selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
7,192 Commits 160 Branches 179 Tags 272 MiB
Commit Graph

1862 Commits

Author SHA1 Message Date
Steven Masley 4cba83b30f
test: apptest was accidently choosing ports in use (#12580) 
Apptest requires a port without a listening server to test failure
cases. This port was chosen and had a chance of actually being
provisioned. To prevent this accident, a port <1k is chosen,
since those will never be allocated.
 2024-03-14 08:54:12 -05:00
Danny Kopping da54c8a51f
fix: fix data race in TestLabelsAggregation tests (#12578) 2024-03-13 13:47:22 +02:00
Danny Kopping 7a7105ad66
feat: make agent stats' cardinality configurable (#12535) 2024-03-13 12:03:36 +02:00
Cian Johnston 47cb584052
fix(support): sanitize agent env (#12554) 2024-03-12 15:23:11 +00:00
Steven Masley 597694fbdd
chore: bump migration file (#12556) 2024-03-12 14:55:45 +00:00
Steven Masley e11d3ca0ee
chore: move default everyone group to a migration (#12435) 2024-03-12 09:27:36 -05:00
Spike Curtis 51707446d0
fix: stop holding Pubsub mutex while calling pq.Listener (#12518) 
fixes #11950

https://github.com/coder/coder/issues/11950#issuecomment-1987756088 explains the bug

We were also calling into `Unlisten()` and `Close()` while holding the mutex.  I don't believe that `Close()` depends on the notification loop being unblocked, but it's hard to be sure, and the safest thing to do is assume it could block.

So, I added a unit test that fakes out `pq.Listener` and sends a bunch of notifies every time we call into it to hopefully prevent regression where we hold the mutex while calling into these functions.

It also removes the use of a `context.Context` to stop the PubSub -- it must be explicitly `Closed()`.  This simplifies a bunch of the logic, and is how we use the pubsub anyway.
 2024-03-12 09:44:12 +04:00
Cian Johnston d704ff4570
chore(codersdk): explain format of codersdk.UpdateWorkspaceAutostartRequest.Schedule (#12539) 2024-03-11 22:50:38 +00:00
Steven Masley e3051dff0c
chore: add workspace id filter on api (#12483) 
* chore: add workspace id filter on api
 2024-03-11 11:37:15 -05:00
Cian Johnston 8f40ee3465
Revert "feat: make agent stats' cardinality configurable (#12468)" (#12533) 
This reverts commit 21d1873d97.
 2024-03-11 14:33:36 +00:00
Cian Johnston bed61f7d2a
fix(coderd): correctly handle tar dir entries with missing path separator (#12479) 
* coderd: add test to reproduce trailing directory issue
* coderd: add trailing path separator to dir entries when converting to zip
* provisionersdk: add trailing path separator to directory entries
 2024-03-11 14:06:41 +00:00
Danny Kopping 21d1873d97
feat: make agent stats' cardinality configurable (#12468) 
Closes #12221
 2024-03-11 16:04:08 +02:00
Cian Johnston 0647ec1960
fix(coderd): prevent nil err deref (#12475) 2024-03-11 14:03:58 +00:00
Cian Johnston b1ecc53033
chore(coderd): improve tests for tar<->zip conversion (#12477) 
* improve tests for tar<->zip conversion
* set mode and modtime correctly when converting from zip to tar (#12476)
 2024-03-11 13:29:57 +00:00
Mathias Fredriksson bae0a747ed
test(coderd): skip flaky dau test (#12517) 
* test(coderd): skip flaky dau test

* chore(coderd/database/dbpurge): fix failing test (#12530)

---------

Co-authored-by: Cian Johnston <cian@coder.com>
 2024-03-11 12:54:38 +00:00
Colin Adler 66154f937e
fix(coderd): pass block endpoints into servertailnet (#12149) 2024-03-08 05:29:54 +00:00
Cian Johnston c8aa99a5b8
feat(coderd/database/dbfake): allow specifying fileID in TemplateVersionBuilder (#12450) 2024-03-07 12:36:11 +00:00
Dean Sheather 662be56d72
chore: rename migrations to fix main (#12442) 2024-03-06 18:28:53 +00:00
Steven Masley b5f866c1cb
chore: add organization_id column to provisioner daemons (#12356) 
* chore: add organization_id column to provisioner daemons
* Update upsert to include organization id on set
 2024-03-06 12:04:50 -06:00
Dean Sheather 46a2ff1061
feat: allow setting port share protocol (#12383) 
Co-authored-by: Garrett Delfosse <garrett@coder.com>
 2024-03-06 09:23:57 -05:00
Steven Masley 23ff807a27
chore: remove autocreate orgs on CreateUser (#12434) 
New users must be explictly given an organization to join.
Organizations should not be auto created as a side effect of
creating a new user.
 2024-03-06 07:29:28 -06:00
Steven Masley 17c486c5e6
chore: ensure default org always exists (#12412) 
* chore: ensure default org always exists

First user just joins the org created by the migration
 2024-03-05 14:06:35 -06:00
Garrett Delfosse 61bd341a36
chore: change max share level on existing port shares (#12411) 2024-03-05 13:47:01 -05:00
Cian Johnston 4343998c37
chore(coderd): add tests for big oidc tokens (#12424) 
- Adds two test cases for a 64k+ ID token and a 64k+ userinfo payload.
- Reformats the entire test cases array as instructed by CI
 2024-03-05 14:46:00 +00:00
Marcin Tojek b1f9a6dc31
fix: use timestamptz instead of timestamp (#12425) 
* fix: use timestampz instead of timestamp

