- Adds `--use-host-login` to `coder exp scaletest workspace-traffic`
- Modifies getScaletestWorkspaces to conditionally filter workspaces if `CODER_DISABLE_OWNER_WORKSPACE_ACCESS` is set
- Adds a warning if `CODER_DISABLE_OWNER_WORKSPACE_ACCESS` is set and scaletest workspaces are filtered out due to ownership mismatch.
- Modifies `coderdtest.New` to detect cross-test bleed of `CODER_DISABLE_OWNER_WORKSPACE_ACCESS` and fast-fail.
* chore: allow CreateUser to accept multiple organizations
In a multi-org deployment, it makes more sense to allow for multiple
org memberships to be assigned at create. The legacy param will still
be honored.
* Handle sdk deprecation better by maintaining cli functions
* chore: refactor entitlements to be passable as an argument
Previously, all usage of entitlements requires mutex usage on the
api struct directly. This prevents passing the entitlements to
a sub package. It also creates the possibility for misuse.
* chore: implement generalized symmetric difference for set comparison
Going to be used in Organization Sync + maybe group sync. Felt
better to reuse, rather than copy
* chore: scope workspace quotas to organizations
Quotas are now a function of (user_id, organization_id). They are
still sourced from groups. Deprecate the old api endpoint.
Multi-org enables the possibility of a user having template permissions,
but not workspace create permissions. The unauthorized error should be
returned instead of a 404. This does not leak any information the user
cannot already obtain.
* chore: fixup quotas to only include groups you are a member of
Before all everyone groups were included in the allowance.
* chore: add unit test to execercise the bug
* add unit test to add rows into the everyone group
* fix: avoid deleting peers on graceful close
- Fixes an issue where a coordinator deletes all
its peers on shutdown. This can cause disconnects
whenever a coderd is redeployed.
* - allow group members to read basic Group info
- allow group members to see they are part of the group, but not see that information about other members
- add a GetGroupMembersCountByGroupID SQL query, which allows group members to see members count without revealing other information about the members
- add the group_members_expanded db view
- rewrite group member queries to use the group_members_expanded view
- add the RBAC ResourceGroupMember and add it to relevant roles
- rewrite GetGroupMembersByGroupID permission checks
- make the GroupMember type contain all user fields
- fix type issues coming from replacing User with GroupMember in group member queries
- add the MemberTotalCount field to codersdk.Group
- display `group.total_member_count` instead of `group.members.length` on the account page
* test: add unit test to verify group permission behavior
* Update coderd/database/dbauthz/groupsauth_test.go
---------
Co-authored-by: Cian Johnston <cian@coder.com>
* chore: add fuzzy name search for templates
* chore: implement fuzzy name matching for templates
Templates search query defaults to a fuzzy name match
* chore: implement deleting custom roles
* add trigger to delete role from organization members on delete
* chore: add comments to explain populated field
* chore: prevent removing members from the default organization
Until multi-organizations is released outside an experiment, the
experiment should be backwards compatible.
