- Introduces rbac.ResourceSystem
- Grants system.* to system and provisionerd rbac subjects
- Updates dbauthz system queries where applicable
- coderd: Avoid index out of bounds in api.workspaceBuilds
- dbauthz: move GetUsersByIDs out of system, modify RBAC check to ResourceUser
- workspaceapps: Add test case for when owner of app is not found
* feat: Implement view for workspace builds to include rbac info
* Removes the need to fetch the workspace to run an rbac check.
* chore: Use workspace build as RBAC object
* chore: Use golang templates instead of sqlc files
* feat: Allow changing the 'group' oidc claim field
* Enable empty groups support
* fix: Delete was wiping all groups, not just the single user's groups
* Update docs
* fix: Dbfake delete group member fixed
* fix: don't make session counts cumulative
This made for some weird tracking... we want the point-in-time
number of counts!
* Add databasefake query for getting agent stats
* Add deployment stats endpoint
* The query... works?!?
* Fix aggregation query
* Select from multiple tables instead
* Fix continuous stats
* Increase period of stat refreshes
* Add workspace counts to deployment stats
* fmt
* Add a slight bit of responsiveness
* Fix template version editor overflow
* Add refresh button
* Fix font family on button
* Fix latest stat being reported
* Revert agent conn stats
* Fix linting error
* Fix tests
* Fix gen
* Fix migrations
* Block on sending stat updates
* Add test fixtures
* Fix response structure
* make gen
* feat(api): Add agent shutdown lifecycle states
* feat(agent): Add shutdown_script support
* feat(agent): Add shutdown_script timeout
* feat(site): Support new agent lifecycle states
---
Co-authored-by: Marcin Tojek <marcin@coder.com>
* add tokens switch
* reorged TokensPage
* using Trans component for description
* using Trans component on DeleteDialog
* add owner col
* simplify hook return
* lint
* type for response
* added flag for name
* fixed auth
* lint, prettier, tests
* added unique index for login type token
* remove tokens by name
* better check for unique constraint
* docs
* test: Fix dbfake to insert token name
* fix doc tests
* Update cli/tokens.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Update coderd/database/migrations/000102_add_apikey_name.down.sql
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* add more specificity to IsUniqueViolation check
* fix tests
* Fix AutorizeAllEndpoints
* rename migration
---------
Co-authored-by: Steven Masley <stevenmasley@coder.com>
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* feat: Error on excessive invalid search keys
* feat: Guard search queries against common mistakes
* Raise errors in FE on workspaces table
* All errors should be on newlines
* feat: automatically use websockets if DERP upgrade is unavailable
This might be our biggest hangup for deployments at the moment...
Load balancers by default do not support the DERP protocol, so many
of our prospects and customers run into failing workspace connections.
This automatically swaps to use WebSockets, and reports the reason to
coderd.
In a future contribution, a warning will appear by the agent if it was
forced to use WebSockets instead of DERP.
* Fix nil pointer type in Tailscale dep
* Fix requested changes
* add tokens switch
* reorged TokensPage
* using Trans component for description
* using Trans component on DeleteDialog
* add owner col
* simplify hook return
* lint
* type for response
* PR feedback
* fix lint
* chore: convert workspace agent stats from json to table
* chore: convert agent stats to use a table
Backwards compatibility becomes hard when all agent stats are in a JSON blob.
We also want to query this table for new agents that are failing health checks
so we can display it in the UI.
* Fix migration using default values
* chore: Skip authz on various functions used for api data building
API already fetches the parent object and does the rbac check. Until
these functions are optimized, skipping authz is better.
It leaves us no worse off than the status quo
* Add git auth providers schema
* Pipe git auth providers to the schema
* Add git auth providers to the API
* Add gitauth endpoint to query authenticated state
* Add endpoint to query git state
* Use BroadcastChannel to automatically authenticate with Git
* Add error validation for submitting the create workspace form
* Fix panic on template dry-run
* Add tests for the template version Git auth endpoint
* Show error if no gitauth is configured
* Add gitauth to cliui
* Fix unused method receiver
* Fix linting errors
* Fix dbauthz querier test
* Fix make gen
* Add JavaScript test for git auth
* Fix bad error message
* Fix provisionerd test race
See https://github.com/coder/coder/actions/runs/4277960646/jobs/7447232814
* Fix requested changes
* Add comment to CreateWorkspacePageView
