26c69525d1
feat: Validate workspace build parameters ( #5807 )
2023-01-24 14:22:00 +01:00
138887de7e
feat: Add workspace agent lifecycle state reporting ( #5785 )
2023-01-24 14:24:27 +02:00
443e2180fa
feat: indicate when workspace builds are stopped/started by Coder ( #5813 )
...
* feat: indicate when workspace_builds are stopped/started by Coder
* added translattion
* added json tags and adjust type
2023-01-23 15:47:58 -05:00
bbb208e29c
feat: Add CLI support for workspace build parameters ( #5768 )
...
* WIP
* WIP
* CLI: handle workspace build parameters
* fix: golintci
* Fix: dry run
* fix
* CLI: is mutable
* coderd: mutable
* fix: golanci
* fix: richParameterFile
* CLI: create unit tests
* CLI: update test
* Fix
* fix: order
* fix
2023-01-23 15:01:22 +01:00
8afdf24d10
chore: Update sqlc to v1.16.0 ( #5788 )
...
* chore: Update sqlc to v1.16.0
* chore: Fix cases where types became Null-types
* chore: Set parameter_schemas default_destination_scheme and default_source_scheme to NOT NULL
* chore: Add enum validation to database fake
* chore: Fix all tests that skipping enum values
* fix: Use correct err in providionerdserver audit log failure log
2023-01-23 13:14:47 +02:00
0e58772f5b
fix: filter workspace_build resource on start/stop action ( #5809 )
...
* fix: ufilter workspace_build resource on start/stop action
* added preset filter for workspace_build filtering
* cleaning up the preset filters
2023-01-20 13:23:13 -05:00
546a8931aa
chore: move vscode local out of experiments ( #5773 )
...
We've been dogfooding the VS Code extension for a while,
and it seems stable enough that it's overall positive
to release!
2023-01-20 04:32:59 +00:00
08cce81ac8
feat: Implement allow_list for scopes for resource specific permissions ( #5769 )
...
* feat: Implement allow_list for scopes for resource specific permissions
Feature that adds an allow_list for scopes to specify particular resources.
This enables workspace agent tokens to use the same RBAC system as users.
- Add ID to compileSQL matchers
* Plumb through WithID on rbac objects
* Rename Scope -> ScopeName
* Update input.json with scope allow_list
Co-authored-by: Cian Johnston <cian@coder.com >
2023-01-19 13:41:36 -06:00
0374af23b2
fix(security)!: path-based app sharing changes ( #5772 )
...
This commit disables path-based app sharing by default. It is possible
for a workspace app on a path (not a subdomain) to make API requests to
the Coder API. When accessing your own workspace, this is not much of a
problem. When accessing a shared workspace app, the workspace owner
could include malicious javascript in the page that makes requests to
the Coder API on behalf of the visitor.
This vulnerability does not affect subdomain apps.
- Disables path-based app sharing by default. Previous behavior can be
restored using the `--dangerous-allow-path-app-sharing` flag which is
not recommended.
- Disables users with the site "owner" role from accessing path-based
apps from workspaces they do not own. Previous behavior can be
restored using the `--dangerous-allow-path-app-site-owner-access` flag
which is not recommended.
- Adds a flag `--disable-path-apps` which can be used by
security-conscious admins to disable all path-based apps across the
entire deployment. This check is enforced at app-access time, not at
template-ingest time.
2023-01-18 22:56:14 +00:00
6b68fbbf18
feat: Auditing group members as part of group resource ( #5730 )
...
* added AuditableGroup type
* added json tags
* Anonymizing gGroup struct
* adding support on the FE for nested group diffs
* added type for GroupMember
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com >
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com >
* fetching group members in group.delete
* passing through right error
* broke out into util function and added tests
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com >
2023-01-18 15:13:39 -05:00
56b996532f
feat: add --experiments flag to replace --experimental ( #5767 )
...
- Deprecates the --experimental flag
- Adds a new flag --experiments which supports passing multiple comma-separated values or a wildcard value.
