Niche edge case, assumes access_token is jwt.
Some `access_token`s are JWT's with potential useful claims.
These claims would be nearly equivalent to `user_info` claims.
This is not apart of the oauth spec, so this feature should not be
loudly advertised. If using this feature, alternate solutions are preferred.
Support public OIDC clients
- Enables support for public OIDC clients by only checking for a client
ID being set. This allows for confidential and public clients to be used
with Coder's OIDC authentication.
- Also adds a public client configuration to the development OIDC setup
script.
Fixes#16135
Change-Id: Iadd85d40c2faa595a0498e25d3407a1f94b5c8a8
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Replace Depot build action with Nix for Nix dogfood image builds
The dogfood Nix image is now built using Nix's native container tooling instead of Depot. This change:
- Adds Nix setup steps to the GitHub Actions workflow
- Removes the Dockerfile.nix in favor of a Nix-native container build
- Updates the flake.nix to support building Docker images
- Introduces a hash file to track Nix-related changes
- Updates the vendorHash for Go dependencies
Change-Id: I4e011fe3a19d9a1375fbfd5223c910e59d66a5d9
Signed-off-by: Thomas Kosiewski <tk@coder.com>
The `make -j` output was sometimes emitting non-JSON output from `go
generate`, resulting in errors like the below:
```
++ /home/coder/src/coder/coder/scripts/coder-dev.sh organizations show me -o json
++ jq -r '.[] | select(.is_default) | .name'
parse error: Invalid numeric literal at line 1, column 3
```
This PR modifies `coder-dev.sh` to silence the output of `make` if the
output is not a TTY.
This PR is the second in a series aimed at closing
https://github.com/coder/coder/issues/15109.
## Changes
- adds `scripts/embedded-pg/main.go`, which can start a native Postgres
database. This is used to set up PG on Windows and macOS, as these
platforms don't support Docker in Github Actions.
- runs the `test-go-pg` job on macOS and Windows too
- adds the `test-go-race-go` job, which runs race tests with Postgres on
Linux
- Integrates the `agentexec` pkg into the agent and removes the
legacy system of iterating over the process tree. It adds some linting
rules to hopefully catch future improper uses of `exec.Command` in the package.
Updates `develop.sh` to automatically determine the name of the 'first
org' when pushing the initial template.
Also runs `terraform init` before running `coder templates push` (pet
peeve).
Before db_metrics were all or nothing. Now `InTx` metrics are always recorded, and query metrics are opt in.
Adds instrumentation & logging around serialization failures in the database.
- [x] Mention Orgs is beta and add a link to get feedback
- [x] Add docs on new provisioner authentication architecture and
deprecate the old one
- [x] Add/update docs for IdP sync
- [x] Organization Sync
- [x] Group Sync
- [x] Role Sync
- [x] Modify `coder.com` codebase to add `Premium` and `Beta` pill, and
allow multiple pills: https://github.com/coder/coder.com/pull/638
- [x] Replace all mentions of "Enterprise" with "Premium" in docs
- [x] edit: change it to "Licensing"
- [x] Remove the enterprise page and change all links to
coder.com/pricing
- [x] Merge #14786
- [x] Add redirects for coder.com to redirect the `using-organizations`
guide to the new orgs one and /enterprise to /premium
https://github.com/coder/coder.com/pull/645
- [x] Custom roles
- [x] https://github.com/coder/coder/pull/14786
- [x] Remove all mentions of orgs experiment
- [x] Update in-product copy & links to link to the new docs pages
Anything I am missing?
---
[Preview
this](https://coder.com/docs/@orgs-licenses/admin/organizations)
---------
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Jaayden Halko <jaayden.halko@gmail.com>
The initial assumption that branch manipulations should be done by this
script and not pushed to remote manually has proven to get in the way of
the regular release flow.
These are just safety-checks to prevent user error, safe to remove.
Fixes#13648
