shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
coder/docs/support/support-bundle.md
T
Cian Johnston fe82d0aeb9 fix: allow member users to generate support bundles (#23040) 
Fixes AIGOV-141

The `coder support bundle` command previously required admin permissions
(`Read DeploymentConfig`) and would abort entirely for non-admin
`member` users with:

```
failed authorization check: cannot Read DeploymentValues
```

This change makes the command **degrade gracefully** instead of failing
outright.

<details>
<summary>
Changes
</summary>

### `support/support.go`
- **`Run()`**: The authorization check for `Read DeploymentValues` is
now a soft warning instead of a hard gate. Unauthenticated users (401)
still fail, but authenticated users with insufficient permissions
proceed with reduced data.
- **`DeploymentInfo()`**: `DeploymentConfig` and `DebugHealth` fetches
now handle 403/401 responses gracefully, matching the existing pattern
used by `DeploymentStats`, `Entitlements`, and `HealthSettings`.
- **`NetworkInfo()`**: Coordinator debug and tailnet debug fetches now
check response status codes for 403/401 before reading the body.

### `cli/support.go`
- **`summarizeBundle()`**: No longer returns early when `Config` or
`HealthReport` is nil. Instead prints warnings and continues summarizing
available data (e.g., netcheck).

### Tests
- `MissingPrivilege` → `MemberNoWorkspace`: Asserts member users can
generate a bundle successfully with degraded admin-only data.
- `NoPrivilege` → `MemberCanGenerateBundle`: Asserts the CLI produces a
valid zip bundle for member users.
- All existing tests continue to pass (`NoAuth`, `OK`, `OK_NoWorkspace`,
`DontPanic`, etc.).

## Behavior matrix

| User type | Before | After |
|---|---|---|
| **Admin** | Full bundle | Full bundle (no change) |
| **Member** | Hard error | Bundle with degraded admin-only data |
| **Unauthenticated** | Hard error | Hard error (no change) |

Related to PRODUCT-182
2026-03-18 13:43:10 +00:00

7.0 KiB
Raw Permalink Blame History

Generate and upload a Support Bundle to Coder Support

When you engage with Coder support to diagnose an issue with your deployment, you may be asked to generate and upload a "Support Bundle" for offline analysis. This document explains the contents of a support bundle and the steps to submit a support bundle to Coder staff.

What is a Support Bundle?

A support bundle is an archive containing a snapshot of information about your Coder deployment.

It contains information about the workspace, the template it uses, running agents in the workspace, and other detailed information useful for troubleshooting.

It is primarily intended for troubleshooting connectivity issues to workspaces, but can be useful for diagnosing other issues as well.

While we attempt to redact sensitive information from support bundles, they may contain information deemed sensitive by your organization and should be treated as such.

A brief overview of all files contained in the bundle is provided below:

Note

Detailed descriptions of all the information available in the bundle is out of scope, as support bundles are primarily intended for internal use.

Filename Description
agent/agent.json The agent used to connect to the workspace with environment variables stripped.
agent/agent_magicsock.html The contents of the HTTP debug endpoint of the agent's Tailscale Wireguard connection.
agent/client_magicsock.html The contents of the HTTP debug endpoint of the client's Tailscale Wireguard connection.
agent/listening_ports.json The listening ports detected by the selected agent running in the workspace.
agent/logs.txt The logs of the selected agent running in the workspace.
agent/manifest.json The manifest of the selected agent with environment variables stripped.
agent/startup_logs.txt Startup logs of the workspace agent.
agent/prometheus.txt The contents of the agent's Prometheus endpoint.
cli_logs.txt Logs from running the coder support bundle command.
deployment/buildinfo.json Coder version and build information.
deployment/config.json Deployment configuration, with secret values removed. Requires Owner role.
deployment/experiments.json Any experiments currently enabled for the deployment.
deployment/health.json A snapshot of the health status of the deployment. Requires Owner role.
logs.txt Logs from the codersdk.Client used to generate the bundle.
network/connection_info.json Information used by workspace agents used to connect to Coder (DERP map etc.)
network/coordinator_debug.html Peers currently connected to each Coder instance and the tunnels established between peers. Requires Owner role.
network/netcheck.json Results of running coder netcheck locally.
network/tailnet_debug.html Tailnet coordinators, their heartbeat ages, connected peers, and tunnels. Requires Owner role.
workspace/build_logs.txt Build logs of the selected workspace.
workspace/workspace.json Details of the selected workspace.
workspace/parameters.json Build parameters of the selected workspace.
workspace/template.json The template currently in use by the selected workspace.
workspace/template_file.zip The source code of the template currently in use by the selected workspace.
workspace/template_version.json The template version currently in use by the selected workspace.

How do I generate a Support Bundle?

  1. Ensure your deployment is up and running. Generating a support bundle requires the Coder deployment to be available.

  2. Ensure you have the Coder CLI installed on a local machine. See installation for steps on how to do this.

    Note

    It is recommended to generate a support bundle from a location experiencing workspace connectivity issues.

  3. Ensure you are logged in to your Coder deployment. Any authenticated user can generate a support bundle. Users with the Owner role will get the most complete bundle; non-admin users will still get a useful bundle but some admin-only data will be omitted (see the note below).

  4. Run coder support bundle [owner/workspace], and respond yes to the prompt. The support bundle will be generated in the current directory with the filename coder-support-$TIMESTAMP.zip.

    Note

    While support bundles can be generated without a running workspace, it is recommended to specify one to maximize troubleshooting information.

  5. (Recommended) Extract the support bundle and review its contents, redacting any information you deem necessary.

  6. Coder staff will provide you a link where you can upload the bundle along with any other necessary supporting files.

    Note

    It is helpful to leave an informative message regarding the nature of supporting files.

Coder support will then review the information you provided and respond to you with next steps.

Reference in New Issue View Git Blame Copy Permalink