This is part of a multi-step cleanup for the example templates.
The goal is to have a lot of templates here, and only embed
specific ones we feel are impactful during setup.
* test: Fix GPG test so it does not inherit parent parallelism
Running a subtest in a parent with `t.Parallel()` and using `t.Setenv`
is not allowed in Go 1.20, so we move it to a separate test function.
* Fix shadowed import
* chore: Update sqlc to v1.16.0
* chore: Fix cases where types became Null-types
* chore: Set parameter_schemas default_destination_scheme and default_source_scheme to NOT NULL
* chore: Add enum validation to database fake
* chore: Fix all tests that skipping enum values
* fix: Use correct err in providionerdserver audit log failure log
* feat: Implement allow_list for scopes for resource specific permissions
Feature that adds an allow_list for scopes to specify particular resources.
This enables workspace agent tokens to use the same RBAC system as users.
- Add ID to compileSQL matchers
* Plumb through WithID on rbac objects
* Rename Scope -> ScopeName
* Update input.json with scope allow_list
Co-authored-by: Cian Johnston <cian@coder.com>
This commit disables path-based app sharing by default. It is possible
for a workspace app on a path (not a subdomain) to make API requests to
the Coder API. When accessing your own workspace, this is not much of a
problem. When accessing a shared workspace app, the workspace owner
could include malicious javascript in the page that makes requests to
the Coder API on behalf of the visitor.
This vulnerability does not affect subdomain apps.
- Disables path-based app sharing by default. Previous behavior can be
restored using the `--dangerous-allow-path-app-sharing` flag which is
not recommended.
- Disables users with the site "owner" role from accessing path-based
apps from workspaces they do not own. Previous behavior can be
restored using the `--dangerous-allow-path-app-site-owner-access` flag
which is not recommended.
- Adds a flag `--disable-path-apps` which can be used by
security-conscious admins to disable all path-based apps across the
entire deployment. This check is enforced at app-access time, not at
template-ingest time.
* added AuditableGroup type
* added json tags
* Anonymizing gGroup struct
* adding support on the FE for nested group diffs
* added type for GroupMember
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* fetching group members in group.delete
* passing through right error
* broke out into util function and added tests
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
- Deprecates the --experimental flag
- Adds a new flag --experiments which supports passing multiple comma-separated values or a wildcard value.
- Exposes a new endpoint /api/v2/experiments that returns the list of enabled experiments.
- Deprecates the field Features.Experimental in favour of this new API.
- Updates apidocgen to support type aliases (shoutout to @mtojek).
- Modifies apitypings to support generating slice types.
- Updates develop.sh to pass additional args after -- to $CODERD_SHIM.
Kyle Carberry
Colin Adler
Kira Pilot
Marcin Tojek
Mathias Fredriksson
Cian Johnston
sharkymark
Dean Sheather
Bruno Quaresma
Ammar Bandukwala
Ben Potter
Steven Masley