* chore: Allow RecordingAuthorizer to record multiple rbac authz calls
Prior iteration only recorded the last call. This is required for
more comprehensive testing
Adds --session-duration which lets admins customize the default session
expiration for browser sessions.
Adds --disable-session-expiry-refresh which allows admins to prevent
session expiry from being automatically bumped upon the API key being
used.
* fix: index template versions by template and name
We were incorrectly returning template versions by name relative
to organizations. This could result in an incorrect version being
returned if multiple templates had versions with the same name.
* Fix auth referencing
* Fix route location
* Fix authorize route name
* Fix previous call
* Fix authorize route name
* feat: generate a self-signed certificate if no certificates are specified
Clouds like AWS automatically navigate to https://<ip-here>. This
allows us to bind to that immediately, serve a self-signed certificate,
then reroute to the access URL.
* Add new flag and deprecate old one
* Fix redirect if not using tunnel
* Add deprecation notice
* Fix TLS redirect
* Run `make gen`
* Fix bad test
* Fix gen
* Allow hiding password entry, changing OpenID Connect text and OpenID Connect icon
* Docs
* Cleaning
* Fix Prettier and Go test and TS compile error
* Fix LoginPage test
* Prettier
* Fix storybook
* Add query param to un-hide password auth
* Cleaning
* Hide password by default when OIDC enabled
* Ran prettier, updated goldenfiles and ran "make gen"
* Fixed and added LoginPage test
* Ran prettier
* PR Feedback and split up SignInForm.tsx
* Updated golden files
* Fix auto-genned-files
* make gen -B
* Revert provisioner files?
* Fix lint error
---------
Co-authored-by: Kyle Carberry <kyle@coder.com>
* pushing for guidance
* added test
* PR feedback
* fixed tests
* Update coderd/audit.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* runnig make gen
---------
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* chore: rename `AgentConn` to `WorkspaceAgentConn`
The codersdk was becoming bloated with consts for the workspace
agent that made no sense to a reader. `Tailnet*` is an example
of these consts.
* chore: remove `Get` prefix from *Client functions
* chore: remove `BypassRatelimits` option in `codersdk.Client`
It feels wrong to have this as a direct option because it's so infrequently
needed by API callers. It's better to directly modify headers in the two
places that we actually use it.
* Merge `appearance.go` and `buildinfo.go` into `deployment.go`
* Merge `experiments.go` and `features.go` into `deployment.go`
* Fix `make gen` referencing old type names
* Merge `error.go` into `client.go`
`codersdk.Response` lived in `error.go`, which is wrong.
* chore: refactor workspace agent functions into agentsdk
It was odd conflating the codersdk that clients should use
with functions that only the agent should use. This separates
them into two SDKs that are closely coupled, but separate.
* Merge `insights.go` into `deployment.go`
* Merge `organizationmember.go` into `organizations.go`
* Merge `quota.go` into `workspaces.go`
* Rename `sse.go` to `serversentevents.go`
* Rename `codersdk.WorkspaceAppHostResponse` to `codersdk.AppHostResponse`
* Format `.vscode/settings.json`
* Fix outdated naming in `api.ts`
* Fix app host response
* Fix unsupported type
* Fix imported type
I noticed this when adding a new parameter type. There's a test
case for an empty string that returned false for validation,
but appears like it could be true.
If there is no value for a string, then the default is used.
In this case there is no default, but that's technically fine
I believe.
If an agent went away and reconnected, the wsconncache connection would
be polluted for about 10m because there would be two peers with the
same IP. The old peer always had priority, which caused the dashboard to
try and always dial the old peer until it was removed.
Fixes: https://github.com/coder/coder/issues/5292
* chore: Implement standard rbac.Subject to be reused everywhere
An rbac subject is created in multiple spots because of the way we
expand roles, scopes, etc. This difference in use creates a list
of arguments which is unwieldy.
Use of the expander interface lets us conform to a single subject
in every case
* feat(coderd): add authz_querier experiment
* coderdtest: wire up authz_querier
* wire up AuthzQuerier in coderd
* remove things that do not yet exist in this timeline
* add newline
* comment unreachable code
* chore: Authz should support non-named roles
Named roles are a construct for users to assign/interact with roles.
For authzlayer implementation, we need to create "system" users.
To enforce strict security, we are making specific roles with
the exact required permissions for the system action.
These new roles should not be available to the user. There is a
clear code divide with this implementation that allows a RoleNames
implemenation for users to user, and system users can create their
own implementation
* chore: Update sqlc to v1.16.0
* chore: Fix cases where types became Null-types
* chore: Set parameter_schemas default_destination_scheme and default_source_scheme to NOT NULL
* chore: Add enum validation to database fake
* chore: Fix all tests that skipping enum values
* fix: Use correct err in providionerdserver audit log failure log
* feat: Implement allow_list for scopes for resource specific permissions
Feature that adds an allow_list for scopes to specify particular resources.
This enables workspace agent tokens to use the same RBAC system as users.
- Add ID to compileSQL matchers
* Plumb through WithID on rbac objects
* Rename Scope -> ScopeName
* Update input.json with scope allow_list
Co-authored-by: Cian Johnston <cian@coder.com>
This commit disables path-based app sharing by default. It is possible
for a workspace app on a path (not a subdomain) to make API requests to
the Coder API. When accessing your own workspace, this is not much of a
problem. When accessing a shared workspace app, the workspace owner
could include malicious javascript in the page that makes requests to
the Coder API on behalf of the visitor.
This vulnerability does not affect subdomain apps.
- Disables path-based app sharing by default. Previous behavior can be
restored using the `--dangerous-allow-path-app-sharing` flag which is
not recommended.
- Disables users with the site "owner" role from accessing path-based
apps from workspaces they do not own. Previous behavior can be
restored using the `--dangerous-allow-path-app-site-owner-access` flag
which is not recommended.
- Adds a flag `--disable-path-apps` which can be used by
security-conscious admins to disable all path-based apps across the
entire deployment. This check is enforced at app-access time, not at
template-ingest time.
* added AuditableGroup type
* added json tags
* Anonymizing gGroup struct
* adding support on the FE for nested group diffs
* added type for GroupMember
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* fetching group members in group.delete
* passing through right error
* broke out into util function and added tests
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
- Deprecates the --experimental flag
- Adds a new flag --experiments which supports passing multiple comma-separated values or a wildcard value.
- Exposes a new endpoint /api/v2/experiments that returns the list of enabled experiments.
- Deprecates the field Features.Experimental in favour of this new API.
- Updates apidocgen to support type aliases (shoutout to @mtojek).
- Modifies apitypings to support generating slice types.
- Updates develop.sh to pass additional args after -- to $CODERD_SHIM.
