This removes the opt-in and opt-out buttons for dynamic parameters on
the create workspace page and the workspace parameters settings page.
---------
Co-authored-by: Steven Masley <stevenmasley@gmail.com>
Following some issues we discovered on dogfood after merging #17878, we
think `prompt=consent` is required for refresh tokens to be sent by
Google every time you sign in.
Fixes#15523
Uses latest https://github.com/coder/tailscale which includes https://github.com/coder/tailscale/pull/85 to stop selecting paths with small MTU for direct connections.
Also updates the tailnet integration test to reproduce the issue. The previous version had the 2 peers connected by a single veth, but this allows the OS to fragment the packet. In the new version, the 2 peers (and server) are all connected by a central router. The link between peer 1 and the router has an adjustable MTU. IPv6 does not allow packets to be fragmented by intermediate routers, so sending a too-large packet in this scenario forces the router to drop packets and reproduce the issue (without the tailscale changes).
It unfortunately doesn't seem possible, even with a custom ruleguard rule, to mark a function as requiring it's return value be used, it looks like you have to go all in on a linter that rejects *any* unused return values.
## Problem
When creating a workspace from a template with dynamic parameter
ordering, parameter values are not displaying correctly when the order
changes. This occurs when a parameter's `order` value depends on another
parameter's value.
**Example scenario:**
```terraform
data "coder_parameter" "reorder" {
name = "reorder"
type = "bool"
default = false
order = 1
}
data "coder_parameter" "cpu" {
order = data.coder_parameter.reorder.value ? 0 : 2
name = "cpu"
type = "number"
default = 4
}
```
When the user toggles `reorder` from `false` to `true`, the `cpu`
parameter moves from position 2 to position 0, but its value gets mixed
up with the `reorder` parameter's value.
## Root Cause
The issue was in `CreateWorkspacePageViewExperimental.tsx` where
parameters were rendered using array indices instead of parameter names:
```typescript
// Problematic code
const parameterField = `rich_parameter_values.${index}`;
const formValue = form.values?.rich_parameter_values?.[index]?.value || "";
```
When parameters are reordered:
1. The `parameters` array order changes based on the new `order` values
2. The `form.values.rich_parameter_values` array maintains the original
order
3. Array index-based lookup causes values to be mismatched
## Solution
Implemented name-based lookup to ensure parameter values stay with their
correct parameters:
```typescript
// Find parameter value by name instead of index
const currentParameterValueIndex = form.values.rich_parameter_values?.findIndex(
(p) => p.name === parameter.name
) ?? -1;
// Use the found index for form field mapping
const parameterFieldIndex = currentParameterValueIndex !== -1 ? currentParameterValueIndex : index;
const parameterField = `rich_parameter_values.${parameterFieldIndex}`;
// Get form value by name to ensure correct mapping
const formValue = currentParameterValueIndex !== -1
? form.values?.rich_parameter_values?.[currentParameterValueIndex]?.value || ""
: "";
```
## Testing
- ✅ Created test script that validates the fix works correctly
- ✅ Tested with the provided template showing dynamic parameter ordering
- ✅ Verified parameter values persist correctly during reordering
- ✅ Confirmed no TypeScript compilation issues
## Impact
This fix ensures that users can reliably use dynamic parameter ordering
in their templates without losing parameter values when the order
changes. This is particularly important for templates that use
conditional parameter visibility and ordering based on user selections.
---------
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Jaayden Halko <jaayden@coder.com>
Bumps gopkg.in/DataDog/dd-trace-go.v1 from 1.73.0 to 1.74.0.
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| gopkg.in/DataDog/dd-trace-go.v1 | [>= 1.58.a, < 1.59] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Completely missed this in the original PR for adding support for
creating sub agents. This now allows specifying a list of display apps
to be added to the agent.
# Add separate token lifetime limits for administrators
This PR introduces a new configuration option `--max-admin-token-lifetime` that allows administrators to create API tokens with longer lifetimes than regular users. By default, administrators can create tokens with a lifetime of up to 7 days (168 hours), while the existing `--max-token-lifetime` setting continues to apply to regular users.
The implementation:
- Adds a new `MaximumAdminTokenDuration` field to the session configuration
- Modifies the token validation logic to check the user's role and apply the appropriate lifetime limit
- Updates the token configuration endpoint to return the correct maximum lifetime based on the user's role
- Adds tests to verify that administrators can create tokens with longer and shorter lifetimes
- Updates documentation and help text to reflect the new option
This change allows organizations to grant administrators extended token lifetimes while maintaining tighter security controls for regular users.
Fixes#17395
fixes#18199
Corrects handling of paths with spaces in the `Match !exec` clause we
use to determine whether Coder Connect is running. This is handled
differently than the ProxyCommand, so we have a different escape
routine, which also varies by OS.
On Windows, we resort to a pretty gnarly hack, but it does work and I
feel the only other option would be to reduce functionality such that we
could not detect the Coder Connect state.