* fix: timestamptz
 2024-03-05 14:16:29 +00:00
Marcin Tojek 3e99c0373f
fix: improve pagination parser (#12422) 2024-03-05 14:05:15 +00:00
Marcin Tojek e4fa212164
fix: always return count of workspaces (#12407) 2024-03-05 09:24:43 +01:00
Steven Masley 5c6974e55f
feat: implement provisioner auth middleware and proper org params (#12330) 
* feat: provisioner auth in mw to allow ExtractOrg

Step to enable org scoped provisioner daemons

* chore: handle default org handling for provisioner daemons
 2024-03-04 15:15:41 -06:00
Alex 320c2eac6f
Entra External Auth for ADO (#12201) 2024-03-04 12:12:46 -06:00
Colin Adler 4439a920e4
Merge pull request from GHSA-7cc2-r658-7xpf 
This fixes a vulnerability with the `CODER_OIDC_EMAIL_DOMAIN` option,
where users with a superset of the allowed email domain would be allowed
to login. For example, given `CODER_OIDC_EMAIL_DOMAIN=google.com`, a
user would be permitted entry if their email domain was
`colin-google.com`.
 2024-03-04 12:52:03 -05:00
Garrett Delfosse 8f190b2016
fix: disallow out of range ports (#12414) 2024-03-04 12:25:06 -05:00
Colin Adler e5d911462f
fix(tailnet): enforce valid agent and client addresses (#12197) 
This adds the ability for `TunnelAuth` to also authorize incoming wireguard node IPs, preventing agents from reporting anything other than their static IP generated from the agent ID.
 2024-03-01 09:02:33 -06:00
Colin Adler 7fbca62e08
chore: fix `Test_parseInsightsStartAndEndTime` flake (#12377) 
Fixes https://github.com/coder/coder/issues/10600
 2024-02-29 18:20:25 -06:00
Steven Masley cbcf4ef2c4
chore: add faking 429 responses from fake idp (#12365) 
Required to trigger error condition in fe.
See pull (#12367)
 2024-02-29 09:45:53 -06:00
Cian Johnston 4f87ba46f9
chore: update provisioner tag documentation with suggestions from #12315 (#12347) 
- Adds more testcases to TestAcquirer_MatchTags
- Adds functionality to generate a table from above test
- Update provisioner tag documentation with generated table
- Apply other feedback from #12315
 2024-02-29 12:31:11 +00:00
Dean Sheather bedd2c5922
fix: avoid race between replicas on start (#12344) 
DERP mesh key setup would do a SELECT and then an INSERT on failure, without a lock. During some testing with multiple replicas, I managed to cause a replica to crash due to them initializing simultaneously.

Fixes:

Encountered an error running "coder server"
create coder API: insert mesh key: pq: duplicate key value violates unique constraint "site_configs_key_key"

Co-authored-by: Cian Johnston <cian@coder.com>
 2024-02-28 16:14:11 +00:00
Cian Johnston 1465ee2ed1
fix(coderd): use database.IsQueryCanceledError instead of xerrors.Is(err, context.Canceled) (#12325) 2024-02-28 21:19:57 +10:00
Kayla Washburn-Love b2413a593c
chore: reimplement activity status and autostop improvements (#12175) 2024-02-27 11:06:26 -07:00
Cian Johnston b9e2d0a400
fix(coderd): mark provisioner daemon psk as secret (#12322) 
* fix(coderd): mark provisioner daemon psk as secret

Marks provisioner daemon PSK with the secret annotation.
This ensures it will be scrubbed from API requests to
/api/v2/deployment/config.

* make gen
 2024-02-27 16:33:32 +00:00
Asher f74532ff50
feat: audit oauth2 app management (#12275) 
* Audit oauth2 app management
* Use 201 for creating secrets
 2024-02-26 23:52:08 +00:00
Steven Masley 6b866b3f48
feat: set sane default for gitea external auth (#12306) 
* feat: external auth defaults for gitea

Add some sane defaults for gitea to make it easier to configure
 2024-02-26 12:35:18 -06:00
Steven Masley d2998c6b7b
feat: implement organization context in the cli (#12259) 
* feat: implement organization context in the cli

`coder org show current`
 2024-02-26 10:03:49 -06:00
Steven Masley f44c89d200
chore: enforce orgid in audit logs where required (#12283) 
* chore: enforce orgid in audit logs where required
 2024-02-26 08:27:33 -06:00
Cian Johnston 74b749b890
chore(coderd): add test to assert agent token invalid when workspace deleted (#12290) 2024-02-26 13:27:00 +00:00
Steven Masley 13359aa16f
chore: drop github per user rate limit tracking (#12286) 
* chore: drop github per user rate limit tracking

Rate limits for authenticated requests are per user.
This would be an excessive number of prometheus labels,
so we only track the unauthorized limit.
 2024-02-23 11:17:52 -06:00
Marcin Tojek 90db6683c4
fix: refresh entitlements after creating first user (#12285) 2024-02-23 16:48:24 +00:00
Cian Johnston 2cb9bfd517
refactor(coderd): move healthcheck report structs to codersdk (#12279) 
Moves healthcheck report-related structs from coderd/healthcheck to codersdk
This prevents an import cycle when adding a codersdk.Client method to hit /api/v2/debug/health.
 2024-02-23 13:13:28 +00:00
Spike Curtis af3fdc68c3
chore: refactor agent routines that use the v2 API (#12223) 
In anticipation of needing the `LogSender` to run on a context that doesn't get immediately canceled when you `Close()` the agent, I've undertaken a little refactor to manage the goroutines that get run against the Tailnet and Agent API connection.

