chore: format Go more aggressively

2025-07-06 15:41:45 +00:00 · 2023-02-18 18:32:09 -06:00
parent 19ae411f05
commit f05609b4da
97 changed files with 411 additions and 413 deletions
--- a/coderd/apikey.go
+++ b/coderd/apikey.go
@ -142,9 +142,7 @@ func (api *API) postAPIKey(rw http.ResponseWriter, r *http.Request) {
 // @Success 200 {object} codersdk.APIKey
 // @Router /users/{user}/keys/{keyid} [get]
 func (api *API) apiKey(rw http.ResponseWriter, r *http.Request) {
-	var (
-		ctx = r.Context()
-	)
+	ctx := r.Context()

 	keyID := chi.URLParam(r, "keyid")
 	key, err := api.Database.GetAPIKeyByID(ctx, keyID)
@ -177,9 +175,7 @@ func (api *API) apiKey(rw http.ResponseWriter, r *http.Request) {
 // @Success 200 {array} codersdk.APIKey
 // @Router /users/{user}/keys/tokens [get]
 func (api *API) tokens(rw http.ResponseWriter, r *http.Request) {
-	var (
-		ctx = r.Context()
-	)
+	ctx := r.Context()

 	keys, err := api.Database.GetAPIKeysByLoginType(ctx, database.LoginTypeToken)
 	if err != nil {
--- a/coderd/audit/request.go
+++ b/coderd/audit/request.go
@ -158,7 +158,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			}
 		}

-		var diffRaw = []byte("{}")
+		diffRaw := []byte("{}")
 		// Only generate diffs if the request succeeded.
 		if sw.Status < 400 {
 			diff := Diff(p.Audit, req.Old, req.New)
--- a/coderd/autobuild/executor/lifecycle_executor_test.go
+++ b/coderd/autobuild/executor/lifecycle_executor_test.go
@ -628,7 +628,8 @@ func mustProvisionWorkspaceWithParameters(t *testing.T, client *codersdk.Client,
 						Parameters: richParameters,
 					},
 				},
-			}},
+			},
+		},
 		ProvisionApply: []*proto.Provision_Response{
 			{
 				Type: &proto.Provision_Response_Complete{
--- a/coderd/autobuild/schedule/schedule.go
+++ b/coderd/autobuild/schedule/schedule.go
@ -111,8 +111,10 @@ func (s Schedule) Next(t time.Time) time.Time {
 	return s.sched.Next(t)
 }

-var t0 = time.Date(1970, 1, 1, 1, 1, 1, 0, time.UTC)
-var tMax = t0.Add(168 * time.Hour)
+var (
+	t0   = time.Date(1970, 1, 1, 1, 1, 1, 0, time.UTC)
+	tMax = t0.Add(168 * time.Hour)
+)

 // Min returns the minimum duration of the schedule.
 // This is calculated as follows:
--- a/coderd/awsidentity/awsidentity.go
+++ b/coderd/awsidentity/awsidentity.go
@ -25,9 +25,7 @@ const (
 	GovCloud Region = "govcloud"
 )

-var (
-	All = []Region{Other, HongKong, Bahrain, CapeTown, Milan, China, GovCloud}
-)
+var All = []Region{Other, HongKong, Bahrain, CapeTown, Milan, China, GovCloud}

 // Certificates hold public keys for various AWS regions. See:
 type Certificates map[Region]string
--- a/coderd/coderd_test.go
+++ b/coderd/coderd_test.go
@ -115,6 +115,7 @@ func TestDERPLatencyCheck(t *testing.T) {
 	defer res.Body.Close()
 	require.Equal(t, http.StatusOK, res.StatusCode)
 }
+
 func TestHealthz(t *testing.T) {
 	t.Parallel()
 	client := coderdtest.New(t, nil)
--- a/coderd/coderdtest/authorize.go
+++ b/coderd/coderdtest/authorize.go
@ -693,6 +693,7 @@ func (s *PreparedRecorder) Authorize(ctx context.Context, object rbac.Object) er
 	}
 	return s.prepped.Authorize(ctx, object)
 }
+
 func (s *PreparedRecorder) CompileToSQL(ctx context.Context, cfg regosql.ConvertConfig) (string, error) {
 	s.rw.Lock()
 	defer s.rw.Unlock()
--- a/coderd/database/dbauthz/dbauthz.go
+++ b/coderd/database/dbauthz/dbauthz.go
@ -17,11 +17,9 @@ import (

 var _ database.Store = (*querier)(nil)

