This change will improve over CLI performance and "snappiness" as well as
substantially reduce our test times. Preliminary benchmarks show
`coder server --help` times cut from 300ms to 120ms on my dogfood
instance.
The inefficiency of lipgloss disproportionately impacts our system, as all help
text for every command is generated whenever any command is invoked.
The `pretty` API could clean up a lot of the code (e.g., by replacing
complex string concatenations with Printf), but this commit is too
expansive as is so that work will be done in a follow up.
See also: https://github.com/coder/coder/pull/9522
- Adds commands `server dbcrypt {rotate,decrypt,delete}` to re-encrypt, decrypt, or delete encrypted data, respectively.
- Plumbs through dbcrypt in enterprise/coderd (including unit tests).
- Adds documentation in admin/encryption.md.
This enables dbcrypt by default, but the feature is soft-enforced on supplying external token encryption keys. Without specifying any keys, encryption/decryption is a no-op.
* docs: expand on TTL flags
* make: gen
* Discard changes to site/src/api/api.ts
* Discard changes to site/src/xServices/templateVersion/templateVersionXService.ts
---------
Co-authored-by: Muhammad Atif Ali <matifali@live.com>
Co-authored-by: Muhammad Atif Ali <atif@coder.com>
* add flag for auto create groups
* fixup! add flag for auto create groups
* sync missing groups
Also added a regex filter to filter out groups that are not
important
* feat: add display_name field to groups
This is a non-unique human friendly group name for display
purposes. This means a display name can be used instead of
using an environment var to remap groups with OIDC names to
Coder names. Now groups can retain the OIDC name for mapping,
and use a display name for display purposes.
`--variable` is used frequently enough to deserve a shorthand. Unfortunately,
`-v` is taken by verbose, and `-V` is too easily confused with version or
verbose, so we're left with "--var".
* feat: add table format to 'coder license ls'
* feat: license expires_at to table view
* change: `license_expires` to `license_expires_human` and `license_expires` is unix timestamp
* feat: add login type 'none' to prevent login
Users with this login type must use tokens to authenticate.
Tokens must come from some other source, not a /login with password
authentication
* chore: add warning log if misconfigured groups oidc
This is not perfect, but if we find a 'groups' claim and it is not
configured, put out a warning log to give some information
So that we can push template updates for testing without impacting
normal users of the template.
---------
Co-authored-by: Ammar Bandukwala <ammar@ammar.io>
Co-authored-by: Muhammad Atif Ali <matifali@live.com>
Co-authored-by: Atif Ali <atif@coder.com>
