Commit Graph

384 Commits

Author SHA1 Message Date
03c5d42233 chore: keep active users active in scim (#13955)
* chore: scim should keep active users active
* chore: add a unit test to excercise dormancy bug
* audit log should not be dropped when there is no change
* add ability to cancel audit log
2024-07-19 16:30:02 -05:00
b697c6939a chore: add provisioner key crud apis (#13857) 2024-07-16 13:27:12 -04:00
1691768fb9 chore: use store enqueuer with external provisioners (#13881) 2024-07-12 13:51:13 +02:00
687d9538de chore: provisioner acquirer to respect organization ID of jobs (#13874)
* test: add unit test to verify creation of templates in multiple orgs
* chore: provisioner acquirer to respect organization ID of jobs

Prior to this the wrong provisioner was awakened on any new job
posting.

* add comment and stricter check
2024-07-11 11:26:47 -05:00
a6d66cc7ec chore: ensure correct version of golangci-lint is run in ci (#13869) 2024-07-10 14:50:38 -05:00
0787de88a9 chore: update documentation links to the new format (#13797) 2024-07-10 21:31:37 +03:00
bdd2caf95d feat: implement thin vertical slice of system-generated notifications (#13537) 2024-07-08 15:38:50 +02:00
6c94dd4f23 chore: add DRPC server implementation for network telemetry (#13675) 2024-07-02 01:50:52 +10:00
5b59f2880f fix: fix workspacesdk to return error on API mismatch (#13683) 2024-06-27 15:02:43 +04:00
87ad560aff feat: add groups and group members to telemetry snapshot (#13655)
* feat: Added in groups and groups members to telemetry snapshot
* feat: adding in test to dbauthz for getting group members and groups
2024-06-25 11:01:40 -07:00
34c67e8428 test: add unit test helper to create templates in second organizations (#13628)
* chore: add coderdtest helpers
2024-06-24 12:55:57 -05:00
0e933f0537 chore: refactor user -> rbac.subject into a function (#13624)
* chore: refactor user subject logic to be in 1 place
* test: implement test to assert deleted custom roles are omitted
* add unit test for deleted role
2024-06-21 11:30:02 -05:00
889daf200e feat(enterprise): add auditing to SCIM (#13614) 2024-06-20 17:22:27 -05:00
e987ad1d89 fix: don't allow "new" or "create" as url-friendly names (#13596) 2024-06-18 15:36:13 -06:00
d04959cea8 chore: implement custom role assignment for organization admins (#13570)
* chore: static role assignment mapping

Until a dynamic approach is created in the database, only org-admins
can assign custom organization roles.
2024-06-13 15:59:06 -05:00
3d30c8dc68 chore: protect reserved builtin rolenames (#13571)
Conflicting built-in and database role names makes it hard to
disambiguate
2024-06-13 15:12:37 -05:00
de9e6889bb chore: merge organization member db queries (#13542)
Merge members queries into 1 that also joins in the user table for username.
Required to list organization members on UI/cli
2024-06-12 09:23:48 -10:00
5ccf5084e8 chore: create type for unique role names (#13506)
* chore: create type for unique role names

Using `string` was confusing when something should be combined with
org context, and when not to. Naming this new name, "RoleIdentifier"
2024-06-11 08:55:28 -05:00
0d65143301 chore: implement audit log for custom role edits (#13494)
* chore: implement audit log for custom role edits
2024-06-07 14:11:57 -05:00
8f62311f00 chore: remove organization_id suffix from org_member roles in database (#13473)
Organization member's table is already scoped to an organization.
Rolename should avoid having the org_id appended.

Wipes all existing organization role assignments, which should not be used anyway.
2024-06-05 11:25:02 -05:00
e3206612e1 chore: implement typed database for custom permissions (breaks existing custom roles) (#13457)
* chore: typed database custom permissions
* add migration to fix any custom roles out there
2024-06-04 09:27:44 -05:00
b248f125e1 chore: rename notification banners to announcement banners (#13419) 2024-05-31 10:59:28 -06:00
de8149fbfd chore: move template meta last_used_at update to workspacestats (#13415) 2024-05-31 12:26:19 -04:00
5789ea5397 chore: move stat reporting into workspacestats package (#13386) 2024-05-29 11:49:08 -04:00
afd9d3b35f feat: add api for patching custom org roles (#13357)
* chore: implement patching custom organization roles
2024-05-29 09:49:43 -05:00
1b4ca00428 chore: include custom roles in list org roles (#13336)
* chore: include custom roles in list org roles
* move cli show roles to org scope
2024-05-23 07:54:59 -10:00
c61b64be61 feat: add hidden enterprise cmd command to list roles (#13303)
* feat: add hidden enterprise cmd command to list roles

This includes custom roles, and has a json ouput option for
more granular permissions
2024-05-21 13:14:00 -05:00
ad8c314130 chore: implement api for creating custom roles (#13298)
api endpoint (gated by experiment) to create custom_roles
2024-05-16 13:47:47 -05:00
1f5788feff chore: remove rbac psuedo resources, add custom verbs (#13276)
Removes our pseudo rbac resources like `WorkspaceApplicationConnect` in favor of additional verbs like `ssh`. This is to make more intuitive permissions for building custom roles.

