoError(t, err)
+
+ // Get settings again
+ settings, err = client.GetPrebuildsSettings(t.Context())
+ require.NoError(t, err)
+ assert.True(t, settings.ReconciliationPaused)
+
+ // Resume prebuilds
+ inv2, conf2 := newCLI(t, "prebuilds", "resume")
+ clitest.SetupConfig(t, client, conf2)
+ err = inv2.Run()
+ require.NoError(t, err)
+
+ // Get settings one more time
+ settings, err = client.GetPrebuildsSettings(t.Context())
+ require.NoError(t, err)
+ assert.False(t, settings.ReconciliationPaused)
+ })
+}
diff --git a/enterprise/cli/root.go b/enterprise/cli/root.go
index 1af40ff1b2622..5b101fdbbb4b8 100644
--- a/enterprise/cli/root.go
+++ b/enterprise/cli/root.go
@@ -16,6 +16,7 @@ func (r *RootCmd) enterpriseOnly() []*serpent.Command {
r.features(),
r.licenses(),
r.groups(),
+ r.prebuilds(),
r.provisionerDaemons(),
r.provisionerd(),
}
diff --git a/enterprise/cli/testdata/coder_--help.golden b/enterprise/cli/testdata/coder_--help.golden
index 1522921a3efdd..fc16bb29b9010 100644
--- a/enterprise/cli/testdata/coder_--help.golden
+++ b/enterprise/cli/testdata/coder_--help.golden
@@ -17,6 +17,7 @@ SUBCOMMANDS:
features List Enterprise features
groups Manage groups
licenses Add, delete, and list licenses
+ prebuilds Manage Coder prebuilds
provisioner View and manage provisioner daemons and jobs
server Start a Coder server
diff --git a/enterprise/cli/testdata/coder_prebuilds_--help.golden b/enterprise/cli/testdata/coder_prebuilds_--help.golden
new file mode 100644
index 0000000000000..505779ae8b7bd
--- /dev/null
+++ b/enterprise/cli/testdata/coder_prebuilds_--help.golden
@@ -0,0 +1,24 @@
+coder v0.0.0-devel
+
+USAGE:
+ coder prebuilds
+
+ Manage Coder prebuilds
+
+ Aliases: prebuild
+
+ Administrators can use these commands to manage prebuilt workspace settings.
+ - Pause Coder prebuilt workspace reconciliation.:
+
+ $ coder prebuilds pause
+
+ - Resume Coder prebuilt workspace reconciliation if it has been paused.:
+
+ $ coder prebuilds resume
+
+SUBCOMMANDS:
+ pause Pause prebuilds
+ resume Resume prebuilds
+
+———
+Run `coder --help` for a list of global options.
diff --git a/enterprise/cli/testdata/coder_prebuilds_pause_--help.golden b/enterprise/cli/testdata/coder_prebuilds_pause_--help.golden
new file mode 100644
index 0000000000000..9ce905c4a0178
--- /dev/null
+++ b/enterprise/cli/testdata/coder_prebuilds_pause_--help.golden
@@ -0,0 +1,9 @@
+coder v0.0.0-devel
+
+USAGE:
+ coder prebuilds pause
+
+ Pause prebuilds
+
+———
+Run `coder --help` for a list of global options.
diff --git a/enterprise/cli/testdata/coder_prebuilds_resume_--help.golden b/enterprise/cli/testdata/coder_prebuilds_resume_--help.golden
new file mode 100644
index 0000000000000..22671572bbbd9
--- /dev/null
+++ b/enterprise/cli/testdata/coder_prebuilds_resume_--help.golden
@@ -0,0 +1,9 @@
+coder v0.0.0-devel
+
+USAGE:
+ coder prebuilds resume
+
+ Resume prebuilds
+
+———
+Run `coder --help` for a list of global options.
diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go
index 601700403f326..5f79608275f96 100644
--- a/enterprise/coderd/coderd.go
+++ b/enterprise/coderd/coderd.go
@@ -474,6 +474,14 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
r.Get("/", api.userQuietHoursSchedule)
r.Put("/", api.putUserQuietHoursSchedule)
})
+ r.Route("/prebuilds", func(r chi.Router) {
+ r.Use(
+ apiKeyMiddleware,
+ api.RequireFeatureMW(codersdk.FeatureWorkspacePrebuilds),
+ )
+ r.Get("/settings", api.prebuildsSettings)
+ r.Put("/settings", api.putPrebuildsSettings)
+ })
// The /notifications base route is mounted by the AGPL router, so we can't group it here.
