Commit Graph

183 Commits

Author SHA1 Message Date
c6e0ba12d3 feat: graduate prebuilds to general availability (#18607)
This PR removes the prebuilds experiment and allows the use of prebuilds
without opting into an experiment.
2025-06-26 15:54:52 +02:00
82af2e019d feat: implement dynamic parameter validation (#18482)
# What does this do?

This does parameter validation for dynamic parameters in `wsbuilder`. All input parameters are validated in `coder/coder` before being sent to terraform.

The heart of this PR is [`ResolveParameters`](b65001e89c/coderd/dynamicparameters/resolver.go (L30-L30)).

# What else changes?

`wsbuilder` now needs to load the terraform files into memory to succeed. This does add a larger memory requirement to workspace builds.

# Future work

- Sort autostart handling workspaces by template version id. So workspaces with the same template version only load the terraform files once from the db, and store them in the cache.
2025-06-23 12:35:15 -05:00
6e967780c9 feat: track resource replacements when claiming a prebuilt workspace (#17571)
Closes https://github.com/coder/internal/issues/369

We can't know whether a replacement (i.e. drift of terraform state
leading to a resource needing to be deleted/recreated) will take place
apriori; we can only detect it at `plan` time, because the provider
decides whether a resource must be replaced and it cannot be inferred
through static analysis of the template.

**This is likely to be the most common gotcha with using prebuilds,
since it requires a slight template modification to use prebuilds
effectively**, so let's head this off before it's an issue for
customers.

Drift details will now be logged in the workspace build logs:


![image](https://github.com/user-attachments/assets/da1988b6-2cbe-4a79-a3c5-ea29891f3d6f)

Plus a notification will be sent to template admins when this situation
arises:


![image](https://github.com/user-attachments/assets/39d555b1-a262-4a3e-b529-03b9f23bf66a)

A new metric - `coderd_prebuilt_workspaces_resource_replacements_total`
- will also increment each time a workspace encounters replacements.

We only track _that_ a resource replacement occurred, not how many. Just
one is enough to ruin a prebuild, but we can't know apriori which
replacement would cause this.
For example, say we have 2 replacements: a `docker_container` and a
`null_resource`; we don't know which one might
cause an issue (or indeed if either would), so we just track the
replacement.

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
2025-05-14 14:52:22 +02:00
6936a7b5a2 fix: fix prebuild omissions (#17579)
Fixes accidental omission from https://github.com/coder/coder/pull/17527

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
2025-04-30 14:26:30 +00:00
e0483e3136 feat: add prebuilds metrics collector (#17547)
Closes https://github.com/coder/internal/issues/509

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
2025-04-28 12:28:56 +02:00
08ad910171 feat: add prebuilds configuration & bootstrapping (#17527)
Closes https://github.com/coder/internal/issues/508

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Cian Johnston <cian@coder.com>
2025-04-25 11:07:15 +02:00
c06ef7c1eb chore!: remove JFrog integration (#17353)
- Removes displaying XRay scan results in the dashboard. I'm not sure
  anyone was even using this integration so it's just debt for us to
  maintain. We can open up a separate issue to get rid of the db tables
  once we know for sure that we haven't broken anyone.
2025-04-11 14:45:21 -04:00
46d4b28384 chore: add x-authz-checks debug header when running in dev mode (#16873) 2025-04-10 11:36:27 -06:00
17ddee05e5 chore: update golang to 1.24.1 (#17035)
- Update go.mod to use Go 1.24.1
- Update GitHub Actions setup-go action to use Go 1.24.1
- Fix linting issues with golangci-lint by:
  - Updating to golangci-lint v1.57.1 (more compatible with Go 1.24.1)

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <claude@anthropic.com>
2025-03-26 01:56:39 -05:00
0e2ae10b47 feat: add additional patch routes for group and role idp sync (#16351) 2025-01-31 12:14:24 -07:00
b256b204d0 feat: add endpoint for partial updates to org sync field and assign_default (#16337) 2025-01-30 13:55:17 -07:00
2371153a37 feat: add endpoint for partial updates to org sync mapping (#16316) 2025-01-30 10:52:50 -07:00
071bb26018 feat(coderd): add endpoint to list provisioner daemons (#16028)
Updates #15190
Updates #15084
Supersedes #15940
2025-01-14 16:40:26 +00:00
6ca1e5973e chore: add api endpoints to get idp field values (#16063)
Supports coder/internal#210
2025-01-08 16:07:02 -05:00
d31c2f1fe7 chore: implement SCIM PUT endpoint, protect against missing active (#15829)
Closes https://github.com/coder/coder/issues/15828
2024-12-12 08:11:13 -06:00
e21a301682 fix: make GetWorkspacesEligibleForTransition return even less false positives (#15594)
Relates to https://github.com/coder/coder/issues/15082

