Before db_metrics were all or nothing. Now `InTx` metrics are always recorded, and query metrics are opt in.
Adds instrumentation & logging around serialization failures in the database.
Related to https://github.com/coder/coder/issues/15087
As part of sniffing the workspace tags from an uploaded file, we need to
be able to handle both zip and tar files. Extracting the functions to
a separate `archive` package will be helpful here.
Working on #15202
The main change is to fetch the user doing the action to verify if it
should be able to change the password if there's no old_password set.
Customers reporting html pages returned to SCIM. Likely a disabled SCIM.
We should just report a more consumable error by the SCIM provider.
Previous behavior was a status code 200 HTML page
- Fixes an issue where building the Docker image failed due to moving
the directory hosting the Dockerfile
- Removed the Palo Alto scanning since our subscription there is set to
expire. Trivy is still running though.
The authz check is Update() on the original template. This is not ideal,
but it follows the existing behavior. We are implicitly granting this
read access since template admins need to be able to see what
users/groups exist to assign.
The go tests that would have checked for the outdated golden files
didn't get run as part of https://github.com/coder/coder/pull/14817
because only `helm/**` files were modified.
fixes https://github.com/coder/internal/issues/114
We need to wait for ServerTailnet goroutines to finish when closing down, otherwise we can race with the shutdown of coderd & the coordinator, which causes errors.
Joins in fields like `username`, `avatar_url`, `organization_name`,
`template_name` to `workspaces` via a **view**.
The view must be maintained moving forward, but this prevents needing to
add RBAC permissions to fetch related workspace fields.
This PR aims to close#14253
We keep the default behavior using the Coder logo if there's no logo
set.
Otherwise we want to use the logo based on the URL set in appearance.
---------
Co-authored-by: defelmnq <yvincent@coder.com>
Fixes https://github.com/coder/coder/issues/12721
If a container in docker is started with `--cgroupns=private` (which is
the default behaviour in docker) then `/proc/1/cgroup` has the following
content:
```
0::/
```
If a container in docker is started with `--cgroupns=host` then
`/proc/1/cgroup` has the following content (hash will vary):
```
0::/docker/aa86ac98959eeedeae0ecb6e0c9ddd8ae8b97a9d0fdccccf7ea7a474f4e0bb1f
```
Currently we are determining if a host is containerized by assuming the
second scenario. This means the existing behaviour of sniffing
`/proc/1/cgroup` is not always sufficient for checking if a host is
containerized.
According to [the cgroups(7)
man-page](https://man7.org/linux/man-pages/man7/cgroups.7.html) there
exists a `cgroup.type` file in a nonroot cgroup. This exists in Linux
versions after `4.14`.
> Linux 4.14 added thread mode for cgroups v2.
> With the addition of thread mode, each nonroot cgroup now contains a
new file, cgroup.type
This means we can check for the existence of
`/sys/fs/cgroup/cgroup.type` to see if we are in a container or not.
In investigating https://github.com/coder/internal/issues/109 I noticed many of the notification tests are still using `time.Sleep` and `require.Eventually`. This is an initial effort to start converting these to Quartz.
One product change is to switch the `notifier` to use a `TickerFunc` instead of a normal Ticker, since it allows the test to assert that a batch process is complete via the Quartz `Mock` clock. This does introduce one slight behavioral change in that the notifier waits the fetch interval before processing its first batch. In practice, this is inconsequential: no one will notice if we send notifications immediately on startup, or just a little later.
But, it does make a difference to some tests, which are fixed up here.
A bunch of notification tests create a whole `coderd`, when all they use is the database and logger. This makes the tests more expensive to run, and pollutes the test logs with a bunch of stuff that doesn't matter (e.g. tailnet).
Fixes https://github.com/coder/internal/issues/93
`bytes.Buffer` is not concurrency-safe.
`cmd` could write to the buffer concurrently while we're reading the
buffer in
```
require.Eventually(t, func() bool {
return bytes.Contains(output.Bytes(), []byte("ERROR: Downloaded agent binary returned unexpected version output"))
}, testutil.WaitShort, testutil.IntervalSlow)
```
Not sure about the `os: process already finished` flake, though.
---------
Signed-off-by: Danny Kopping <danny@coder.com>
- Adds `provisionerDaemon.keySecretName` and
`provisionerDaemon.keySecretKey`
- Omitting `provisionerDaemon.pskSecretName` will now cause the PSK
secret to no longer be created.
- Adds a note in `NOTES.txt` regarding provisioner PSKs.
- Adds validation that either `provisionerDaemon.keySecretName` or
`provisionerDaemon.pskSecretName` is specified, and will fail the
install in this case.