// Additionally, because we have a static route for /notifications/templates/system which conflicts
// with the below route, we need to register this route without any mounts or groups to make both work.
diff --git a/enterprise/coderd/prebuilds.go b/enterprise/coderd/prebuilds.go
new file mode 100644
index 0000000000000..837bc17ad0db9
--- /dev/null
+++ b/enterprise/coderd/prebuilds.go
@@ -0,0 +1,120 @@
+package coderd
+
+import (
+ "bytes"
+ "encoding/json"
+ "net/http"
+
+ "github.com/google/uuid"
+
+ "github.com/coder/coder/v2/coderd/audit"
+ "github.com/coder/coder/v2/coderd/database"
+ "github.com/coder/coder/v2/coderd/httpapi"
+ "github.com/coder/coder/v2/coderd/rbac"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/enterprise/coderd/prebuilds"
+)
+
+// @Summary Get prebuilds settings
+// @ID get-prebuilds-settings
+// @Security CoderSessionToken
+// @Produce json
+// @Tags Prebuilds
+// @Success 200 {object} codersdk.PrebuildsSettings
+// @Router /prebuilds/settings [get]
+func (api *API) prebuildsSettings(rw http.ResponseWriter, r *http.Request) {
+ settingsJSON, err := api.Database.GetPrebuildsSettings(r.Context())
+ if err != nil {
+ httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
+ Message: "Failed to fetch current prebuilds settings.",
+ Detail: err.Error(),
+ })
+ return
+ }
+
+ var settings codersdk.PrebuildsSettings
+ if len(settingsJSON) > 0 {
+ if err := json.Unmarshal([]byte(settingsJSON), &settings); err != nil {
+ httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
+ Message: "Failed to unmarshal prebuilds settings.",
+ Detail: err.Error(),
+ })
+ return
+ }
+ }
+
+ httpapi.Write(r.Context(), rw, http.StatusOK, settings)
+}
+
+// @Summary Update prebuilds settings
+// @ID update-prebuilds-settings
+// @Security CoderSessionToken
+// @Accept json
+// @Produce json
+// @Tags Prebuilds
+// @Param request body codersdk.PrebuildsSettings true "Prebuilds settings request"
+// @Success 200 {object} codersdk.PrebuildsSettings
+// @Success 304
+// @Router /prebuilds/settings [put]
+func (api *API) putPrebuildsSettings(rw http.ResponseWriter, r *http.Request) {
+ ctx := r.Context()
+
+ var settings codersdk.PrebuildsSettings
+ if !httpapi.Read(ctx, rw, r, &settings) {
+ return
+ }
+
+ settingsJSON, err := json.Marshal(&settings)
+ if err != nil {
+ httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
+ Message: "Failed to marshal prebuilds settings.",
+ Detail: err.Error(),
+ })
+ return
+ }
+
+ currentSettingsJSON, err := api.Database.GetPrebuildsSettings(ctx)
+ if err != nil {
+ httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+ Message: "Failed to fetch current prebuilds settings.",
+ Detail: err.Error(),
+ })
+ return
+ }
+
+ if bytes.Equal(settingsJSON, []byte(currentSettingsJSON)) {
