:)

aslilac · aslilac · commit 4f193d7172cb · 2025-04-01T20:55:47.000Z
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -1852,13 +1852,6 @@ func (q *querier) GetLatestCryptoKeyByFeature(ctx context.Context, feature datab
 	return q.db.GetLatestCryptoKeyByFeature(ctx, feature)
 }
 
-func (q *querier) GetLatestWorkspaceAppStatusesByWorkspaceIDs(ctx context.Context, ids []uuid.UUID) ([]database.WorkspaceAppStatus, error) {
-	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
-		return nil, err
-	}
-	return q.db.GetLatestWorkspaceAppStatusesByWorkspaceIDs(ctx, ids)
-}
-
 func (q *querier) GetLatestWorkspaceBuildByWorkspaceID(ctx context.Context, workspaceID uuid.UUID) (database.WorkspaceBuild, error) {
 	if _, err := q.GetWorkspaceByID(ctx, workspaceID); err != nil {
 		return database.WorkspaceBuild{}, err
@@ -2466,23 +2459,12 @@ func (q *querier) GetTemplateVersionParameters(ctx context.Context, templateVers
 }
 
 func (q *querier) GetTemplateVersionTerraformValues(ctx context.Context, templateVersionID uuid.UUID) (database.TemplateVersionTerraformValue, error) {
-	tv, err := q.db.GetTemplateVersionByID(ctx, templateVersionID)
-	if err != nil {
-		return database.TemplateVersionTerraformValue{}, err
-	}
-
-	var object rbac.Objecter
-	template, err := q.db.GetTemplateByID(ctx, tv.TemplateID.UUID)
+	// The template_version_terraform_values table should follow the same access
+	// control as the template_version table. Rather than reimplement the checks,
+	// we just defer to existing implementation. (plus we'd need to use this query
+	// to reimplement the proper checks anyway)
+	_, err := q.GetTemplateVersionByID(ctx, templateVersionID)
 	if err != nil {
-		if !errors.Is(err, sql.ErrNoRows) {
-			return database.TemplateVersionTerraformValue{}, err
-		}
-		object = rbac.ResourceTemplate.InOrg(tv.OrganizationID)
-	} else {
-		object = tv.RBACObject(template)
-	}
-
-	if err := q.authorizeContext(ctx, policy.ActionRead, object); err != nil {
 		return database.TemplateVersionTerraformValue{}, err
 	}
 	return q.db.GetTemplateVersionTerraformValues(ctx, templateVersionID)
@@ -2896,13 +2878,6 @@ func (q *querier) GetWorkspaceAppByAgentIDAndSlug(ctx context.Context, arg datab
 	return q.db.GetWorkspaceAppByAgentIDAndSlug(ctx, arg)
 }
 
-func (q *querier) GetWorkspaceAppStatusesByAppIDs(ctx context.Context, ids []uuid.UUID) ([]database.WorkspaceAppStatus, error) {
-	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
-		return nil, err
-	}
-	return q.db.GetWorkspaceAppStatusesByAppIDs(ctx, ids)
-}
-
 func (q *querier) GetWorkspaceAppsByAgentID(ctx context.Context, agentID uuid.UUID) ([]database.WorkspaceApp, error) {
 	if _, err := q.GetWorkspaceByAgentID(ctx, agentID); err != nil {
 		return nil, err
@@ -3596,13 +3571,6 @@ func (q *querier) InsertWorkspaceAppStats(ctx context.Context, arg database.Inse
 	return q.db.InsertWorkspaceAppStats(ctx, arg)
 }
 
-func (q *querier) InsertWorkspaceAppStatus(ctx context.Context, arg database.InsertWorkspaceAppStatusParams) (database.WorkspaceAppStatus, error) {
-	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil {
-		return database.WorkspaceAppStatus{}, err
-	}
-	return q.db.InsertWorkspaceAppStatus(ctx, arg)
-}
-
 func (q *querier) InsertWorkspaceBuild(ctx context.Context, arg database.InsertWorkspaceBuildParams) error {
 	w, err := q.db.GetWorkspaceByID(ctx, arg.WorkspaceID)
 	if err != nil {
diff --git a/coderd/templateversions.go b/coderd/templateversions.go
@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"net/http"
 	"os"
 
@@ -35,6 +36,7 @@ import (
 	"github.com/coder/coder/v2/coderd/tracing"
 	"github.com/coder/coder/v2/coderd/util/ptr"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/wsjson"
 	"github.com/coder/coder/v2/examples"
 	"github.com/coder/coder/v2/provisioner/terraform/tfparse"
 	"github.com/coder/coder/v2/provisionersdk"
@@ -43,7 +45,6 @@ import (
 	previewtypes "github.com/coder/preview/types"
 	previewweb "github.com/coder/preview/web"
 	"github.com/coder/websocket"
-	"github.com/coder/websocket/wsjson"
 )
 
 // @Summary Get template version by ID
@@ -299,7 +300,23 @@ func (api *API) templateVersionDynamicParameters(rw http.ResponseWriter, r *http
 		return
 	}
 
