Commit Graph

2604 Commits

Author SHA1 Message Date
859dd2fc3f feat: add dynamic parameters websocket endpoint (#17165) 2025-04-10 14:08:50 -06:00
1e0051a9a2 feat(testutil): add GetRandomNameHyphenated (#17342)
This started coming up more often for me, so time for a test helper!

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-04-10 19:08:38 +01:00
46d4b28384 chore: add x-authz-checks debug header when running in dev mode (#16873) 2025-04-10 11:36:27 -06:00
6dd1056025 feat(coderd/notifications): group workspace build failure report (#17306)
Closes https://github.com/coder/coder/issues/15745

Instead of sending X many reports to a single template admin, we instead
send only 1.
2025-04-10 13:32:19 +01:00
0b58798a1a feat: remove site wide perms from creating a workspace (#17296)
Creating a workspace required `read` on site wide `user`. 
Only organization permissions should be required.
2025-04-09 14:35:43 -05:00
3f3e2017bd fix: fix http cache dir creation order in coderdtest (#17303)
fixes coder/internal#565

Fixes the ordering of creating the HTTP cache temp dir with respect to
starting the Coderd HTTP server, so that they are cleaned up in the
correct (reverse) order.
2025-04-09 11:19:48 +00:00
a8fbe71a22 chore(cli): increase healthcheck timeout in TestSupportbundle (#17291)
Fixes https://github.com/coder/internal/issues/272

* Increases healthcheck timeout in tests. This seems to be the most
usual cause of test failures.
* Adds a non-nilness check before caching a healthcheck report.
* Modifies the HTTP response code to 503 (was 404) when no healthcheck
report is available. 503 seems to be a better indicator of the server
state in this case, whereas 404 could be misinterpreted as a typo in the
healthcheck URL.
2025-04-09 09:21:17 +01:00
0e658219b2 feat: support filtering users table by login type (#17238)
#15896 Mentions ability to add support for filtering by login type

The issue mentions that backend API support exists but the backend did
not seem to have the support for this filter. So I have added the
ability to filter it.

I also added a corresponding update to readme file to make sure the docs
will correctly showcase this feature
2025-04-09 13:59:41 +10:00
52d555880c chore: add custom samesite options to auth cookies (#16885)
Allows controlling `samesite` cookie settings from the deployment config
2025-04-08 14:15:14 -05:00
88b7c9ef5d feat: install more terminal fonts (#17289)
Related: https://github.com/coder/coder/issues/15024
2025-04-08 14:36:15 +02:00
ce22de8d15 feat: log long-lived connections acceptance (#17219)
Closes #16904
2025-04-08 08:30:05 +00:00
114ba4593b chore: fix swagger type of AuditLog AdditionalFields (#17286) 2025-04-07 13:48:58 -06:00
743d308eb3 feat: support multiple terminal fonts (#17257)
Fixes: https://github.com/coder/coder/issues/15024
2025-04-07 14:30:10 +02:00
0b2b643ce2 feat: persist prebuild definitions on template import (#16951)
This PR allows provisioners to recognise and report prebuild definitions
to the coder control plane. It also allows the coder control plane to
then persist these to its store.

closes https://github.com/coder/internal/issues/507

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: evgeniy-scherbina <evgeniy.shcherbina.es@gmail.com>
2025-04-07 10:35:28 +02:00
24248736ac feat: add host suffix to /api/v2/deployment/ssh (#17269)
Adds `HostnameSuffix` to ssh config API and deprecates `HostnamePrefix`. We will still support setting and using the prefix for some time.
2025-04-07 11:57:10 +04:00
87d9ff0973 feat: add CODER_WORKSPACE_HOSTNAME_SUFFIX (#17268)
Adds deployment option `CODER_WORKSPACE_HOSTNAME_SUFFIX`. This will eventually replace `CODER_SSH_HOSTNAME_PREFIX`, but we will do this slowly and support both for `coder ssh` for some time.

Note that the name is changed to "workspace" hostname, since this suffix will also be used for Coder Connect on Coder Desktop, which is not limited to SSH.
2025-04-07 11:35:47 +04:00
54ff17bec6 feat: create experimental CreateWorkspacePage and dynamic-parameters experiment (#17240)
The purpose of the PR is to make a copy of the CreateWorkspacePage and
create an experimental version that will use when the dynamic-parameters
experiment is enabled.

The Figma designs for this page are still in progress but this first PR
will start to move to the new designs.