+ // See: https://www.rfc-editor.org/rfc/rfc7232#section-4.1
+ httpapi.Write(ctx, rw, http.StatusNotModified, nil)
+ return
+ }
+
+ auditor := api.AGPL.Auditor.Load()
+ aReq, commitAudit := audit.InitRequest[database.PrebuildsSettings](rw, &audit.RequestParams{
+ Audit: *auditor,
+ Log: api.Logger,
+ Request: r,
+ Action: database.AuditActionWrite,
+ })
+ defer commitAudit()
+
+ aReq.New = database.PrebuildsSettings{
+ ID: uuid.New(),
+ ReconciliationPaused: settings.ReconciliationPaused,
+ }
+
+ err = prebuilds.SetPrebuildsReconciliationPaused(ctx, api.Database, settings.ReconciliationPaused)
+ if err != nil {
+ if rbac.IsUnauthorizedError(err) {
+ httpapi.Forbidden(rw)
+ return
+ }
+ httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+ Message: "Failed to update prebuilds settings.",
+ Detail: err.Error(),
+ })
+
+ return
+ }
+
+ httpapi.Write(r.Context(), rw, http.StatusOK, settings)
+}
diff --git a/enterprise/coderd/prebuilds/metricscollector.go b/enterprise/coderd/prebuilds/metricscollector.go
index 4499849ffde0a..97b295dd19426 100644
--- a/enterprise/coderd/prebuilds/metricscollector.go
+++ b/enterprise/coderd/prebuilds/metricscollector.go
@@ -29,6 +29,7 @@ const (
MetricEligibleGauge = namespace + "eligible"
MetricPresetHardLimitedGauge = namespace + "preset_hard_limited"
MetricLastUpdatedGauge = namespace + "metrics_last_updated"
+ MetricReconciliationPausedGauge = namespace + "reconciliation_paused"
)
var (
@@ -95,6 +96,12 @@ var (
[]string{},
nil,
)
+ reconciliationPausedDesc = prometheus.NewDesc(
+ MetricReconciliationPausedGauge,
+ "Indicates whether prebuilds reconciliation is currently paused (1 = paused, 0 = not paused).",
+ []string{},
+ nil,
+ )
)
const (
@@ -114,6 +121,9 @@ type MetricsCollector struct {
isPresetHardLimited map[hardLimitedPresetKey]bool
isPresetHardLimitedMu sync.Mutex
+
+ reconciliationPaused bool
+ reconciliationPausedMu sync.RWMutex
}
var _ prometheus.Collector = new(MetricsCollector)
@@ -140,12 +150,22 @@ func (*MetricsCollector) Describe(descCh chan<- *prometheus.Desc) {
descCh <- eligiblePrebuildsDesc
descCh <- presetHardLimitedDesc
descCh <- lastUpdateDesc
+ descCh <- reconciliationPausedDesc
}
// Collect uses the cached state to set configured metrics.
// The state is cached because this function can be called multiple times per second and retrieving the current state
// is an expensive operation.
func (mc *MetricsCollector) Collect(metricsCh chan<- prometheus.Metric) {
+ mc.reconciliationPausedMu.RLock()
+ var pausedValue float64
+ if mc.reconciliationPaused {
+ pausedValue = 1
+ }
+ mc.reconciliationPausedMu.RUnlock()
+
+ metricsCh <- prometheus.MustNewConstMetric(reconciliationPausedDesc, prometheus.GaugeValue, pausedValue)
+
currentState := mc.latestState.Load() // Grab a copy; it's ok if it goes stale during the course of this func.
