coder
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 25 additions & 0 deletions b/‎cli/server.go
Lines changed: 25 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 1 addition & 0 deletions b/‎coderd/coderd.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 2 additions & 0 deletions b/‎coderd/coderdtest/coderdtest.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/templates.go
Lines changed: 151 additions & 0 deletions b/‎coderd/templates.go
Lines changed: 151 additions & 0 deletions
diff --git a/‎coderd/users.go
Lines changed: 61 additions & 0 deletions b/‎coderd/users.go
Lines changed: 61 additions & 0 deletions
@@ -34,6 +34,7 @@ dist/
 site/out/
 
 *.tfstate
+*.tfstate.backup
 *.tfplan
 *.lock.hcl
 .terraform/
 
@@ -108,6 +108,7 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 		trace                            bool
 		secureAuthCookie                 bool
 		sshKeygenAlgorithmRaw            string
+		autoImportTemplates              []string
 		spooky                           bool
 		verbose                          bool
 	)
@@ -284,6 +285,28 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 					URLs: []string{stunServer},
 				})
 			}
+
+			// Validate provided auto-import templates.
+			var (
+				validatedAutoImportTemplates     = make([]coderd.AutoImportTemplate, len(autoImportTemplates))
+				seenValidatedAutoImportTemplates = make(map[coderd.AutoImportTemplate]struct{}, len(autoImportTemplates))
+			)
+			for i, autoImportTemplate := range autoImportTemplates {
+				var v coderd.AutoImportTemplate
+				switch autoImportTemplate {
+				case "kubernetes":
+					v = coderd.AutoImportTemplateKubernetes
+				default:
+					return xerrors.Errorf("auto import template %q is not supported", autoImportTemplate)
+				}
+
+				if _, ok := seenValidatedAutoImportTemplates[v]; ok {
+					return xerrors.Errorf("auto import template %q is specified more than once", v)
+				}
+				seenValidatedAutoImportTemplates[v] = struct{}{}
+				validatedAutoImportTemplates[i] = v
+			}
+
 			options := &coderd.Options{
 				AccessURL:            accessURLParsed,
 				ICEServers:           iceServers,
@@ -297,6 +320,7 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 				TURNServer:           turnServer,
 				TracerProvider:       tracerProvider,
 				Telemetry:            telemetry.NewNoop(),
+				AutoImportTemplates:  validatedAutoImportTemplates,
 			}
 
 			if oauth2GithubClientSecret != "" {
@@ -744,6 +768,7 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 	cliflag.BoolVarP(root.Flags(), &secureAuthCookie, "secure-auth-cookie", "", "CODER_SECURE_AUTH_COOKIE", false, "Specifies if the 'Secure' property is set on browser session cookies")
 	cliflag.StringVarP(root.Flags(), &sshKeygenAlgorithmRaw, "ssh-keygen-algorithm", "", "CODER_SSH_KEYGEN_ALGORITHM", "ed25519", "Specifies the algorithm to use for generating ssh keys. "+
 		`Accepted values are "ed25519", "ecdsa", or "rsa4096"`)
+	cliflag.StringArrayVarP(root.Flags(), &autoImportTemplates, "auto-import-template", "", "CODER_TEMPLATE_AUTOIMPORT", []string{}, "Which templates to auto-import. Available auto-importable templates are: kubernetes")
 	cliflag.BoolVarP(root.Flags(), &spooky, "spooky", "", "", false, "Specifies spookiness level")
 	cliflag.BoolVarP(root.Flags(), &verbose, "verbose", "v", "CODER_VERBOSE", false, "Enables verbose logging.")
 	_ = root.Flags().MarkHidden("spooky")
 
@@ -66,6 +66,7 @@ type Options struct {
 	Telemetry            telemetry.Reporter
 	TURNServer           *turnconn.Server
 	TracerProvider       *sdktrace.TracerProvider
+	AutoImportTemplates  []AutoImportTemplate
 	LicenseHandler       http.Handler
 }
 
 
@@ -68,6 +68,7 @@ type Options struct {
 	GoogleTokenValidator *idtoken.Validator
 	SSHKeygenAlgorithm   gitsshkey.Algorithm
 	APIRateLimit         int
+	AutoImportTemplates  []coderd.AutoImportTemplate
 	AutobuildTicker      <-chan time.Time
 	AutobuildStats       chan<- executor.Stats
 
@@ -210,6 +211,7 @@ func newWithAPI(t *testing.T, options *Options) (*codersdk.Client, io.Closer, *c
 		APIRateLimit:         options.APIRateLimit,
 		Authorizer:           options.Authorizer,
 		Telemetry:            telemetry.NewNoop(),
+		AutoImportTemplates:  options.AutoImportTemplates,
 	})
 	t.Cleanup(func() {
 		_ = coderAPI.Close()
 