- Exposes a new endpoint /api/v2/experiments that returns the list of enabled experiments.
- Deprecates the field Features.Experimental in favour of this new API.
- Updates apidocgen to support type aliases (shoutout to @mtojek).
- Modifies apitypings to support generating slice types.
- Updates develop.sh to pass additional args after -- to $CODERD_SHIM.
2023-01-18 19:12:53 +00:00
b19d644162
feat: add etag to slim binaries endpoint ( #5750 )
2023-01-18 04:38:08 +10:00
1b0560ceb4
feat: Expose workspace build parameters via API ( #5743 )
2023-01-17 16:24:45 +01:00
6ebadabe4e
feat: Add basic support for rich parameters to coderd and provisionerd ( #5710 )
2023-01-17 11:22:11 +01:00
bbc1a9a1d8
fix: use UserInfo endpoint with OIDC ( #5735 )
...
This resolves a user issue surfaced in Discord:
https://discord.com/channels/747933592273027093/1064566338875576361/1064566338875576361
Both methods of obtaining claims need to be used according
to the OIDC specification.
2023-01-16 16:06:39 -06:00
4420985fad
feat(coderd): activity bump for full TTL instead of 1h ( #5732 )
2023-01-16 20:13:34 +00:00
eb48341696
chore: More complete tracing for RBAC functions ( #5690 )
...
* chore: More complete tracing for RBAC functions
* Add input.json as example rbac input for rego cli
The input.json is required to play with the rego cli and debug
the policy without golang. It is good to have an example to run
the commands in the readme.md
* Add span events to capture authorize and prepared results
* chore: Add prometheus metrics to rbac authorizer
2023-01-13 16:07:15 -06:00
0cf713869b
feat: Manage tokens in dashboard ( #5444 )
2023-01-13 17:20:03 +00:00
f76ef98a32
chore!: Standardize prometheus time metrics to seconds ( #5709 )
...
* chore!: Standardize prometheus time metrics to seconds
* Update prometheus docs
2023-01-13 11:15:25 -06:00
dad242a788
feat: Add more swagger checks ( #5707 )
2023-01-13 16:47:38 +01:00
54cc587dad
Updated PreconditionFailed status occurences to more appropriate statuses. ( #5513 )
2023-01-13 08:30:48 -06:00
deebfcbd53
feat: Validate swagger definitions ( #5694 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
* WIP
* WIP
* Users
* Logout
* User profile
* Status suspend activate
* User roles
* User tokens
* Keys
* SSH key
* All
* Typo
* Fix
* Entitlements
* Groups
* SCIM
* Fix
* Fix
* Clean templates
* Sort API pages
* Fix: HashedSecret
* WIP
* WIP
* WIP
* Fix: cover workspaceagents
* Assert: consistent ID and summary
* Assert: success or failure defined
* Fix: parallel
* Refactor
* Support enterprise
* Go comment goes to top
* Security
* assertPathParametersDefined
* assertUniqueRoutes
* assertRequestBody
* More fixes
* Fix: exceptions
* Fix field format
* Address PR comments
* Refactor
2023-01-13 12:27:21 +01:00
dcab87358e
feat: add stackdriver and json log options to coder server ( #5682 )
2023-01-12 20:08:23 -06:00
575bfabfcb
fix: audit log workspace build URL should form with the correct workspace owner ( #5674 )
...
* removing workspaceOwner
* querying for workspace build
2023-01-12 09:51:30 -05:00
627fbe5874
fix: make build table show empty instead of loading when none are recent ( #5666 )
...
