coder
diff --git a/‎.golangci.yaml
+2 b/‎.golangci.yaml
+2
diff --git a/‎cli/cliui/cliui.go
+1-1 b/‎cli/cliui/cliui.go
+1-1
diff --git a/‎cli/cliui/prompt.go
+2-2 b/‎cli/cliui/prompt.go
+2-2
diff --git a/‎cli/cliui/provisionerjob.go
+1-1 b/‎cli/cliui/provisionerjob.go
+1-1
diff --git a/‎cli/cliui/provisionerjob_test.go
+1-1 b/‎cli/cliui/provisionerjob_test.go
+1-1
diff --git a/‎cli/cliui/select.go
+2-2 b/‎cli/cliui/select.go
+2-2
diff --git a/‎cli/configssh.go
+1-1 b/‎cli/configssh.go
+1-1
diff --git a/‎cli/externalauth.go
+1-1 b/‎cli/externalauth.go
+1-1
diff --git a/‎cli/externalauth_test.go
+1-1 b/‎cli/externalauth_test.go
+1-1
diff --git a/‎cli/gitaskpass.go
+1-1 b/‎cli/gitaskpass.go
+1-1
diff --git a/‎cli/gitaskpass_test.go
+1-1 b/‎cli/gitaskpass_test.go
+1-1
diff --git a/‎cli/login.go
+3-3 b/‎cli/login.go
+3-3
diff --git a/‎cli/open.go
+1-1 b/‎cli/open.go
+1-1
diff --git a/‎cli/root.go
+1-1 b/‎cli/root.go
+1-1
diff --git a/‎cli/ssh.go
+1-1 b/‎cli/ssh.go
+1-1
diff --git a/‎cli/ssh_test.go
+1-1 b/‎cli/ssh_test.go
+1-1
diff --git a/‎cli/vscodessh.go
+1-1 b/‎cli/vscodessh.go
+1-1
diff --git a/‎cmd/cliui/main.go
+2-2 b/‎cmd/cliui/main.go
+2-2
diff --git a/‎coderd/autobuild/lifecycle_executor_test.go
+2-3 b/‎coderd/autobuild/lifecycle_executor_test.go
+2-3
diff --git a/‎coderd/coderdtest/authorize_test.go
+3-5 b/‎coderd/coderdtest/authorize_test.go
+3-5
diff --git a/‎coderd/cryptokeys/cache_test.go
+2-4 b/‎coderd/cryptokeys/cache_test.go
+2-4
diff --git a/‎coderd/database/dbauthz/dbauthz.go
+12-12 b/‎coderd/database/dbauthz/dbauthz.go
+12-12
diff --git a/‎coderd/database/dbauthz/setup_test.go
+1-1 b/‎coderd/database/dbauthz/setup_test.go
+1-1
@@ -231,6 +231,8 @@ issues:
 
 run:
   timeout: 10m
+  skip-files:
+    - scripts/rules.go
 
 # Over time, add more and more linters from
 # https://golangci-lint.run/usage/linters/ as the code improves.
 
@@ -12,7 +12,7 @@ import (
 	"github.com/coder/pretty"
 )
 
-var Canceled = xerrors.New("canceled")
+var ErrCanceled = xerrors.New("canceled")
 
 // DefaultStyles compose visual elements of the UI.
 var DefaultStyles Styles
 
@@ -124,7 +124,7 @@ func Prompt(inv *serpent.Invocation, opts PromptOptions) (string, error) {
 		return "", err
 	case line := <-lineCh:
 		if opts.IsConfirm && line != "yes" && line != "y" {
-			return line, xerrors.Errorf("got %q: %w", line, Canceled)
+			return line, xerrors.Errorf("got %q: %w", line, ErrCanceled)
 		}
 		if opts.Validate != nil {
 			err := opts.Validate(line)
@@ -139,7 +139,7 @@ func Prompt(inv *serpent.Invocation, opts PromptOptions) (string, error) {
 	case <-interrupt:
 		// Print a newline so that any further output starts properly on a new line.
 		_, _ = fmt.Fprintln(inv.Stdout)
-		return "", Canceled
+		return "", ErrCanceled
 	}
 }
 
 
@@ -204,7 +204,7 @@ func ProvisionerJob(ctx context.Context, wr io.Writer, opts ProvisionerJobOption
 				switch job.Status {
 				case codersdk.ProvisionerJobCanceled:
 					jobMutex.Unlock()
-					return Canceled
+					return ErrCanceled
 				case codersdk.ProvisionerJobSucceeded:
 					jobMutex.Unlock()
 					return nil
 
