selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updates from meetings

This commit is contained in:
Ben 2024-05-02 17:32:20 +00:00
parent 561aefc70b
commit ce82e45d45
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/admin/rabbit/README.md
View File

@ -31,9 +31,9 @@ Examples:
- The `@quality-assurance` group has a Windows workspace they use share for testing
- The `@data-science` group has a provisioner in their own Kubernetes cluster but use a standard template
## Service Accounts
## Headless Users
Service accounts can be used for CI jobs, third-party integrations, and other automation. Unlike other accounts in Coder, service accounts do not consume a license seat or have an OIDC/password login method, so they cannot be used to log in to the Coder UI.
Headless user accounts can be used for CI jobs, third-party integrations, and other automation. Unlike other accounts in Coder, headless user accounts do not consume a license seat or have an OIDC/password login method, so they cannot be used to log in to the Coder UI.
## Custom Roles
@ -45,7 +45,7 @@ Examples:
- The `Organization Lead` role can access user workspaces for troubleshooting purposes, but cannot edit templates
- The `Platform Member` role cannot edit or create workspaces as they are created via a third-party system
Custom roles can also be applied to service accounts:
Custom roles can also be applied to headless user accounts:
- A `Health Check` role can view deployment status but cannot create workspaces, manage templates, or view users
- A `CI` role can update manage templates but cannot create workspaces or view users

15
docs/admin/rabbit/guides/byoc.md
View File

@ -49,14 +49,15 @@ The best way to give users access to this group is via claims identity provider
<div class="tabs">
## coder server
> Note: Managing group and role sync via server config is deprecated and does not support multiple organizations.
The following server config maps people with the `ds` group claim to the `Everyone` group in the `data-science` organization:
## CLI
```text
CODER_OIDC_GROUP_MAPPING '{"ds-user": "data-science::Member:Everyone"}'
CODER_OIDC_ROLE_MAPPING '{"ds-admin": "data-science:Administrator:Everyone"}'
```
<!-- TODO -->
## UI
<!-- TODO -->
## HCL
@ -81,7 +82,7 @@ resource "coderd_idp_mapping" "data_science_members" {
# Add admins to the data science group
resource "coderd_idp_mapping" "data_science_admins" {
claim_name = "groups"
claim_value_includes = "ds-user"
claim_value_includes = "ds-admin"
organization_id = data.coder_organization.data_science.id
group_id = data.coder_organization.data_science.default_group_id
role_id = data.coder_organization.data_science.admin_role_id