NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit3861a43

committed

Merge remote-tracking branch 'origin/main' into authzquerier_layer

2 parents69d1aa3 +f24547e commit3861a43Copy full SHA for 3861a43

File tree

108 files changed

+3510

-650

lines changed

.github/workflows
- security.yaml
agent
- agent.go
- agent_test.go
cli
coderd
- apidoc
  - docs.go
  - swagger.json
- apikey_test.go
- audit.go
- authorize_test.go
- coderd.go
- coderdtest
  - authorize.go
  - coderdtest.go
  - swaggerparser.go
- database
  - dbfake
    - databasefake.go
  - dump.sql
  - migrations
  - models.go
  - querier.go
  - queries
  - queries.sql.go
- organizations_test.go
- provisionerdserver
  - provisionerdserver.go
- roles_test.go
- templateversions.go
- templateversions_test.go
- users_test.go
- workspaceagents.go
- workspaceapps_test.go
- workspacebuilds.go
- workspacebuilds_test.go
- workspaces.go
- workspaces_test.go
- wsconncache
  - wsconncache_test.go
codersdk
docs
- admin
  - auth.md
  - configure.md
- api
- templates
  - docker-in-docker.md
dogfood
- main.tf
enterprise
- cli
  - groupedit_test.go
  - grouplist_test.go
- coderd
go.mod
go.sum
provisioner/terraform
- resources.go
provisionersdk/proto
- provisioner.pb.go
- provisioner.proto
scripts
- ironbank
- lib.sh
site
- package.json
- src
  - AppRouter.tsx
  - api
    - api.ts
    - typesGenerated.ts
  - components
    - Dashboard
      - DashboardLayout.tsx
    - Logs
      - Logs.tsx
    - PortForwardButton
      - PortForwardButton.tsx
    - RichParameterInput
      - RichParameterInput.stories.tsx
    - SyntaxHighlighter
      - coderTheme.ts
    - TemplateLayout
      - TemplateLayout.tsx
    - TemplateVersionEditor
    - WorkspaceBuildLogs
      - WorkspaceBuildLogs.tsx
  - i18n/en
    - workspaceBuildParametersPage.json
  - pages
    - AuditPage
      - AuditPageView.tsx
    - CreateWorkspacePage
      - CreateWorkspacePageView.tsx
    - TemplateVersionPage
      - TemplateVersionEditorPage
        TemplateVersionEditorPage.tsx
      - TemplateVersionPage.tsx
      - TemplateVersionPageView.stories.tsx
      - TemplateVersionPageView.tsx
    - TerminalPage
      - TerminalPage.tsx
    - WorkspaceBuildParametersPage
      - WorkspaceBuildParametersPage.test.tsx
      - WorkspaceBuildParametersPageView.tsx
    - WorkspacesPage
      - data.ts
  - testHelpers
    - entities.ts
  - xServices
    - templateVersion
      - templateVersionXService.ts
    - templateVersionEditor
      - templateVersionEditorXService.ts
    - terminal
      - terminalXService.ts
- yarn.lock