-var (
-	// NoActorError wraps ErrNoRows for the api to return a 404. This is the correct
-	// response when the user is not authorized.
-	NoActorError = xerrors.Errorf("no authorization actor in context: %w", sql.ErrNoRows)
-)
+// NoActorError wraps ErrNoRows for the api to return a 404. This is the correct
+// response when the user is not authorized.
+var NoActorError = xerrors.Errorf("no authorization actor in context: %w", sql.ErrNoRows)

 // NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows.
 // This allows the internal error to be read by the caller if needed. Otherwise
--- a/coderd/database/dbauthz/querier_test.go
+++ b/coderd/database/dbauthz/querier_test.go
@ -439,11 +439,13 @@ func (s *MethodTestSuite) TestParameters() {
 	s.Run("TemplateVersionTemplate/InsertParameterValue", s.Subtest(func(db database.Store, check *expects) {
 		j := dbgen.ProvisionerJob(s.T(), db, database.ProvisionerJob{})
 		tpl := dbgen.Template(s.T(), db, database.Template{})
-		v := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{JobID: j.ID,
+		v := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
+			JobID: j.ID,
 			TemplateID: uuid.NullUUID{
 				UUID:  tpl.ID,
 				Valid: true,
-			}},
+			},
+		},
 		)
 		check.Args(database.InsertParameterValueParams{
 			ScopeID:           j.ID,
@ -528,12 +530,14 @@ func (s *MethodTestSuite) TestTemplate() {
 			ID:             tvid,
 			Name:           t1.Name,
 			OrganizationID: o1.ID,
-			TemplateID:     uuid.NullUUID{UUID: t1.ID, Valid: true}})
+			TemplateID:     uuid.NullUUID{UUID: t1.ID, Valid: true},
+		})
 		b := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
 			CreatedAt:      now.Add(-2 * time.Hour),
 			Name:           t1.Name,
 			OrganizationID: o1.ID,
-			TemplateID:     uuid.NullUUID{UUID: t1.ID, Valid: true}})
+			TemplateID:     uuid.NullUUID{UUID: t1.ID, Valid: true},
+		})
 		check.Args(database.GetPreviousTemplateVersionParams{
 			Name:           t1.Name,
 			OrganizationID: o1.ID,
--- a/coderd/database/dbauthz/setup_test.go
+++ b/coderd/database/dbauthz/setup_test.go
@ -25,12 +25,10 @@ import (
 	"github.com/coder/coder/coderd/util/slice"
 )

-var (
-	skipMethods = map[string]string{
-		"InTx": "Not relevant",
-		"Ping": "Not relevant",
-	}
-)
+var skipMethods = map[string]string{
+	"InTx": "Not relevant",
+	"Ping": "Not relevant",
+}

 // TestMethodTestSuite runs MethodTestSuite.
 // In order for 'go test' to run this suite, we need to create
--- a/coderd/database/dbauthz/system.go
+++ b/coderd/database/dbauthz/system.go
@ -154,6 +154,7 @@ func (q *querier) DeleteOldAgentStats(ctx context.Context) error {
 func (q *querier) GetParameterSchemasCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.ParameterSchema, error) {
 	return q.db.GetParameterSchemasCreatedAfter(ctx, createdAt)
 }
+
 func (q *querier) GetProvisionerJobsCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.ProvisionerJob, error) {
 	return q.db.GetProvisionerJobsCreatedAfter(ctx, createdAt)
 }
--- a/coderd/devtunnel/tunnel.go
+++ b/coderd/devtunnel/tunnel.go
@ -219,7 +219,7 @@ func cfgPath() (string, error) {
 	}

 	cfgDir = filepath.Join(cfgDir, "coderv2")
-	err = os.MkdirAll(cfgDir, 0750)
+	err = os.MkdirAll(cfgDir, 0o750)
 	if err != nil {
 		return "", xerrors.Errorf("mkdirall config dir %q: %w", cfgDir, err)
 	}
@ -327,7 +327,7 @@ func writeConfig(cfg Config) error {
 		return xerrors.Errorf("marshal config: %w", err)
 	}

-	err = os.WriteFile(cfgFi, raw, 0600)
+	err = os.WriteFile(cfgFi, raw, 0o600)
 	if err != nil {
 		return xerrors.Errorf("write file: %w", err)
 	}
--- a/coderd/gitauth/vscode.go
+++ b/coderd/gitauth/vscode.go
@ -51,7 +51,7 @@ func OverrideVSCodeConfigs(fs afero.Fs) error {
 				return xerrors.Errorf("mkdir all: %w", err)
 			}

