- We were instantiating a cryptokey cache with a vanilla reference to
the database instead of one wrapped by dbcrypt.
- Fixes an issue where failing to instantiate unrelated keycaches does
not fatally error out.
Part of https://github.com/coder/coder/issues/15176
I originally kept this the same because I wanted to be conservative
about when we start dropping activity, but this is proving to be a
problem when using `coder ssh` with `--usage-app=disabled`. Because the
workspace agent still counts this as a connection (I think it still
should so it's counted somewhere) but not as a SSH / IDE session. This
leads to background ssh tasks that want to be untracked still continuing
to bump activity when it shouldn't. This makes it so we have to have an
explicit session to bump activity.
Closes https://github.com/coder/coder/issues/15154
Log when someone attempts to either
- Request a one-time passcode for an account that doesn't exist
- Attempt to change a password with an invalid one-time passcode and/or
email
---------
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
Closes#15212
## Changes made
- Updated logic so that proxy config is only requested when appropriate,
instead of for all users on all deployment pages
- Split up the main context provider for the `/deployment` and
`/organizations` routes, and updated layout logic for
`ManagementSettingsLayout` layout component. This ensures the sidebar is
always visible, even if request errors happen
- Added additional routing safeguards to make sure that even if a user
can view one page in the deployment section, they won't be able to
navigate directly to any arbitrary deployment page
- Updated logic for sidebar navigation to ensure that nav items only
appear when the user truly has permission
- Centralized a lot of the orgs logic into the `useAuthenticated` hook
- Added additional check cases to the `permissions.tsx` file, to give
more granularity, and added missing type-checking
- Extended the API for the `RequirePermissions` component to let it
redirect users anywhere
- Updated some of our testing setup files to ensure that types were
defined correctly
---------
Co-authored-by: McKayla Washburn <mckayla@hey.com>
Previously, `make gen` ran on CI whenever a non-docs change was made.
Based off the problem described in #15252, it sounds like CI should
*always* be running `gen`.
(Because I broke it, currently PR `gen` is getting skipped unless the
`ci` category is updated)
https://github.com/coder/coder/pull/15203 was merged with a failing
`make gen`, as it only updated the docs. This makes it so this can't
happen again.
The capitalization of the Go type used in the auto-generated docs
(`codersdk.OAuth2GithubConfig`) wasn't updated as it would technically
be a breaking change for the sdk.
Before db_metrics were all or nothing. Now `InTx` metrics are always recorded, and query metrics are opt in.
Adds instrumentation & logging around serialization failures in the database.
Related to https://github.com/coder/coder/issues/15087
As part of sniffing the workspace tags from an uploaded file, we need to
be able to handle both zip and tar files. Extracting the functions to
a separate `archive` package will be helpful here.
Working on #15202
The main change is to fetch the user doing the action to verify if it
should be able to change the password if there's no old_password set.
Customers reporting html pages returned to SCIM. Likely a disabled SCIM.
We should just report a more consumable error by the SCIM provider.
Previous behavior was a status code 200 HTML page
- Fixes an issue where building the Docker image failed due to moving
the directory hosting the Dockerfile
- Removed the Palo Alto scanning since our subscription there is set to
expire. Trivy is still running though.
The authz check is Update() on the original template. This is not ideal,
but it follows the existing behavior. We are implicitly granting this
read access since template admins need to be able to see what
users/groups exist to assign.
The go tests that would have checked for the outdated golden files
didn't get run as part of https://github.com/coder/coder/pull/14817
because only `helm/**` files were modified.
fixes https://github.com/coder/internal/issues/114
We need to wait for ServerTailnet goroutines to finish when closing down, otherwise we can race with the shutdown of coderd & the coordinator, which causes errors.
Joins in fields like `username`, `avatar_url`, `organization_name`,
`template_name` to `workspaces` via a **view**.
The view must be maintained moving forward, but this prevents needing to
add RBAC permissions to fetch related workspace fields.
This PR aims to close#14253
We keep the default behavior using the Coder logo if there's no logo
set.
Otherwise we want to use the logo based on the URL set in appearance.
---------
Co-authored-by: defelmnq <yvincent@coder.com>
Fixes https://github.com/coder/coder/issues/12721
If a container in docker is started with `--cgroupns=private` (which is
the default behaviour in docker) then `/proc/1/cgroup` has the following
content:
```
0::/
```
If a container in docker is started with `--cgroupns=host` then
`/proc/1/cgroup` has the following content (hash will vary):
```
0::/docker/aa86ac98959eeedeae0ecb6e0c9ddd8ae8b97a9d0fdccccf7ea7a474f4e0bb1f
```
Currently we are determining if a host is containerized by assuming the
second scenario. This means the existing behaviour of sniffing
`/proc/1/cgroup` is not always sufficient for checking if a host is
containerized.
According to [the cgroups(7)
man-page](https://man7.org/linux/man-pages/man7/cgroups.7.html) there
exists a `cgroup.type` file in a nonroot cgroup. This exists in Linux
versions after `4.14`.
> Linux 4.14 added thread mode for cgroups v2.
> With the addition of thread mode, each nonroot cgroup now contains a
new file, cgroup.type
This means we can check for the existence of
`/sys/fs/cgroup/cgroup.type` to see if we are in a container or not.
In investigating https://github.com/coder/internal/issues/109 I noticed many of the notification tests are still using `time.Sleep` and `require.Eventually`. This is an initial effort to start converting these to Quartz.