Figma design:
https://www.figma.com/design/SMg6H8VKXnPSkE6h9KPoAD/UX-Presets?node-id=2121-2383&t=CtgPUz8eNsTI5b1t-1

Much of the existing code will be left behind and will slowly migrated
over the course of several PRs to make sure no existing functionality is
forgotten in the migration to dynamic paramaters.
2025-04-03 16:39:12 -04:00
99c6f235eb feat: add migrations and queries to support prebuilds (#16891)
Depends on https://github.com/coder/coder/pull/16916 _(change base to
`main` once it is merged)_

Closes https://github.com/coder/internal/issues/514

_This is one of several PRs to decompose the `dk/prebuilds` feature
branch into separate PRs to merge into `main`._

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: evgeniy-scherbina <evgeniy.shcherbina.es@gmail.com>
2025-04-03 10:58:30 +02:00
ac7ea08873 chore: add files cache for reading template tar archives from db (#17141) 2025-04-02 16:42:16 -06:00
e8b7ce80de ci: re-enable revive and gosec linters (#17225)
* Reenables revive linter for test files (with an exception for the
`unused-parameter` rule)
* Reenables gosec linter for test files
2025-04-02 16:19:23 +01:00
83d7147e02 chore: deprecate ResourceSystem (#17217)
Deprecates `ResourceSystem`. It's a large collection of unrelated things, and violates the principle of least privilege because to get access to low-security stuff like various statistics, you also get access to serious-security stuff like crypto keys.

We should eventually break it up and remove it, but the least we can do for now is not make the problem worse.
2025-04-02 19:17:26 +04:00
8cecc4f12d chore(coderd/coderdtest/oidctest): protect mutable fields with rwmutex (#17151)
Protects mutable fields of `FakeIDP` to avoid data races.
2025-04-02 13:36:26 +01:00
0ec87abaa5 docs: add new section on managing provisioners from the dashboard (#16563)
closes #16513 


[preview](https://coder.com/docs/@16513-manage-ext-provisioners/admin/provisioners/manage-provisioner-jobs)

---------

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-04-01 21:04:31 -05:00
184c1f0a59 chore: add db queries for dynamic parameters (#17137) 2025-04-01 15:47:30 -06:00
f3e5bb9276 fix: convert workspace id in db2sdk.WorkspaceAppStatus (#17201)
This was causing no status to be rendered in the list, and
`latest_app_status` to always be nil.
2025-04-01 14:49:32 -04:00
3a243c111b fix: remove shared mutable state between oidc tests (#17179)
Spotted on main: https://github.com/coder/coder/actions/runs/14179449567/job/39721999486
```
=== FAIL: coderd TestOIDCDomainErrorMessage/MalformedEmailErrorOmitsDomains (0.01s)
==================
WARNING: DATA RACE
Read at 0x00c060b54e68 by goroutine 296485:
  golang.org/x/oauth2.(*Config).Exchange()
      /home/runner/go/pkg/mod/golang.org/x/oauth2@v0.28.0/oauth2.go:228 +0x1d8
  github.com/coder/coder/v2/coderd.(*OIDCConfig).Exchange()
      <autogenerated>:1 +0xb7
  github.com/coder/coder/v2/coderd.New.func11.12.1.2.ExtractOAuth2.1.1()
      /home/runner/work/coder/coder/coderd/httpmw/oauth2.go:168 +0x7b5
  net/http.HandlerFunc.ServeHTTP()
      /opt/hostedtoolcache/go/1.24.1/x64/src/net/http/server.go:2294 +0x47
[...]
Previous write at 0x00c060b54e68 by goroutine 55730:
  github.com/coder/coder/v2/coderd/coderdtest/oidctest.(*FakeIDP).SetRedirect()
      /home/runner/work/coder/coder/coderd/coderdtest/oidctest/idp.go:1280 +0x1e6
  github.com/coder/coder/v2/coderd/coderdtest/oidctest.(*FakeIDP).LoginWithClient()
      /home/runner/work/coder/coder/coderd/coderdtest/oidctest/idp.go:494 +0x170
  github.com/coder/coder/v2/coderd/coderdtest/oidctest.(*FakeIDP).AttemptLogin()
      /home/runner/work/coder/coder/coderd/coderdtest/oidctest/idp.go:479 +0x624
  github.com/coder/coder/v2/coderd_test.TestOIDCDomainErrorMessage.func3()
      /home/runner/work/coder/coder/coderd/userauth_test.go:2041 +0x1f2
```

As seen, this race was caused by sharing a `*oidctest.FakeIDP` between test cases. The fix is to simply do the setup twice.

```
$ go test -race -run "TestOIDCDomainErrorMessage" github.com/coder/coder/v2/coderd -count=100
ok      github.com/coder/coder/v2/coderd        7.551s
````
2025-04-01 22:28:05 +11:00
8ea956fc11 feat: add app status tracking to the backend (#17163)
This does ~95% of the backend work required to integrate the AI work.

Most left to integrate from the tasks branch is just frontend, which
will be a lot smaller I believe.

