* feat: Validate Git tokens before consuming them
This works the exact same way that the Git credential manager does. It ensures the user token is valid before returning it to the client.
It's been manually tested on GitHub, GitLab, and BitBucket.
* Fix requested changes
* Adds a configuration knob CODER_OIDC_IGNORE_EMAIL_VERIFIED that allows
ignoring the email_verified OIDC claim
* Adds warning message at startup if CODER_OIDC_IGNORE_EMAIL_VERIFIED=true
* Adds warning whenever an unverified OIDC email is let through
* Skips flaky test on non-linux platforms
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
* Start to port over provisioner daemons PR
* Move to Enterprise
* Begin adding tests for external registration
* Move provisioner daemons query to enterprise
* Move around provisioner daemons schema
* Add tags to provisioner daemons
* make gen
* Add user local provisioner daemons
* Add provisioner daemons
* Add feature for external daemons
* Add command to start a provisioner daemon
* Add provisioner tags to template push and create
* Rename migration files
* Fix tests
* Fix entitlements test
* PR comments
* Update migration
* Fix FE types
* Show display_name field in the template settings
* Show template.display_name on pages: Templates, CreateWorkspace
* Fix: template.display_name pattern
* make fmt/prettier
* Fix tests
* Fix: make fmt/prettier
* Fix: merge
* Fix: autoFocus
* i18n: display_name
* fix: Improve tailnet connections by reducing timeouts
This awaits connection ping before running a dial. Before,
we were hitting the TCP retransmission and handshake timeouts,
which could intermittently add 1 or 5 seconds to a connection
being initialized.
* Update Tailscale
* fix: Fix ssh message/spinner in VSCode integrated terminal
The messages never show up in VSCode integrated terminal due to the
defer `fmt.Fprintf`. There could be a race in VSCode in handling the
terminal codes but ultimately, we can simplify our logic by just
stopping the spinner for the duration of the update.
* Avoid race in starting spinner after exit
The connection limit wasn't being applied to pubsub, which would
overload the server if a ton of logs were being published at once.
This should fix it, and improve scale a lot!
* feat: Add connection_timeout and troubleshooting_url to agent
This commit adds the connection timeout and troubleshooting url fields
to coder agents.
If an initial connection cannot be established within connection timeout
seconds, then the agent status will be marked as `"timeout"`.
The troubleshooting URL will be present, if configured in the Terraform
template, it can be presented to the user when the agent state is either
`"timeout"` or `"disconnected"`.
Fixes#4678
This feature is used by the coder agent to exchange a new token. By
protecting the SessionToken via mutex we ensure there are no data races
when accessing it.
* chore: Separate the provisionerd server into it's own package
This code should be thoroughly tested now that we understand the abstraction.
I separated it to make our lives a bit easier for external provisioner daemons
as well!
* Add tests
* Add workspace builds
* Add test for workspace resources
Daniel Carrion