Adds structured `secret_requirements` to dynamic parameter responses and
enforces missing required secrets during workspace start.
Stop, delete, and tag rendering paths skip secret requirement
enforcement so unmet secrets do not prevent cleanup. The SDK, generated
API docs/types, and backend render/resolver/wsbuilder tests are updated
for the new contract.
Relates to https://github.com/coder/coder/pull/21676
* Replaces all existing usages of `httpapi.Heartbeat` with `httpapi.HeartbeatClose`
* Removes `httpapi.HeartbeatClose`
## Summary
In this pull request we're adding a heartbeat to the
`handleParameterWebsocket` function to ensure that the connection stays
open until the 30 min timeout has been reached.
Closes: https://github.com/coder/coder/issues/19805
### Testing
- Reproduced the problem mentioned in the issue (websocket connection
closes after ~10 minutes of inactivity on the create workspace page)
<img width="1870" height="357" alt="Screenshot 2025-09-26 at 15 58 51"
src="https://github.com/user-attachments/assets/a9e2e89e-87c5-4afa-9644-afe246a15f79"
/>
- Confirmed that adding the heartbeat kept the connection open until the
30 min timeout was reached
<img width="1636" height="387" alt="Screenshot 2025-09-29 at 15 51 43"
src="https://github.com/user-attachments/assets/0a8c5cda-29a6-493d-a6c0-4a2629da8838"
/>
This PR extracts dynamic parameter rendering logic from
coderd/parameters.go into a new coderd/dynamicparameters package. Partly
for organization and maintainability, but primarily to be reused in
`wsbuilder` to be leveraged as validation.
The file cache was caching the `Unauthorized` errors if a user without
the right perms opened the file first. So all future opens would fail.
Now the cache always opens with a subject that can read files. And authz
is checked on the Acquire per user.
Dynamic params skip parameter validation in coder/coder.
This is because conditional parameters cannot be validated
with the static parameters in the database.
Existing template versions do not have the metadata (modules + plan) in
the db. So revert to using static parameter information from the
original template import.
This data will still be served over the websocket.
* chore: Rbac errors should be returned, and not hidden behind 404
SqlErrNoRows was hiding actual errors
* Replace sql.ErrNoRow checks
* Remove sql err no rows check from dbauthz test
* Fix to use dbauthz system user
* feat: dbauthz always on, out of experimental
* Add ability to do rbac checks in unit tests
* Remove AuthorizeAllEndpoints
* Remove duplicate rbac checks
* docs: audit, deploymentconfig, files, parameters
* Fix: mark as binary
* Fix: show format in docs
* Fix: use .swaggo
* Fix: swagger notice
* Swagger notice
* WIP: feat: Update templates also updates parameters
* Insert params for template version update
* Working implementation of inherited params
* Add "--always-prompt" flag and logging info
Abstracting coderd into an interface added misdirection because
the interface was never intended to be fulfilled outside of a single
implementation.
This lifts the abstraction, and attaches all handlers to a root struct
named `*coderd.API`.
* feat: Expose the values contained in an HCL validation string to the API
This allows the frontend to render inputs displaying these values!
* Update codersdk/parameters.go
Co-authored-by: Cian Johnston <cian@coder.com>
* Call a spade a space
* Fix linting errors with type conversion
Co-authored-by: Cian Johnston <cian@coder.com>
Customer feedback indicated projects was a confusing name.
After querying the team internally, it seemed unanimous
that it is indeed a confusing name.
Here's for a lil less confusion @ashmeer7 🥂
* chore: Move httpmw to /coderd directory
httpmw is specific to coderd and should be scoped under coderd
* chore: Move httpapi to /coderd directory
httpapi is specific to coderd and should be scoped under coderd
* chore: Move database to /coderd directory
database is specific to coderd and should be scoped under coderd
* chore: Update codecov & gitattributes for generated files
* chore: Update Makefile
* Refactor parameter parsing to return nil values if none computed
* Refactor parameter to allow for hiding redisplay
* Refactor parameters to enable schema matching
* Refactor provisionerd to dynamically update parameter schemas
* Refactor job update for provisionerd
* Handle multiple states correctly when provisioning a project
* Add project import job resource table
* Basic creation flow works!
* Create project fully works!!!
* Only show job status if completed
* Add create workspace support
* Replace Netflix/go-expect with ActiveState
* Fix linting errors
* Use forked chzyer/readline
* Add create workspace CLI
* Add CLI test
* Move jobs to their own APIs
* Remove go-expect
* Fix requested changes
* Skip workspacecreate test on windows
* feat: Add parameter querying to the API
* feat: Add streaming endpoint for workspace history
Enables a buildlog-like flow for reading job output.
* Fix empty parameter source and destination
* Add comment for usage of workspace history logs endpoint
dylanhuff-at-coder