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

108 files changed

+3510

-650

lines changed

`‎.github/workflows/security.yaml`

Lines changed: 41 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,9 @@ jobs:`
`92`	`92`	`restore-keys:\|`
`93`	`93`	`js-${{ runner.os }}-`
`94`	`94`
	`95`	`+ -name:Install yq`
	`96`	`+run:go run github.com/mikefarah/yq/v4@v4.30.6`
	`97`	`+`
`95`	`98`	`-name:Build Coder linux amd64 Docker image`
`96`	`99`	`id:build`
`97`	`100`	`run:\|`
`@@ -112,6 +115,17 @@ jobs:`
`112`	`115`	`make -j "$image_job"`
`113`	`116`	`echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT`
`114`	`117`
	`118`	`+ -name:Build Coder linux amd64 Docker image (ironbank)`
	`119`	`+id:build-ironbank`
	`120`	`+run:\|`
	`121`	`+ set -euo pipefail`
	`122`	`+ # NOTE: This is not a real image tag we publish.`
	`123`	`+ image_tag="${{ steps.build.outputs.image }}-ironbank"`
	`124`	`+ ./scripts/ironbank/build_ironbank.sh \`
	`125`	`+ --target "$image_tag" \`
	`126`	`+ "build/coder_$(./scripts/version.sh)_linux_amd64"`
	`127`	`+ echo "image=$image_tag" >> $GITHUB_OUTPUT`
	`128`	`+`
`115`	`129`	`-name:Run Trivy vulnerability scanner`
`116`	`130`	`uses:aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5`
`117`	`131`	`with:`
`@@ -124,10 +138,36 @@ jobs:`
`124`	`138`	`uses:github/codeql-action/upload-sarif@v2`
`125`	`139`	`with:`
`126`	`140`	`sarif_file:trivy-results.sarif`
	`141`	`+category:"Trivy"`
	`142`	`+`
	`143`	`+ -name:Run Trivy vulnerability scanner (ironbank)`
	`144`	`+uses:aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe`
	`145`	`+with:`
	`146`	`+image-ref:${{ steps.build-ironbank.outputs.image }}`
	`147`	`+format:sarif`
	`148`	`+output:trivy-results-ironbank.sarif`
	`149`	`+severity:"CRITICAL,HIGH"`
	`150`	`+`
	`151`	`+# Update the tool name field in the ironbank SARIF file so it's not`
	`152`	`+# indistinguishable from findings in the non-ironbank SARIF file in the`
	`153`	`+# GitHub UI. Without this, findings from both scans would show up as`
	`154`	`+# "Trivy".`
	`155`	`+ -name:Update tool name in SARIF file (ironbank)`
	`156`	`+run:\|`
	`157`	`+ set -euo pipefail`
	`158`	`+ yq eval -i '.runs[0].tool.driver.name = "Trivy Ironbank"' trivy-results-ironbank.sarif`
	`159`	`+`
	`160`	`+ -name:Upload Trivy scan results to GitHub Security tab (ironbank)`
	`161`	`+uses:github/codeql-action/upload-sarif@v2`
	`162`	`+with:`
	`163`	`+sarif_file:trivy-results-ironbank.sarif`
	`164`	`+category:"Trivy Ironbank"`
`127`	`165`
`128`	`166`	`-name:Upload Trivy scan results as an artifact`
`129`	`167`	`uses:actions/upload-artifact@v2`
`130`	`168`	`with:`
`131`	`169`	`name:trivy`
`132`		`-path:trivy-results.sarif`
	`170`	`+path:\|`
	`171`	`+ trivy-results.sarif`
	`172`	`+ trivy-results-ironbank.sarif`
`133`	`173`	`retention-days:7`