Further to https://github.com/coder/coder/pull/15429, this reduces the
amount of false-positives returned by the 'is eligible for autostart'
part of the query. We achieve this by calculating the 'next start at'
time of the workspace, storing it in the database, and using it in our
`GetWorkspacesEligibleForTransition` query.

The prior implementation of the 'is eligible for autostart' query would
return _all_ workspaces that at some point in the future _might_ be
eligible for autostart. This now ensures we only return workspaces that
_should_ be eligible for autostart.

We also now pass `currentTick` instead of `t` to the
`GetWorkspacesEligibleForTransition` query as otherwise we'll have one
round of workspaces that are skipped by `isEligibleForTransition` due to
`currentTick` being a truncated version of `t`.
2024-12-02 21:02:36 +00:00
a518017a88 feat(coderd): add endpoint to fetch provisioner key details (#15505)
This PR is the first step aiming to resolve #15126 - 

Creating a new endpoint to return the details associated to a
provisioner key.

This is an authenticated endpoints aiming to be used by the provisioner
daemons - using the provisioner key as authentication method.

This endpoint is not ment to be used with PSK or User Sessions.
2024-11-20 18:04:47 +01:00
c3c23ed3d9 chore: add query to fetch top level idp claim fields (#15525)
Adds an api endpoint to grab all available sync field options for IDP
sync. This is for autocomplete on idp sync forms. This is required for
organization admins to have some insight into the claim fields available
when configuring group/role sync.
2024-11-18 14:31:39 -06:00
968c52bc36 fix: add error that provisionerkeys require the externalprovisioners feature (#15541) 2024-11-15 14:43:32 -07:00
782214bcd8 chore: move organizatinon sync to runtime configuration (#15431)
Moves the configuration from environment to database backed, to allow
configuring organization sync at runtime.
2024-11-08 08:44:14 -06:00
088f21965b feat: add audit logs for dormancy events (#15298) 2024-10-31 17:55:42 -05:00
e03ef62a13 chore: add scim service provider config endpoint (#15235)
Adds a static `/scim/v2/ServiceProviderConfig` endpoint. Our scim
support is static, so the response config is also defined statically.
2024-10-25 18:27:34 -04:00
900e2cd39c chore: implement better 404 for unimplemented scim endpoints (#15232)
Prior to this, html was returned.
2024-10-25 13:23:12 -04:00
f258232be9 chore: return json for disabled scim routes (#15222)
Customers reporting html pages returned to SCIM. Likely a disabled SCIM.
We should just report a more consumable error by the SCIM provider.

Previous behavior was a status code 200 HTML page
2024-10-24 16:26:16 -04:00
288df75686 fix: serialize updateEntitlements() (#14974)
fixes #14961

Adding the license and updating entitlements is flaky, especially at the start of our `coderdent` testing because, while the actual modifications to the `entitlements.Set` were threadsafe, we could have multiple goroutines reading from the database and writing to the set, so we could end up writing stale data.

This enforces serialization on updates, so that if you modify the database and kick off an update, you know the state of the `Set` is at least as fresh as your database update.
2024-10-05 06:58:43 +04:00
11f7b1b3f5 chore: remove notifications experiment (#14869)
Notifications have proved stable in the [mainline release of
v2.15](https://github.com/coder/coder/releases/tag/v2.15.0), and in
preparation for v2.16 we're moving this to stable.
2024-10-01 13:43:47 +00:00
2c8b264d78 chore: remove multi-organization and custom role experiment (#14862)
Closes https://github.com/coder/coder/issues/14704