One product change is to switch the `notifier` to use a `TickerFunc` instead of a normal Ticker, since it allows the test to assert that a batch process is complete via the Quartz `Mock` clock. This does introduce one slight behavioral change in that the notifier waits the fetch interval before processing its first batch. In practice, this is inconsequential: no one will notice if we send notifications immediately on startup, or just a little later.
But, it does make a difference to some tests, which are fixed up here.
A bunch of notification tests create a whole `coderd`, when all they use is the database and logger. This makes the tests more expensive to run, and pollutes the test logs with a bunch of stuff that doesn't matter (e.g. tailnet).
Fixes https://github.com/coder/internal/issues/93
`bytes.Buffer` is not concurrency-safe.
`cmd` could write to the buffer concurrently while we're reading the
buffer in
```
require.Eventually(t, func() bool {
return bytes.Contains(output.Bytes(), []byte("ERROR: Downloaded agent binary returned unexpected version output"))
}, testutil.WaitShort, testutil.IntervalSlow)
```
Not sure about the `os: process already finished` flake, though.
---------
Signed-off-by: Danny Kopping <danny@coder.com>
- Adds `provisionerDaemon.keySecretName` and
`provisionerDaemon.keySecretKey`
- Omitting `provisionerDaemon.pskSecretName` will now cause the PSK
secret to no longer be created.
- Adds a note in `NOTES.txt` regarding provisioner PSKs.
- Adds validation that either `provisionerDaemon.keySecretName` or
`provisionerDaemon.pskSecretName` is specified, and will fail the
install in this case.
This PR aims to rename `build-option` to `ephemeral-parameters` based on
#10488 conversation.
`build-option` has been renamed `ephemeral-parameter` and can be used to
define a value for an ephemeral parameter in the template.
`build-options` has been renamed `prompt-ephemeral-parameters` and can
be used to prompt the user to put values for the ephemeral parameters in
the template.
---------
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: defelmnq <yvincent@coder.com>
This PR is a proposal to improve the situation described in #14750
For some precise commands - we would like to be able to use durations
bigger than hours, minutes..
This PR extends the Duration proposed by Go with :
- `d` - a day or 24hours.
- `y` - a year or 365 days.
I also removed the default value for lifetime and instead fetch the
maxLifetime value from codersdk - so by default if no value set we use
the value defined in the config.
Added logging information to output timing information of this for
loop. If we get another failure, this timing information should be
helpful.
I also made the time drift allowed (was 10s) to match the maximum
waiting time of the for loop. It's not perfect, but now the loop should
take max ~15s, and the time comparison will allow 15s leeway.
This PR closes#15065.
As advised by @mtojek, a template's display name may be set to "", which
is not useful in an email notification. We'd like to provide a friendly
name for the template, but it also needs to be identifiable.
As such, we fall back to template.Name in the case that the template's
display name is empty.
Use specific commit SHAs for GitHub actions across various workflows to
enhance reliability and reproducibility. This change ensures that
actions run against a known version, reducing the risk of unexpected
issues due to updates in the third-party action repositories.
This contributes to improving the score in #14879
We run our e2e-tests on a 16-core machine with `--max-workers=1`
Using a standard runner with 2 cores, the machine runs the tests in the
same amount of time while reducing the cost 8 times.
Update: `test-e2e` fails on the 2core-8GB runner, so using a 4-core-16GB runner for that.
This Pull request addresses the more trivial items in
https://github.com/coder/coder/issues/14893.
These were simple formatting changes that I was able to fix despite
limited context.
Some more changes are required for which I will have to dig a bit deeper
into how the template contexts are populated. I'm happy to add those to
this PR or create a subsequent PR.
A test is currently failing because it relies on Sidney Tz.
from the internet :
```
Daylight Saving Time begins at 2 am (AEST) on the first Sunday in October and ends at 3 am (Australian Eastern Daylight Time) on the first Sunday in April.
```
Due to that - there's one hour missing in the tests - and the test `6
days are acceptable` is failing.
Changing to another timezone to fix the situation, it would require a
longer-term solution or making sure it cannot happen anymore.
fixes#14961
Adding the license and updating entitlements is flaky, especially at the start of our `coderdent` testing because, while the actual modifications to the `entitlements.Set` were threadsafe, we could have multiple goroutines reading from the database and writing to the set, so we could end up writing stale data.
This enforces serialization on updates, so that if you modify the database and kick off an update, you know the state of the `Set` is at least as fresh as your database update.
Relates to https://github.com/coder/coder/issues/14232
This implements two endpoints (names subject to change):
- `/api/v2/users/otp/request`
- `/api/v2/users/otp/change-password`
fixes#14715
Configures agents to use an address both in the Tailscale service prefix and the new Coder service prefix. Also modifies the Coordinator auth to allow the new prefix.
Updates `coder/tailscale` to include https://github.com/coder/tailscale/pull/62 which fixes a bug around forwarding TCP connections to localhost. This functionality is tested in the modifications to `TestAgent_Dial`.
re: #14715
This PR introduces the Coder service prefix: `fd60:627a:a42b::/48` and refactors our existing code as calling the Tailscale service prefix explicitly (rather than implicitly).
Removes the unused `Addresses` agent option. All clients today assume they can compute the Agent's IP address based on its UUID, so an agent started with a custom address would break things.
- Adds a `jwtutils` package to be shared amongst the various
packages in the codebase that make use of JWTs. It's intended to help us
standardize on one library instead of some implementations using
`go-jose` and others using `golang-jwt`.