The real difference between this branch and that one is the abstraction
-- this now attaches statuses to apps, and returns the latest status
reported as part of a workspace.

This change enables us to have a similar UX to in the tasks branch, but
for agents other than Claude Code as well. Any app can report status
now.
2025-03-31 10:55:44 -04:00
489641d0be feat: set icons for each type of notification (#17115)
Each notification type will have an icon to represent the context:

<img width="503" alt="Screenshot 2025-03-26 at 13 44 35"
src="https://github.com/user-attachments/assets/1187c1c0-1043-4a32-b105-a7f91b52f8ca"
/>

This depends on https://github.com/coder/coder/pull/17013
2025-03-31 09:40:24 -03:00
9bc727e977 chore: add support for one-way websockets to backend (#16853)
Closes https://github.com/coder/coder/issues/16775

## Changes made
- Added `OneWayWebSocket` function that establishes WebSocket
connections that don't allow client-to-server communication
- Added tests for the new function
- Updated API endpoints to make new WS-based endpoints, and mark
previous SSE-based endpoints as deprecated
- Updated existing SSE handlers to use the same core logic as the new WS
handlers

## Notes
- Frontend changes handled via #16855
2025-03-28 17:13:20 -04:00
148dae1e9f fix: add fallback icons for notifications (#17013)
Related: https://github.com/coder/internal/issues/522
2025-03-28 12:21:48 +01:00
eded0ed4b6 chore: fix false positives in CodeQL (#17138)
Clears up some false positives being surfaced by CodeQL
2025-03-27 16:06:58 -05:00
e1f27a7137 feat(site): add webpush notification serviceworker (#17123)
* Improves tests for webpush notifications
* Sets subscriber correctly in web push payload (without this,
notifications do not work in Safari)
* NOTE: for now, I'm using the Coder Access URL. Some push messaging
service don't like it when you use a non-HTTPS URL, so dropping a warn
log about this.
* Adds a service worker and context for push notifications
* Adds a button beside "Inbox" to enable / disable push notifications

Notes:
*  Tested in in Firefox and Safari, and Chrome.
2025-03-27 17:30:25 +00:00
5bd2a3f190 fix: conceal sensitive domain information in auth error messages (#17132)
## Summary
- Removes exposure of allowed domain list in OIDC authentication error
messages
- Replaces detailed error messages with a generic message that doesn't
expose internal domains
- Adds "Please contact your administrator" to guide users seeking
assistance
- Addresses security concern where third-party contractors could see
internal domain information

## Test plan
- Test accessing Coder with an email that doesn't match allowed domains
- Verify error message no longer displays the list of authorized domains
- Verify message now includes guidance to contact administrator

Fixes issue related to domain information exposure during
authentication. Linked issue:
https://github.com/coder/coder/issues/17130

🤖 Generated with [Claude Code](https://claude.ai/code)
2025-03-27 13:41:01 +00:00
7d4b3c8634 feat(agent): add devcontainer autostart support (#17076)
This change adds support for devcontainer autostart in workspaces. The
preconditions for utilizing this feature are:

1. The `coder_devcontainer` resource must be defined in Terraform
2. By the time the startup scripts have completed,
	- The `@devcontainers/cli` tool must be installed
	- The given workspace folder must contain a devcontainer configuration

Example Terraform:

```tf
resource "coder_devcontainer" "coder" {
  agent_id         = coder_agent.main.id
  workspace_folder = "/home/coder/coder"
  config_path      = ".devcontainer/devcontainer.json" # (optional)
}
```

Closes #16423
2025-03-27 12:31:30 +02:00
06e5d9ef21 feat(coderd): add webpush package (#17091)
* Adds `codersdk.ExperimentWebPush` (`web-push`)
* Adds a `coderd/webpush` package that allows sending native push
notifications via `github.com/SherClockHolmes/webpush-go`
* Adds database tables to store push notification subscriptions.
* Adds an API endpoint that allows users to subscribe/unsubscribe, and
send a test notification (404 without experiment, excluded from API docs)
* Adds server CLI command to regenerate VAPID keys (note: regenerating
the VAPID keypair requires deleting all existing subscriptions)

---------

Co-authored-by: Kyle Carberry <kyle@carberry.com>
2025-03-27 10:03:53 +00:00
ddb06741c9 chore: improve dormant workspace notification wording (#17100)
Related to #17099
2025-03-26 15:54:03 +01:00
cac130346d chore: bump debounce from 5 minutes to 30 minutes (#17111)
To ensure OOM/OOD isn't too spammy we want to have a debounce period of
30 minutes.
2025-03-26 14:33:10 +00:00
c8f3b35e13 fix: prevent password reset notifications ending up in coder inbox (#17109)
We do not want password reset notifications to end up in Coder Inbox as
this doesn't make much sense. This implements the logic to ensure they
are not delivered if the method is Coder Inbox.