-			err = afero.WriteFile(fs, configPath, data, 0600)
+			err = afero.WriteFile(fs, configPath, data, 0o600)
 			if err != nil {
 				return xerrors.Errorf("write %q: %w", configPath, err)
 			}
@ -72,7 +72,7 @@ func OverrideVSCodeConfigs(fs afero.Fs) error {
 		if err != nil {
 			return xerrors.Errorf("marshal %q: %w", configPath, err)
 		}
-		err = afero.WriteFile(fs, configPath, data, 0600)
+		err = afero.WriteFile(fs, configPath, data, 0o600)
 		if err != nil {
 			return xerrors.Errorf("write %q: %w", configPath, err)
 		}
--- a/coderd/gitauth/vscode_test.go
+++ b/coderd/gitauth/vscode_test.go
@ -45,7 +45,7 @@ func TestOverrideVSCodeConfigs(t *testing.T) {
 		data, err := json.Marshal(mapping)
 		require.NoError(t, err)
 		for _, configPath := range configPaths {
-			err = afero.WriteFile(fs, configPath, data, 0600)
+			err = afero.WriteFile(fs, configPath, data, 0o600)
 			require.NoError(t, err)
 		}
 		err = gitauth.OverrideVSCodeConfigs(fs)
--- a/coderd/httpapi/json.go
+++ b/coderd/httpapi/json.go
@ -16,8 +16,10 @@ import (
 // string or an integer.
 type Duration time.Duration

-var _ json.Marshaler = Duration(0)
-var _ json.Unmarshaler = (*Duration)(nil)
+var (
+	_ json.Marshaler   = Duration(0)
+	_ json.Unmarshaler = (*Duration)(nil)
+)

 // MarshalJSON implements json.Marshaler.
 func (d Duration) MarshalJSON() ([]byte, error) {
--- a/coderd/httpmw/oauth2_test.go
+++ b/coderd/httpmw/oauth2_test.go
@ -15,8 +15,7 @@ import (
 	"github.com/coder/coder/codersdk"
 )

-type testOAuth2Provider struct {
-}
+type testOAuth2Provider struct{}

 func (*testOAuth2Provider) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string {
 	return "?state=" + url.QueryEscape(state)
--- a/coderd/httpmw/organizationparam.go
+++ b/coderd/httpmw/organizationparam.go
@ -11,8 +11,10 @@ import (
 	"github.com/coder/coder/codersdk"
 )

-type organizationParamContextKey struct{}
-type organizationMemberParamContextKey struct{}
+type (
+	organizationParamContextKey       struct{}
+	organizationMemberParamContextKey struct{}
+)

 // OrganizationParam returns the organization from the ExtractOrganizationParam handler.
 func OrganizationParam(r *http.Request) database.Organization {
--- a/coderd/httpmw/organizationparam_test.go
+++ b/coderd/httpmw/organizationparam_test.go
@ -21,9 +21,7 @@ func TestOrganizationParam(t *testing.T) {
 	t.Parallel()

 	setupAuthentication := func(db database.Store) (*http.Request, database.User) {
-		var (
-			r = httptest.NewRequest("GET", "/", nil)
-		)
+		r := httptest.NewRequest("GET", "/", nil)

 		user := dbgen.User(t, db, database.User{
 			ID: uuid.New(),
--- a/coderd/insights_test.go
+++ b/coderd/insights_test.go
@ -97,7 +97,6 @@ func TestDeploymentInsights(t *testing.T) {
 	wantDAUs := &codersdk.DeploymentDAUsResponse{
 		Entries: []codersdk.DAUEntry{
 			{
-
 				Date:   time.Now().UTC().Truncate(time.Hour * 24),
 				Amount: 1,
 			},
--- a/coderd/metricscache/metricscache.go
+++ b/coderd/metricscache/metricscache.go
@ -187,7 +187,6 @@ func (c *Cache) refresh(ctx context.Context) error {
 				Valid: true,
 			},
 		})
-
 		if err != nil {
 			return err
 		}
--- a/coderd/provisionerdserver/provisionerdserver.go
+++ b/coderd/provisionerdserver/provisionerdserver.go
@ -474,7 +474,7 @@ func (server *Server) UpdateJob(ctx context.Context, request *proto.UpdateJobReq
 		for _, templateVariable := range request.TemplateVariables {
 			server.Logger.Debug(ctx, "insert template variable", slog.F("template_version_id", templateVersion.ID), slog.F("template_variable", redactTemplateVariable(templateVariable)))

