* feat(workspaces): implement sorting order on workspace list
* split slice into its own function and test it
* use require instead of assert
* Update coderd/workspaces_internal_test.go
Co-authored-by: Cian Johnston <cian@coder.com>
* refactor tests into table tests
* fix test
---------
Co-authored-by: Cian Johnston <cian@coder.com>
* chore: Rbac errors should be returned, and not hidden behind 404
SqlErrNoRows was hiding actual errors
* Replace sql.ErrNoRow checks
* Remove sql err no rows check from dbauthz test
* Fix to use dbauthz system user
* feat: dbauthz always on, out of experimental
* Add ability to do rbac checks in unit tests
* Remove AuthorizeAllEndpoints
* Remove duplicate rbac checks
* feat: Implement view for workspace builds to include rbac info
* Removes the need to fetch the workspace to run an rbac check.
* chore: Use workspace build as RBAC object
* chore: Use golang templates instead of sqlc files
* feat: Error on excessive invalid search keys
* feat: Guard search queries against common mistakes
* Raise errors in FE on workspaces table
* All errors should be on newlines
* chore: Skip authz on various functions used for api data building
API already fetches the parent object and does the rbac check. Until
these functions are optimized, skipping authz is better.
It leaves us no worse off than the status quo
feat: Add initial AuthzQuerier implementation
- Adds package database/dbauthz that adds a database.Store implementation where each method goes through AuthZ checks
- Implements all database.Store methods on AuthzQuerier
- Updates and fixes unit tests where required
- Updates coderd initialization to use AuthzQuerier if codersdk.ExperimentAuthzQuerier is enabled
* pushing for guidance
* added test
* PR feedback
* fixed tests
* Update coderd/audit.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* runnig make gen
---------
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* chore: Rewrite rbac rego -> SQL clause
Previous code was challenging to read with edge cases
- bug: OrgAdmin could not make new groups
- Also refactor some function names
* Start to port over provisioner daemons PR
* Move to Enterprise
* Begin adding tests for external registration
* Move provisioner daemons query to enterprise
* Move around provisioner daemons schema
* Add tags to provisioner daemons
* make gen
* Add user local provisioner daemons
* Add provisioner daemons
* Add feature for external daemons
* Add command to start a provisioner daemon
* Add provisioner tags to template push and create
* Rename migration files
* Fix tests
* Fix entitlements test
* PR comments
* Update migration
* Fix FE types
* Start on backend
* Hook up frontend
* Add to frontend test
* Add go test, wip
* Fix some test bugs
* Fix test
* Format
* Add to authorize.go
* copy user array into local variable
* Authorize route
* Log count error
* Authorize better
* Tweaks to authorization
* More authorization tweaks
* Make gen
* Fix test
Co-authored-by: Garrett <garrett@coder.com>
* chore: Separate the provisionerd server into it's own package
This code should be thoroughly tested now that we understand the abstraction.
I separated it to make our lives a bit easier for external provisioner daemons
as well!
* Add tests
* Add workspace builds
* Add test for workspace resources
* feat: Make workspace watching realtime instead of polling
This was leading to performance issues on the frontend, where
the page should only be rendered if changes occur. While this
could be changed on the frontend, it was always the intention
to make this socket ~realtime anyways.
* Fix workspace tests waiting, erroring on workspace update, and add comments to workspace events
The goroutine launched by `ServerSentEventSender` can perform a write
and flush after the calling http handler has exited, at this point the
resources (e.g. `http.ResponseWriter`) are no longer safe to use.
To work around this issue, heartbeats and sending events are now handled
by the goroutine which signals its closure via a channel. This allows
the calling handler to ensure it is kept alive until it's safe to exit.
Fixes#4807