This handles controlling two contexts, one that gets canceled right away at the start of graceful shutdown, and another that stays up to allow graceful shutdown to complete.
 2024-02-23 11:04:23 +04:00
Cian Johnston 53e8f9c0f9
fix(coderd): only allow untagged provisioners to pick up untagged jobs (#12269) 
Alternative solution to #6442

Modifies the behaviour of AcquireProvisionerJob and adds a special case for 'un-tagged' jobs such that they can only be picked up by 'un-tagged' provisioners.

Also adds comprehensive test coverage for AcquireJob given various combinations of tags.
 2024-02-22 15:04:31 +00:00
Steven Masley d4d8424ce0
fix: fix GetOrganizationsByUserID error when multiple organizations exist (#12257) 
* test: fetching user orgs fails if multi orgs in pg db
* fix: GetOrganizationsByUserID fixed if multi orgs exist
 2024-02-22 08:14:48 -06:00
Steven Masley c3a7b13690
chore: remove organization requirement from convertGroup() (#12195) 
* feat: convertGroups() no longer requires organization info

Removing role information from some users in the api. This info is
excessive and not required. It is costly to always include
 2024-02-21 15:58:11 -06:00
Kayla Washburn-Love 475c3650ca
feat: add support for optional external auth providers (#12021) 2024-02-21 11:18:38 -07:00
Bruno Quaresma a827185b6d
refactor: move auto fill feature into an experiment (#12230) 2024-02-21 11:48:34 -03:00
Asher 3d742f64e6
fix: move oauth2 routes (#12240) 
* fix: move oauth2 routes

From /login/oauth2/* to /oauth2/*.

/login/oauth2 causes /login to no longer get served by the frontend,
even if nothing is actually served on /login itself.

* Add forgotten comment on delete
 2024-02-20 17:01:25 -09:00
Asher 4d39da294e
feat: add oauth2 token exchange (#12196) 
Co-authored-by: Steven Masley <stevenmasley@gmail.com>
 2024-02-20 14:58:43 -09:00
Steven Masley 07cccf9033
feat: disable directory listings for static files (#12229) 
* feat: disable directory listings for static files

Static file server handles serving static asset files (js, css, etc).
The default file server would also list all files in a directory.
This has been changed to only serve files.
 2024-02-20 15:50:30 -06:00
Steven Masley 2dac34276a
fix: add postgres triggers to remove deleted users from user_links (#12117) 
* chore: add database test fixture to insert non-unique linked_ids
* chore: create unit test to exercise failed email change bug
* fix: add postgres triggers to keep user_links clear of deleted users
* Add migrations to prevent deleted users with links
* Force soft delete of users, do not allow un-delete
 2024-02-20 13:19:38 -06:00
Garrett Delfosse b342bd7869
feat: add port sharing frontend (#12119) 2024-02-20 13:26:34 -05:00
Cian Johnston 643c3ee54b
refactor(provisionerd): move provisionersdk.VersionCurrent -> provisionerdproto.VersionCurrent (#12225) 2024-02-20 12:44:19 +00:00
Cian Johnston a2cbb0f87f
fix(enterprise/coderd): check provisionerd API version on connection (#12191) 2024-02-16 18:43:07 +00:00
Steven Masley f17149c59d
feat: set groupsync to use default org (#12146) 
* fix: assign new oauth users to default org

This is not a final solution, as we eventually want to be able
to map to different orgs. This makes it so multi-org does not break oauth/oidc.
 2024-02-16 11:09:19 -06:00
Steven Masley 75870c22ab
fix: assign new oauth users to default org (#12145) 
* fix: assign new oauth users to default org

This is not a final solution, as we eventually want to be able
to map to different orgs. This makes it so multi-org does not break oauth/oidc.
 2024-02-16 08:47:26 -06:00
Steven Masley 2a8004b1b2
feat: use default org for PostUser (#12143) 
Instead of assuming only 1 org exists, this uses the
is_default org to place a user in if not specified.
 2024-02-16 08:28:36 -06:00
Steven Masley 2bf2f88b09
feat: implement 'is_default' org field (#12142) 
The first organization created is now marked as "default". This is
to allow "single org" behavior as we move to a multi org codebase.

It is intentional that the user cannot change the default org at this
stage. Only 1 default org can exist, and it is always the first org.

Closes: https://github.com/coder/coder/issues/11961
 2024-02-15 11:01:16 -06:00
Marcin Tojek 5aa5ff1bde
chore: deprecate API workspace build resources (#12167) 2024-02-15 17:13:44 +01:00
Marcin Tojek 7a453608c9
feat: support `order` property of `coder_agent` (#12121) 2024-02-15 13:33:13 +01:00
Spike Curtis 2d0b9106c0
fix: change servertailnet to register the DERP dialer before setting DERP map (#12137) 
I noticed a possible race where tailnet.Conn can try to dial the embedded region before we've set our custom dialer that send the DERP in-memory.  This closes that race and adds a test case for servertailnet with no STUN and an embedded relay
 2024-02-15 10:51:12 +04:00
Cian Johnston d6b025db14
Revert "feat: add activity status and autostop reason to workspace overview (#11987)" (#12144) 
Related to https://github.com/coder/coder/pull/11987

This reverts commit d37b131.
 2024-02-14 17:14:49 +00:00
Spike Curtis 04991f425a
fix: set node callback each time we reinit the coordinator in servertailnet (#12140) 
I think this will resolve #12136 but lets get a proper test at the system level before closing.

Before this change, we only register the node callback at start of day for the server tailnet.  If the coordinator changes, like we know happens when we are licensed for the PGCoordinator, we close the connection to the old coord, and open a new one to the new coord.

The callback is designed to direct the updates to the new coordinator, but there is nothing that specifically triggers it to fire after we connect to the new coordinator.

