Context

Currently, we have three options for sharing acoder_app.

share (String) Determines the "level" which the application is shared at. Valid levels are "owner" (default), "authenticated" and "public". Level "owner" disables sharing on the app, so only the workspace owner can access it. Level "authenticated" shares the app with all authenticated users. Level "public" shares it with any user, including unauthenticated users. Permitted application sharing levels can be configured site-wide via a flag on coder server (Enterprise only).

I think the authenticated permission is too broad, and most users would not wish to expose their workspace to everyone in the organization.

Suggestion

Allow exposing apps to a single user by specifying the targetusername.

Proposal 1

This can be achieved by settingshare = "matifali" in thecoder_app resource.

A template admin can configure it as acoder_parameter, and the user can configure it while creating or updating their workspace.

data"coder_parameter""share_code_server" {name="share_code_server"display_name="Share code-server"description="Sharing code-server with user: e.g matifali, bpmct"type="string"mutable=truedefault=""}resource"coder_app""code-server" {count=local.code-server-countagent_id=coder_agent.main.iddisplay_name="VS Code Web"slug="code-server"url="http://localhost:13337"icon="/icon/code.svg"subdomain=trueshare=data.coder_parameter.share_code_server.value==""?"owner": data.coder_parameter.share_code_server.value}

This should then share this coder_app with the username specified for theshare property.

Proposal 2

Allow doing this from the workspace page without any template admins, and it could be disabled/enabled deployment-wide using a flag e.g.,CODER_DISBALE_SHARING_CODER_APPS=false/true
This could be done along with#10908

cc:@sharkymark and @coder/pms for commnets