Pre-requisite for https://github.com/coder/coder/pull/16891
Closes https://github.com/coder/internal/issues/515
This PR introduces a new concept of a "system" user.
Our data model requires that all workspaces have an owner (a `users`
relation), and prebuilds is a feature that will spin up workspaces to be
claimed later by actual users - and thus needs to own the workspaces in
the interim.
Naturally, introducing a change like this touches a few aspects around
the codebase and we've taken the approach _default hidden_ here; in
other words, queries for users will by default _exclude_ all system
users, but there is a flag to ensure they can be displayed. This keeps
the changeset relatively small.
This user has minimal permissions (it's equivalent to a `member` since
it has no roles). It will be associated with the default org in the
initial migration, and thereafter we'll need to somehow ensure its
membership aligns with templates (which are org-scoped) for which it'll
need to provision prebuilds; that's a solution we'll have in a
subsequent PR.
---------
Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Sas Swart <sas.swart.cdk@gmail.com>
from @NickSquangler
> ($customer) noticed when setting up external auth with Gitlab that the
command listed in the docs is in the incorrect order, as `coder
external-auth <USER_DEFINED_ID> access-token` should be `coder
external-auth access-token <USER_DEFINED_ID>`
[preview](https://coder.com/docs/@external-auth-access-token/admin/external-auth#workspace-cli)
<details><summary>coder external-auth access-token --help</summary>
```shell
coder external-auth access-token --help
coder v2.20.0+03b5012
USAGE:
coder external-auth access-token [flags] <provider>
Print auth for an external provider
Print an access-token for an external auth provider. The access-token will be validated and sent
to stdout with exit code 0. If a valid access-token cannot be obtained, the URL to authenticate
will be sent to stdout with exit code 1
- Ensure that the user is authenticated with GitHub before cloning.:
$ #!/usr/bin/env sh
OUTPUT=$(coder external-auth access-token github)
if [ $? -eq 0 ]; then
echo "Authenticated with GitHub"
else
echo "Please authenticate with GitHub:"
echo $OUTPUT
fi
- Obtain an extra property of an access token for additional metadata.:
$ coder external-auth access-token slack --extra "authed_user.id"
OPTIONS:
--extra string
Extract a field from the "extra" properties of the OAuth token.
———
Run `coder --help` for a list of global options.
```
</details>
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
closes: #15385
- use consistent `prom-http` port (@johnstcn looks like this was
changed/added in #12214 - do we prefer `prom-http` over
`prometheus-http` or is it more important that they align?)
- add `namespaceSelector:` per @francisco-mata (thanks! - sorry it took
so long to get this in)
from issue:
> For some reason our target was not appearing on our prometheus
targets, we had to add a namespaceSelector key on the Service Monitor to
successfully appear
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
- Add deleted column to organizations table
- Add trigger to check for existing workspaces, templates, groups and
members in a org before allowing the soft delete
---------
Co-authored-by: Steven Masley <stevenmasley@gmail.com>
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
This commit adds new audit resource types for workspace agents and
workspace apps, as well as connect/disconnect and open/close actions.
The idea is that we will log new audit events for connecting to the
agent via SSH/editor.
Likewise, we will log openings of `coder_app`s.
This change also introduces support for filtering by `request_id`.
Updates #15139
Corrects incorrect reference to env variable
`CODER_DEFAULT_QUIET_HOURS_SCHEDULE`. Changes to
`CODER_QUIET_HOURS_DEFAULT_SCHEDULE`. Also hyperlinks to the server flag
(similar to `CODER_ALLOW_CUSTOM_QUIET_HOURS`)
This pull requests adds the necessary migrations and queries to support
presets within the coderd database. Future PRs will build functionality
to the provisioners and the frontend.
* chore(docs): update docs re workspace tag default values
* chore(coderdenttest): use random name instead of t.Name() in newExternalProvisionerDaemon
* fix(provisioner/terraform/tfparse): allow empty values in coder_workspace_tag defaults
Enabling the notifications experiment was only required in 2.15.0, so we
can reduce the loudness of this callout.
---------
Co-authored-by: EdwardAngert <EdwardAngert@users.noreply.github.com>
Change as part of https://github.com/coder/coder/pull/16071
It has been decided that we want to be able to have some notification
templates be disabled _by default_
https://github.com/coder/coder/pull/16071#issuecomment-2580757061.
This adds a new column (`enabled_by_default`) to
`notification_templates` that defaults to `TRUE`. It also modifies the
`inhibit_enqueue_if_disabled` function to reject notifications for
templates that have `enabled_by_default = FALSE` with the user not
explicitly enabling it.
Danny Kopping