If we have STUN, then period re-STUNs will generally get it to fire eventually, but without STUN it we could go indefinitely without a callback.

This PR changes the servertailnet to re-register the callback each time we reconnect to the coordinator.  Registering a callback (even if it's the same callback) triggers an immediate call with our node information, so the new coordinator will have it.
 2024-02-14 20:45:31 +04:00
Spike Curtis 5a0d240bc3
feat: expose DERP server debug metrics (#12135) 
Adds some debug endpoints for looking into the DERP server.

The `api/v2/debug/derp/traffic` endpoint requires the `ss` utility to be present in order to function.  I have *not* added the `iproute2` package to our base image as it adds 11MB, so this endpoint won't be useful by default.  However, in a debugging situation, we could exec into the container and then `apk add iproute2`, or build a special debug image.

The `api/v2/debug/expvar` handler contains DERP metrics as well as commandline and memstats.

Example:

```
{
"alert_failed": 0,
"alert_generated": 0,
"cmdline": ["/Users/spike/repos/coder/build/coder_darwin_arm64","--global-config","/Users/spike/repos/coder/.coderv2","server","--http-address","0.0.0.0:3000","--swagger-enable","--access-url","http://127.0.0.1:3000","--dangerous-allow-cors-requests=true"],
"derp": {"accepts": 1, "average_queue_duration_ms": 0, "bytes_received": 0, "bytes_sent": 0, "counter_packets_dropped_reason": {"gone_disconnected": 0, "gone_not_here": 0, "queue_head": 0, "queue_tail": 0, "unknown_dest": 0, "unknown_dest_on_fwd": 0, "write_error": 0}, "counter_packets_dropped_type": {"disco": 0, "other": 0}, "counter_packets_received_kind": {"disco": 0, "other": 0}, "counter_tcp_rtt": {}, "counter_total_dup_client_conns": 0, "gauge_clients_local": 1, "gauge_clients_remote": 0, "gauge_clients_total": 1, "gauge_current_connections": 1, "gauge_current_dup_client_conns": 0, "gauge_current_dup_client_keys": 0, "gauge_current_file_descriptors": 0, "gauge_current_home_connections": 1, "gauge_memstats_sys0": 20874504, "gauge_watchers": 0, "got_ping": 0, "home_moves_in": 0, "home_moves_out": 0, "multiforwarder_created": 0, "multiforwarder_deleted": 0, "packet_forwarder_delete_other_value": 0, "packets_dropped": 0, "packets_forwarded_in": 0, "packets_forwarded_out": 0, "packets_received": 0, "packets_sent": 0, "peer_gone_disconnected_frames": 0, "peer_gone_not_here_frames": 0, "sent_pong": 0, "unknown_frames": 0, "version": "1.47.0-dev20240214-t64db8c604"},
"memstats": {"Alloc":286506256,"TotalAlloc":297594632,"Sys":310621512,"Lookups":0,"Mallocs":304204,"Frees":171570,"HeapAlloc":286506256,"HeapSys":294060032,"HeapIdle":3694592,"HeapInuse":290365440,"HeapReleased":3620864,"HeapObjects":132634,"StackInuse":3735552,"StackSys":3735552,"MSpanInuse":347256,"MSpanSys":358512,"MCacheInuse":9600,"MCacheSys":15600,"BuckHashSys":1469877,"GCSys":9434896,"OtherSys":1547043,"NextGC":551867656,"LastGC":1707892877408883000,"PauseTotalNs":1247000,"PauseNs":[200333,229375,239875,209542,106958,203792,57125,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"PauseEnd":[1707892876217481000,1707892876219726000,1707892876222273000,1707892876226151000,1707892876234815000,1707892877398146000,1707892877408883000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"NumGC":7,"NumForcedGC":0,"GCCPUFraction":0.0022425810335762954,"EnableGC":true,"DebugGC":false,"BySize":[{"Size":0,"Mallocs":0,"Frees":0},{"Size":8,"Mallocs":14396,"Frees":9143},{"Size":16,"Mallocs":89090,"Frees":50507},{"Size":24,"Mallocs":40839,"Frees":24456},{"Size":32,"Mallocs":22404,"Frees":12379},{"Size":48,"Mallocs":51174,"Frees":23718},{"Size":64,"Mallocs":15406,"Frees":3501},{"Size":80,"Mallocs":6688,"Frees":2352},{"Size":96,"Mallocs":2567,"Frees":374},{"Size":112,"Mallocs":19371,"Frees":16883},{"Size":128,"Mallocs":2873,"Frees":1061},{"Size":144,"Mallocs":5600,"Frees":2742},{"Size":160,"Mallocs":2159,"Frees":622},{"Size":176,"Mallocs":454,"Frees":86},{"Size":192,"Mallocs":227,"Frees":128},{"Size":208,"Mallocs":1407,"Frees":732},{"Size":224,"Mallocs":1365,"Frees":1090},{"Size":240,"Mallocs":82,"Frees":48},{"Size":256,"Mallocs":310,"Frees":162},{"Size":288,"Mallocs":1945,"Frees":562},{"Size":320,"Mallocs":1200,"Frees":458},{"Size":352,"Mallocs":133,"Frees":33},{"Size":384,"Mallocs":582,"Frees":51},{"Size":416,"Mallocs":747,"Frees":200},{"Size":448,"Mallocs":113,"Frees":22},{"Size":480,"Mallocs":34,"Frees":21},{"Size":512,"Mallocs":951,"Frees":91},{"Size":576,"Mallocs":364,"Frees":122},{"Size":640,"Mallocs":532,"Frees":270},{"Size":704,"Mallocs":93,"Frees":39},{"Size":768,"Mallocs":83,"Frees":35},{"Size":896,"Mallocs":308,"Frees":175},{"Size":1024,"Mallocs":226,"Frees":122},{"Size":1152,"Mallocs":198,"Frees":100},{"Size":1280,"Mallocs":314,"Frees":171},{"Size":1408,"Mallocs":77,"Frees":47},{"Size":1536,"Mallocs":80,"Frees":54},{"Size":1792,"Mallocs":199,"Frees":107},{"Size":2048,"Mallocs":112,"Frees":48},{"Size":2304,"Mallocs":71,"Frees":32},{"Size":2688,"Mallocs":206,"Frees":81},{"Size":3072,"Mallocs":39,"Frees":15},{"Size":3200,"Mallocs":16,"Frees":7},{"Size":3456,"Mallocs":44,"Frees":29},{"Size":4096,"Mallocs":192,"Frees":83},{"Size":4864,"Mallocs":44,"Frees":25},{"Size":5376,"Mallocs":105,"Frees":43},{"Size":6144,"Mallocs":25,"Frees":5},{"Size":6528,"Mallocs":22,"Frees":7},{"Size":6784,"Mallocs":3,"Frees":0},{"Size":6912,"Mallocs":4,"Frees":2},{"Size":8192,"Mallocs":59,"Frees":10},{"Size":9472,"Mallocs":31,"Frees":12},{"Size":9728,"Mallocs":5,"Frees":2},{"Size":10240,"Mallocs":5,"Frees":0},{"Size":10880,"Mallocs":27,"Frees":11},{"Size":12288,"Mallocs":4,"Frees":1},{"Size":13568,"Mallocs":4,"Frees":2},{"Size":14336,"Mallocs":9,"Frees":2},{"Size":16384,"Mallocs":10,"Frees":2},{"Size":18432,"Mallocs":4,"Frees":2}]},
"warning_failed": 0,
"warning_generated": 0
}
```