if currentState == nil {
mc.logger.Warn(context.Background(), "failed to set prebuilds metrics; state not set")
@@ -286,3 +306,10 @@ func (mc *MetricsCollector) registerHardLimitedPresets(isPresetHardLimited map[h
mc.isPresetHardLimited = isPresetHardLimited
}
+
+func (mc *MetricsCollector) setReconciliationPaused(paused bool) {
+ mc.reconciliationPausedMu.Lock()
+ defer mc.reconciliationPausedMu.Unlock()
+
+ mc.reconciliationPaused = paused
+}
diff --git a/enterprise/coderd/prebuilds/metricscollector_test.go b/enterprise/coderd/prebuilds/metricscollector_test.go
index 057f310fa2bc2..96c3d071ac48a 100644
--- a/enterprise/coderd/prebuilds/metricscollector_test.go
+++ b/enterprise/coderd/prebuilds/metricscollector_test.go
@@ -476,3 +476,97 @@ func findAllMetricSeries(metricsFamilies []*prometheus_client.MetricFamily, labe
}
return series
}
+
+func TestMetricsCollector_ReconciliationPausedMetric(t *testing.T) {
+ t.Parallel()
+
+ if !dbtestutil.WillUsePostgres() {
+ t.Skip("this test requires postgres")
+ }
+
+ t.Run("reconciliation_not_paused", func(t *testing.T) {
+ t.Parallel()
+
+ logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true})
+ db, pubsub := dbtestutil.NewDB(t)
+ cache := files.New(prometheus.NewRegistry(), &coderdtest.FakeAuthorizer{})
+ registry := prometheus.NewPedanticRegistry()
+ reconciler := prebuilds.NewStoreReconciler(db, pubsub, cache, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), registry, newNoopEnqueuer())
+ ctx := testutil.Context(t, testutil.WaitLong)
+
+ // Ensure no pause setting is set (default state)
+ err := db.UpsertPrebuildsSettings(ctx, `{}`)
+ require.NoError(t, err)
+
+ // Run reconciliation to update the metric
+ err = reconciler.ReconcileAll(ctx)
+ require.NoError(t, err)
+
+ // Check that the metric shows reconciliation is not paused
+ metricsFamilies, err := registry.Gather()
+ require.NoError(t, err)
+
+ metric := findMetric(metricsFamilies, prebuilds.MetricReconciliationPausedGauge, map[string]string{})
+ require.NotNil(t, metric, "reconciliation paused metric should exist")
+ require.NotNil(t, metric.GetGauge())
+ require.Equal(t, 0.0, metric.GetGauge().GetValue(), "reconciliation should not be paused")
+ })
+
+ t.Run("reconciliation_paused", func(t *testing.T) {
+ t.Parallel()
+
+ // Create isolated collector and registry for this test
+ logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true})
+ db, pubsub := dbtestutil.NewDB(t)
+ cache := files.New(prometheus.NewRegistry(), &coderdtest.FakeAuthorizer{})
+ registry := prometheus.NewPedanticRegistry()
+ reconciler := prebuilds.NewStoreReconciler(db, pubsub, cache, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), registry, newNoopEnqueuer())
+ ctx := testutil.Context(t, testutil.WaitLong)
+
+ // Set reconciliation to paused
+ err := prebuilds.SetPrebuildsReconciliationPaused(ctx, db, true)
+ require.NoError(t, err)
+
+ // Run reconciliation to update the metric
+ err = reconciler.ReconcileAll(ctx)
+ require.NoError(t, err)
+
+ // Check that the metric shows reconciliation is paused
+ metricsFamilies, err := registry.Gather()
+ require.NoError(t, err)
+
+ metric := findMetric(metricsFamilies, prebuilds.MetricReconciliationPausedGauge, map[string]string{})
+ require.NotNil(t, metric, "reconciliation paused metric should exist")
+ require.NotNil(t, metric.GetGauge())
+ require.Equal(t, 1.0, metric.GetGauge().GetValue(), "reconciliation should be paused")
+ })
+
+ t.Run("reconciliation_resumed", func(t *testing.T) {
+ t.Parallel()
+
+ // Create isolated collector and registry for this test
+ logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true})
+ db, pubsub := dbtestutil.NewDB(t)
+ cache := files.New(prometheus.NewRegistry(), &coderdtest.FakeAuthorizer{})
