* feat: add login type 'none' to prevent login
Users with this login type must use tokens to authenticate.
Tokens must come from some other source, not a /login with password
authentication
* chore: add warning log if misconfigured groups oidc
This is not perfect, but if we find a 'groups' claim and it is not
configured, put out a warning log to give some information
So that we can push template updates for testing without impacting
normal users of the template.
---------
Co-authored-by: Ammar Bandukwala <ammar@ammar.io>
Co-authored-by: Muhammad Atif Ali <matifali@live.com>
Co-authored-by: Atif Ali <atif@coder.com>
- Exposes reads/writes from scaletest traffic generation (default: 0.0.0.0:21112)
- Adds self-hosted prometheus with remote_write to loadtest terraform
- Adds convenience script to run a traffic generation test
This PR adds a scaletest workspace-traffic command for load testing. This opens a
ReconnectingPTY connection to each scaletest workspace (via coderd) and
concurrently writes and reads random data to/from the PTY. Payloads are of the
form #${RANDOM_ALPHANUMERIC_STRING}, which essentially drops garbage
comments in the remote shell, and should not result in any commands being executed.
This PR makes the following changes:
- Adds an --id parameter to coder templates init so that you can non-interactively initialize a specific example template by ID (e.g. folder name)
- Updates develop.sh and lima/coder.yaml to use this parameter to select the docker example template.
* fix(docs): fix markdown docs links
More than half of them were actually valid links but, due to missing file extensions were flagged as invalid. I added a file extension, so it should pass now.
* Updated docgen to include extension
This commit:
- Allows configuring the OIDC claim Coder uses for email addresses (by default, this is still email)
- Allows customising the parameters sent to the upstream identity provider when requesting a token. This is still access_type=offline by default.
- Updates documentation related to the above.
* add tokens switch
* reorged TokensPage
* using Trans component for description
* using Trans component on DeleteDialog
* add owner col
* simplify hook return
* lint
* type for response
* added flag for name
* fixed auth
* lint, prettier, tests
* added unique index for login type token
* remove tokens by name
* better check for unique constraint
* docs
* test: Fix dbfake to insert token name
* fix doc tests
* Update cli/tokens.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Update coderd/database/migrations/000102_add_apikey_name.down.sql
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* add more specificity to IsUniqueViolation check
* fix tests
* Fix AutorizeAllEndpoints
* rename migration
---------
Co-authored-by: Steven Masley <stevenmasley@coder.com>
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* added query for tokens by user id
* updated query args
* adding owner col
* fix request params
* update-golden-files
* added owners col to ls table output
* added ttoken translations
* prettier
* format table according to arg
* using slice.Contains
* refactored token state
* cleanup
- Remove mostly redundant "Transferred" column
- Rename "Bandwidth" to "Throughput"
- Replace "--reverse" (which has an ambiguous starting state) with "--direction=(up|down)"
- Tolerate AgentStartErrors which may be caused by failing startup
script
Adds a flag --disable-password-auth that prevents the password login
endpoint from working unless the user has the "owner" (aka. site admin)
role.
Adds a subcommand `coder server create-admin-user` which creates a user
directly in the database with the "owner" role, the "admin" role in
every organization, and password auth. This is to avoid lock-out
situations where all accounts have the login type set to an identity
provider and nobody can login.