@@ -2,14 +2,17 @@ package coderd
 
 import (
 	"context"
+	"crypto/sha256"
 	"database/sql"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"net/http"
 	"time"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
+	"github.com/moby/moby/pkg/namesgenerator"
 	"golang.org/x/xerrors"
 
 	"github.com/coder/coder/coderd/database"
@@ -26,6 +29,14 @@ var (
 	minAutostartIntervalDefault = time.Hour
 )
 
+// Auto-importable templates. These can be auto-imported after the first user
+// has been created.
+type AutoImportTemplate string
+
+const (
+	AutoImportTemplateKubernetes AutoImportTemplate = "kubernetes"
+)
+
 // Returns a single template.
 func (api *API) template(rw http.ResponseWriter, r *http.Request) {
 	template := httpmw.TemplateParam(r)
@@ -508,6 +519,146 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(rw, http.StatusOK, convertTemplate(updated, count, createdByNameMap[updated.ID.String()]))
 }
 
+type autoImportTemplateOpts struct {
+	name    string
+	archive []byte
+	params  map[string]string
+	userID  uuid.UUID
+	orgID   uuid.UUID
+}
+
+func (api *API) autoImportTemplate(ctx context.Context, opts autoImportTemplateOpts) (database.Template, error) {
+	var template database.Template
+	err := api.Database.InTx(func(s database.Store) error {
+		// Insert the archive into the files table.
+		var (
+			hash = sha256.Sum256(opts.archive)
+			now  = database.Now()
+		)
+		file, err := s.InsertFile(ctx, database.InsertFileParams{
+			Hash:      hex.EncodeToString(hash[:]),
+			CreatedAt: now,
+			CreatedBy: opts.userID,
+			Mimetype:  "application/x-tar",
+			Data:      opts.archive,
+		})
+		if err != nil {
+			return xerrors.Errorf("insert auto-imported template archive into files table: %w", err)
+		}
+
+		jobID := uuid.New()
+
+		// Insert parameters
+		for key, value := range opts.params {
+			_, err = s.InsertParameterValue(ctx, database.InsertParameterValueParams{
+				ID:                uuid.New(),
+				Name:              key,
+				CreatedAt:         now,
+				UpdatedAt:         now,
+				Scope:             database.ParameterScopeImportJob,
+				ScopeID:           jobID,
+				SourceScheme:      database.ParameterSourceSchemeData,
+				SourceValue:       value,
+				DestinationScheme: database.ParameterDestinationSchemeProvisionerVariable,
+			})
+			if err != nil {
+				return xerrors.Errorf("insert job-scoped parameter %q with value %q: %w", key, value, err)
+			}
+		}
+
+		// Create provisioner job
+		job, err := s.InsertProvisionerJob(ctx, database.InsertProvisionerJobParams{
+			ID:             jobID,
+			CreatedAt:      now,
+			UpdatedAt:      now,
+			OrganizationID: opts.orgID,
+			InitiatorID:    opts.userID,
+			Provisioner:    database.ProvisionerTypeTerraform,
+			StorageMethod:  database.ProvisionerStorageMethodFile,
+			StorageSource:  file.Hash,
+			Type:           database.ProvisionerJobTypeTemplateVersionImport,
+			Input:          []byte{'{', '}'},
+		})
+		if err != nil {
+			return xerrors.Errorf("insert provisioner job: %w", err)
+		}
+
+		// Create template version
+		templateVersion, err := s.InsertTemplateVersion(ctx, database.InsertTemplateVersionParams{
+			ID: uuid.New(),
+			TemplateID: uuid.NullUUID{
+				UUID:  uuid.Nil,
+				Valid: false,
+			},
+			OrganizationID: opts.orgID,
+			CreatedAt:      now,
+			UpdatedAt:      now,
+			Name:           namesgenerator.GetRandomName(1),
+			Readme:         "",
+			JobID:          job.ID,
+			CreatedBy: uuid.NullUUID{
+				UUID:  opts.userID,
+				Valid: true,
+			},
+		})
+		if err != nil {
+			return xerrors.Errorf("insert template version: %w", err)
+		}
+
+		// Create template
+		template, err = s.InsertTemplate(ctx, database.InsertTemplateParams{
+			ID:                   uuid.New(),
+			CreatedAt:            now,
+			UpdatedAt:            now,
+			OrganizationID:       opts.orgID,
+			Name:                 opts.name,
+			Provisioner:          job.Provisioner,
+			ActiveVersionID:      templateVersion.ID,
+			Description:          "This template was auto-imported by Coder.",
+			MaxTtl:               int64(maxTTLDefault),
+			MinAutostartInterval: int64(minAutostartIntervalDefault),
+			CreatedBy:            opts.userID,
+		})
+		if err != nil {
+			return xerrors.Errorf("insert template: %w", err)
+		}
+
+		// Update template version with template ID
+		err = s.UpdateTemplateVersionByID(ctx, database.UpdateTemplateVersionByIDParams{
+			ID: templateVersion.ID,
+			TemplateID: uuid.NullUUID{
+				UUID:  template.ID,
+				Valid: true,
+			},
+		})
+		if err != nil {
+			return xerrors.Errorf("update template version to set template ID: %s", err)
+		}
+
+		// Insert parameters at the template scope
+		for key, value := range opts.params {
+			_, err = s.InsertParameterValue(ctx, database.InsertParameterValueParams{
+				ID:                uuid.New(),
+				Name:              key,
+				CreatedAt:         now,
+				UpdatedAt:         now,
+				Scope:             database.ParameterScopeTemplate,
+				ScopeID:           template.ID,
+				SourceScheme:      database.ParameterSourceSchemeData,
+				SourceValue:       value,
+				DestinationScheme: database.ParameterDestinationSchemeProvisionerVariable,
+			})
+			if err != nil {
+				return xerrors.Errorf("insert template-scoped parameter %q with value %q: %w", key, value, err)
+			}
+		}
+
+		return nil
+	})
+
+	return template, err
+}
+
 func getCreatedByNamesByTemplateIDs(ctx context.Context, db database.Store, templates []database.Template) (map[string]string, error) {
 	creators := make(map[string]string, len(templates))
 	for _, template := range templates {
 