* Fix builds to show empty instead of loading
* Switch to backend fix
* Increase e2e test timeout
* Format
2023-01-11 12:18:06 -05:00
d9436fab69
docs: API enterprise ( #5625 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
* WIP
* WIP
* Users
* Logout
* User profile
* Status suspend activate
* User roles
* User tokens
* Keys
* SSH key
* All
* Typo
* Fix
* Entitlements
* Groups
* SCIM
* Fix
* Fix
* Clean templates
* Sort API pages
* Fix: HashedSecret
* General is first
2023-01-11 16:05:42 +01:00
8e9cbdd71b
docs: API users ( #5620 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
* WIP
* WIP
* Users
* Logout
* User profile
* Status suspend activate
* User roles
* User tokens
* Keys
* SSH key
* All
* Typo
* Fix
* Fix
* Fix: LoginWithPasswordRequest
2023-01-11 14:08:04 +01:00
84120767a7
docs: API templateversions, templates, members, organizations ( #5546 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
2023-01-11 12:16:09 +01:00
5a3985e6be
test: Use global swagger handler to avoid data race in tests ( #5668 )
2023-01-11 12:42:49 +02:00
a23a471034
docs: update swaggo/swag v1.8.9 ( #5590 )
...
* docs: update swaggo/swag v1.8.9
* Fix: format
* swaggo: time.Duration
* swaggo: provisionertype
* Fix: AuthorizationObject
* Fix: enums
* Fix: netip.Addr
* Fix: clickable response properties
2023-01-10 15:47:08 +01:00
5a968e2f93
feat: add flag to disaable all rate limits ( #5570 )
2023-01-05 18:05:20 +00:00
66fa2a1a8c
docs: API workspace agents and builds ( #5538 )
2023-01-05 15:27:10 +01:00
04d45f3c1c
fix!: remove AUTO_IMPORT_TEMPLATE for Kubernetes installs ( #5401 )
...
* fix!: remove AUTO_IMPORT_TEMPLATE
* chore: remove template auto importing
Co-authored-by: Dean Sheather <dean@deansheather.com >
2023-01-05 04:04:32 +00:00
0dba2defd1
feat: enable enterprise users to specify a custom logo ( #5566 )
...
* feat: enable enterprise users to specify a custom logo
This adds a field in deployment settings that allows users to specify
the URL to a custom logo that will display in the dashboard.
This also groups service banner into a new appearance settings page.
It adds a Fieldset component to allow for modular fields moving forward.
* Fix tests
2023-01-04 15:31:45 -06:00
de0601d611
feat: allow configurable username claim field in OIDC ( #5507 )
...
Co-authored-by: Colin Adler <colin1adler@gmail.com >
2023-01-04 15:16:31 -06:00
5e540e3439
chore: Log out the failed audit log on failures ( #5561 )
2023-01-03 17:22:57 -06:00
e67d131514
docs: audit, deploymentconfig, files, parameters ( #5506 )
...
* docs: audit, deploymentconfig, files, parameters
* Fix: mark as binary
* Fix: show format in docs
* Fix: use .swaggo
* Fix: swagger notice
* Swagger notice
2023-01-03 19:21:10 +01:00
856f0ab6f5
chore: Improve project-wide prettier formatting and ignored files ( #5505 )
...
* chore: Improve project-wide prettier formatting and ignored files
* chore: `Run make fmt/prettier`
* Fix gitignore for `.vscode` folder so that ! works
* Add comment in `.prettierrc.yaml` to explain `.editorconfig`
* Remove scripts/apidocgen/markdown-template/README.md
* Use `yq` for processing prettierrc, update lib.sh dependency check
* Add `yq` to Dockerfile and Nix
2023-01-03 15:11:13 +02:00
8bb7e17bf1
chore!: remove GET workspaceagents/me/report-stats ( #5530 )
...
* chore!: remove GET workspaceagents/me/report-stats
* Fix: tests
2023-01-02 21:38:51 +01:00
3e2e2ac49e
fix: enforce unique agent names per workspace ( #5497 )
2022-12-22 15:20:35 -08:00
cfd02d959c
docs: api root, buildinfo, csp ( #5493 )
...