+ registry := prometheus.NewPedanticRegistry()
+ reconciler := prebuilds.NewStoreReconciler(db, pubsub, cache, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), registry, newNoopEnqueuer())
+ ctx := testutil.Context(t, testutil.WaitLong)
+
+ // Set reconciliation back to not paused
+ err := prebuilds.SetPrebuildsReconciliationPaused(ctx, db, false)
+ require.NoError(t, err)
+
+ // Run reconciliation to update the metric
+ err = reconciler.ReconcileAll(ctx)
+ require.NoError(t, err)
+
+ // Check that the metric shows reconciliation is not paused
+ metricsFamilies, err := registry.Gather()
+ require.NoError(t, err)
+
+ metric := findMetric(metricsFamilies, prebuilds.MetricReconciliationPausedGauge, map[string]string{})
+ require.NotNil(t, metric, "reconciliation paused metric should exist")
+ require.NotNil(t, metric.GetGauge())
+ require.Equal(t, 0.0, metric.GetGauge().GetValue(), "reconciliation should not be paused")
+ })
+}
diff --git a/enterprise/coderd/prebuilds/reconcile.go b/enterprise/coderd/prebuilds/reconcile.go
index 343a639845f44..44e0e82c8881a 100644
--- a/enterprise/coderd/prebuilds/reconcile.go
+++ b/enterprise/coderd/prebuilds/reconcile.go
@@ -3,6 +3,7 @@ package prebuilds
import (
"context"
"database/sql"
+ "encoding/json"
"errors"
"fmt"
"math"
@@ -14,7 +15,6 @@ import (
"github.com/hashicorp/go-multierror"
"github.com/prometheus/client_golang/prometheus"
- "github.com/coder/coder/v2/coderd/files"
"github.com/coder/quartz"
"github.com/coder/coder/v2/coderd/audit"
@@ -22,6 +22,7 @@ import (
"github.com/coder/coder/v2/coderd/database/dbauthz"
"github.com/coder/coder/v2/coderd/database/provisionerjobs"
"github.com/coder/coder/v2/coderd/database/pubsub"
+ "github.com/coder/coder/v2/coderd/files"
"github.com/coder/coder/v2/coderd/notifications"
"github.com/coder/coder/v2/coderd/prebuilds"
"github.com/coder/coder/v2/coderd/rbac"
@@ -256,6 +257,28 @@ func (c *StoreReconciler) ReconcileAll(ctx context.Context) error {
logger.Debug(ctx, "starting reconciliation")
err := c.WithReconciliationLock(ctx, logger, func(ctx context.Context, _ database.Store) error {
+ // Check if prebuilds reconciliation is paused
+ settingsJSON, err := c.store.GetPrebuildsSettings(ctx)
+ if err != nil {
+ return xerrors.Errorf("get prebuilds settings: %w", err)
+ }
+
+ var settings codersdk.PrebuildsSettings
+ if len(settingsJSON) > 0 {
+ if err := json.Unmarshal([]byte(settingsJSON), &settings); err != nil {
+ return xerrors.Errorf("unmarshal prebuilds settings: %w", err)
+ }
+ }
+
+ if c.metrics != nil {
+ c.metrics.setReconciliationPaused(settings.ReconciliationPaused)
+ }
+
+ if settings.ReconciliationPaused {
+ logger.Info(ctx, "prebuilds reconciliation is paused, skipping reconciliation")
+ return nil
+ }
+
snapshot, err := c.SnapshotState(ctx, c.store)
if err != nil {
return xerrors.Errorf("determine current snapshot: %w", err)
@@ -884,3 +907,18 @@ func (c *StoreReconciler) trackResourceReplacement(ctx context.Context, workspac
return notifErr
}
+
+type Settings struct {
+ ReconciliationPaused bool `json:"reconciliation_paused"`
+}
+
+func SetPrebuildsReconciliationPaused(ctx context.Context, db database.Store, paused bool) error {
+ settings := Settings{
+ ReconciliationPaused: paused,
+ }
+ settingsJSON, err := json.Marshal(settings)
+ if err != nil {
+ return xerrors.Errorf("marshal settings: %w", err)
+ }
+ return db.UpsertPrebuildsSettings(ctx, string(settingsJSON))
+}
diff --git a/enterprise/coderd/prebuilds/reconcile_test.go b/enterprise/coderd/prebuilds/reconcile_test.go
index 44ecf168a03ca..fce5269214ed1 100644
--- a/enterprise/coderd/prebuilds/reconcile_test.go
+++ b/enterprise/coderd/prebuilds/reconcile_test.go
@@ -2143,3 +2143,80 @@ func mustParseTime(t *testing.T, layout, value string) time.Time {
