This commit:
- Allows configuring the OIDC claim Coder uses for email addresses (by default, this is still email)
- Allows customising the parameters sent to the upstream identity provider when requesting a token. This is still access_type=offline by default.
- Updates documentation related to the above.
* chore: Ensure all audit types in ResourceTable match APGL
* Implement more checks to ensure all tracked fields are present
* Add unit test to ensure all types are represented in audit table
* Trade compile time safety for syntax
* feat: Implement view for workspace builds to include rbac info
* Removes the need to fetch the workspace to run an rbac check.
* chore: Use workspace build as RBAC object
* chore: Use golang templates instead of sqlc files
* feat: Allow changing the 'group' oidc claim field
* Enable empty groups support
* fix: Delete was wiping all groups, not just the single user's groups
* Update docs
* fix: Dbfake delete group member fixed
* add tokens switch
* reorged TokensPage
* using Trans component for description
* using Trans component on DeleteDialog
* add owner col
* simplify hook return
* lint
* type for response
* added flag for name
* fixed auth
* lint, prettier, tests
* added unique index for login type token
* remove tokens by name
* better check for unique constraint
* docs
* test: Fix dbfake to insert token name
* fix doc tests
* Update cli/tokens.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Update coderd/database/migrations/000102_add_apikey_name.down.sql
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* add more specificity to IsUniqueViolation check
* fix tests
* Fix AutorizeAllEndpoints
* rename migration
---------
Co-authored-by: Steven Masley <stevenmasley@coder.com>
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Add git auth providers schema
* Pipe git auth providers to the schema
* Add git auth providers to the API
* Add gitauth endpoint to query authenticated state
* Add endpoint to query git state
* Use BroadcastChannel to automatically authenticate with Git
* Add error validation for submitting the create workspace form
* Fix panic on template dry-run
* Add tests for the template version Git auth endpoint
* Show error if no gitauth is configured
* Add gitauth to cliui
* Fix unused method receiver
* Fix linting errors
* Fix dbauthz querier test
* Fix make gen
* Add JavaScript test for git auth
* Fix bad error message
* Fix provisionerd test race
See https://github.com/coder/coder/actions/runs/4277960646/jobs/7447232814
* Fix requested changes
* Add comment to CreateWorkspacePageView
This PR adds the prometheus metric coderd_workspace_builds_total.
It measures the total number of workspace builds, along with a number of labels intended to be useful for an operator debugging a failed workspace build trying to discover the scope of the issue.
* docs: apache reverse proxy
* fixed to correctly pass WebSocket headers
* add a sample configuration file
* updating with suggestions
* Update coder.conf
* fix http to https redirection
* fix: upgrade http to https
* Update examples/web-server/apache/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* add other dns providers documentation link
---------
Co-authored-by: Ben Potter <me@bpmct.net>
Co-authored-by: Ben Potter <ben@coder.com>
* docs: Add nginx reverse-proxy example
This PR adds nginx reverse-proxy example to provision coder with tls certificate using letsencrypt certbot.
This will partially resolve#6086.
* change nginx example to to absolute path
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* refactor: replaced bullets with numbered lists
* remove the ambiguous ip addr.
* fixed a typo
* correctly handle the wildcard subdomain
* simplified after testing
* fmt: prettier formatting
* Adapt to the coder style guide
* fix: agent disconnection
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update docs/admin/configure.md
Co-authored-by: Ben Potter <me@bpmct.net>
* Update examples/web-server/nginx/README.md
Co-authored-by: Ben Potter <me@bpmct.net>
* updated with suggested changes
* updated with requested changes
* add reference to certbot docs for other dns providers
---------
Co-authored-by: Ben Potter <me@bpmct.net>
* added migration for api key resource
* sort of working
* auditing login
* passing the correct user id
* added and fixed tests
* gen documentation
* formatting and lint
* lint
* audit Github oauth and write tests
* audit oauth and write tests
* added defer fn for login error auditing
* fixed test
* feat: audit logout (#5998)
* Update coderd/userauth.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* fix test
* bypassing diff generation if login/logout
* lint
---------
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Allow hiding password entry, changing OpenID Connect text and OpenID Connect icon
* Docs
* Cleaning
* Fix Prettier and Go test and TS compile error
* Fix LoginPage test
* Prettier
* Fix storybook
* Add query param to un-hide password auth
* Cleaning
* Hide password by default when OIDC enabled
* Ran prettier, updated goldenfiles and ran "make gen"
* Fixed and added LoginPage test
* Ran prettier
* PR Feedback and split up SignInForm.tsx
* Updated golden files
* Fix auto-genned-files
* make gen -B
* Revert provisioner files?
* Fix lint error
---------
Co-authored-by: Kyle Carberry <kyle@coder.com>
* chore: update Audit docs to include Audit Actions
* regenerated audit docs
* adjusted check_enterprise_imports.sh
* PR feedback
* changing script back for now as CI faiiling
* added script for table creation
* added tags to audit-logs.md
* removed log
* removed empty block line
* PR feedback
* modify check_unstaged
* third times the charm maybe
* spelling
* relative path
* excluding from the right script this time
* sorted resources to ensure table order
* running make cmd
* running make again
* ensuring order on subtable
