* fix: use a waitgroup to ensure all connections are cleaned up in agent
There was a race where connections would be created at the same time as close.
The `net.Conn` produced by Tailscale doesn't close then the listener does.
* Remove accidental test
* chore: rename `AgentConn` to `WorkspaceAgentConn`
The codersdk was becoming bloated with consts for the workspace
agent that made no sense to a reader. `Tailnet*` is an example
of these consts.
* chore: remove `Get` prefix from *Client functions
* chore: remove `BypassRatelimits` option in `codersdk.Client`
It feels wrong to have this as a direct option because it's so infrequently
needed by API callers. It's better to directly modify headers in the two
places that we actually use it.
* Merge `appearance.go` and `buildinfo.go` into `deployment.go`
* Merge `experiments.go` and `features.go` into `deployment.go`
* Fix `make gen` referencing old type names
* Merge `error.go` into `client.go`
`codersdk.Response` lived in `error.go`, which is wrong.
* chore: refactor workspace agent functions into agentsdk
It was odd conflating the codersdk that clients should use
with functions that only the agent should use. This separates
them into two SDKs that are closely coupled, but separate.
* Merge `insights.go` into `deployment.go`
* Merge `organizationmember.go` into `organizations.go`
* Merge `quota.go` into `workspaces.go`
* Rename `sse.go` to `serversentevents.go`
* Rename `codersdk.WorkspaceAppHostResponse` to `codersdk.AppHostResponse`
* Format `.vscode/settings.json`
* Fix outdated naming in `api.ts`
* Fix app host response
* Fix unsupported type
* Fix imported type
* chore: merge codeql checks to run in parallel
This reduces a check and should maintain ~the same CI time.
* fix: close reconnecting pty conn when exiting agent
Fixes https://github.com/coder/coder/actions/runs/4038282899/jobs/6942170850
* Fix closing when agent fails
* Fix conpty
* Fix contrib
* Skip runner tests for being flakes
* Fix gpg key test
* Fix golden files
* Fix comments
* Fix closed
* Fix capitalized title
* Add a timeout when checking for dead links
* chore: merge CI linting jobs
* Merge the `markdown-lint-check` step into `lint`
* Rename `coder.yaml` to `ci.yaml`
* Improve casing of security workflow
* Remove unused workflows and merge into contrib
* Format ci.yaml
* Fix CodeQL language
* Fix github action name
* chore: update Audit docs to include Audit Actions
* regenerated audit docs
* adjusted check_enterprise_imports.sh
* PR feedback
* changing script back for now as CI faiiling
I noticed this when adding a new parameter type. There's a test
case for an empty string that returned false for validation,
but appears like it could be true.
If there is no value for a string, then the default is used.
In this case there is no default, but that's technically fine
I believe.
* added script for table creation
* added tags to audit-logs.md
* removed log
* removed empty block line
* PR feedback
* modify check_unstaged
* third times the charm maybe
* spelling
* relative path
* excluding from the right script this time
* sorted resources to ensure table order
* running make cmd
* running make again
* ensuring order on subtable
If an agent went away and reconnected, the wsconncache connection would
be polluted for about 10m because there would be two peers with the
same IP. The old peer always had priority, which caused the dashboard to
try and always dial the old peer until it was removed.
Fixes: https://github.com/coder/coder/issues/5292
* chore: Implement standard rbac.Subject to be reused everywhere
An rbac subject is created in multiple spots because of the way we
expand roles, scopes, etc. This difference in use creates a list
of arguments which is unwieldy.
Use of the expander interface lets us conform to a single subject
in every case
* feat(coderd): add authz_querier experiment
* coderdtest: wire up authz_querier
* wire up AuthzQuerier in coderd
* remove things that do not yet exist in this timeline
* add newline
* comment unreachable code
The README was starting to get quite large, and I felt it was a bit bloaty.
- Removes Twitter badge (the API was removed, so it wasn't working anyways)
- Adds tagline to the title (an experiment, but worth a shot)
- Reduces highlights
- Removes recommended reading (people want to get started asap on a repo)
- Updates doc links `/docs/coder-oss` -> `/docs/v2`
- Moves comparison to the bottom
- Removes adopters.md (we never promoted this, so it hasn't been used)
* chore: Authz should support non-named roles
Named roles are a construct for users to assign/interact with roles.
For authzlayer implementation, we need to create "system" users.
To enforce strict security, we are making specific roles with
the exact required permissions for the system action.
These new roles should not be available to the user. There is a
clear code divide with this implementation that allows a RoleNames
implemenation for users to user, and system users can create their
own implementation