-			var value = templateVariable.DefaultValue
+			value := templateVariable.DefaultValue
 			for _, v := range request.UserVariableValues {
 				if v.Name == templateVariable.Name {
 					value = v.Value
@ -1379,7 +1379,7 @@ func ProvisionerJobLogsNotifyChannel(jobID uuid.UUID) string {
 func asVariableValues(templateVariables []database.TemplateVersionVariable) []*sdkproto.VariableValue {
 	var apiVariableValues []*sdkproto.VariableValue
 	for _, v := range templateVariables {
-		var value = v.Value
+		value := v.Value
 		if value == "" && v.DefaultValue != "" {
 			value = v.DefaultValue
 		}
--- a/coderd/rbac/authz_test.go
+++ b/coderd/rbac/authz_test.go
@ -118,7 +118,7 @@ func BenchmarkRBACAuthorize(b *testing.B) {
 			b.ResetTimer()
 			for i := 0; i < b.N; i++ {
 				allowed := authorizer.Authorize(context.Background(), c.Actor, rbac.ActionRead, objects[b.N%len(objects)])
-				var _ = allowed
+				_ = allowed
 			}
 		})
 	}
@ -170,7 +170,7 @@ func BenchmarkRBACAuthorizeGroups(b *testing.B) {
 			b.ResetTimer()
 			for i := 0; i < b.N; i++ {
 				allowed := authorizer.Authorize(context.Background(), c.Actor, neverMatchAction, objects[b.N%len(objects)])
-				var _ = allowed
+				_ = allowed
 			}
 		})
 	}
@ -206,7 +206,7 @@ func BenchmarkRBACFilter(b *testing.B) {
 			b.ResetTimer()
 			allowed, err := rbac.Filter(context.Background(), authorizer, c.Actor, rbac.ActionRead, objects)
 			require.NoError(b, err)
-			var _ = allowed
+			_ = allowed
 		})
 	}
 }
--- a/coderd/rbac/builtin.go
+++ b/coderd/rbac/builtin.go
@ -62,188 +62,185 @@ func RoleOrgMember(organizationID uuid.UUID) string {
 	return roleName(orgMember, organizationID.String())
 }

-var (
-	// builtInRoles are just a hard coded set for now. Ideally we store these in
-	// the database. Right now they are functions because the org id should scope
-	// certain roles. When we store them in the database, each organization should
-	// create the roles that are assignable in the org. This isn't a hard problem to solve,
-	// it's just easier as a function right now.
-	//
-	// This map will be replaced by database storage defined by this ticket.
-	// https://github.com/coder/coder/issues/1194
-	builtInRoles = map[string]func(orgID string) Role{
-		// admin grants all actions to all resources.
-		owner: func(_ string) Role {
-			return Role{
-				Name:        owner,
-				DisplayName: "Owner",
-				Site: Permissions(map[string][]Action{
-					ResourceWildcard.Type: {WildcardSymbol},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+// builtInRoles are just a hard coded set for now. Ideally we store these in
+// the database. Right now they are functions because the org id should scope
+// certain roles. When we store them in the database, each organization should
+// create the roles that are assignable in the org. This isn't a hard problem to solve,
+// it's just easier as a function right now.
+//
+// This map will be replaced by database storage defined by this ticket.
+// https://github.com/coder/coder/issues/1194
+var builtInRoles = map[string]func(orgID string) Role{
+	// admin grants all actions to all resources.
+	owner: func(_ string) Role {
+		return Role{
+			Name:        owner,
+			DisplayName: "Owner",
+			Site: Permissions(map[string][]Action{
+				ResourceWildcard.Type: {WildcardSymbol},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		// member grants all actions to all resources owned by the user
-		member: func(_ string) Role {
-			return Role{
-				Name:        member,
-				DisplayName: "",
-				Site: Permissions(map[string][]Action{
-					// All users can read all other users and know they exist.
-					ResourceUser.Type:           {ActionRead},
-					ResourceRoleAssignment.Type: {ActionRead},
-					// All users can see the provisioner daemons.
-					ResourceProvisionerDaemon.Type: {ActionRead},
-				}),
-				Org: map[string][]Permission{},
-				User: Permissions(map[string][]Action{
-					ResourceWildcard.Type: {WildcardSymbol},
-				}),
-			}
-		},
+	// member grants all actions to all resources owned by the user
+	member: func(_ string) Role {
+		return Role{
+			Name:        member,
+			DisplayName: "",
+			Site: Permissions(map[string][]Action{
+				// All users can read all other users and know they exist.
+				ResourceUser.Type:           {ActionRead},
+				ResourceRoleAssignment.Type: {ActionRead},
+				// All users can see the provisioner daemons.
+				ResourceProvisionerDaemon.Type: {ActionRead},
+			}),
+			Org: map[string][]Permission{},
+			User: Permissions(map[string][]Action{
+				ResourceWildcard.Type: {WildcardSymbol},
+			}),
+		}
+	},