The main reason we're converging on `go-jose` is due to its support for
JWEs, `golang-jwt` also has a repo to handle it but it doesn't look
maintained: https://github.com/golang-jwt/jwe
Bumps [@swc/jest](https://github.com/swc-project/pkgs) from 0.2.24 to
0.2.36.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/swc-project/pkgs/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@chakra-ui/react](https://github.com/chakra-ui/chakra-ui/tree/HEAD/packages/components/react)
from 2.8.2 to 2.9.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/chakra-ui/chakra-ui/commits/HEAD/packages/components/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
We've had some reports about difficulty connecting to workspaces under very challenging networking conditions. This PR adds some advice about minimum network quality when connecting to workspaces with Coder.
## Changes made
- Updated custom avatar components to favor background color by default
- Updated `AvatarData` component to let you manually specify the source
of the text used when images fail to load, and updated the orgs
breadcrumb segment to use it
- Added some logic for handling emoji images better
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 20.14.8 to 20.16.10.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 20.14.8 to 20.16.10.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash)
from 4.14.196 to 4.17.9.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- [x] Mention Orgs is beta and add a link to get feedback
- [x] Add docs on new provisioner authentication architecture and
deprecate the old one
- [x] Add/update docs for IdP sync
- [x] Organization Sync
- [x] Group Sync
- [x] Role Sync
- [x] Modify `coder.com` codebase to add `Premium` and `Beta` pill, and
allow multiple pills: https://github.com/coder/coder.com/pull/638
- [x] Replace all mentions of "Enterprise" with "Premium" in docs
- [x] edit: change it to "Licensing"
- [x] Remove the enterprise page and change all links to
coder.com/pricing
- [x] Merge #14786
- [x] Add redirects for coder.com to redirect the `using-organizations`
guide to the new orgs one and /enterprise to /premium
https://github.com/coder/coder.com/pull/645
- [x] Custom roles
- [x] https://github.com/coder/coder/pull/14786
- [x] Remove all mentions of orgs experiment
- [x] Update in-product copy & links to link to the new docs pages
Anything I am missing?
---
[Preview
this](https://coder.com/docs/@orgs-licenses/admin/organizations)
---------
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Jaayden Halko <jaayden.halko@gmail.com>
- Adds the database implementation for fetching and caching keys
used for JWT signing. It's been merged into the `keyrotate` pkg and
renamed to `cryptokeys` since they're coupled concepts.
Bumps the react group with 1 update in the /offlinedocs directory:
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react).
Bumps the react group with 2 updates in the /site directory:
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
and
[@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom).
Updates `@types/react` from 18.3.3 to 18.3.10
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />
Updates `@types/react` from 18.2.6 to 18.3.10
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />
Updates `@types/react-dom` from 18.2.4 to 18.3.0
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: BrunoQuaresma <bruno_nonato_quaresma@hotmail.com>
Bumps
[@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash)
from 4.17.6 to 4.17.9.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
I'm seeing flakes like
```
provisionerkeys_test.go:68: 2024-09-30 05:58:44.686: cmd: matched newline = "CREATED AT NAME TAGS "
provisionerkeys_test.go:72: 2024-09-30 05:58:44.686: cmd: matched newline = "2024-09-30T05:58:44Z dont-test-me my=way foo=bar "
provisionerkeys_test.go:74:
Error Trace: /Users/runner/work/coder/coder/enterprise/cli/provisionerkeys_test.go:74
Error: "2024-09-30T05:58:44Z dont-test-me my=way foo=bar " does not contain "foo=bar my=way"
Test: TestProvisionerKeys/CRUD
```
e.g.
https://github.com/coder/coder/actions/runs/11100237276/job/30835714478?pr=14855
Since the tags are a map, we weren't outputting them in a consistent
order on the CLI, leading to flakes.
This sorts the tags by key when converting to a string, for a
consistent, canonical output.
Since its currently not possible to update or delete built-in roles. The
purpose of this PR is to display the built-in roles so that users know
they exist and what permissions each role contains.
<img width="1185" alt="Screenshot 2024-09-26 at 9 18 05 PM"
src="https://github.com/user-attachments/assets/017a51d7-ec98-409c-9c8e-b66ac7abb948">
What this changes:
- Unhides the `--key` flag on provisioner start
- Deprecates and hides `provisionerd` command group in favor of
`provisioner(s)`
- Removes org id from `coder provisioner keys list`
* chore: remove read all provisioners from users
Reading provisioner daemons now extends from org member,
not site wide member.
* update rbac perm test
* add unit test
* feat: begin impl of agent script timings
* feat: add job_id and display_name to script timings
* fix: increment migration number
* fix: rename migrations from 251 to 254
* test: get tests compiling
* fix: appease the linter
* fix: get tests passing again
* fix: drop column from correct table
* test: add fixture for agent script timings
* fix: typo
* fix: use job id used in provisioner job timings
* fix: increment migration number
* test: behaviour of script runner
* test: rewrite test
* test: does exit 1 script break things?
* test: rewrite test again
* fix: revert change
Not sure how this came to be, I do not recall manually changing
these files.