Closes https://github.com/coder/internal/issues/677
Resolves flakes such as:
```
$ go test -race -run "TestRunStopRace" github.com/coder/coder/v2/coderd/notifications -count=10000 -parallel $(nproc)
--- FAIL: TestRunStopRace (0.00s)
t.go:106: 2025-06-06 02:44:39.348 [debu] notifications-manager: notification manager started
t.go:106: 2025-06-06 02:44:39.348 [debu] notifications-manager: graceful stop requested
t.go:106: 2025-06-06 02:44:39.348 [debu] notifications-manager: notification manager stopped
t.go:115: 2025-06-06 02:44:39.348 [erro] notifications-manager: notification manager stopped with error ...
error= manager already closed:
github.com/coder/coder/v2/coderd/notifications.(*Manager).loop
/home/coder/coder/coderd/notifications/manager.go:166
*** slogtest: log detected at level ERROR; TEST FAILURE ***
--- FAIL: TestRunStopRace (0.00s)
t.go:106: 2025-06-06 02:44:41.632 [debu] notifications-manager: notification manager started
t.go:106: 2025-06-06 02:44:41.632 [debu] notifications-manager: graceful stop requested
t.go:106: 2025-06-06 02:44:41.632 [debu] notifications-manager: notification manager stopped
t.go:115: 2025-06-06 02:44:41.633 [erro] notifications-manager: notification manager stopped with error ...
error= manager already closed:
github.com/coder/coder/v2/coderd/notifications.(*Manager).loop
/home/coder/coder/coderd/notifications/manager.go:166
*** slogtest: log detected at level ERROR; TEST FAILURE ***
FAIL
FAIL github.com/coder/coder/v2/coderd/notifications 6.847s
FAIL
```
These error logs are caused as a result of the `Manager` `Run` start operation being asynchronous. In the flaking test case we immediately call `Stop` after `Run`. It's possible for `Stop` to be scheduled to completion before the goroutine spawned by `Run` calls `loop` and checks `closed`. If this happens, `loop` returns an error and produces the error log.
We'll address this by replacing this specific error log with a warning log.
```
$ go test -run "TestRunStopRace" github.com/coder/coder/v2/coderd/notifications -count=10000 -parallel $(nproc)
ok github.com/coder/coder/v2/coderd/notifications 1.294s
$ go test -race github.com/coder/coder/v2/coderd/notifications -count=100 -parallel $(nproc)
ok github.com/coder/coder/v2/coderd/notifications 26.525s
```
My understanding is that `io.EOF` is eventually expected, so logging it
as an error may be confusing. For other errors we should definitely
WARN.
```
[info] provisionerd-ip-172-31-12-44-14: recv done on Session session_id=22b9ef8a-9cd6-4188-98e0-573a50d724cc error=EOF
```
Refactors tailnet integration test and adds UDP echo tests with different MTU related to #15523
I still haven't gotten to the bottom of what's causing the issue (the added test case I expected to fail actually succeeds), but these integration test improvements are generally useful.
also:
* consolidates networking setup with easy and hard NAT
* consolidates client setup
* makes Client2 act like an agent at the tailnet layer, so it will send ReadyForHandshake and speed up the tunnel establishment
* adds support for logging tunneled packets
* adds support for dumping outer (underlay) IP traffic
* adds support for adjusting veth MTU
* adds support for IPv6 in the outer (underlay) network topology
Closes#17982.
The purpose of this PR is to expose network latency via the API used by Coder Desktop.
This PR has the tunnel ping all known agents every 5 seconds, in order to produce an instance of:
```proto
message LastPing {
// latency is the RTT of the ping to the agent.
google.protobuf.Duration latency = 1;
// did_p2p indicates whether the ping was sent P2P, or over DERP.
bool did_p2p = 2;
// preferred_derp is the human readable name of the preferred DERP region,
// or the region used for the last ping, if it was sent over DERP.
string preferred_derp = 3;
// preferred_derp_latency is the last known latency to the preferred DERP
// region. Unset if the region does not appear in the DERP map.
optional google.protobuf.Duration preferred_derp_latency = 4;
}
```
The contents of this message are stored and included on all subsequent upsertions of the agent.
Note that we upsert existing agents every 5 seconds to update the `last_handshake` value.
On the desktop apps, this message will be used to produce a tooltip similar to that of the VS Code extension:
<img width="495" alt="image" src="https://github.com/user-attachments/assets/d8b65f3d-f536-4c64-9af9-35c1a42c92d2" />
(wording not final)
Unlike the VS Code extension, we omit:
- The Latency of *all* available DERP regions. It seems not ideal to send a copy of this entire map for every online agent, and it certainly doesn't make sense for it to be on the `Agent` or `LastPing` message.
If we do want to expose this info on Coder Desktop, we should consider how best to do so; maybe we want to include it on a more generic `Netcheck` message.
- The current throughput (Bytes up/down). This is out of scope of the linked issue, and is non-trivial to implement. I'm also not sure of the value given the frequency we're doing these status updates (every 5 seconds).
If we want to expose it, it'll be in a separate PR.
<img width="343" alt="image" src="https://github.com/user-attachments/assets/8447d03b-9721-4111-8ac1-332d70a1e8f1" />
Always show preset parameters in CreateWorkspacePageViewExperimental if
the preset parameter has any diagnostics, regardless of the
showPresetParameters toggle state.
This ensures that users can see and address errors in preset parameters
even when the "Show preset parameters" toggle is disabled.
Fixescoder/internal#651
---------
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Jaayden Halko <jaayden@coder.com>
.git directories were causing identical modules to have different
hashes. This adds unecessary bloat to the database, and the .git
directory is not needed for dynamic params
Update the copy on the task starting page to be more user-friendly:
- Change "Building the workspace" to "Starting your workspace"
- Change "Your task will run as soon as the workspace is ready" to "This
should take a few minutes"
The new copy provides clearer expectations about timing and uses more
user-friendly language.
Fixes#18164
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Jaayden Halko