* docs: Applications
* WIP
* WIP
* WIP
* Fix: consume
* Fix: @Description
* Fix
* docs: apiroot, buildinfo, csp
* Fix: buildinfo
* docs: updatecheck
* docs: apiroot
* Fix: s/none//g
* Fix: godoc nice
* Fix: description
* Fix: It
* Fix: code sample trim empty line
* More fixes
* Fix: br
* Merge
* Fix: no-security on updatecheck
* Fix: code tags
* Fix: enumerated values in code tags
* Rephrased
* Address PR comments
* Fix: URL, id
* Fix: array items
* Fix: any property
* Fix: array item singular
2022-12-22 15:53:14 +01:00
ac27cf8c07
fix: properly apply metadata when multiple resources share the same id ( #5443 )
2022-12-21 13:48:49 -05:00
2bbeff53f9
docs: applications and authorization ( #5477 )
...
* docs: Applications
* WIP
* WIP
* WIP
* Fix: consume
* Fix: @Description
* Fix
* Fix: s/none//g
* Fix: godoc nice
* Fix: description
* Fix: It
* Fix: code sample trim empty line
* More fixes
* Fix: br
2022-12-21 15:37:30 +01:00
50dfc2082b
feat: endpoint to logout app subdomain URLs ( #5428 )
...
Co-authored-by: Bruno Quaresma <bruno@coder.com >
2022-12-20 18:45:13 +00:00
e3cf759968
test: Unit tests creating fake audit logs require create permission ( #5455 )
2022-12-19 14:02:52 -06:00
1bc4eb5329
fix: fix security vulnerabilities reported by CodeQL ( #5467 )
2022-12-19 19:25:59 +00:00
dc6d271293
feat: Build framework for generating API docs ( #5383 )
...
* WIP
* Gen
* WIP
* chi swagger
* WIP
* WIP
* WIP
* GetWorkspaces
* GetWorkspaces
* Markdown
* Use widdershins
* WIP
* WIP
* WIP
* Markdown template
* Fix: makefile
* fmt
* Fix: comment
* Enable swagger conditionally
* fix: site
* Default false
* Flag tests
* fix
* fix
* template fixes
* Fix
* Fix
* Fix
* WIP
* Formatted
* Cleanup
* Templates
* BEGIN END SECTION
* subshell exit code
* Fix
* Fix merge
* WIP
* Fix
* Fix fmt
* Fix
* Generic api.md page
* Fix merge
* Link pages
* Fix
* Fix
* Fix: links
* Add icon
* Write manifest file
* Fix fmt
* Fix: enterprise
* Fix: Swagger.Enable
* Fix: rename apidocs to apidoc
* Fix: find -not -prune
* Fix: json not available
* Fix: rename Coderd API to Coder API
* Fix: npm exec
* Fix: api dir
* Fix: by ID
* Fix: string uuid
* Fix: include deleted
* Fix: indirect go.mod
* Fix: source lib.sh
* Fix: shellcheck
* Fix: pushd popd
* Fix: fmt
* Fix: improve workspaces
* Fix: swagger-enable
* Fix
* Fix: mention only HTTP 200
* Fix: IDs
* Fix: https
* Fix: icon
* More APis
* Fix: format swagger.json
* Fix: SwaggerEndpoint
* Fix: SCRIPT_DIR
* Fix: PROJECT_ROOT
* Fix: use code tags in schemas.md
* Fix: examples
* Fix: examples
* Fix: improve format
* Fix: date-time,enums
* Fix: include_deleted
* Fix: array of
* Fix: parameter, response
* Fix: string time or null
* Workspaces: more docs
* Workspaces: more docs
* Fix: renderDisplayName
* Fix: ActiveUserCount
* Fix
* Fix: typo
* Templates: docs
* Notice: incomplete
2022-12-19 18:43:46 +01:00
f239ca7ee3
fix: add the "workflow" scope for managing GitHub Actions with gitauth ( #5461 )
...
Seen in Discord: https://discord.com/channels/747933592273027093/1054155742871031858/1054155742871031858
2022-12-19 15:17:17 +02:00
79c71d2d2c
chore: Upgrade to sqlc version 2 yaml configuration ( #5442 )
...
* chore: Upgrade to sqlc version 2 yaml configuration
2022-12-15 20:40:11 +00:00
787b8b2a51
fix: fix app hostname returning port number ( #5441 )
2022-12-16 04:43:00 +10:00
Marcin Tojek