* fix: let code breathe
* fix: wrap errors
* fix: justify nolint
* fix: swap require.Equal argument order
* fix: add mutex operations
* feat: add 'ran_on_start' and 'blocked_login' fields
* fix: update testdata fixture
* fix: refer to agent_id instead of job_id in timings
* fix: JobID -> AgentID in dbauthz_test
* fix: add 'id' to scripts, make timing refer to script id
* fix: fix broken tests and convert bug
* fix: update testdata fixtures
* fix: update testdata fixtures again
* feat: capture stage and if script timed out
* fix: update migration number
* test: add test for script api
* fix: fake db query
* fix: use UTC time
* fix: ensure r.scriptComplete is not nil
* fix: move err check to right after call
* fix: uppercase sql
* fix: use dbtime.Now()
* fix: debug log on r.scriptCompleted being nil
* fix: ensure correct rbac permissions
* chore: remove DisplayName
* fix: get tests passing
* fix: remove space in sql up
* docs: document ExecuteOption
* fix: drop 'RETURNING' from sql
* chore: remove 'display_name' from timing table
* fix: testdata fixture
* fix: put r.scriptCompleted call in goroutine
* fix: track goroutine for test + use separate context for reporting
* fix: appease linter, handle trackCommandGoroutine error
* fix: resolve race condition
* feat: replace timed_out column with status column
* test: update testdata fixture
* fix: apply suggestions from review
* revert: linter changes
* chore: finish draft work for FeatureBadge component
* fix: add visually-hidden helper text for screen readers
* chore: add stories for highlighted state
* fix: update base styles
* chore: remove debug display option
* chore: update Popover to propagate events
* wip: commit progress on FeatureBadge update
* wip: commit more progress
* chore: update tag definitions to satify Biome
* chore: update all colors for preview role
* fix: make sure badge shows as hovered while inside tooltip
* wip: commit progress on adding story for controlled variant
* fix: sort imports
* refactor: change component API to be more obvious/ergonomic
* fix: add biome-ignore comments to more base files
* fix: update import order again
* chore: revert biome-ignore comment
* chore: update body text for tooltip
* chore: update dark preivew role to use sky palette
* chore: update color palettes for light/darkBlue themes
* chore: add beta badge to organizations subheader
* chore: add beta badge to organizations settings page
* chore: beef up font weight for form header
* fix: update text contrast for org menu list
* chore: add beta badge to deployment dropdown
* fix: run biome on imports
* chore: remove API for controlling FeatureBadge hover styling externally
* chore: add xs size for badge
* fix: update font weight for xs feature badges
* chore: add beta badges to all org headers
* fix: turn badges and tooltips into separate concerns
* fix: update hover styling
* docs: update wording on comment
* fix: apply formatting
* chore: rename FeatureBadge to FeatureStageBadge
* refactor: redefine FeatureStageBadge
* chore: update stories
* fix: add blur behavior to popover
* chore: revert theme colors
* chore: create featureStage branding namespace
* fix: make sure cleanup function is set up properly
* docs: update wording on comment for clarity
* refactor: move styles down
* feat: remove user from groups on org membership delete
Groups inherently provide authz access to certain resources. If a
user is removed from an organization, they should be removed
from all their groups in said organization.
* chore: add command for showing colors
* fix: use ANSI color codes instead of RGB
* feat: add '--no-color' flag
* fix: revert colors
* chore: change colors
* fix: update golden files
* fix: replace blue with brightBlue
* fix: drop '> ' for unfocused prompts
* fix: run 'make fmt'
* chore: allow disabling color with env flags
* fix: apply fixes from feedback
* fix: run 'make gen'
* fix: refactor janky code
* fix: re-add public function
* fix: re-add init for non-color tests
* fix: move styles to 'init' that can be
* fix: stop overwriting entire DefaultStyles
* fix: make code and field obey --no-color
* fix: rip out '--no-color' due to race condition
We still support `NO_COLOR` env variable through termenv's
`EnvColorProfile`. The reason for the race condition is that
`DefaultStyles` is a global that we shouldn't mutate after `init`
is called, but we have to mutate it after `init` has ran to have
serpent collect the cli flags and env vars for us.
* fix: apply nit
* fix: simplify code && hide command
* fix: newline shouldn't be themed
* fix: appease the linter
* chore: use legacy "AssignDefault" option for legacy behavior in SCIM (#14696)
* chore: reference legacy assign default option for legacy behavior
AssignDefault is a boolean flag mainly for single org and legacy
deployments. Use this flag to determine SCIM behavior.
---------
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* chore: move schedule controls to the right side of the screen
* chore: add org display to workspace topbar
* fix: force organizations to be readonly array
* fix update type mismatch for organizations again
* refactor: tuck main loading skeleton for filter into base definition
* refactor: give filter files different names to reduce confusion
* refactor: remove separate base filter skeleton
* fix: update responsive logic for audit table filter
* chore: add organizations option group to workspaces table
* refactor: make prop contracts more explicit
* refactor: centralize the organizations dropdown logic
* fix: update imports and formatting
* fix: update quota querying logic to use new endpoint
* fix: add logic for handling long workspace or org names
* chore: add links for workspaces by org
* chore: expand tooltip styling for org
* chore: expand tooltip styling for owner
* refactor: split off breadcrumbs for readability
* fix: display correct template version name in dropdown
* fix: update overflow styling for breadcrumb segments
* fix: favor org display name
* fix: centralize org display name logic
* fix: make sure skeletons stay synced with org feature toggles
* fix: ensure that mock query cache key and component key are properly synced for storybook
* docs: clean up wording on SearchField comment
* fix: shrink mix width threshold for search field
* chore: add navigation test for workspace details page (#14629)
* chore: add tests for WorkspacePage cross-page navigation
* fix: update story to use mock organizations menu
* chore: move schedule controls to the right side of the screen
* chore: add org display to workspace topbar
* fix: force organizations to be readonly array
* fix update type mismatch for organizations again
* fix: update quota querying logic to use new endpoint
* fix: add logic for handling long workspace or org names
* chore: add links for workspaces by org
* chore: expand tooltip styling for org
* chore: expand tooltip styling for owner
* refactor: split off breadcrumbs for readability
* fix: display correct template version name in dropdown
* fix: update overflow styling for breadcrumb segments
* fix: favor org display name
* fix: centralize org display name logic
* fix: ensure that mock query cache key and component key are properly synced for storybook
Fixes#12560
When gracefully disconnecting from the coordinator, we would send the Disconnect message and then close the dRPC stream. However, closing the dRPC stream can cause the server not to process the Disconnect message, since we use the stream context in a `select` while sending it to the coordinator.