@@ -1,6 +1,7 @@
 package coderd
 
 import (
+	"bytes"
 	"context"
 	"crypto/sha256"
 	"database/sql"
@@ -9,6 +10,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
 	"time"
 
@@ -18,6 +20,8 @@ import (
 	"github.com/tabbed/pqtype"
 	"golang.org/x/xerrors"
 
+	"cdr.dev/slog"
+
 	"github.com/coder/coder/coderd/database"
 	"github.com/coder/coder/coderd/gitsshkey"
 	"github.com/coder/coder/coderd/httpapi"
@@ -27,6 +31,7 @@ import (
 	"github.com/coder/coder/coderd/userpassword"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/cryptorand"
+	"github.com/coder/coder/examples"
 )
 
 // Returns whether the initial user has been created or not.
@@ -82,6 +87,8 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
 			Email:    createUser.Email,
 			Username: createUser.Username,
 			Password: createUser.Password,
+			// Create an org for the first user.
+			OrganizationID: uuid.Nil,
 		},
 		LoginType: database.LoginTypePassword,
 	})
@@ -116,6 +123,60 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Auto-import any designated templates into the new organization.
+	for _, template := range api.AutoImportTemplates {
+		archive, err := examples.Archive(string(template))
+		if err != nil {
+			httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error importing template.",
+				Detail:  xerrors.Errorf("load template archive for %q: %w", template, err).Error(),
+			})
+			return
+		}
+
+		// Determine which parameter values to use.
+		parameters := map[string]string{}
+		switch template {
+		case AutoImportTemplateKubernetes:
+
+			// Determine the current namespace we're in.
+			const namespaceFile = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
+			namespace, err := os.ReadFile(namespaceFile)
+			if err != nil {
+				parameters["use_kubeconfig"] = "true" // use ~/.config/kubeconfig
+				parameters["namespace"] = "coder-workspaces"
+			} else {
+				parameters["use_kubeconfig"] = "false" // use SA auth
+				parameters["namespace"] = string(bytes.TrimSpace(namespace))
+			}
+
+		default:
+			httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error importing template.",
+				Detail:  fmt.Sprintf("cannot auto-import %q template", template),
+			})
+			return
+		}
+
+		tpl, err := api.autoImportTemplate(r.Context(), autoImportTemplateOpts{
+			name:    string(template),
+			archive: archive,
+			params:  parameters,
+			userID:  user.ID,
+			orgID:   organizationID,
+		})
+		if err != nil {
+			api.Logger.Warn(r.Context(), "failed to auto-import template", slog.F("template", template), slog.F("parameters", parameters), slog.Error(err))
+			httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error importing template.",
+				Detail:  xerrors.Errorf("failed to import template %q: %w", template, err).Error(),
+			})
+			return
+		}
+
+		api.Logger.Info(r.Context(), "auto-imported template", slog.F("id", tpl.ID), slog.F("template", template), slog.F("parameters", parameters))
+	}
+
 	httpapi.Write(rw, http.StatusCreated, codersdk.CreateFirstUserResponse{
 		UserID:         user.ID,
 		OrganizationID: organizationID,
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ type Options struct {`
`66`	`66`	`Telemetry telemetry.Reporter`
`67`	`67`	`TURNServer *turnconn.Server`
`68`	`68`	`TracerProvider *sdktrace.TracerProvider`
	`69`	`+ AutoImportTemplates []AutoImportTemplate`
`69`	`70`	`LicenseHandler http.Handler`
`70`	`71`	`}`
`71`	`72`