If we find the DERP metrics useful we could consider how to include them in Prometheus scrapes based on the tailnet `varz` package.  That's for a later PR if at all.
 2024-02-14 15:11:45 +04:00
Steven Masley 5d483a7ea1
fix: do not query user_link for deleted accounts (#12112) 2024-02-13 13:02:21 -06:00
Steven Masley 06f3ab1206
chore: add database test fixture to insert non-unique linked_ids (#12111) 
* chore: add database test fixture to insert non-unique linked_ids
 2024-02-13 12:06:47 -06:00
Kayla Washburn-Love d37b131426
feat: add activity status and autostop reason to workspace overview (#11987) 2024-02-13 10:50:17 -07:00
Garrett Delfosse 3ab3a62bef
feat: add port-sharing backend (#11939) 2024-02-13 09:31:20 -05:00
Dean Sheather e1e352d8c1
feat: add template activity_bump property (#11734) 
Allows template admins to configure the activity bump duration. Defaults to 1h.
 2024-02-13 07:00:35 +00:00
Dean Sheather fead57f304
fix: allow access to unhealthy/initializing apps (#12086) 2024-02-13 16:30:49 +10:00
Marcin Tojek 3e68650791
feat: support `order` property of `coder_app` resource (#12077) 2024-02-12 15:11:31 +01:00
Spike Curtis 92b2e26a48
feat: send log limit exceeded in response, not error (#12078) 
When we exceed the db-imposed limit of logs, we need to communicate that back to the agent.  In v1 we did it with a 4xx-level HTTP status, but with dRPC, the errors are delivered as strings, which feels fragile to me for something we want to gracefully handle.

So, this PR adds the log limit exceeded as a field on the response message, and fixes the API handler to set it as appropriate instead of an error.
 2024-02-09 16:17:20 +04:00
Spike Curtis 1f5a6d59ba
chore: consolidate websocketNetConn implementations (#12065) 
Consolidates websocketNetConn from multiple packages in favor of a central one in codersdk
 2024-02-09 11:39:08 +04:00
Colin Adler ec8e41f516
chore: add logging around agent app health reporting (#12071) 2024-02-08 23:37:44 -06:00
Marcin Tojek c0e169ebf9
feat: support custom order of agent metadata (#12066) 2024-02-08 17:29:34 +01:00
Spike Curtis 151aaadc23
fix: allow startup scripts larger than 32k (#12060) 
Fixes #12057 and adds a regression test.
 2024-02-07 22:26:42 +04:00
Eric Paulsen 1abe0cfa1a
docs: fix /audit & /insights params (#12043) 2024-02-07 08:38:54 -05:00
Spike Curtis 1cf4b62867
feat: change agent to use v2 API for reporting stats (#12024) 
Modifies the agent to use the v2 API to report its statistics, using the `statsReporter` subcomponent.
 2024-02-07 15:26:41 +04:00
Spike Curtis 213ae69bee
fix: start timer before subscribing to avoid test race (#12031) 
Fixes #12030

This is a good example of the kind of thing I'd like to address with a time-testing lib.  The problem is that there is a race between the watchdog starting it's timer and the test incrementing the time.  What would make this easier is if the time-testing library could wait for and assert the call to start the timer before incrementing the time.
 2024-02-06 20:21:23 +04:00
Dean Sheather 98b86f3cd6
chore: add logs to pq notification dialer (#12020) 2024-02-06 15:21:48 +00:00
Spike Curtis e09cd2c6bd
feat: add watchdog to pubsub (#12011) 
adds a watchdog to our pubsub and runs it for Coder server.

