Commit Graph

496 Commits

Author SHA1 Message Date
64df076328 feat: add server flag to force DERP to use always websockets (#9238) 2023-08-24 17:22:31 +00:00
f35423c041 fix: update conn derpmap every 5s in single tailnet (#9176) 2023-08-23 11:20:31 +00:00
6e41cd1eda feat: add activity bumping to template scheduling (#9040) 2023-08-22 15:15:13 -05:00
697b0283c5 chore: fix low hanging lint issues (#9253) 2023-08-22 12:32:37 -06:00
262d7692b6 feat: add force refresh of license entitlements (#9155)
* feat: add force refresh of license entitlements
* send "going away" mesasge on licenses pubsub on close
* Add manual refresh to licenses page
2023-08-22 09:26:43 -05:00
545a256b57 fix: correctly reject quota-violating builds (#9233)
Due to a logical error in CommitQuota, all workspace Stop->Start operations
were being accepted, regardless of the Quota limit. This issue only
appeared after #9201, so this was a minor regression in main for about
3 days. This PR adds a test to make sure this kind of bug doesn't recur.

To make the new test possible, we give the echo provisioner the ability
to simulate responses to specific transitions.
2023-08-22 02:55:39 +00:00
22e781eced chore: add /v2 to import module path (#9072)
* chore: add /v2 to import module path

go mod requires semantic versioning with versions greater than 1.x

This was a mechanical update by running:
```
go install github.com/marwan-at-work/mod/cmd/mod@latest
mod upgrade
```

Migrate generated files to import /v2

* Fix gen
2023-08-18 18:55:43 +00:00
2f6687a475 feat: expose Everyone group through UI (#9117)
- Allows setting quota allowances on the 'Everyone' group.
2023-08-17 13:25:16 -05:00
8910f05172 fix: /workspaces should work even if missing template perms (#9152)
If a user is missing template perms to a workspace, just block reading
that workspace. This is to keep the api consistent, it is not a rbac
enforcement.

This should ublock users reporting this bug that /workspaces returns
nothing when 1 workspace cannot be fully read. We might want to be
able to return missing or unknown fields in our api to account
for this.
2023-08-17 13:22:03 -05:00
6fd9975aed feat(coderd): add coder_app usage stats (#9001)
Updates #8658
2023-08-16 15:22:00 +03:00
e4c24e05f8 fix: rename group GET request (#9097)
* fix: group GET req naming

* make: gen
2023-08-15 14:47:08 -04:00
9d9b330b16 chore: add request body to patch groups openapi spec (#9101) 2023-08-15 15:29:15 +00:00
47b8bf6585 feat: update workspace deadline when template policy changes (#8964) 2023-08-14 21:16:47 +00:00
d2f22b063a fix: move STUN servers into their own regions (#9030) 2023-08-11 05:04:17 +10:00
9941f49056 fix: remove stun nodes from workspace proxy regions (#8990) 2023-08-09 09:31:25 +00:00
f7a35e0559 chore: add workspace proxies to telemetry (#8963) 2023-08-08 18:29:35 +00:00
f4122fa9f5 feat: add auto group create from OIDC (#8884)
* add flag for auto create groups
* fixup! add flag for auto create groups
* sync missing groups
Also added a regex filter to filter out groups that are not
important
2023-08-08 11:37:49 -05:00
5339a31532 fix: remove refresh oauth logic on OIDC login (#8950)
* fix: do not do oauth refresh logic on oidc login
2023-08-08 10:05:12 -05:00
0c7ff4fb8a fix(enterprise): ensure SCIM create user can unsuspend (#8916) 2023-08-04 22:03:21 +00:00
cb4989cd8d feat: add PSK for external provisionerd auth (#8877)
Signed-off-by: Spike Curtis <spike@coder.com>
2023-08-04 12:32:28 +04:00
4c1e63aae8 feat: add display_name field to groups (#8740)
* feat: add display_name field to groups

This is a non-unique human friendly group name for display
purposes. This means a display name can be used instead of
using an environment var to remap groups with OIDC names to
Coder names. Now groups can retain the OIDC name for mapping,
and use a display name for display purposes.
2023-08-02 10:53:06 -05:00
cd1e088f7c feat: add --derp-only flag to wsproxy (#8850) 2023-08-03 00:35:06 +10:00
d6e9870209 feat: add "dormant" user state (#8644) 2023-08-02 16:31:25 +02:00
6b69970d7c fix: avoid infinite loop in agent derp-map (#8848) 2023-08-02 13:18:46 +10:00
c575292ba6 fix: fix tailnet netcheck issues (#8802) 2023-08-02 01:50:43 +10:00
ddabe9cc7f feat: improve RBAC preconditions for Insights endpoint (#8794) 2023-07-31 13:44:32 +00:00
4cc270b12b revert(enterprise): make pgcoord experimental again (#8797) 2023-07-28 18:38:32 -05:00
2811ab62d0 chore: fix workspace proxy flake (#8755) 2023-07-26 23:50:25 +00:00
9ffbdc6696 hotfix: fix failed 32-bit builds (#8741) 2023-07-26 17:30:47 +00:00
2f0a9996e7 chore: add derpserver to wsproxy, add proxies to derpmap (#7311) 2023-07-27 02:21:04 +10:00
2089006fbc feat!: drop reading other 'user' permission (#8650)
* feat: drop reading other 'user' permission

Members of the platform can no longer read or list other users.
Resources that have "created_by" or "initiated_by" still retain
user context, but only include username and avatar url.