require.NoError(t, err)
return parsedTime
}
+
+func TestReconciliationRespectsPauseSetting(t *testing.T) {
+ t.Parallel()
+
+ if !dbtestutil.WillUsePostgres() {
+ t.Skip("This test requires postgres")
+ }
+
+ ctx := testutil.Context(t, testutil.WaitLong)
+ clock := quartz.NewMock(t)
+ db, ps := dbtestutil.NewDB(t)
+ cfg := codersdk.PrebuildsConfig{
+ ReconciliationInterval: serpent.Duration(testutil.WaitLong),
+ }
+ logger := testutil.Logger(t)
+ cache := files.New(prometheus.NewRegistry(), &coderdtest.FakeAuthorizer{})
+ reconciler := prebuilds.NewStoreReconciler(db, ps, cache, cfg, logger, clock, prometheus.NewRegistry(), newNoopEnqueuer())
+
+ // Setup a template with a preset that should create prebuilds
+ org := dbgen.Organization(t, db, database.Organization{})
+ user := dbgen.User(t, db, database.User{})
+ template := dbgen.Template(t, db, database.Template{
+ CreatedBy: user.ID,
+ OrganizationID: org.ID,
+ })
+ templateVersionID := setupTestDBTemplateVersion(ctx, t, clock, db, ps, org.ID, user.ID, template.ID)
+ _ = setupTestDBPreset(t, db, templateVersionID, 2, "test")
+
+ // Initially, reconciliation should create prebuilds
+ err := reconciler.ReconcileAll(ctx)
+ require.NoError(t, err)
+
+ // Verify that prebuilds were created
+ workspaces, err := db.GetWorkspacesByTemplateID(ctx, template.ID)
+ require.NoError(t, err)
+ require.Len(t, workspaces, 2, "should have created 2 prebuilds")
+
+ // Now pause prebuilds reconciliation
+ err = prebuilds.SetPrebuildsReconciliationPaused(ctx, db, true)
+ require.NoError(t, err)
+
+ // Delete the existing prebuilds to simulate a scenario where reconciliation would normally recreate them
+ for _, workspace := range workspaces {
+ err = db.UpdateWorkspaceDeletedByID(ctx, database.UpdateWorkspaceDeletedByIDParams{
+ ID: workspace.ID,
+ Deleted: true,
+ })
+ require.NoError(t, err)
+ }
+
+ // Verify prebuilds are deleted
+ workspaces, err = db.GetWorkspacesByTemplateID(ctx, template.ID)
+ require.NoError(t, err)
+ require.Len(t, workspaces, 0, "prebuilds should be deleted")
+
+ // Run reconciliation again - it should be paused and not recreate prebuilds
+ err = reconciler.ReconcileAll(ctx)
+ require.NoError(t, err)
+
+ // Verify that no new prebuilds were created because reconciliation is paused
+ workspaces, err = db.GetWorkspacesByTemplateID(ctx, template.ID)
+ require.NoError(t, err)
+ require.Len(t, workspaces, 0, "should not create prebuilds when reconciliation is paused")
+
+ // Resume prebuilds reconciliation
+ err = prebuilds.SetPrebuildsReconciliationPaused(ctx, db, false)
+ require.NoError(t, err)
+
+ // Run reconciliation again - it should now recreate the prebuilds
+ err = reconciler.ReconcileAll(ctx)
+ require.NoError(t, err)
+
+ // Verify that prebuilds were recreated
+ workspaces, err = db.GetWorkspacesByTemplateID(ctx, template.ID)
+ require.NoError(t, err)
+ require.Len(t, workspaces, 2, "should have recreated 2 prebuilds after resuming")
+}
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index 6552c0f0d56d3..7699043dabf82 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -1772,6 +1772,11 @@ export interface PrebuildsConfig {
readonly failure_hard_limit: number;
}
+// From codersdk/prebuilds.go
+export interface PrebuildsSettings {
+ readonly reconciliation_paused: boolean;
+}
+
// From codersdk/presets.go
export interface Preset {
readonly ID: string;
@@ -2277,6 +2282,7 @@ export type ResourceType =
| "oauth2_provider_app_secret"
| "organization"
| "organization_member"
+ | "prebuilds_settings"
| "template"
| "template_version"
| "user"
@@ -2303,6 +2309,7 @@ export const ResourceTypes: ResourceType[] = [
"oauth2_provider_app_secret",
"organization",
"organization_member",
+ "prebuilds_settings",
"template",
"template_version",
"user",