If the watchdog times out, it triggers a graceful exit in `coder server` to give any provisioner jobs a chance to shut down.

c.f. #11950
 2024-02-06 16:58:45 +04:00
Colin Adler c7f52b73bb
feat(coderd): add prometheus metrics to servertailnet (#11988) 2024-02-05 23:57:18 -06:00
Spike Curtis c84a637116
fix: stop logging error on query canceled (#12017) 
Fixes flake seen here: https://github.com/coder/coder/actions/runs/7782340530/job/21218566449
 2024-02-06 08:43:34 +04:00
Marcin Tojek ad8e0db172
feat: add custom error message on signups disabled page (#11959) 2024-02-01 18:01:25 +01:00
Steven Masley 79d5c238cc
fix: always return a clean http client for promoauth (#11963) 
* fix: add unit test to verify default client is not broken

* always return a clean http client
* No need to clone the tripper
 2024-02-01 11:13:34 -05:00
Spike Curtis 1aa117b9ec
chore: rename client Listen to ConnectRPC (#11916) 
ConnectRPC seems more appropriate for this function
 2024-02-01 14:44:11 +04:00
Spike Curtis d5a98cc6d7
fix: avoid race in TestPGPubsub_Metrics by using Eventually (#11973) 
Annoyingly, prometheus Registry collects metrics async, which is causing our test to be racy.  They also don't export enough from the Metric interface for us to replicate a synchronous collect, so we have to use Eventually to test.
 2024-02-01 12:10:19 +04:00
Spike Curtis 5a359d50dd
feat: add metrics to PGPubsub (#11971) 
Adds prometheus metrics to PGPubsub for monitoring its health and performance in production.

Related to #11950 --- additional diagnostics to help figure out what's happening
 2024-02-01 11:25:03 +04:00
Colin Adler 3ace7982aa
fix: rewrite url to agent ip in single tailnet (#11810) 
This restores previous behavior of being able to cache connections
across agents in single tailnet.
 2024-02-01 00:25:52 -06:00
Colin Adler 4ed1f5581a
chore(coderd): add logging to agent rpc yamux conn (#11965) 2024-01-31 23:17:20 -06:00
Spike Curtis b79785c86f
feat: move agent v2 API connection monitoring to yamux layer (#11910) 
Moves monitoring of the agent v2 API connection to the yamux layer.

Present behavior monitors this at the websocket layer, and closes the websocket on completion. This can cause yamux to hit unexpected errors since the connection is closed underneath it.

This might be the cause of yamux errors that some customers are seeing

![image.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/tCz4CxRU9jhAJ7zH8RTi/53b8b5ef-e9e5-44a5-b559-99c37c136071.png)

In any case, it's more graceful to close yamux first and let yamux close the underlying websocket.  That should limit yamux error logging to truly unexpected/error cases.

The only downside is that the yamux `Close()` doesn't accept a reason, so if the agent becomes outdated and we close the API connection, the agent just sees the connection close without a reason.  I'm not sure we log this at the agent anyway, but it would be nice.  I think more accurate logging on Coderd are more important.

I've also added some logging when the monitor disconnects for reasons other than the context being canceled (e.g. agent outdated, failed pings).
 2024-02-01 08:18:35 +04:00
Steven Masley ac64155282
fix: strip timezone information from a date in dau response (#11962) 
* fix: strip timezone information from a date in dau response

Timezone information is lost, so do not forward it to the client.

* fix: timezone offset should be flipped
* Make tests deterministic
 2024-01-31 16:01:50 -06:00
Marcin Tojek 13cbca679e
feat: support template bundles as zip archives (#11839) 2024-01-31 14:49:55 +01:00
Mathias Fredriksson b25deaae20
fix(coderd/database): fix limit in `GetUserWorkspaceBuildParameters` (#11954) 2024-01-31 13:56:36 +02:00
Spike Curtis a34cada09a
feat: add logging to pgPubsub (#11953) 
Should be helpful for #11950

Adds a logger to pgPubsub and logs various events, most especially connection and disconnection from postgres.
 2024-01-31 15:49:16 +04:00
Jon Ayers 0c30dde9b5
feat: add customizable upgrade message on client/server version mismatch (#11587) 2024-01-30 17:11:37 -06:00
Ammar Bandukwala adbb025e74
feat: add user-level parameter autofill (#11731) 
This PR solves #10478 by auto-filling previously used template values in create and update workspace flows.

I decided against explicit user values in settings for these reasons:

* Autofill is far easier to implement
* Users benefit from autofill _by default_ — we don't need to teach them new concepts
* If we decide that autofill creates more harm than good, we can remove it without breaking compatibility
 2024-01-30 16:02:21 -06:00
Colin Adler 2fd1a726aa
fix: only delete expired agents on success (#11940) 2024-01-30 14:11:45 -06:00
Colin Adler 27f3b7a814
fix: add timeout to listening ports request (#11935) 
This can potentially hang for 15m if the agent is unreachable.
 2024-01-30 13:53:52 -06:00
Bruno Quaresma dcab6fa5a4
feat(site): display user avatar (#11893) 
* add owner API to workspace and workspace build responses
* display user avatar in workspace top bar

Co-authored-by: Cian Johnston <cian@coder.com>
 2024-01-30 17:07:06 +00:00
Spike Curtis 0fc177203e
feat: use agent v2 API to update app health (#11889) 
Use the Agent v2 API to update App Health
 2024-01-30 11:35:12 +04:00
Spike Curtis 2599850e54
feat: use agent v2 API to post startup (#11877) 
Uses the v2 Agent API to post startup information.
 2024-01-30 11:23:28 +04:00
Spike Curtis da8bb1c198
feat: use agent v2 API to fetch manifest (#11832) 
Agent uses the v2 API to obtain the manifest, instead of the HTTP API.
 2024-01-30 10:11:28 +04:00
Spike Curtis 0eff646c31
chore: move proto to sdk conversion to agentsdk (#11831) 
`agentsdk` depends on `agent/proto` because it needs to get the version to dial.