Attempting to read a user found via those means will result in
a 404.

* Hide /users page for regular users
* make groups a privledged endpoint
* Permissions page for template perms
* Admin for a given template enables an endpoint for listing users/groups.
2023-07-26 10:33:48 -04:00
f07d2ff68d fix(enterprise): ensure creating a SCIM user is idempotent (#8730) 2023-07-25 17:49:52 -05:00
de1a7a9210 chore: join user information to workspace_build and template_version (#8625)
* include minimial user on template version and build
* Add unit test to ensure join is superset
2023-07-25 09:14:38 -04:00
ac559f101e fix: handle omitted role sync claim (#8697)
* fix: handle omitted role sync claim
2023-07-24 15:50:23 -04:00
f827829afe feat: synchronize oidc user roles (#8595)
* feat: oidc user role sync
User roles come from oidc claims. Prevent manual user role changes
if set.
* allow mapping 1:many
2023-07-24 08:34:24 -04:00
b47d076756 feat: add deleting_at column to workspaces (#8333) 2023-07-20 22:01:11 -05:00
dc8b73168e feat: add user quiet hours schedule and restart requirement feature flag (#8115) 2023-07-20 23:35:41 +10:00
aceedefce3 chore: add template_with_user view to include user contextual data (#8568)
* chore: Refactor template sql queries to use new view
* TemplateWithUser -> Template
* Add unit test to enforce good view
2023-07-19 16:07:33 -04:00
517fb19474 feat: add single tailnet support to moons (#8587) 2023-07-19 11:11:11 -05:00
cc8d0af027 fix(enterprise): avoid initial license reconfig if feature isn't enabled (#8586) 2023-07-19 10:32:29 -05:00
c47b78c44b chore: replace wsconncache with a single tailnet (#8176) 2023-07-12 17:37:31 -05:00
928091aa05 feat!: add table format to 'coder license ls', 'license_expires' --> 'license_expires_human' (#8421)
* feat: add table format to 'coder license ls'
* feat: license expires_at to table view
* change: `license_expires` to `license_expires_human` and `license_expires` is unix timestamp
2023-07-12 08:06:18 -04:00
b4057bd74a feat: make pgCoordinator generally available (#8419)
* pgCoord to GA, fix tests

Signed-off-by: Spike Curtis <spike@coder.com>

* Fix generation and coordinator delete RBAC

Signed-off-by: Spike Curtis <spike@coder.com>

* Fix fakeQuerier -> FakeQuerier

Signed-off-by: Spike Curtis <spike@coder.com>

---------

Signed-off-by: Spike Curtis <spike@coder.com>
2023-07-12 13:35:29 +04:00
3f6a158016 chore: enable exhaustruct linter (#8403)
* chore: enable exhaustruct linter

* add exlusion rules

* move to allowlist instead

* exhaustruct httpmw package

* fixup! exhaustruct httpmw package

* make lint

* address PR comments
2023-07-11 14:30:33 +01:00
9a72ddf7d4 fix(enterprise/coderd): add missing fields to extract api key config (#8393) 2023-07-10 16:51:50 +03:00
7fcf319e01 fix(cli)!: protect client Logger and refactor cli scaletest tests (#8317)
- (breaking) Protects Logger and LogBodies fields of codersdk.Client with its mutex. This addresses a data race in cli/scaletest.
- Fillets the existing cli/createworkspaces unit test and moves the testing logic there into the tests under scaletest/createworkspaces.
- Adds testutil.RaceEnabled bool const and conditionaly skips previously-skipped tests under scaletest/ if the race detector is enabled. This is unfortunate and sad, but I would prefer to have these tests at least running without the race detector than not running at all.
- Adds IgnoreErrors option to fake in-memory agent loggers; having the agents fail the test immediately when they encounter any sort of error isn't really helpful.
2023-07-06 09:43:39 +01:00
4a9c8f407a feat: add auto-locking/deleting workspace based on template config (#8240) 2023-07-02 21:29:52 -05:00
6015319e9d feat: show service banner in SSH/TTY sessions (#8186)
* Allow workspace agents to get appearance
* Poll for service banner every two minutes
* Show service banner before MOTD if not quiet
2023-06-30 10:41:29 -08:00
f0bd258ff1 feat: move proxy settings page to deployment options (#8246)
* feat: Move workspace proxy page to deployment options

Workspace proxy settings page is now an admin feature

* WorkspaceProxy response extends region
2023-06-30 11:32:35 -04:00
7943a5b85e fix PG coordinator context and RBAC subject (#8223)
Signed-off-by: Spike Curtis <spike@coder.com>
2023-06-27 10:14:31 +00:00