This is a product bug uncovered by the flake, and probably results in us failing graceful disconnect some minority of the time.
Instead, the `remoteCoordination` (and `inMemoryCoordination` for consistency) should send the Disconnect message and then wait for the coordinator to hang up (on some graceful disconnect timer, in the form of a context).
* fix: only allow submitting form if dirty
* test: add test for submit button behaviour
* fix: apply 'make fmt'
* chore: rename 'Submit' to 'Submit and restart'
* test: fix tests
Drops support for v1 of the tailnet API, which was the original coordination protocol where we only sent node updates, never marked them lost or disconnected.
v2 of the tailnet API went GA for CLI clients in Coder 2.8.0, so clients older than that would stop working.
Removes the support for the Agent's "legacy IP" which was a hardcoded IP address all agents used to use, before we introduced "single tailnet". Single tailnet went GA in 2.7.0.
fixes#14365
I bet what's going on is that in `connectToCoordinatorAndFetchResumeToken()` we call `Coordinate()`, send a message on the `Coordinate` client and then close it in rapid succession. We don't wait around for a response from the coordinator, so dRPC is likely aborting the call `Coordinate()` in the backend because the stream is closed before it even gets a chance.
Instead of using the Coordinator to record the peer ID assigned on the API call, we can wrap the resume token provider, since we call that API _and_ wait for a response. This also affords the opportunity to directly assert we get called with the right token.
* feat: add groups column to members page in organizations
* fix: run 'make fmt'
* fix: stop displaying groups member is in for other organisations
* fix: run 'make fmt'
* fix: prefer organization display name for workspaces table
* fix: update story to account for organization name changes
* fix: resolve typo in regex search for test
* feat: initial commit for idp skeleton page
* feat: add optional tooltip icon to settings header
* feat: add help tooltip
* feat: add mock data and update pageview for mock data
* feat: initial stories
* feat: error circle
* feat: cleanup
* feat: update StatusIndicator for outlined variant
* feat: use StatusIndicator instead of Circle
* chore: cleanup
* fix: remove ternaries in css
* fix: updates for PR review comments
* chore: add story for compact empty state
* feat: extract IdpField and improve field spacing
Previously, we were showing the warning regardless of whether a template was using the misconfigured notification method or not. However, we realized this could be too noisy, so we decided to display the warning only when the user has a template configured to use the misconfigured method.
* chore: add organization label to workspace template column
* chore: add test for presence of showOrganizations context value
* fix: organize imports
* fix: expose table row subtitles only to screen readers
Abstracts the Spinner component to control the display of the CircularProgress component. This allows us to make it static during Chromatic tests, making loading tests easier to visualize.
* feat: add resource-action pills to custom roles table
* fix: remove permission from theme and change name to colorRoles
* fix: revert name from colorRoles to roles
* fix: format
* fix: custom role with no permissions
* feat: extract permissions pull list component and add tests
* chore: undo color roles name change
* feat: add experimental pill colors
* fix: format
* chore: update experiment name
* chore: cleanup
Updates the `DeleteOldWorkspaceAgentLogs` to:
- Retain logs for the most recent build regardless of age,
- Delete logs for agents that never connected and were created before
the cutoff for deleting logs while still retaining the logs most recent build.
* chore: implement filters for the organizations query
* chore: implement organization sync and create idpsync package
Organization sync can now be configured to assign users to an org based on oidc claims.
Related to #10576
This PR introduces quartz to coderd/database/dbpurge and updates the following unit tests to make use of Quartz's functionality:
- TestPurge
- TestDeleteOldWorkspaceAgentLogs
Additionally, updates DeleteOldWorkspaceAgentLogs to replace the hard-coded interval with a parameter passed into the query. This aids in testing and brings us a step towards allowing operators to configure the cutoff interval for workspace agent logs.
Fixes#13430.
The test for purging old workspace agent stats from the DB was consistently failing when ran with Postgres towards the end of the month, but not with the in-memory DB.
This was because month intervals are calculated differently for `time.Time` and the `interval` type in Postgres:
```
ethan=# SELECT
'2024-08-30'::DATE AS original_date,
('2024-08-30'::DATE - INTERVAL '6 months') AS sub_date;
original_date | sub_date
---------------+---------------------
2024-08-30 | 2024-02-29 00:00:00
(1 row)
```
Using `func (t Time) AddDate(years int, months int, days int) Time`, where `months` is `-6`:
```
Original: 2024-08-30 00:00:00 +0000 UTC
6 Months Earlier: 2024-03-01 00:00:00 +0000 UTC
```
Since 6 months was chosen arbitrarily, we should be able to change it to 180 days, to remove any ambiguity between the in-memory DB, and the Postgres DB. The alternative solution would involve implementing Postgres' month interval algorithm in Go.
The UI only shows stats as old as 168 days (24 weeks), so a frontend change isn't required for the extra days of stats we lose in some cases.
Before, if a file was not found we would serve the app.
This would cause either the login page or the workspace
page to load (and consequently error because `assets` is
likely not a valid user).