Therefore, the conversion routines need to live in `agentsdk` so that we can convert to and from the Manifest.

I briefly considered refactoring the agent to only reference `proto.Manifest`, but decided against it because we might have multiple protocol versions in the future, its useful to have a protocol-independent data structure.
 2024-01-30 09:04:56 +04:00
Spike Curtis 1e8a9c09fe
chore: remove legacy wsconncache (#11816) 
Fixes #8218

Removes `wsconncache` and related "is legacy?" functions and API calls that were used by it.

The only leftover is that Agents still use the legacy IP, so that back level clients or workspace proxies can dial them correctly.

We should eventually remove this: #11819
 2024-01-30 07:56:36 +04:00
Spike Curtis 13e24f21e4
feat: use Agent v2 API for Service Banner (#11806) 
Agent uses the v2 API for the service banner, rather than the v1 HTTP API.

One of several for #10534
 2024-01-30 07:44:47 +04:00
Jon Ayers 4f5a2f0a9b
feat: add backend for jfrog xray support (#11829) 2024-01-29 19:30:02 -06:00
Spike Curtis 207328ca50
feat: use appearance.Fetcher in agentapi (#11770) 
This PR updates the Agent API to use the appearance.Fetcher, which is set by entitlement code in Enterprise coderd.

This brings the agentapi into compliance with the Enterprise feature.
 2024-01-29 21:22:50 +04:00
Spike Curtis b2bc3fff33
fix: wait for new template version before promoting (#11874) 
Fixes a test flake due to not waiting for the correct template version prior to promoting it.
 2024-01-29 19:29:56 +04:00
Steven Masley 04a23261e6
chore: ensure github uids are unique (#11826) 2024-01-29 09:13:46 -06:00
Steven Masley d66e6e78ee
fix: always attempt external auth refresh when fetching (#11762) (#11830) 
* fix: always attempt external auth refresh when fetching
* refactor validate to check expiry when considering "valid"
 2024-01-29 08:55:15 -06:00
Spike Curtis bc4ae53261
chore: refactor Appearance to an interface callable by AGPL code (#11769) 
The new Agent API needs an interface for ServiceBanners, so this PR creates it and refactors the AGPL and Enterprise code to achieve it.

Before we depended on the fact that the HTTP endpoint was missing to serve an empty ServiceBanner on AGPL deployments, but that won't work with dRPC, so we need a real interface to call.
 2024-01-29 12:17:31 +04:00
Marcin Tojek aacb4a2b4c
feat: use map instead of slice in metrics aggregator (#11815) 2024-01-29 09:12:41 +01:00
Cian Johnston 42e997d39e
fix(coderd/rbac): do not cache context cancellation errors (#11840) 
#7439 added global caching of RBAC results.
Calls are cached based on hash(subject, object, action).
We often use dbauthz.AsSystemRestricted to handle "internal" authz calls, and these are often repeated with similar arguments and are likely to get cached.
So a transient error doing an authz check on a system function will be cached for up to a minute.
I'm just starting off with excluding context.Canceled but there's likely a whole suite of different errors we want to also exclude from the global cache.
 2024-01-26 16:19:55 +00:00
Dean Sheather 29707099d7
chore: add agentapi tests (#11269) 2024-01-26 07:04:19 +00:00
Steven Masley 005c014f13
chore: instrument additional github api calls (#11824) 
* chore: instrument additional githubapi calls

This only affects github as a login source, not external auth.
 2024-01-25 18:34:46 -06:00
Ammar Bandukwala 79568bf628 Revert "fix: always attempt external auth refresh when fetching (#11762)" 
This reverts commit 0befc0826a.
 2024-01-25 14:22:47 -06:00
Steven Masley 0befc0826a
fix: always attempt external auth refresh when fetching (#11762) 
* fix: always attempt external auth refresh when fetching
* refactor validate to check expiry when considering "valid"
 2024-01-25 10:54:56 -06:00
Cian Johnston 8eae4f83bf
fix(coderd/provisionerdserver): fix test flake in TestHeartbeat (#11808) 2024-01-25 12:05:57 +00:00
Cian Johnston 4616ccf462
fix(coderd): alter return signature of convertWorkspace, add check for requesterID (#11796) 2024-01-24 14:13:14 +00:00
Cian Johnston f92336c4d5
feat(coderd): allow workspace owners to mark workspaces as favorite (#11791) 
- Adds column `favorite` to workspaces table
- Adds API endpoints to favorite/unfavorite workspaces
- Modifies sorting order to return owners' favorite workspaces first
 2024-01-24 13:39:19 +00:00
Spike Curtis 5cbb76b47a
fix: stop spamming DERP map updates for equivalent maps (#11792) 
Fixes 2 related issues:

1. wsconncache had incorrect logic to test whether to send DERPMap updates, sending if the maps were equivalent, instead of if they were _not equivalent_.
2. configmaps used a bugged check to test equality between DERPMaps, since it contains a map and the map entries are serialized in random order. Instead, we avoid comparing the protobufs and instead depend on the existing function that compares `tailcfg.DERPMap`. This also has the effect of reducing the number of times we convert to and from protobuf.
 2024-01-24 16:27:15 +04:00
Spike Curtis f5dbc718a7
fix: accept agent RPC connection without version query parameter (#11790) 
Fixes an issue where Coder v2.7.1 agents connect to /api/v2/workspaceagents/me/rpc without a version query parameter
 2024-01-24 09:10:16 +04:00
Colin Adler 13beb04521
fix: disable keepalives in workspaceapps transport (#11789) 
Connection caching causes requests to hit the wrong workspaces. See
comment.