-		// auditor provides all permissions required to effectively read and understand
-		// audit log events.
-		// TODO: Finish the auditor as we add resources.
-		auditor: func(_ string) Role {
-			return Role{
-				Name:        auditor,
-				DisplayName: "Auditor",
-				Site: Permissions(map[string][]Action{
-					// Should be able to read all template details, even in orgs they
-					// are not in.
-					ResourceTemplate.Type: {ActionRead},
-					ResourceAuditLog.Type: {ActionRead},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+	// auditor provides all permissions required to effectively read and understand
+	// audit log events.
+	// TODO: Finish the auditor as we add resources.
+	auditor: func(_ string) Role {
+		return Role{
+			Name:        auditor,
+			DisplayName: "Auditor",
+			Site: Permissions(map[string][]Action{
+				// Should be able to read all template details, even in orgs they
+				// are not in.
+				ResourceTemplate.Type: {ActionRead},
+				ResourceAuditLog.Type: {ActionRead},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		templateAdmin: func(_ string) Role {
-			return Role{
-				Name:        templateAdmin,
-				DisplayName: "Template Admin",
-				Site: Permissions(map[string][]Action{
-					ResourceTemplate.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					// CRUD all files, even those they did not upload.
-					ResourceFile.Type:      {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceWorkspace.Type: {ActionRead},
-					// CRUD to provisioner daemons for now.
-					ResourceProvisionerDaemon.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					// Needs to read all organizations since
-					ResourceOrganization.Type: {ActionRead},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+	templateAdmin: func(_ string) Role {
+		return Role{
+			Name:        templateAdmin,
+			DisplayName: "Template Admin",
+			Site: Permissions(map[string][]Action{
+				ResourceTemplate.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				// CRUD all files, even those they did not upload.
+				ResourceFile.Type:      {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				ResourceWorkspace.Type: {ActionRead},
+				// CRUD to provisioner daemons for now.
+				ResourceProvisionerDaemon.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				// Needs to read all organizations since
+				ResourceOrganization.Type: {ActionRead},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		userAdmin: func(_ string) Role {
-			return Role{
-				Name:        userAdmin,
-				DisplayName: "User Admin",
-				Site: Permissions(map[string][]Action{
-					ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceUser.Type:           {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					// Full perms to manage org members
-					ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceGroup.Type:              {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+	userAdmin: func(_ string) Role {
+		return Role{
+			Name:        userAdmin,
+			DisplayName: "User Admin",
+			Site: Permissions(map[string][]Action{
+				ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				ResourceUser.Type:           {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				// Full perms to manage org members
+				ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				ResourceGroup.Type:              {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		// orgAdmin returns a role with all actions allows in a given
-		// organization scope.
-		orgAdmin: func(organizationID string) Role {
-			return Role{
-				Name:        roleName(orgAdmin, organizationID),
-				DisplayName: "Organization Admin",
-				Site:        []Permission{},
-				Org: map[string][]Permission{
-					organizationID: {
-						{
-							Negate:       false,
-							ResourceType: "*",
-							Action:       "*",
-						},
+	// orgAdmin returns a role with all actions allows in a given
+	// organization scope.
+	orgAdmin: func(organizationID string) Role {
+		return Role{
+			Name:        roleName(orgAdmin, organizationID),
+			DisplayName: "Organization Admin",
+			Site:        []Permission{},
+			Org: map[string][]Permission{
+				organizationID: {
+					{
+						Negate:       false,
+						ResourceType: "*",
+						Action:       "*",
 					},
 				},
-				User: []Permission{},
-			}
-		},
+			},
+			User: []Permission{},
+		}
+	},