@@ -250,7 +250,7 @@ func newProvisionerJob(t *testing.T) provisionerJobTest {
 		defer close(done)
 		err := inv.WithContext(context.Background()).Run()
 		if err != nil {
-			assert.ErrorIs(t, err, cliui.Canceled)
+			assert.ErrorIs(t, err, cliui.ErrCanceled)
 		}
 	}()
 	t.Cleanup(func() {
 
@@ -147,7 +147,7 @@ func Select(inv *serpent.Invocation, opts SelectOptions) (string, error) {
 	}
 
 	if model.canceled {
-		return "", Canceled
+		return "", ErrCanceled
 	}
 
 	return model.selected, nil
@@ -360,7 +360,7 @@ func MultiSelect(inv *serpent.Invocation, opts MultiSelectOptions) ([]string, er
 	}
 
 	if model.canceled {
-		return nil, Canceled
+		return nil, ErrCanceled
 	}
 
 	return model.selectedOptions(), nil
 
@@ -268,7 +268,7 @@ func (r *RootCmd) configSSH() *serpent.Command {
 					IsConfirm: true,
 				})
 				if err != nil {
-					if line == "" && xerrors.Is(err, cliui.Canceled) {
+					if line == "" && xerrors.Is(err, cliui.ErrCanceled) {
 						return nil
 					}
 					// Selecting "no" will use the last config.
 
@@ -91,7 +91,7 @@ fi
 				if err != nil {
 					return err
 				}
-				return cliui.Canceled
+				return cliui.ErrCanceled
 			}
 			if extra != "" {
 				if extAuth.TokenExtra == nil {
 
@@ -29,7 +29,7 @@ func TestExternalAuth(t *testing.T) {
 		inv.Stdout = pty.Output()
 		waiter := clitest.StartWithWaiter(t, inv)
 		pty.ExpectMatch("https://github.com")
-		waiter.RequireIs(cliui.Canceled)
+		waiter.RequireIs(cliui.ErrCanceled)
 	})
 	t.Run("SuccessWithToken", func(t *testing.T) {
 		t.Parallel()
 
@@ -53,7 +53,7 @@ func (r *RootCmd) gitAskpass() *serpent.Command {
 					cliui.Warn(inv.Stderr, "Coder was unable to handle this git request. The default git behavior will be used instead.",
 						lines...,
 					)
-					return cliui.Canceled
+					return cliui.ErrCanceled
 				}
 				return xerrors.Errorf("get git token: %w", err)
 			}
 
@@ -59,7 +59,7 @@ func TestGitAskpass(t *testing.T) {
 		pty := ptytest.New(t)
 		inv.Stderr = pty.Output()
 		err := inv.Run()
-		require.ErrorIs(t, err, cliui.Canceled)
+		require.ErrorIs(t, err, cliui.ErrCanceled)
 		pty.ExpectMatch("Nope!")
 	})
 
 
@@ -48,7 +48,7 @@ func promptFirstUsername(inv *serpent.Invocation) (string, error) {
 		Text:    "What " + pretty.Sprint(cliui.DefaultStyles.Field, "username") + " would you like?",
 		Default: currentUser.Username,
 	})
-	if errors.Is(err, cliui.Canceled) {
+	if errors.Is(err, cliui.ErrCanceled) {
 		return "", nil
 	}
 	if err != nil {
@@ -64,7 +64,7 @@ func promptFirstName(inv *serpent.Invocation) (string, error) {
 		Default: "",
 	})
 	if err != nil {
-		if errors.Is(err, cliui.Canceled) {
+		if errors.Is(err, cliui.ErrCanceled) {
 			return "", nil
 		}
 		return "", err
@@ -508,7 +508,7 @@ func promptTrialInfo(inv *serpent.Invocation, fieldName string) (string, error)
 		},
 	})
 	if err != nil {
-		if errors.Is(err, cliui.Canceled) {
+		if errors.Is(err, cliui.ErrCanceled) {
 			return "", nil
 		}
 		return "", err
 
@@ -89,7 +89,7 @@ func (r *RootCmd) openVSCode() *serpent.Command {
 				})
 				if err != nil {
 					if xerrors.Is(err, context.Canceled) {
-						return cliui.Canceled
+						return cliui.ErrCanceled
 					}
 					return xerrors.Errorf("agent: %w", err)
 				}
 