In the future we might want to investigate a better solution but for now
this works.
2025-03-26 11:08:31 +00:00
17ddee05e5 chore: update golang to 1.24.1 (#17035)
- Update go.mod to use Go 1.24.1
- Update GitHub Actions setup-go action to use Go 1.24.1
- Fix linting issues with golangci-lint by:
  - Updating to golangci-lint v1.57.1 (more compatible with Go 1.24.1)

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <claude@anthropic.com>
2025-03-26 01:56:39 -05:00
c131d01cfd chore: disallow inbox as default method (#17093)
Disallow setting `inbox` as the default notifications method.
2025-03-25 20:10:15 +00:00
cf10d98aab fix: improve error message when deleting organization with resources (#17049)
Closes
[coder/internal#477](https://github.com/coder/internal/issues/477)

![Screenshot 2025-03-21 at 11 25
57 AM](https://github.com/user-attachments/assets/50cc03e9-395d-4fc7-8882-18cb66b1fac9)

I'm solving this issue in two parts:

1. Updated the postgres function so that it doesn't omit 0 values in the
error
2. Created a new query to fetch the number of resources associated with
an organization and using that information to provider a cleaner error
message to the frontend

> **_NOTE:_** SQL is not my strong suit, and the code was created with
the help of AI. So I'd take extra time looking over what I wrote there
2025-03-25 15:31:24 -04:00
5c8cac9fb7 feat: add name to workspace agent devcontainers (#17089)
In the presence of multiple devcontainers, it would be nice to
differentiate them by name. This change inherits the resource name from
terraform.

Refs #17076
2025-03-25 12:59:20 +00:00
cd19e79d9b chore: enable coder inbox by default (#17077)
Add a flag to enable Coder Inbox by default, as well as supporting disabling the feature.
2025-03-25 12:51:26 +00:00
5f3a53f01b fix: fix race condition in pubsub startup (#17088)
fixes https://github.com/coder/internal/issues/525

If the context is canceled, the goroutine that is supposed to read from the `errCh` could exit prematurely, leading to a goroutine leak. Refactors this code so it cannot block.
2025-03-25 16:45:45 +04:00
4c33846f6d chore: add prebuilds system user (#16916)
Pre-requisite for https://github.com/coder/coder/pull/16891

Closes https://github.com/coder/internal/issues/515

This PR introduces a new concept of a "system" user.

Our data model requires that all workspaces have an owner (a `users`
relation), and prebuilds is a feature that will spin up workspaces to be
claimed later by actual users - and thus needs to own the workspaces in
the interim.

Naturally, introducing a change like this touches a few aspects around
the codebase and we've taken the approach _default hidden_ here; in
other words, queries for users will by default _exclude_ all system
users, but there is a flag to ensure they can be displayed. This keeps
the changeset relatively small.

This user has minimal permissions (it's equivalent to a `member` since
it has no roles). It will be associated with the default org in the
initial migration, and thereafter we'll need to somehow ensure its
membership aligns with templates (which are org-scoped) for which it'll
need to provision prebuilds; that's a solution we'll have in a
subsequent PR.

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Sas Swart <sas.swart.cdk@gmail.com>
2025-03-25 12:18:06 +00:00
117e4c2fe7 feat: adds device_id, device_os, and coder_desktop_version to telemetry (#17086)
Records the Device ID, Device OS and Coder Desktop version to telemetry.

These values are provided by the Coder Desktop client in the StartRequest method of the VPN protocol. We render them as an HTTP header to transmit to Coderd, where they are decoded and added to telemetry.
2025-03-25 15:26:05 +04:00
7b65422ef3 fix: change notifications actions url (#17083)
Related to #17082

Some notifications ( workspace created and workspace manually updated )
are using wrong variables to build the Action URL. Fixing it.
2025-03-25 11:29:02 +01:00
5b3eda6719 chore: persist template import terraform plan in postgres (#17012) 2025-03-24 10:01:50 -06:00
e0ecc28638 feat: add telemetry to user-scoped tailnet API call (#17065)
Adds support for sending telemetry on calls to the User-scoped tailnet RPC endpoint. This is currently used only by Coder Desktop.

Later PRs will fill in the version, OS information, and device ID via HTTP headers.
2025-03-24 16:02:33 +04:00
82e37732ea feat(coderd): add format option to inbox notifications watch endpoint (#17034)
This PR aims to allow clients to use different format for the title and
content of inbox notifications - on the watch endpoint.

This solution will help to have it working and formatted differently on
VSCode, WebUI ...
[Related to this issue](https://github.com/coder/internal/issues/523)
2025-03-21 16:41:13 +01:00