-		// orgMember has an empty set of permissions, this just implies their membership
-		// in an organization.
-		orgMember: func(organizationID string) Role {
-			return Role{
-				Name:        roleName(orgMember, organizationID),
-				DisplayName: "",
-				Site:        []Permission{},
-				Org: map[string][]Permission{
-					organizationID: {
-						{
-							// All org members can read the other members in their org.
-							ResourceType: ResourceOrganizationMember.Type,
-							Action:       ActionRead,
-						},
-						{
-							// All org members can read the organization
-							ResourceType: ResourceOrganization.Type,
-							Action:       ActionRead,
-						},
-						{
-							// Can read available roles.
-							ResourceType: ResourceOrgRoleAssignment.Type,
-							Action:       ActionRead,
-						},
-						{
-							ResourceType: ResourceGroup.Type,
-							Action:       ActionRead,
-						},
+	// orgMember has an empty set of permissions, this just implies their membership
+	// in an organization.
+	orgMember: func(organizationID string) Role {
+		return Role{
+			Name:        roleName(orgMember, organizationID),
+			DisplayName: "",
+			Site:        []Permission{},
+			Org: map[string][]Permission{
+				organizationID: {
+					{
+						// All org members can read the other members in their org.
+						ResourceType: ResourceOrganizationMember.Type,
+						Action:       ActionRead,
+					},
+					{
+						// All org members can read the organization
+						ResourceType: ResourceOrganization.Type,
+						Action:       ActionRead,
+					},
+					{
+						// Can read available roles.
+						ResourceType: ResourceOrgRoleAssignment.Type,
+						Action:       ActionRead,
+					},
+					{
+						ResourceType: ResourceGroup.Type,
+						Action:       ActionRead,
 					},
 				},
-				User: []Permission{},
-			}
-		},
-	}
-)
+			},
+			User: []Permission{},
+		}
+	},
+}

-var (
-	// assignRoles is a map of roles that can be assigned if a user has a given
-	// role.
-	// The first key is the actor role, the second is the roles they can assign.
-	//	map[actor_role][assign_role]<can_assign>
-	assignRoles = map[string]map[string]bool{
-		"system": {
-			owner:     true,
-			member:    true,
-			orgAdmin:  true,
-			orgMember: true,
-		},
-		owner: {
-			owner:         true,
-			auditor:       true,
-			member:        true,
-			orgAdmin:      true,
-			orgMember:     true,
-			templateAdmin: true,
-			userAdmin:     true,
-		},
-		userAdmin: {
-			member:    true,
-			orgMember: true,
-		},
-		orgAdmin: {
-			orgAdmin:  true,
-			orgMember: true,
-		},
-	}
-)
+// assignRoles is a map of roles that can be assigned if a user has a given
+// role.
+// The first key is the actor role, the second is the roles they can assign.
+//
+//	map[actor_role][assign_role]<can_assign>
+var assignRoles = map[string]map[string]bool{
+	"system": {
+		owner:     true,
+		member:    true,
+		orgAdmin:  true,
+		orgMember: true,
+	},
+	owner: {
+		owner:         true,
+		auditor:       true,
+		member:        true,
+		orgAdmin:      true,
+		orgMember:     true,
+		templateAdmin: true,
+		userAdmin:     true,
+	},
+	userAdmin: {
+		member:    true,
+		orgMember: true,
+	},
+	orgAdmin: {
+		orgAdmin:  true,
+		orgMember: true,
+	},
+}

 // CanAssignRole is a helper function that returns true if the user can assign
 // the specified role. This also can be used for removing a role.
--- a/coderd/rbac/partial.go
+++ b/coderd/rbac/partial.go
@ -141,7 +141,6 @@ func (a RegoAuthorizer) newPartialAuthorizer(ctx context.Context, subject Subjec
 	}

 	partialQueries, err := a.partialQuery.Partial(ctx, rego.EvalParsedInput(input))
-
 	if err != nil {
 		return nil, xerrors.Errorf("prepare: %w", err)
 	}
--- a/coderd/rbac/regosql/acl_group_var.go
+++ b/coderd/rbac/regosql/acl_group_var.go
@ -10,8 +10,10 @@ import (
 	"github.com/coder/coder/coderd/rbac/regosql/sqltypes"
 )

-var _ sqltypes.VariableMatcher = ACLGroupVar{}
-var _ sqltypes.Node = ACLGroupVar{}
+var (
+	_ sqltypes.VariableMatcher = ACLGroupVar{}
+	_ sqltypes.Node            = ACLGroupVar{}
+)

 // ACLGroupVar is a variable matcher that handles group_acl and user_acl.
 // The sql type is a jsonb object with the following structure:
--- a/coderd/rbac/regosql/sqltypes/always_false.go
+++ b/coderd/rbac/regosql/sqltypes/always_false.go
@ -4,8 +4,10 @@ import (
 	"github.com/open-policy-agent/opa/ast"
 )