The issue is that if you add a user and then immediately go to give them
permissions, you can add them but they will not show up in the UI. They
also do not show up in the audit log entry.
* chore(docs): add agent api debug docs
* chore(docs): add sections to agent api readme
* chore(docs): link debug manifest to agentsdk.Manifest schema
* chore(docs): add high level overview of agent api debug docs
* chore(docs): link to agent api docs from reference
* chore(docs): fix invalid paths
* chore(docs): use env variable for coder agent debug address
First PR to address #14244.
Adds common potential reasons as to why a direct connection to the workspace agent couldn't be established to `coder ping`:
- If the Coder deployment administrator has blocked direction connections (`CODER_BLOCK_DIRECT`).
- If the client has no STUN servers within it's DERP map.
- If the client or agent appears to be behind a hard NAT, as per Tailscale `netInfo.MappingVariesByDestIP`
Also adds a warning if the client or agent has a network interface below the 'safe' MTU for tailnet. This warning is always displayed at the end of a `coder ping`.
This is accomplished by using the members endpoint instead of the users
endpoint, and to that end the UserAutocomplete component has been
reworked to support either endpoint as separate components with a shared
base.
* Add Storybook for groups page
This ensures it is using the right endpoint for the add member dropdown.
* Add ability to mock react-query errors
- Adds `--use-host-login` to `coder exp scaletest workspace-traffic`
- Modifies getScaletestWorkspaces to conditionally filter workspaces if `CODER_DISABLE_OWNER_WORKSPACE_ACCESS` is set
- Adds a warning if `CODER_DISABLE_OWNER_WORKSPACE_ACCESS` is set and scaletest workspaces are filtered out due to ownership mismatch.
- Modifies `coderdtest.New` to detect cross-test bleed of `CODER_DISABLE_OWNER_WORKSPACE_ACCESS` and fast-fail.
* chore: allow CreateUser to accept multiple organizations
In a multi-org deployment, it makes more sense to allow for multiple
org memberships to be assigned at create. The legacy param will still
be honored.
* Handle sdk deprecation better by maintaining cli functions
* chore: refactor entitlements to be passable as an argument
Previously, all usage of entitlements requires mutex usage on the
api struct directly. This prevents passing the entitlements to
a sub package. It also creates the possibility for misuse.
* chore: implement generalized symmetric difference for set comparison
Going to be used in Organization Sync + maybe group sync. Felt
better to reuse, rather than copy
This PR modifies the gcp-devcontainer example template to include
support for devcontainer caching using the envbuilder provider.
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
Co-authored-by: Muhammad Atif Ali <atif@coder.com>
We try to write a cute little summary at the end of the bundle, but that could panic if some of the fields of the bundle were nil. Adds a test that essentially ensures nil values in a bundle, and ensures that it can be handled without losing our towels.
Co-authored-by: Danny Kopping <danny@coder.com>
* chore: scope workspace quotas to organizations
Quotas are now a function of (user_id, organization_id). They are
still sourced from groups. Deprecate the old api endpoint.
Updates the envbuilder-dogfood template to use the envbuilder provider.
Relates to coder/team-coconut#38
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
Multi-org enables the possibility of a user having template permissions,
but not workspace create permissions. The unauthorized error should be
returned instead of a 404. This does not leak any information the user
cannot already obtain.
* chore: fixup quotas to only include groups you are a member of
Before all everyone groups were included in the allowance.
* chore: add unit test to execercise the bug
* add unit test to add rows into the everyone group
* fix: avoid deleting peers on graceful close
- Fixes an issue where a coordinator deletes all
its peers on shutdown. This can cause disconnects
whenever a coderd is redeployed.
* - allow group members to read basic Group info
- allow group members to see they are part of the group, but not see that information about other members
- add a GetGroupMembersCountByGroupID SQL query, which allows group members to see members count without revealing other information about the members
- add the group_members_expanded db view
- rewrite group member queries to use the group_members_expanded view
- add the RBAC ResourceGroupMember and add it to relevant roles
- rewrite GetGroupMembersByGroupID permission checks
- make the GroupMember type contain all user fields
- fix type issues coming from replacing User with GroupMember in group member queries
- add the MemberTotalCount field to codersdk.Group
- display `group.total_member_count` instead of `group.members.length` on the account page
* test: add unit test to verify group permission behavior
* Update coderd/database/dbauthz/groupsauth_test.go
---------
Co-authored-by: Cian Johnston <cian@coder.com>
This can happen if you can edit the members, for example, but not the
organization settings. In this case you will see a new summary page
instead of the edit form.
* chore: add fuzzy name search for templates
* chore: implement fuzzy name matching for templates
Templates search query defaults to a fuzzy name match
* fix: only check flag for organization settings
I added checks against the license but actually what we want is for
these views to become the default even when not licensed (once the
experimental flag is removed).
* Move deployment settings header to components
This will let us use it in the org settings pages, for a consistent
look.
* Add premium badge
* Use settings header on org pages
* Add license badges to create org page
I am not sure if there is maybe a better place for this, but maybe this
is good enough.
* Change create org form description text
It says "change", but there is nothing to change yet since this is a new
organization.
* Consistently capitalize org menu items and headings
Also, remove the "organizations" prefix since it seems redundant.
* chore: remove per-org audit links
For now at least, we will have the one audit page at /audit which lets
you filter by organization.
This also removes the need to do per-org audit permission checks.
* Filter audit org dropdown by auditable orgs
Previously all orgs you can list would appear, but you might not be
able to audit all of them.