@@ -171,7 +171,7 @@ func (r *RootCmd) RunWithSubcommands(subcommands []*serpent.Command) {
 			code = exitErr.code
 			err = exitErr.err
 		}
-		if errors.Is(err, cliui.Canceled) {
+		if errors.Is(err, cliui.ErrCanceled) {
 			//nolint:revive
 			os.Exit(code)
 		}
 
@@ -264,7 +264,7 @@ func (r *RootCmd) ssh() *serpent.Command {
 			})
 			if err != nil {
 				if xerrors.Is(err, context.Canceled) {
-					return cliui.Canceled
+					return cliui.ErrCanceled
 				}
 				return err
 			}
 
@@ -341,7 +341,7 @@ func TestSSH(t *testing.T) {
 
 		cmdDone := tGo(t, func() {
 			err := inv.WithContext(ctx).Run()
-			assert.ErrorIs(t, err, cliui.Canceled)
+			assert.ErrorIs(t, err, cliui.ErrCanceled)
 		})
 		pty.ExpectMatch(wantURL)
 		cancel()
 
@@ -142,7 +142,7 @@ func (r *RootCmd) vscodeSSH() *serpent.Command {
 			})
 			if err != nil {
 				if xerrors.Is(err, context.Canceled) {
-					return cliui.Canceled
+					return cliui.ErrCanceled
 				}
 			}
 
 
@@ -89,7 +89,7 @@ func main() {
 					return nil
 				},
 			})
-			if errors.Is(err, cliui.Canceled) {
+			if errors.Is(err, cliui.ErrCanceled) {
 				return nil
 			}
 			if err != nil {
@@ -100,7 +100,7 @@ func main() {
 				Default:   cliui.ConfirmYes,
 				IsConfirm: true,
 			})
-			if errors.Is(err, cliui.Canceled) {
+			if errors.Is(err, cliui.ErrCanceled) {
 				return nil
 			}
 			if err != nil {
 
@@ -1219,10 +1219,9 @@ func mustProvisionWorkspaceWithParameters(t *testing.T, client *codersdk.Client,
 	return coderdtest.MustWorkspace(t, client, ws.ID)
 }
 
-func mustSchedule(t *testing.T, _ string) *cron.Schedule {
+func mustSchedule(t *testing.T, s string) *cron.Schedule {
 	t.Helper()
-	// Always use the same schedule string for consistency
-	sched, err := cron.Weekly("CRON_TZ=UTC 0 * * * *")
+	sched, err := cron.Weekly(s)
 	require.NoError(t, err)
 	return sched
 }
 
@@ -116,13 +116,11 @@ func fuzzAuthzPrep(t *testing.T, prep rbac.PreparedAuthorized, n int, action pol
 	return pairs
 }
 
-func fuzzAuthz(t *testing.T, sub rbac.Subject, rec rbac.Authorizer, _ int) []coderdtest.ActionObjectPair {
+func fuzzAuthz(t *testing.T, sub rbac.Subject, rec rbac.Authorizer, n int) []coderdtest.ActionObjectPair {
 	t.Helper()
-	// Always use 10 pairs for consistency
-	const numPairs = 10
-	pairs := make([]coderdtest.ActionObjectPair, 0, numPairs)
+	pairs := make([]coderdtest.ActionObjectPair, 0, n)
 
-	for i := 0; i < numPairs; i++ {
+	for i := 0; i < n; i++ {
 		p := coderdtest.ActionObjectPair{Action: coderdtest.RandomRBACAction(), Object: coderdtest.RandomRBACObject()}
 		_ = rec.Authorize(context.Background(), sub, p.Action, p.Object)
 		pairs = append(pairs, p)
 
@@ -504,12 +504,10 @@ func decodedSecret(t *testing.T, key codersdk.CryptoKey) []byte {
 	return secret
 }
 
-func generateKey(t *testing.T, _ int) string {
+func generateKey(t *testing.T, size int) string {
 	t.Helper()
 
-	// Always use 64 bytes for consistency
-	const keySize = 64
-	key := make([]byte, keySize)
+	key := make([]byte, size)
 	_, err := rand.Read(key)
 	require.NoError(t, err)
 
 
@@ -33,8 +33,8 @@ var _ database.Store = (*querier)(nil)
 
 const wrapname = "dbauthz.querier"
 
-// NoActorError is returned if no actor is present in the context.
-var NoActorError = xerrors.Errorf("no authorization actor in context")
+// ErrNoActor is returned if no actor is present in the context.
+var ErrNoActor = xerrors.Errorf("no authorization actor in context")
 
 // NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows.
 // This allows the internal error to be read by the caller if needed. Otherwise
@@ -69,7 +69,7 @@ func IsNotAuthorizedError(err error) bool {
 	if err == nil {
 		return false
 	}
-	if xerrors.Is(err, NoActorError) {
+	if xerrors.Is(err, ErrNoActor) {
 		return true
 	}
 
@@ -140,7 +140,7 @@ func (q *querier) Wrappers() []string {
 func (q *querier) authorizeContext(ctx context.Context, action policy.Action, object rbac.Objecter) error {
 	act, ok := ActorFromContext(ctx)
 	if !ok {
-		return NoActorError
+		return ErrNoActor
 	}
 
 	err := q.auth.Authorize(ctx, act, action, object.RBACObject())
@@ -466,7 +466,7 @@ func insertWithAction[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}
 
 		// Authorize the action
@@ -544,7 +544,7 @@ func fetchWithAction[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}
 
 		// Fetch the database object
@@ -620,7 +620,7 @@ func fetchAndQuery[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}
 
 		// Fetch the database object
@@ -654,7 +654,7 @@ func fetchWithPostFilter[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}
 
 		// Fetch the database object
@@ -673,7 +673,7 @@ func fetchWithPostFilter[
 func prepareSQLFilter(ctx context.Context, authorizer rbac.Authorizer, action policy.Action, resourceType string) (rbac.PreparedAuthorized, error) {
 	act, ok := ActorFromContext(ctx)
 	if !ok {
-		return nil, NoActorError
+		return nil, ErrNoActor
 	}
 
 	return authorizer.Prepare(ctx, act, action, resourceType)
@@ -752,7 +752,7 @@ func (*querier) convertToDeploymentRoles(names []string) []rbac.RoleIdentifier {
 func (q *querier) canAssignRoles(ctx context.Context, orgID uuid.UUID, added, removed []rbac.RoleIdentifier) error {
 	actor, ok := ActorFromContext(ctx)
 	if !ok {
-		return NoActorError
+		return ErrNoActor
 	}
 
 	roleAssign := rbac.ResourceAssignRole
@@ -961,7 +961,7 @@ func (q *querier) customRoleEscalationCheck(ctx context.Context, actor rbac.Subj
 func (q *querier) customRoleCheck(ctx context.Context, role database.CustomRole) error {
 	act, ok := ActorFromContext(ctx)
 	if !ok {
-		return NoActorError
+		return ErrNoActor
 	}
 
 	// Org permissions require an org role
@@ -3896,7 +3896,7 @@ func (q *querier) UpdateProvisionerJobWithCancelByID(ctx context.Context, arg da
 			// Only owners can cancel workspace builds
 			actor, ok := ActorFromContext(ctx)
 			if !ok {
-				return NoActorError
+				return ErrNoActor
 			}
 			if !slice.Contains(actor.Roles.Names(), rbac.RoleOwner()) {
 				return xerrors.Errorf("only owners can cancel workspace builds")
 