-var _ Node = alwaysFalse{}
-var _ VariableMatcher = alwaysFalse{}
+var (
+	_ Node            = alwaysFalse{}
+	_ VariableMatcher = alwaysFalse{}
+)

 type alwaysFalse struct {
 	Matcher VariableMatcher
@ -30,6 +32,7 @@ func AlwaysFalseNode(n Node) Node {

 // UseAs uses a type no one supports to always override with false.
 func (alwaysFalse) UseAs() Node { return alwaysFalse{} }
+
 func (f alwaysFalse) ConvertVariable(rego ast.Ref) (Node, bool) {
 	if f.Matcher != nil {
 		n, ok := f.Matcher.ConvertVariable(rego)
--- a/coderd/rbac/regosql/sqltypes/equality.go
+++ b/coderd/rbac/regosql/sqltypes/equality.go
@ -15,9 +15,11 @@ type SupportsEquality interface {
 	EqualsSQLString(cfg *SQLGenerator, not bool, other Node) (string, error)
 }

-var _ BooleanNode = equality{}
-var _ Node = equality{}
-var _ SupportsEquality = equality{}
+var (
+	_ BooleanNode      = equality{}
+	_ Node             = equality{}
+	_ SupportsEquality = equality{}
+)

 type equality struct {
 	Left  Node
--- a/coderd/rbac/regosql/sqltypes/member.go
+++ b/coderd/rbac/regosql/sqltypes/member.go
@ -16,9 +16,11 @@ type SupportsContainedIn interface {
 	ContainedInSQL(cfg *SQLGenerator, other Node) (string, error)
 }

-var _ BooleanNode = memberOf{}
-var _ Node = memberOf{}
-var _ SupportsEquality = memberOf{}
+var (
+	_ BooleanNode      = memberOf{}
+	_ Node             = memberOf{}
+	_ SupportsEquality = memberOf{}
+)

 type memberOf struct {
 	Needle   Node
--- a/coderd/rbac/regosql/sqltypes/variable.go
+++ b/coderd/rbac/regosql/sqltypes/variable.go
@ -68,8 +68,10 @@ func RegoVarPath(path []string, terms []*ast.Term) ([]*ast.Term, error) {
 	return terms[len(path):], nil
 }

-var _ VariableMatcher = astStringVar{}
-var _ Node = astStringVar{}
+var (
+	_ VariableMatcher = astStringVar{}
+	_ Node            = astStringVar{}
+)

 // astStringVar is any variable that represents a string.
 type astStringVar struct {
--- a/coderd/templates_test.go
+++ b/coderd/templates_test.go
@ -551,7 +551,6 @@ func TestTemplateMetrics(t *testing.T) {
 	wantDAUs := &codersdk.TemplateDAUsResponse{
 		Entries: []codersdk.DAUEntry{
 			{
-
 				Date:   time.Now().UTC().Truncate(time.Hour * 24),
 				Amount: 1,
 			},
--- a/coderd/templateversions.go
+++ b/coderd/templateversions.go
@ -948,7 +948,6 @@ func (api *API) previousTemplateVersionByOrganizationTemplateAndName(rw http.Res
 		Name:           templateVersionName,
 		TemplateID:     templateVersion.TemplateID,
 	})
-
 	if err != nil {
 		if xerrors.Is(err, sql.ErrNoRows) {
 			httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
--- a/coderd/tracing/httpmw_test.go
+++ b/coderd/tracing/httpmw_test.go
@ -21,8 +21,10 @@ type fakeTracer struct {
 	startCalled int64
 }

-var _ trace.TracerProvider = &fakeTracer{}
-var _ trace.Tracer = &fakeTracer{}
+var (
+	_ trace.TracerProvider = &fakeTracer{}
+	_ trace.Tracer         = &fakeTracer{}
+)

 // Tracer implements trace.TracerProvider.
 func (f *fakeTracer) Tracer(_ string, _ ...trace.TracerOption) trace.Tracer {
--- a/coderd/tracing/status_writer.go
+++ b/coderd/tracing/status_writer.go
@ -8,8 +8,10 @@ import (
 	"golang.org/x/xerrors"
 )

-var _ http.ResponseWriter = (*StatusWriter)(nil)
-var _ http.Hijacker = (*StatusWriter)(nil)
+var (
+	_ http.ResponseWriter = (*StatusWriter)(nil)
+	_ http.Hijacker       = (*StatusWriter)(nil)
+)