-	fileID, err := api.Database.GetFileIDByTemplateVersionID(ctx, templateVersion.ID)
+	// Having the Terraform plan available for the evaluation engine is helpful
+	// for populating values from data blocks, but isn't strictly required. If
+	// we don't have a cached plan available, we just use an empty one instead.
+	var plan json.RawMessage = []byte("{}")
+	tf, err := api.Database.GetTemplateVersionTerraformValues(ctx, templateVersion.ID)
+	if err == nil {
+		plan = tf.CachedPlan
+	}
+
+	input := preview.Input{
+		PlanJSON:        plan,
+		ParameterValues: map[string]string{},
+		Owner:           previewtypes.WorkspaceOwner{},
+	}
+
+	fileCtx := dbauthz.AsProvisionerd(ctx)
+	fileID, err := api.Database.GetFileIDByTemplateVersionID(fileCtx, templateVersion.ID)
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
 			Message: "Internal error finding template version Terraform.",
@@ -308,7 +325,8 @@ func (api *API) templateVersionDynamicParameters(rw http.ResponseWriter, r *http
 		return
 	}
 
-	fs, err := api.FileCache.Acquire(fileID)
+	fs, err := api.FileCache.Acquire(fileCtx, fileID)
+	defer api.FileCache.Release(fileID)
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
 			Message: "Internal error fetching template version Terraform.",
@@ -317,37 +335,45 @@ func (api *API) templateVersionDynamicParameters(rw http.ResponseWriter, r *http
 		return
 	}
 
-	// Having the Terraform plan available for the evaluation engine is helpful
-	// for populating values from data blocks, but isn't strictly required. If
-	// we don't have a cached plan available, we just use an empty one instead.
-	var plan json.RawMessage = []byte("{}")
-	tf, err := api.Database.GetTemplateVersionTerraformValues(ctx, templateVersion.ID)
-	if err == nil {
-		plan = tf.CachedPlan
-	}
-
-	// TODO: idk if I need to set any options here. it doesn't seem like anyone
-	// else does, but steven had to set a * domain in the prototype. do we need
-	// to specify some host or anything?
-	conn, err := websocket.Accept(rw, r, &websocket.AcceptOptions{})
+	conn, err := websocket.Accept(rw, r, nil)
 	if err != nil {
-		httpapi.Write(ctx, rw, http.StatusBadGateway, codersdk.Response{
-			Message: "devour feculence mr drummond",
+		httpapi.Write(ctx, rw, http.StatusUpgradeRequired, codersdk.Response{
+			Message: "Failed to accept WebSocket.",
+			Detail:  err.Error(),
 		})
 		return
 	}
 
-	input := preview.Input{
-		PlanJSON:        plan,
-		ParameterValues: map[string]string{},
-		Owner:           previewtypes.WorkspaceOwner{},
-	}
+	stream := wsjson.NewStream[previewweb.Request, previewweb.Response](conn, websocket.MessageText, websocket.MessageText, api.Logger)
 
+	// Send an initial form state, computed without any user input.
 	result, diagnostics := preview.Preview(ctx, input, fs)
-	wsjson.Write(ctx, conn, previewweb.Response{
+	stream.Send(previewweb.Response{
+		// or maybe it could be -1 or something? it just has to be unique from
+		// anything a client could reasonably send.
+		ID:          math.MaxInt32,
 		Parameters:  result.Parameters,
 		Diagnostics: previewtypes.Diagnostics(diagnostics),
 	})
+
+	// As the user types into the form, reprocess the state using their input,
+	// and respond with updates.
+	updates := stream.Chan()
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case update := <-updates:
+			newInput := input
+			newInput.ParameterValues = update.Inputs
+			result, diagnostics := preview.Preview(ctx, input, fs)
+			stream.Send(previewweb.Response{
+				ID:          update.ID,
+				Parameters:  result.Parameters,
+				Diagnostics: previewtypes.Diagnostics(diagnostics),
+			})
+		}
+	}
 }
 
 // @Summary Get rich parameters by template version
diff --git a/codersdk/wsjson/stream.go b/codersdk/wsjson/stream.go
@@ -0,0 +1,50 @@
+package wsjson
+
+import (
+	"context"
+	"encoding/json"
+
+	"cdr.dev/slog"
+	"github.com/coder/websocket"
+	"golang.org/x/xerrors"
+)
+
+// Stream is a two-way messaging interface over a WebSocket connection.
+// As an implementation detail, we cannot currently use Encoder to implement
+// the writing side of things because it only supports sending one message, and
+// then immediately closing the WebSocket.
+type Stream[R any, W any] struct {
+	conn *websocket.Conn
+	r    *Decoder[R]
+
+	writeType websocket.MessageType
+}
+
+func NewStream[R any, W any](conn *websocket.Conn, readType, writeType websocket.MessageType, logger slog.Logger) *Stream[R, W] {
+	return &Stream[R, W]{
+		conn:      conn,
+		r:         NewDecoder[R](conn, readType, logger),
+		writeType: writeType,
+	}
+}
+
+func (s *Stream[R, W]) Chan() <-chan R {
+	return s.r.Chan()
+}
+
+func (s *Stream[R, W]) Send(v W) error {
+	w, err := s.conn.Writer(context.Background(), s.writeType)
+	if err != nil {
+		return xerrors.Errorf("get websocket writer: %w", err)
+	}
+	j := json.NewEncoder(w)
+	err = j.Encode(v)
+	if err != nil {
+		return xerrors.Errorf("encode json: %w", err)
+	}
+	return nil
+}
+
+func (s *Stream[R, W]) Close(c websocket.StatusCode) error {
+	return s.conn.Close(c, "")
+}