@@ -252,7 +252,7 @@ func (s *MethodTestSuite) NoActorErrorTest(callMethod func(ctx context.Context)
 	s.Run("AsRemoveActor", func() {
 		// Call without any actor
 		_, err := callMethod(context.Background())
-		s.ErrorIs(err, dbauthz.NoActorError, "method should return NoActorError error when no actor is provided")
+		s.ErrorIs(err, dbauthz.ErrNoActor, "method should return NoActorError error when no actor is provided")
 	})
 }
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ import (`
`12`	`12`	`"github.com/coder/pretty"`
`13`	`13`	`)`
`14`	`14`
`15`		`-var Canceled = xerrors.New("canceled")`
	`15`	`+var ErrCanceled = xerrors.New("canceled")`
`16`	`16`
`17`	`17`	`// DefaultStyles compose visual elements of the UI.`
`18`	`18`	`var DefaultStyles Styles`
Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ func Prompt(inv *serpent.Invocation, opts PromptOptions) (string, error) {`
`124`	`124`	`return "", err`
`125`	`125`	`case line := <-lineCh:`
`126`	`126`	`if opts.IsConfirm && line != "yes" && line != "y" {`
`127`		`- return line, xerrors.Errorf("got %q: %w", line, Canceled)`
	`127`	`+ return line, xerrors.Errorf("got %q: %w", line, ErrCanceled)`
`128`	`128`	`}`
`129`	`129`	`if opts.Validate != nil {`
`130`	`130`	`err := opts.Validate(line)`
`@@ -139,7 +139,7 @@ func Prompt(inv *serpent.Invocation, opts PromptOptions) (string, error) {`
`139`	`139`	`case <-interrupt:`
`140`	`140`	`// Print a newline so that any further output starts properly on a new line.`
`141`	`141`	`_, _ = fmt.Fprintln(inv.Stdout)`
`142`		`- return "", Canceled`
	`142`	`+ return "", ErrCanceled`
`143`	`143`	`}`
`144`	`144`	`}`
`145`	`145`
Original file line number	Diff line number	Diff line change
`@@ -250,7 +250,7 @@ func newProvisionerJob(t *testing.T) provisionerJobTest {`
`250`	`250`	`defer close(done)`
`251`	`251`	`err := inv.WithContext(context.Background()).Run()`
`252`	`252`	`if err != nil {`
`253`		`- assert.ErrorIs(t, err, cliui.Canceled)`
	`253`	`+ assert.ErrorIs(t, err, cliui.ErrCanceled)`
`254`	`254`	`}`
`255`	`255`	`}()`
`256`	`256`	`t.Cleanup(func() {`
Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ func Select(inv *serpent.Invocation, opts SelectOptions) (string, error) {`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`if model.canceled {`
`150`		`- return "", Canceled`
	`150`	`+ return "", ErrCanceled`
`151`	`151`	`}`
`152`	`152`
`153`	`153`	`return model.selected, nil`
`@@ -360,7 +360,7 @@ func MultiSelect(inv *serpent.Invocation, opts MultiSelectOptions) ([]string, er`
`360`	`360`	`}`
`361`	`361`
`362`	`362`	`if model.canceled {`
`363`		`- return nil, Canceled`
	`363`	`+ return nil, ErrCanceled`
`364`	`364`	`}`
`365`	`365`
`366`	`366`	`return model.selectedOptions(), nil`
Original file line number	Diff line number	Diff line change
`@@ -268,7 +268,7 @@ func (r RootCmd) configSSH() serpent.Command {`
`268`	`268`	`IsConfirm: true,`
`269`	`269`	`})`
`270`	`270`	`if err != nil {`
`271`		`- if line == "" && xerrors.Is(err, cliui.Canceled) {`
	`271`	`+ if line == "" && xerrors.Is(err, cliui.ErrCanceled) {`
`272`	`272`	`return nil`
`273`	`273`	`}`
`274`	`274`	`// Selecting "no" will use the last config.`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ fi`
`91`	`91`	`if err != nil {`
`92`	`92`	`return err`
`93`	`93`	`}`
`94`		`- return cliui.Canceled`
	`94`	`+ return cliui.ErrCanceled`
`95`	`95`	`}`
`96`	`96`	`if extra != "" {`
`97`	`97`	`if extAuth.TokenExtra == nil {`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ func (r RootCmd) gitAskpass() serpent.Command {`
`53`	`53`	`cliui.Warn(inv.Stderr, "Coder was unable to handle this git request. The default git behavior will be used instead.",`
`54`	`54`	`lines...,`
`55`	`55`	`)`
`56`		`- return cliui.Canceled`
	`56`	`+ return cliui.ErrCanceled`
`57`	`57`	`}`
`58`	`58`	`return xerrors.Errorf("get git token: %w", err)`
`59`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ func (r RootCmd) openVSCode() serpent.Command {`
`89`	`89`	`})`
`90`	`90`	`if err != nil {`
`91`	`91`	`if xerrors.Is(err, context.Canceled) {`
`92`		`- return cliui.Canceled`
	`92`	`+ return cliui.ErrCanceled`
`93`	`93`	`}`
`94`	`94`	`return xerrors.Errorf("agent: %w", err)`
`95`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ func (r RootCmd) RunWithSubcommands(subcommands []serpent.Command) {`
`171`	`171`	`code = exitErr.code`
`172`	`172`	`err = exitErr.err`
`173`	`173`	`}`
`174`		`- if errors.Is(err, cliui.Canceled) {`
	`174`	`+ if errors.Is(err, cliui.ErrCanceled) {`
`175`	`175`	`//nolint:revive`
`176`	`176`	`os.Exit(code)`
`177`	`177`	`}`
Original file line number	Diff line number	Diff line change
`@@ -264,7 +264,7 @@ func (r RootCmd) ssh() serpent.Command {`
`264`	`264`	`})`
`265`	`265`	`if err != nil {`
`266`	`266`	`if xerrors.Is(err, context.Canceled) {`
`267`		`- return cliui.Canceled`
	`267`	`+ return cliui.ErrCanceled`
`268`	`268`	`}`
`269`	`269`	`return err`
`270`	`270`	`}`