If an agent went away and reconnected, the wsconncache connection would
be polluted for about 10m because there would be two peers with the
same IP. The old peer always had priority, which caused the dashboard to
try and always dial the old peer until it was removed.
Fixes: https://github.com/coder/coder/issues/5292
* chore: Implement standard rbac.Subject to be reused everywhere
An rbac subject is created in multiple spots because of the way we
expand roles, scopes, etc. This difference in use creates a list
of arguments which is unwieldy.
Use of the expander interface lets us conform to a single subject
in every case
* feat(coderd): add authz_querier experiment
* coderdtest: wire up authz_querier
* wire up AuthzQuerier in coderd
* remove things that do not yet exist in this timeline
* add newline
* comment unreachable code
The README was starting to get quite large, and I felt it was a bit bloaty.
- Removes Twitter badge (the API was removed, so it wasn't working anyways)
- Adds tagline to the title (an experiment, but worth a shot)
- Reduces highlights
- Removes recommended reading (people want to get started asap on a repo)
- Updates doc links `/docs/coder-oss` -> `/docs/v2`
- Moves comparison to the bottom
- Removes adopters.md (we never promoted this, so it hasn't been used)
* chore: Authz should support non-named roles
Named roles are a construct for users to assign/interact with roles.
For authzlayer implementation, we need to create "system" users.
To enforce strict security, we are making specific roles with
the exact required permissions for the system action.
These new roles should not be available to the user. There is a
clear code divide with this implementation that allows a RoleNames
implemenation for users to user, and system users can create their
own implementation
This is part of a multi-step cleanup for the example templates.
The goal is to have a lot of templates here, and only embed
specific ones we feel are impactful during setup.
* test: Fix GPG test so it does not inherit parent parallelism
Running a subtest in a parent with `t.Parallel()` and using `t.Setenv`
is not allowed in Go 1.20, so we move it to a separate test function.
* Fix shadowed import
* chore: Update sqlc to v1.16.0
* chore: Fix cases where types became Null-types
* chore: Set parameter_schemas default_destination_scheme and default_source_scheme to NOT NULL
* chore: Add enum validation to database fake
* chore: Fix all tests that skipping enum values
* fix: Use correct err in providionerdserver audit log failure log