fixes#9895
Problem was that provisionerd tries to acquire the next job, and races with shutdown, triggering the assert in the handler. Switches this test case to use the more robust handler.
* chore: move `/gitauth` to `/externalauth` on the frontend
This actually took a lot more jank than anticipated,
so I wanted to split this up before adding the ability
to embed new providers.
* Rename FE
* Fix em' up
* Fix linting error
* Fix e2e tests
* chore: update helm golden files
* chore: rename `git_auth` to `external_auth` in our schema
We're changing Git auth to be external auth. It will support
any OAuth2 or OIDC provider.
To split up the larger change I want to contribute the schema
changes first, and I'll add the feature itself in another PR.
* Fix names
* Fix outdated view
* Rename some additional places
* Fix sort order
* Fix template versions auth route
* Fix types
* Fix dbauthz
This change removes one use of `coderd/database` from the slim binary
and more correctly uses codersdk instead of database or provisionerd
packages.
No size change (yet).
Ref: #9380
* chore: revert nix-related CI changes
- Reverts using nix to run CI-dependencies.
- Running 'make gen' in a dogfood workspace resulted in inconsistent
results for protobuf-related files making it difficult to pass CI.
This PR imports the minimum changes necessary to make CI compatible
with dogfood.
Due to a logical error in CommitQuota, all workspace Stop->Start operations
were being accepted, regardless of the Quota limit. This issue only
appeared after #9201, so this was a minor regression in main for about
3 days. This PR adds a test to make sure this kind of bug doesn't recur.
To make the new test possible, we give the echo provisioner the ability
to simulate responses to specific transitions.
* chore: add /v2 to import module path
go mod requires semantic versioning with versions greater than 1.x
This was a mechanical update by running:
```
go install github.com/marwan-at-work/mod/cmd/mod@latest
mod upgrade
```
Migrate generated files to import /v2
* Fix gen
* Add Docker image
* Try building the container in CI
* Uncomment testing lines
* Trim image step
* Hit 'em with a Docker load
* Oopsie!
* Add a tag and push!
* Fix image name 🤦
* Fix sudo
* Fix target name
* Build and push
* Fix login to docker hub
* Revert to Docker push
* Fix PATH
* Fix SHA
* Fix ca certs
* Fix ca certs
* Fix coping files in
* Fix docker init
* Fix Docker group and init
* Add comments to our Nix
* Fix build stage
* Add some more comments
* Remove old dogfood image files
* Tag and push with branch name
* Fix tag passing
* Fix tag passing
* Remove old pull triggers
* Convert gen to use Nix
* Add protobuf to the flake
* Add prettier to the dev shell
* Swap to the faster Nix cache action
* Add the correct yq
* Fix gen
* Add make to the flake
* Update extensions
* The batchstats warning went out on every Ctrl+C in my development
Rule of silence:
The provisioner and connect messages messages were sent out on every startup
without a corresponding user event, making them annoying and more-so
debug messages.
* Standardize on function to get workspace channel name
There were two, now there is one.
* Add some missing workspace updates
There are some failure cases where we do not set the type as a workspace
build which causes the workspace update to never be published.
* Make build failures warnings
Otherwise the associated test fails due to the logger fataling on
error messages.
- Previously, we were logging all provision response logs at level INFO, regardless of the log level of the log streamed from the provisioner. We now log these at the original level (defaulting to INFO).
- Now logging "provision failed" message at level ERROR WARN and including the error field in the message.
* Add git auth providers schema
* Pipe git auth providers to the schema
* Add git auth providers to the API
* Add gitauth endpoint to query authenticated state
* Add endpoint to query git state
* Use BroadcastChannel to automatically authenticate with Git
* Add error validation for submitting the create workspace form
* Fix panic on template dry-run
* Add tests for the template version Git auth endpoint
* Show error if no gitauth is configured
* Add gitauth to cliui
* Fix unused method receiver
* Fix linting errors
* Fix dbauthz querier test
* Fix make gen
* Add JavaScript test for git auth
* Fix bad error message
* Fix provisionerd test race
See https://github.com/coder/coder/actions/runs/4277960646/jobs/7447232814
* Fix requested changes
* Add comment to CreateWorkspacePageView
This PR adds the prometheus metric coderd_workspace_builds_total.
It measures the total number of workspace builds, along with a number of labels intended to be useful for an operator debugging a failed workspace build trying to discover the scope of the issue.
- rbac: export rbac.Permissions
- dbauthz: move GetDeploymentDAUs, GetTemplateDAUs,
GetTemplateAverageBuildTime from querier.go to system.go
and removes auth checks
- dbauthz: remove AsSystem(), add individual roles for
autostart, provisionerd, add restricted system role for
everything else
feat: Add initial AuthzQuerier implementation
- Adds package database/dbauthz that adds a database.Store implementation where each method goes through AuthZ checks
- Implements all database.Store methods on AuthzQuerier
- Updates and fixes unit tests where required
- Updates coderd initialization to use AuthzQuerier if codersdk.ExperimentAuthzQuerier is enabled
Spike Curtis