---------

Co-authored-by: Kayla Washburn-Love <mckayla@hey.com>
2024-09-27 14:06:16 -05:00
3fdeaf7b24 feat: add endpoint for fetching workspace proxy keys (#14789) 2024-09-26 21:01:49 +01:00
ce21b2030a feat: implement patch and get api methods for role sync (#14692)
* feat: implement patch and get api methods for role sync
2024-09-17 10:38:42 -05:00
71393743dc feat: implement organization role sync (#14649)
* chore: implement organization and site wide role sync in idpsync
* chore: remove old role sync, insert new idpsync package
2024-09-16 19:03:25 -05:00
335eb05223 feat: add keys to organization provision daemons (#14627) 2024-09-16 20:02:08 +00:00
5ed065d88d feat: get and update group IdP Sync settings (#14647)
---------

Co-authored-by: Steven Masley <stevenmasley@gmail.com>
2024-09-16 12:01:37 -05:00
6a846cdbb8 chore: support multi-org group sync with runtime configuration (#14578)
- Implement multi-org group sync
- Implement runtime configuration to change sync behavior
- Legacy group sync migrated to new package
2024-09-11 13:43:50 -05:00
e5d4f3557b chore: only show license expiry warning for deployment admins (#14488) 2024-09-02 17:54:39 +10:00
10c958bba1 chore: implement organization sync and create idpsync package (#14432)
* chore: implement filters for the organizations query
* chore: implement organization sync and create idpsync package

Organization sync can now be configured to assign users to an org based on oidc claims.
2024-08-30 11:19:36 -05:00
93eef7b542 chore: keep entitlements in the options only, simplify fields (#14434)
* chore: refactor entitlements to keep it in just the options

Duplicating the reference did not feel valuable, just confusing
2024-08-26 13:05:03 -05:00
af125c3795 chore: refactor entitlements to be a safe object to use (#14406)
* chore: refactor entitlements to be passable as an argument

Previously, all usage of entitlements requires mutex usage on the
api struct directly. This prevents passing the entitlements to
a sub package. It also creates the possibility for misuse.
2024-08-23 16:21:58 -05:00
a359879af5 chore: scope workspace quotas to organizations (#14352)
* chore: scope workspace quotas to organizations

Quotas are now a function of (user_id, organization_id). They are
still sourced from groups. Deprecate the old api endpoint.
2024-08-21 09:25:20 -05:00
cf8be4eac5 feat: add resume support to coordinator connections (#14234) 2024-08-20 17:16:49 +10:00
7b09d98238 chore: add /groups endpoint to filter by organization and/or member (#14260)
* chore: merge get groups sql queries into 1

* Add endpoint for fetching groups with filters
* remove 2 ways to customizing a fake authorizer
2024-08-15 13:40:15 -05:00
84fdfd2a18 chore: remove UpsertCustomRole in favor of Insert + Update (#14217)
* chore: remove UpsertCustomRole in favor of Insert + Update

---------

Co-authored-by: Jaayden Halko <jaayden.halko@gmail.com>
2024-08-13 12:53:47 -05:00
76722a7db5 fix: make default support links respect --docs-url (#14176)
make default support links respect --docs-url
2024-08-12 17:01:22 -04:00
2c13797350 chore: implement deleting custom roles (#14101)
* chore: implement deleting custom roles

* add trigger to delete role from organization members on delete
* chore: add comments to explain populated field
2024-08-07 12:37:55 -05:00
173dc0e35f chore: refactor patch custom organization route to live in enterprise (#14099)
* chore: refactor patch custom organization route to live in enterprise
2024-08-05 13:42:11 -05:00
e164b1e71c feat: add notification preferences database & audit support (#14100) 2024-08-05 16:18:45 +02:00
7ea1a4c686 chore: protect organization endpoints with license (#14001)
* chore: move multi-org endpoints into enterprise directory

All multi-organization features are gated behind "premium" licenses. Enterprise licenses can no longer
access organization CRUD.
2024-07-25 16:07:53 -05:00
ca83017dc1 feat: accept provisioner keys for provisioner auth (#13972) 2024-07-25 10:22:55 -04:00
15fda232b7 feat: implement premium vs enterprise licenses (#13907)
* feat: implement premium vs enterprise licenses

Implement different sets of licensed features.
2024-07-24 12:07:59 -05:00
0d9615b4fd feat(coderd): notify when workspace is marked as dormant (#13868) 2024-07-24 13:38:21 -03:00
b697c6939a chore: add provisioner key crud apis (#13857) 2024-07-16 13:27:12 -04:00