* feat: initial commit custom roles
* feat: add page to create and edit custom roles
* feat: add assign org role permission
* feat: wip
* feat: cleanup
* fix: role name is disabled when editing the role
* fix: assign role context menu falls back to name when no display_name
* feat: add helper text to let users know that role name is immutable
* fix: format
* feat: - hide custom roles tab if experiment is not enabled
* fix: use custom TableLoader
* fix: fix custom roles text
* fix: use PatchRoleRequest
* fix: use addIcon to create roles
* feat: add cancel and save buttons to top of page
* fix: use nameValidator for name
* chore: cleanup
* feat: add show all permissions checkbox
* fix: update sidebar for roles
* fix: fix format
* fix: custom roles is not needed outside orgs
* fix: fix sidebar stories
* feat: add custom roles page stories
* fix: use organization permissions
* feat: add stories for CreateEditRolePageView
* fix: design improvements for the create edit role form
* feat: add show all resources checkbox to bottom of table
* feat: improve spacing
* fix: apply more specific selector labels to k8s example deployment template
* fix: use immutable ids instead of names for persistent resources in k8s example template as per docs
* chore: implement deleting custom roles
* add trigger to delete role from organization members on delete
* chore: add comments to explain populated field
The initial assumption that branch manipulations should be done by this
script and not pushed to remote manually has proven to get in the way of
the regular release flow.
These are just safety-checks to prevent user error, safe to remove.
Fixes#13648
* s/readAllUsers/viewAllUsers
Other frontend variables use the `view` syntax. Arguably we should
use `read` to match the backend, but `view` does seem more UI-like.
* Check license for organizations
All the checks now require both the experiment and license.
I also renamed the variable canViewOrganizations everywhere for
consistency.
* Allow any auditor to view the audit log
* Use fine-grained permissions on settings page
Since in addition to deployment settings this page now also includes
users, audit logs, groups, and orgs.
Since you might not be able to fetch deployment values, move all the
loaders to the individual pages instead of in the wrapping layout.
* Add stories for organization members page
Needed to break it out into a separate view to do this.
* Add stories for multi-org sidebar
* Remove multi-org check from management settings layout
We only use this layout when multi-org is enabled, so no need to run the
check a second time.
* Add more stories for deployment dropdown
* chore: prevent removing members from the default organization
Until multi-organizations is released outside an experiment, the
experiment should be backwards compatible.
* chore: audit log filter to be skipped if user is owner/admin
Optimize for speed in the case the user can read all audit_logs
* fixup! chore: audit log filter to be skipped if user is owner/admin
* chore: bump the x group with 4 updates
Bumps the x group with 4 updates: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/oauth2](https://github.com/golang/oauth2), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys).
Updates `golang.org/x/mod` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/mod/compare/v0.19.0...v0.20.0)
Updates `golang.org/x/oauth2` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0)
Updates `golang.org/x/sync` from 0.7.0 to 0.8.0
- [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0)
Updates `golang.org/x/sys` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.23.0)
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
- dependency-name: golang.org/x/sync
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
...
Signed-off-by: dependabot[bot] <support@github.com>
* [dependabot skip] Update Nix Flake SRI Hash
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-05 14:26:08 +03:00
2389 changed files with 201111 additions and 143392 deletions
if:(github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
@@ -111,6 +113,7 @@ We are always working on new integrations. Please feel free to open an issue and
- [**Module Registry**](https://registry.coder.com): Extend development environments with common use-cases
- [**Kubernetes Log Stream**](https://github.com/coder/coder-logstream-kube): Stream Kubernetes Pod events to the Coder startup logs
- [**Self-Hosted VS Code Extension Marketplace**](https://github.com/coder/code-marketplace): A private extension marketplace that works in restricted or airgapped networks integrating with [code-server](https://github.com/coder/code-server).
- [**Setup Coder**](https://github.com/marketplace/actions/setup-coder): An action to setup coder CLI in GitHub workflows.
assert.GreaterOrEqualf(t,expected[i].Value,m.GetGauge().GetValue(),"expected %s to be greater than or equal to %f, got %f",expected[i].Name,expected[i].Value,m.GetGauge().GetValue())
assert.GreaterOrEqualf(t,expected[i].Value,m.GetCounter().GetValue(),"expected %s to be greater than or equal to %f, got %f",expected[i].Name,expected[i].Value,m.GetCounter().GetValue())
Description:"An external command that outputs additional HTTP headers added to all requests. The command must output each header as `key=value` on its own line.",
},
{
Flag:"agent-header",
Env:"CODER_AGENT_HEADER",
Value:serpent.StringArrayOf(&agentHeader),