The source of truth is now `policy.go`
2024-05-15 11:09:42 -05:00
cb6b5e8fbd chore: push rbac actions to policy package (#13274)
Just moved `rbac.Action` -> `policy.Action`. This is for the stacked PR to not have circular dependencies when doing autogen. Without this, the autogen can produce broken golang code, which prevents the autogen from compiling.

So just avoiding circular dependencies. Doing this in it's own PR to reduce LoC diffs in the primary PR, since this has 0 functional changes.
2024-05-15 09:46:35 -05:00
721ab2a1b4 chore: add workspace activity linter (#13273) 2024-05-14 12:31:31 -04:00
ebee9288ae fix: properly convert max port share level for oss (#13261) 2024-05-13 14:37:51 -04:00
d8e0be6ee6 feat: add support for multiple banners (#13081) 2024-05-08 15:40:43 -06:00
24448e79fe fix: prevent extending if template disallows (#13182) 2024-05-08 12:58:14 -03:00
c550d0641d feat: move shared ports out of experiment (#13120) 2024-05-02 14:11:33 -04:00
845407fe7a chore: cover deadline crossing autostart border on start (#13115)
When starting a workspace, if the deadline crosses an autostart boundary, the deadline is set to autostart + TTL. 
This copies the behavior in `ActivityBumpWorkspace`, but does not require activity.
2024-05-01 10:43:04 -05:00
1bda8a0856 feat: add deployment_id to the ui and licenses (#13096)
* feat: expose `deployment_id` in the user dropdown

* feat: add license deployment_id verification

* Ignore wireguard.com from mlc config
2024-04-29 16:50:11 -04:00
227e632053 fix: add grace period before showing replicas license error (#12989)
Fixes #8665.
2024-04-17 13:30:32 -04:00
2ad7fcc0b7 fix: show template autostop setting when it overrides the workspace setting (#12910) 2024-04-11 13:08:51 -06:00
e801e878ba feat: add agent acks to in-memory coordinator (#12786)
When an agent receives a node, it responds with an ACK which is relayed
to the client. After the client receives the ACK, it's allowed to begin
pinging.
2024-04-10 17:15:33 -05:00
a607d5610e chore: disable pgcoord (HA) when --in-memory (#12919)
* chore: disable pgcoord (HA) when --in-memory

HA does not make any sense while using in-memory database
2024-04-10 11:05:55 -05:00
838e8df5be chore: merge apikey/token session config values (#12817)
* chore: merge apikey/token session config values

There is a confusing difference between an apikey and a token. This
difference leaks into our configs. This change does not resolve the
difference. It only groups the config values to try and manage any
bloat that occurs from adding more similar config values
2024-04-10 10:34:49 -05:00
eeb3d63be6 chore: merge authorization contexts (#12816)
* chore: merge authorization contexts

Instead of 2 auth contexts from apikey and dbauthz, merge them to
just use dbauthz. It is annoying to have two.

* fixup authorization reference
2024-03-29 10:14:27 -05:00
dc8cf3eea5 fix: nil ptr dereference when removing a license (#12785) 2024-03-27 15:59:35 -05:00
4d5a7b2d56 chore(codersdk): move all tailscale imports out of codersdk (#12735)
Currently, importing `codersdk` just to interact with the API requires
importing tailscale, which causes builds to fail unless manually using
our fork.
2024-03-26 12:44:31 -05:00
40e5ad5499 feat: make OAuth2 provider not enterprise-only (#12732) 2024-03-25 11:52:22 -08:00
03ab37b343 chore: remove middleware to request version and entitlement warnings (#12750)
This cleans up `root.go` a bit, adds tests for middleware HTTP transport
functions, and removes two HTTP requests we always always performed previously
when executing *any* client command.

It should improve CLI performance (especially for users with higher latency).
2024-03-25 15:01:42 -04:00
37a05372fa fix: disable relay if built-in DERP is disabled (#12654)
Fixes https://github.com/coder/coder/issues/12493
2024-03-21 16:53:41 -05:00
2b773f9034 fix: allow proxy version mismatch (with warning) (#12433) 2024-03-20 18:24:18 +00:00
d789a60d47 chore: remove max_ttl from templates (#12644)
* chore: remove max_ttl from templates

Completely removing max_ttl as a feature on template scheduling. Must use other template scheduling features to achieve autostop.
2024-03-20 10:37:57 -05:00