`‎agent/agent.go`

Lines changed: 41 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ type Client interface {`
`75`	`75`	`ReportStats(ctx context.Context,log slog.Logger,statsfunc()*agentsdk.Stats) (io.Closer,error)`
`76`	`76`	`PostLifecycle(ctx context.Context,state agentsdk.PostLifecycleRequest)error`
`77`	`77`	`PostAppHealth(ctx context.Context,req agentsdk.PostAppHealthsRequest)error`
`78`		`-PostVersion(ctx context.Context,versionstring)error`
	`78`	`+PostStartup(ctx context.Context,req agentsdk.PostStartupRequest)error`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`funcNew(optionsOptions) io.Closer {`
`@@ -236,16 +236,29 @@ func (a *agent) run(ctx context.Context) error {`
`236`	`236`	`}`
`237`	`237`	`a.sessionToken.Store(&sessionToken)`
`238`	`238`
`239`		`-err=a.client.PostVersion(ctx,buildinfo.Version())`
`240`		`-iferr!=nil {`
`241`		`-returnxerrors.Errorf("update workspace agent version: %w",err)`
`242`		`-}`
`243`		`-`
`244`	`239`	`metadata,err:=a.client.Metadata(ctx)`
`245`	`240`	`iferr!=nil {`
`246`	`241`	`returnxerrors.Errorf("fetch metadata: %w",err)`
`247`	`242`	`}`
`248`	`243`	`a.logger.Info(ctx,"fetched metadata")`
	`244`	`+`
	`245`	`+// Expand the directory and send it back to coderd so external`
	`246`	`+// applications that rely on the directory can use it.`
	`247`	`+//`
	`248`	`+// An example is VS Code Remote, which must know the directory`
	`249`	`+// before initializing a connection.`
	`250`	`+metadata.Directory,err=expandDirectory(metadata.Directory)`
	`251`	`+iferr!=nil {`
	`252`	`+returnxerrors.Errorf("expand directory: %w",err)`
	`253`	`+}`
	`254`	`+err=a.client.PostStartup(ctx, agentsdk.PostStartupRequest{`
	`255`	`+Version:buildinfo.Version(),`
	`256`	`+ExpandedDirectory:metadata.Directory,`
	`257`	`+})`
	`258`	`+iferr!=nil {`
	`259`	`+returnxerrors.Errorf("update workspace agent version: %w",err)`
	`260`	`+}`
	`261`	`+`
`249`	`262`	`oldMetadata:=a.metadata.Swap(metadata)`
`250`	`263`
`251`	`264`	`// The startup script should only execute on the first run!`
`@@ -803,7 +816,11 @@ func (a *agent) createCommand(ctx context.Context, rawCommand string, env []stri`
`803`	`816`
`804`	`817`	`cmd:=exec.CommandContext(ctx,shell,args...)`
`805`	`818`	`cmd.Dir=metadata.Directory`
`806`		`-ifcmd.Dir=="" {`
	`819`	`+`
	`820`	`+// If the metadata directory doesn't exist, we run the command`
	`821`	`+// in the users home directory.`
	`822`	`+_,err=os.Stat(cmd.Dir)`
	`823`	`+ifcmd.Dir==""\|\|err!=nil {`
`807`	`824`	`// Default to user home if a directory is not set.`
`808`	`825`	`homedir,err:=userHomeDir()`
`809`	`826`	`iferr!=nil {`
`@@ -1314,3 +1331,20 @@ func userHomeDir() (string, error) {`
`1314`	`1331`	`}`
`1315`	`1332`	`returnu.HomeDir,nil`
`1316`	`1333`	`}`
	`1334`	`+`
	`1335`	`+// expandDirectory converts a directory path to an absolute path.`
	`1336`	`+// It primarily resolves the home directory and any environment`
	`1337`	`+// variables that may be set`
	`1338`	`+funcexpandDirectory(dirstring) (string,error) {`
	`1339`	`+ifdir=="" {`
	`1340`	`+return"",nil`
	`1341`	`+}`
	`1342`	`+ifdir[0]=='~' {`
	`1343`	`+home,err:=userHomeDir()`
	`1344`	`+iferr!=nil {`
	`1345`	`+return"",err`
	`1346`	`+}`
	`1347`	`+dir=filepath.Join(home,dir[1:])`
	`1348`	`+}`
	`1349`	`+returnos.ExpandEnv(dir),nil`
	`1350`	`+}`