Fixes https://github.com/coder/coder/issues/11767
 2024-01-24 14:46:59 +10:00
Jon Ayers 383eed93f8
fix: use correct logger for lifecycle_executor (#11763) 2024-01-23 14:33:55 -06:00
Steven Masley d6ba0dfecb
feat: add "updated" search param to workspaces (#11714) 
* feat: add "updated" search param to workspaces
* rego -> sql needs to specify which <table>.organization_id
 2024-01-23 11:52:06 -06:00
Steven Masley 081fbef097
fix: code-server path based forwarding, defer to code-server (#11759) 
Do not attempt to construct a path based port forward url.
Always defer to code server, as it has it's own proxy method.
 2024-01-23 11:36:44 -06:00
Spike Curtis 059e533544
feat: agent uses Tailnet v2 API for DERPMap updates (#11698) 
Switches the Agent to use Tailnet v2 API to get DERPMap updates.

Subsequent PRs will do the same for the CLI (`codersdk`) and `wsproxy`.
 2024-01-23 14:42:07 +04:00
Spike Curtis 3e0e7f8739
feat: check agent API version on connection (#11696) 
fixes #10531

Adds a check for `version` on connection to the Agent API websocket endpoint.  This is primarily for future-proofing, so that up-level agents get a sensible error if they connect to a back-level Coderd.

It also refactors the location of the `CurrentVersion` variables, to be part of the `proto` packages, since the versions refer to the APIs defined therein.
 2024-01-23 14:27:49 +04:00
Spike Curtis eb12fd7d92
feat: make ServerTailnet set peers lost when it reconnects to the coordinator (#11682) 
Adds support to `ServerTailnet` to set all peers lost before attempting to reconnect to the coordinator. In practice, this only really affects `wsproxy` since coderd has a local connection to the coordinator that only goes down if we're shutting down or change licenses.
 2024-01-23 13:17:56 +04:00
Asher 3014777d2a
feat: add endpoints to oauth2 provider applications (#11718) 
These will show up when configuring the application along with the
client ID and everything else.  Should make it easier to configure the
application, otherwise you will have to go look up the URLs in the
docs (which are not yet written).

Co-authored-by: Steven Masley <stevenmasley@gmail.com>
 2024-01-22 13:25:25 -09:00
Steven Masley 8e0a153725
chore: implement device auth flow for fake idp (#11707) 
* chore: implement device auth flow for fake idp
 2024-01-22 20:46:05 +00:00
Asher 16c6cefde8
chore: pass lifetime directly into api key generate (#11715) 
Rather than passing all the deployment values.  This is to make it
easier to generate API keys as part of the oauth flow.

I also added and fixed a test for when the lifetime is set and the
default and expiration are unset.

Co-authored-by: Steven Masley <stevenmasley@gmail.com>
 2024-01-22 11:42:55 -09:00
Dean Sheather 15a90f028e
chore: collect more template telemetry to gauge feature usage 
We don't have visibility into some feature usage, so this adds a lot of fields missing from `database.Template` to `telemetry.Template`. Deprecation message is not collected, just whether it's set or not.
 2024-01-22 18:55:27 +10:00
Spike Curtis b7b936547d
feat: add setAllPeersLost to the configMaps subcomponent (#11665) 
adds setAllPeersLost to the configMaps subcomponent of tailnet.Conn --- we'll call this when we disconnect from a coordinator so we'll eventually clean up peers if they disconnect while we are retrying the coordinator connection (or we don't succeed in reconnecting to the coordinator).
 2024-01-22 12:12:15 +04:00
Spike Curtis f01cab9894
feat: use tailnet v2 API for coordination (#11638) 
This one is huge, and I'm sorry.

The problem is that once I change `tailnet.Conn` to start doing v2 behavior, I kind of have to change it everywhere, including in CoderSDK (CLI), the agent, wsproxy, and ServerTailnet.

There is still a bit more cleanup to do, and I need to add code so that when we lose connection to the Coordinator, we mark all peers as LOST, but that will be in a separate PR since this is big enough!
 2024-01-22 11:07:50 +04:00
Kayla Washburn-Love 80eac73ed1
chore: remove `useLocalStorage` hook (#11712) 2024-01-19 16:04:19 -07:00
Steven Masley d67c9d1bb5
fix: set request header before do (#11706) 2024-01-19 16:14:08 +00:00
Steven Masley ccfd1a561b
chore: improve device handling error message (#11606) 2024-01-19 09:41:52 -06:00
Steven Masley 6bb1a34a37
fix: allow ports in wildcard url configuration (#11657) 
* fix: allow ports in wildcard url configuration

This just forwards the port to the ui that generates urls.
Our existing parsing + regex already supported ports for
subdomain app requests.
 2024-01-18 09:44:05 -06:00
Spike Curtis 387723a596
fix: close pg PubSub listener to avoid race (#11640) 
Fixes flake as seen here: https://github.com/coder/coder/runs/20528529187
 2024-01-18 09:18:59 +04:00
Jon Ayers 552e9fe22f
fix: avoid returning 500 on apps when workspace stopped (#11656) 2024-01-17 12:06:59 -06:00
Steven Masley b246f08d84
chore: move app URL parsing to its own package (#11651) 
* chore: move app url parsing to it's own package
 2024-01-17 10:41:42 -06:00
Marcin Tojek e83f13d8c5
fix: typo in whitespace (#11667) 2024-01-17 12:36:15 +00:00