 // StatusWriter intercepts the status of the request and the response body up
 // to maxBodySize if Status >= 400. It is guaranteed to be the ResponseWriter
--- a/coderd/tracing/status_writer_test.go
+++ b/coderd/tracing/status_writer_test.go
@ -108,9 +108,7 @@ func TestStatusWriter(t *testing.T) {

 	t.Run("Hijack", func(t *testing.T) {
 		t.Parallel()
-		var (
-			rec = httptest.NewRecorder()
-		)
+		rec := httptest.NewRecorder()

 		w := &tracing.StatusWriter{ResponseWriter: hijacker{rec}}

--- a/coderd/util/tz/tz_darwin.go
+++ b/coderd/util/tz/tz_darwin.go
@ -10,8 +10,10 @@ import (
 	"golang.org/x/xerrors"
 )

-const etcLocaltime = "/etc/localtime"
-const zoneInfoPath = "/var/db/timezone/zoneinfo/"
+const (
+	etcLocaltime = "/etc/localtime"
+	zoneInfoPath = "/var/db/timezone/zoneinfo/"
+)

 // TimezoneIANA attempts to determine the local timezone in IANA format.
 // If the TZ environment variable is set, this is used.
--- a/coderd/util/tz/tz_linux.go
+++ b/coderd/util/tz/tz_linux.go
@ -10,8 +10,10 @@ import (
 	"golang.org/x/xerrors"
 )

-const etcLocaltime = "/etc/localtime"
-const zoneInfoPath = "/usr/share/zoneinfo"
+const (
+	etcLocaltime = "/etc/localtime"
+	zoneInfoPath = "/usr/share/zoneinfo"
+)

 // TimezoneIANA attempts to determine the local timezone in IANA format.
 // If the TZ environment variable is set, this is used.
--- a/coderd/workspaceagents_test.go
+++ b/coderd/workspaceagents_test.go
@ -607,14 +607,12 @@ func TestWorkspaceAgentListeningPorts(t *testing.T) {
 			res, err := client.WorkspaceAgentListeningPorts(ctx, agentID)
 			require.NoError(t, err)

-			var (
-				expected = map[uint16]bool{
-					// expect the listener we made
-					lPort: false,
-					// expect the coderdtest server
-					coderdPort: false,
-				}
-			)
+			expected := map[uint16]bool{
+				// expect the listener we made
+				lPort: false,
+				// expect the coderdtest server
+				coderdPort: false,
+			}
 			for _, port := range res.Ports {
 				if port.Network == "tcp" {
 					if val, ok := expected[port.Port]; ok {
--- a/coderd/workspacebuilds.go
+++ b/coderd/workspacebuilds.go
@ -1206,7 +1206,7 @@ func convertWorkspaceStatus(jobStatus codersdk.ProvisionerJobStatus, transition
 }

 func convertWorkspaceBuildParameters(parameters []database.WorkspaceBuildParameter) []codersdk.WorkspaceBuildParameter {
-	var apiParameters = make([]codersdk.WorkspaceBuildParameter, 0, len(parameters))
+	apiParameters := make([]codersdk.WorkspaceBuildParameter, 0, len(parameters))

 	for _, p := range parameters {
 		apiParameter := codersdk.WorkspaceBuildParameter{
--- a/coderd/workspacebuilds_test.go
+++ b/coderd/workspacebuilds_test.go
@ -668,7 +668,8 @@ func TestWorkspaceBuildWithRichParameters(t *testing.T) {
 						},
 					},
 				},
-			}},
+			},
+		},
 		ProvisionApply: []*proto.Provision_Response{{
 			Type: &proto.Provision_Response_Complete{
 				Complete: &proto.Provision_Complete{},
@ -810,7 +811,8 @@ func TestWorkspaceBuildValidateRichParameters(t *testing.T) {
 							Parameters: richParameters,
 						},
 					},
-				}},
+				},
+			},
 			ProvisionApply: []*proto.Provision_Response{
 				{
 					Type: &proto.Provision_Response_Complete{
--- a/coderd/workspaces_test.go
+++ b/coderd/workspaces_test.go
@ -127,7 +127,7 @@ func TestWorkspace(t *testing.T) {

 		const templateIcon = "/img/icon.svg"
 		const templateDisplayName = "This is template"
-		var templateAllowUserCancelWorkspaceJobs = false
+		templateAllowUserCancelWorkspaceJobs := false
 		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) {
 			ctr.Icon = templateIcon
 			ctr.DisplayName = templateDisplayName
@ -1835,7 +1835,8 @@ func TestWorkspaceWithRichParameters(t *testing.T) {
 						},
 					},
 				},
-			}},
+			},
+		},
 		ProvisionApply: []*proto.Provision_Response{{
 			Type: &proto.Provision_Response_Complete{
 				Complete: &proto.Provision_Complete{},