Description:"Additional HTTP headers added to all requests. Provide as "+`key=value`+". Can be specified multiple times.",
fmt.Sprintf("Client is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers\n %s#endpoint-dependent-nat-hard-nat",d.TroubleshootingURL))
fmt.Sprintf("Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers\n %s#endpoint-dependent-nat-hard-nat",d.TroubleshootingURL))
}
if!d.AgentNetcheck.NetInfo.UDP{
agent=append(agent,
fmt.Sprintf("Agent could not connect to STUN over UDP\n %s#udp-blocked",d.TroubleshootingURL))
}
}
ifd.ClientIPIsAWS{
client=append(client,
fmt.Sprintf("Client IP address is within an AWS range (AWS uses hard NAT)\n %s#endpoint-dependent-nat-hard-nat",d.TroubleshootingURL))
}
ifd.AgentIPIsAWS{
agent=append(agent,
fmt.Sprintf("Agent IP address is within an AWS range (AWS uses hard NAT)\n %s#endpoint-dependent-nat-hard-nat",d.TroubleshootingURL))
`Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers`,
},
},
{
name:"AgentInterfaceWarnings",
diags:cliui.ConnDiags{
ConnInfo:workspacesdk.AgentConnectionInfo{
DERPMap:&tailcfg.DERPMap{},
},
AgentNetcheck:&healthsdk.AgentNetcheckReport{
Interfaces:healthsdk.InterfacesReport{
BaseReport:healthsdk.BaseReport{
Warnings:[]health.Message{
health.Messagef(health.CodeInterfaceSmallMTU,"Network interface eth0 has MTU 1280, (less than 1378), which may degrade the quality of direct connections"),
},
},
},
},
},
want:[]string{
`Network interface eth0 has MTU 1280, (less than 1378), which may degrade the quality of direct connections`,
},
},
{
name:"LocalInterfaceWarnings",
diags:cliui.ConnDiags{
ConnInfo:workspacesdk.AgentConnectionInfo{
DERPMap:&tailcfg.DERPMap{},
},
LocalInterfaces:&healthsdk.InterfacesReport{
BaseReport:healthsdk.BaseReport{
Warnings:[]health.Message{
health.Messagef(health.CodeInterfaceSmallMTU,"Network interface eth1 has MTU 1310, (less than 1378), which may degrade the quality of direct connections"),
},
},
},
},
want:[]string{
`Network interface eth1 has MTU 1310, (less than 1378), which may degrade the quality of direct connections`,
},
},
{
name:"ClientAWSIP",
diags:cliui.ConnDiags{
ConnInfo:workspacesdk.AgentConnectionInfo{
DERPMap:&tailcfg.DERPMap{},
},
ClientIPIsAWS:true,
AgentIPIsAWS:false,
},
want:[]string{
`Client IP address is within an AWS range (AWS uses hard NAT)`,
},
},
{
name:"AgentAWSIP",
diags:cliui.ConnDiags{
ConnInfo:workspacesdk.AgentConnectionInfo{
DERPMap:&tailcfg.DERPMap{},
},
ClientIPIsAWS:false,
AgentIPIsAWS:true,
},
want:[]string{
`Agent IP address is within an AWS range (AWS uses hard NAT)`,
cliui.Warnf(inv.Stdout,"CODER_DISABLE_OWNER_WORKSPACE_ACCESS is set on the deployment.\n\t%d workspace(s) were skipped due to ownership mismatch.\n\tSet --use-host-login to only target workspaces you own.",numSkipped)
"Belarus","Belgium","Belize","Benin","Bermuda","Bhutan","Bolivia, Plurinational State of","Bonaire, Sint Eustatius and Saba","Bosnia and Herzegovina","Botswana",
"Bouvet Island","Brazil","British Indian Ocean Territory","Brunei Darussalam","Bulgaria","Burkina Faso","Burundi","Cambodia","Cameroon","Canada",
"Guatemala","Guernsey","Guinea","Guinea-Bissau","Guyana","Haiti","Heard Island and McDonald Islands","Holy See (Vatican City State)","Honduras","Hong Kong",
"Hungary","Iceland","India","Indonesia","Iran, Islamic Republic of","Iraq","Ireland","Isle of Man","Israel","Italy",
"Niger","Nigeria","Niue","Norfolk Island","Northern Mariana Islands","Norway","Oman","Pakistan","Palau","Palestine, State of",
"Panama","Papua New Guinea","Paraguay","Peru","Philippines","Pitcairn","Poland","Portugal","Puerto Rico","Qatar",
"Réunion","Romania","Russian Federation","Rwanda","Saint Barthélemy","Saint Helena, Ascension and Tristan da Cunha","Saint Kitts and Nevis","Saint Lucia","Saint Martin (French part)","Saint Pierre and Miquelon",
"Saint Vincent and the Grenadines","Samoa","San Marino","Sao Tome and Principe","Saudi Arabia","Senegal","Serbia","Seychelles","Sierra Leone","Singapore",
"Sint Maarten (Dutch part)","Slovakia","Slovenia","Solomon Islands","Somalia","South Africa","South Georgia and the South Sandwich Islands","South Sudan","Spain","Sri Lanka",
"Sudan","Suriname","Svalbard and Jan Mayen","Swaziland","Sweden","Switzerland","Syrian Arab Republic","Taiwan, Province of China","Tajikistan","Tanzania, United Republic of",
"Thailand","Timor-Leste","Togo","Tokelau","Tonga","Trinidad and Tobago","Tunisia","Turkey","Turkmenistan","Turks and Caicos Islands",
"Tuvalu","Uganda","Ukraine","United Arab Emirates","United Kingdom","United States","United States Minor Outlying Islands","Uruguay","Uzbekistan","Vanuatu",
Description:"Prompt to set values of ephemeral parameters defined in the template. If a value has been set via --ephemeral-parameter, it will not be prompted for.",
Description:"Specify a file path with values for rich parameters defined in the template.",
Description:"Specify a file path with values for rich parameters defined in the template. The file should be in YAML format, containing key-value pairs for the parameters.",
_,_=fmt.Fprintf(inv.Stderr,"✔ You are connected directly (p2p)\n")
}else{
_,_=fmt.Fprintf(inv.Stderr,"❗ You are connected via a DERP relay, not directly (p2p)\n%s#common-problems-with-direct-connections\n",connDiags.TroubleshootingURL)
pty.ExpectMatch("✔ received remote agent data from Coder networking coordinator")
cancel()
<-cmdDone
})
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Stephen Kirby