`‎agent/agent_test.go`

Lines changed: 61 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -787,6 +787,56 @@ func TestAgent_Lifecycle(t *testing.T) {`
`787`	`787`	`})`
`788`	`788`	`}`
`789`	`789`
	`790`	`+funcTestAgent_Startup(t*testing.T) {`
	`791`	`+t.Parallel()`
	`792`	`+`
	`793`	`+t.Run("EmptyDirectory",func(t*testing.T) {`
	`794`	`+t.Parallel()`
	`795`	`+`
	`796`	`+_,client,_,_:=setupAgent(t, agentsdk.Metadata{`
	`797`	`+StartupScript:"true",`
	`798`	`+StartupScriptTimeout:30*time.Second,`
	`799`	`+Directory:"",`
	`800`	`+},0)`
	`801`	`+assert.Eventually(t,func()bool {`
	`802`	`+returnclient.getStartup().Version!=""`
	`803`	`+},testutil.WaitShort,testutil.IntervalFast)`
	`804`	`+require.Equal(t,"",client.getStartup().ExpandedDirectory)`
	`805`	`+})`
	`806`	`+`
	`807`	`+t.Run("HomeDirectory",func(t*testing.T) {`
	`808`	`+t.Parallel()`
	`809`	`+`
	`810`	`+_,client,_,_:=setupAgent(t, agentsdk.Metadata{`
	`811`	`+StartupScript:"true",`
	`812`	`+StartupScriptTimeout:30*time.Second,`
	`813`	`+Directory:"~",`
	`814`	`+},0)`
	`815`	`+assert.Eventually(t,func()bool {`
	`816`	`+returnclient.getStartup().Version!=""`
	`817`	`+},testutil.WaitShort,testutil.IntervalFast)`
	`818`	`+homeDir,err:=os.UserHomeDir()`
	`819`	`+require.NoError(t,err)`
	`820`	`+require.Equal(t,homeDir,client.getStartup().ExpandedDirectory)`
	`821`	`+})`
	`822`	`+`
	`823`	`+t.Run("HomeEnvironmentVariable",func(t*testing.T) {`
	`824`	`+t.Parallel()`
	`825`	`+`
	`826`	`+_,client,_,_:=setupAgent(t, agentsdk.Metadata{`
	`827`	`+StartupScript:"true",`
	`828`	`+StartupScriptTimeout:30*time.Second,`
	`829`	`+Directory:"$HOME",`
	`830`	`+},0)`
	`831`	`+assert.Eventually(t,func()bool {`
	`832`	`+returnclient.getStartup().Version!=""`
	`833`	`+},testutil.WaitShort,testutil.IntervalFast)`
	`834`	`+homeDir,err:=os.UserHomeDir()`
	`835`	`+require.NoError(t,err)`
	`836`	`+require.Equal(t,homeDir,client.getStartup().ExpandedDirectory)`
	`837`	`+})`
	`838`	`+}`
	`839`	`+`
`790`	`840`	`funcTestAgent_ReconnectingPTY(t*testing.T) {`
`791`	`841`	`t.Parallel()`
`792`	`842`	`ifruntime.GOOS=="windows" {`
`@@ -1178,6 +1228,7 @@ type client struct {`
`1178`	`1228`
`1179`	`1229`	`mu sync.Mutex// Protects following.`
`1180`	`1230`	`lifecycleStates []codersdk.WorkspaceAgentLifecycle`
	`1231`	`+startup agentsdk.PostStartupRequest`
`1181`	`1232`	`}`
`1182`	`1233`
`1183`	`1234`	`func (c*client)Metadata(_ context.Context) (agentsdk.Metadata,error) {`
`@@ -1250,7 +1301,16 @@ func (*client) PostAppHealth(_ context.Context, _ agentsdk.PostAppHealthsRequest`
`1250`	`1301`	`returnnil`
`1251`	`1302`	`}`
`1252`	`1303`
`1253`		`-func (*client)PostVersion(_ context.Context,_string)error {`
	`1304`	`+func (c*client)getStartup() agentsdk.PostStartupRequest {`
	`1305`	`+c.mu.Lock()`
	`1306`	`+deferc.mu.Unlock()`
	`1307`	`+returnc.startup`
	`1308`	`+}`
	`1309`	`+`
	`1310`	`+func (c*client)PostStartup(_ context.Context,startup agentsdk.PostStartupRequest)error {`
	`1311`	`+c.mu.Lock()`
	`1312`	`+deferc.mu.Unlock()`
	`1313`	`+c.startup=startup`
`1254`	`1314`	`returnnil`
`1255`	`1315`	`}`
`1256`	`1316`

`‎cli/cliui/parameter.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -114,5 +114,5 @@ func validateRichPrompt(value string, p codersdk.TemplateVersionParameter) error`
`114`	`114`	`returncodersdk.ValidateWorkspaceBuildParameter(p, codersdk.WorkspaceBuildParameter{`
`115`	`115`	`Name:p.Name,`
`116`	`116`	`Value:value,`
`117`		`-})`
	`117`	`+},nil)`
`118`	`118`	`}`

