* chore: update Audit docs to include Audit Actions
* regenerated audit docs
* adjusted check_enterprise_imports.sh
* PR feedback
* changing script back for now as CI faiiling
I noticed this when adding a new parameter type. There's a test
case for an empty string that returned false for validation,
but appears like it could be true.
If there is no value for a string, then the default is used.
In this case there is no default, but that's technically fine
I believe.
* added script for table creation
* added tags to audit-logs.md
* removed log
* removed empty block line
* PR feedback
* modify check_unstaged
* third times the charm maybe
* spelling
* relative path
* excluding from the right script this time
* sorted resources to ensure table order
* running make cmd
* running make again
* ensuring order on subtable
If an agent went away and reconnected, the wsconncache connection would
be polluted for about 10m because there would be two peers with the
same IP. The old peer always had priority, which caused the dashboard to
try and always dial the old peer until it was removed.
Fixes: https://github.com/coder/coder/issues/5292
* chore: Implement standard rbac.Subject to be reused everywhere
An rbac subject is created in multiple spots because of the way we
expand roles, scopes, etc. This difference in use creates a list
of arguments which is unwieldy.
Use of the expander interface lets us conform to a single subject
in every case
* feat(coderd): add authz_querier experiment
* coderdtest: wire up authz_querier
* wire up AuthzQuerier in coderd
* remove things that do not yet exist in this timeline
* add newline
* comment unreachable code
The README was starting to get quite large, and I felt it was a bit bloaty.
- Removes Twitter badge (the API was removed, so it wasn't working anyways)
- Adds tagline to the title (an experiment, but worth a shot)
- Reduces highlights
- Removes recommended reading (people want to get started asap on a repo)
- Updates doc links `/docs/coder-oss` -> `/docs/v2`
- Moves comparison to the bottom
- Removes adopters.md (we never promoted this, so it hasn't been used)
* chore: Authz should support non-named roles
Named roles are a construct for users to assign/interact with roles.
For authzlayer implementation, we need to create "system" users.
To enforce strict security, we are making specific roles with
the exact required permissions for the system action.
These new roles should not be available to the user. There is a
clear code divide with this implementation that allows a RoleNames
implemenation for users to user, and system users can create their
own implementation
This is part of a multi-step cleanup for the example templates.
The goal is to have a lot of templates here, and only embed
specific ones we feel are impactful during setup.
* test: Fix GPG test so it does not inherit parent parallelism
Running a subtest in a parent with `t.Parallel()` and using `t.Setenv`
is not allowed in Go 1.20, so we move it to a separate test function.
* Fix shadowed import