`‎cli/create_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func TestCreate(t *testing.T) {`
`87`	`87`	`_=coderdtest.CreateTemplate(t,client,user.OrganizationID,version.ID)`
`88`	`88`	`cmd,root:=clitest.New(t,"create","my-workspace","-y")`
`89`	`89`
`90`		`-member:=coderdtest.CreateAnotherUser(t,client,user.OrganizationID)`
	`90`	`+member,_:=coderdtest.CreateAnotherUser(t,client,user.OrganizationID)`
`91`	`91`	`clitest.SetupConfig(t,member,root)`
`92`	`92`	`cmdCtx,done:=context.WithTimeout(context.Background(),testutil.WaitLong)`
`93`	`93`	`gofunc() {`

`‎cli/delete_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ func TestDelete(t *testing.T) {`
`77`	`77`	`adminClient:=coderdtest.New(t,&coderdtest.Options{IncludeProvisionerDaemon:true})`
`78`	`78`	`adminUser:=coderdtest.CreateFirstUser(t,adminClient)`
`79`	`79`	`orgID:=adminUser.OrganizationID`
`80`		`-client:=coderdtest.CreateAnotherUser(t,adminClient,orgID)`
	`80`	`+client,_:=coderdtest.CreateAnotherUser(t,adminClient,orgID)`
`81`	`81`	`user,err:=client.User(context.Background(),codersdk.Me)`
`82`	`82`	`require.NoError(t,err)`
`83`	`83`

`‎cli/userlist_test.go`

Lines changed: 2 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -87,12 +87,9 @@ func TestUserShow(t *testing.T) {`
`87`	`87`
`88`	`88`	`t.Run("Table",func(t*testing.T) {`
`89`	`89`	`t.Parallel()`
`90`		`-ctx:=context.Background()`
`91`	`90`	`client:=coderdtest.New(t,nil)`
`92`	`91`	`admin:=coderdtest.CreateFirstUser(t,client)`
`93`		`-other:=coderdtest.CreateAnotherUser(t,client,admin.OrganizationID)`
`94`		`-otherUser,err:=other.User(ctx,codersdk.Me)`
`95`		`-require.NoError(t,err,"fetch other user")`
	`92`	`+_,otherUser:=coderdtest.CreateAnotherUser(t,client,admin.OrganizationID)`
`96`	`93`	`cmd,root:=clitest.New(t,"users","show",otherUser.Username)`
`97`	`94`	`clitest.SetupConfig(t,client,root)`
`98`	`95`	`doneChan:=make(chanstruct{})`
`@@ -114,7 +111,7 @@ func TestUserShow(t *testing.T) {`
`114`	`111`	`ctx:=context.Background()`
`115`	`112`	`client:=coderdtest.New(t,nil)`
`116`	`113`	`admin:=coderdtest.CreateFirstUser(t,client)`
`117`		`-other:=coderdtest.CreateAnotherUser(t,client,admin.OrganizationID)`
	`114`	`+other,_:=coderdtest.CreateAnotherUser(t,client,admin.OrganizationID)`
`118`	`115`	`otherUser,err:=other.User(ctx,codersdk.Me)`
`119`	`116`	`require.NoError(t,err,"fetch other user")`
`120`	`117`	`cmd,root:=clitest.New(t,"users","show",otherUser.Username,"-o","json")`

`‎cli/userstatus_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ func TestUserStatus(t *testing.T) {`
`17`	`17`	`t.Parallel()`
`18`	`18`	`client:=coderdtest.New(t,nil)`
`19`	`19`	`admin:=coderdtest.CreateFirstUser(t,client)`
`20`		`-other:=coderdtest.CreateAnotherUser(t,client,admin.OrganizationID)`
	`20`	`+other,_:=coderdtest.CreateAnotherUser(t,client,admin.OrganizationID)`
`21`	`21`	`otherUser,err:=other.User(context.Background(),codersdk.Me)`
`22`	`22`	`require.NoError(t,err,"fetch user")`
`23`	`23`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3861a43

File tree

108 files changed

Some content is hidden

108 files changed

`‎.github/workflows/security.yaml`

`‎agent/agent.go`

`‎agent/agent_test.go`

`‎cli/cliui/parameter.go`

`‎cli/create_test.go`

`‎cli/delete_test.go`

`‎cli/userlist_test.go`

`‎cli/userstatus_test.go`

0 commit comments