coder
diff --git a/‎Makefile
Lines changed: 1 addition & 1 deletion b/‎Makefile
Lines changed: 1 addition & 1 deletion
diff --git a/‎agent/agent.go
Lines changed: 4 additions & 12 deletions b/‎agent/agent.go
Lines changed: 4 additions & 12 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 1 addition & 2 deletions b/‎agent/agent_test.go
Lines changed: 1 addition & 2 deletions
diff --git a/‎agent/agentssh/agentssh.go
Lines changed: 4 additions & 4 deletions b/‎agent/agentssh/agentssh.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎agent/agentssh/agentssh_internal_test.go
Lines changed: 2 additions & 2 deletions b/‎agent/agentssh/agentssh_internal_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cli/server.go
Lines changed: 20 additions & 10 deletions b/‎cli/server.go
Lines changed: 20 additions & 10 deletions
diff --git a/‎cli/ssh_test.go
Lines changed: 1 addition & 1 deletion b/‎cli/ssh_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 7 additions & 2 deletions b/‎coderd/apidoc/docs.go
Lines changed: 7 additions & 2 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 2 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 2 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 33 additions & 11 deletions b/‎coderd/coderd.go
Lines changed: 33 additions & 11 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 5 additions & 3 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 5 additions & 3 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 2 additions & 1 deletion b/‎coderd/database/dump.sql
Lines changed: 2 additions & 1 deletion
@@ -526,7 +526,7 @@ cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(wildcard cli/*.tpl
 	go test ./cli -run="Test(CommandHelp|ServerYAML)" -update
 	touch "$@"
 
-helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES)
+helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.yaml) $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES)
 	go test ./helm/tests -run=TestUpdateGoldenFiles -update
 	touch "$@"
 
 
@@ -216,11 +216,12 @@ func (a *agent) collectMetadata(ctx context.Context, md codersdk.WorkspaceAgentM
 		// if it can guarantee the clocks are synchronized.
 		CollectedAt: time.Now(),
 	}
-	cmd, err := a.sshServer.CreateCommand(ctx, md.Script, nil)
+	cmdPty, err := a.sshServer.CreateCommand(ctx, md.Script, nil)
 	if err != nil {
 		result.Error = fmt.Sprintf("create cmd: %+v", err)
 		return result
 	}
+	cmd := cmdPty.AsExec()
 
 	cmd.Stdout = &out
 	cmd.Stderr = &out
@@ -842,10 +843,11 @@ func (a *agent) runScript(ctx context.Context, lifecycle, script string) error {
 		}()
 	}
 
-	cmd, err := a.sshServer.CreateCommand(ctx, script, nil)
+	cmdPty, err := a.sshServer.CreateCommand(ctx, script, nil)
 	if err != nil {
 		return xerrors.Errorf("create command: %w", err)
 	}
+	cmd := cmdPty.AsExec()
 	cmd.Stdout = writer
 	cmd.Stderr = writer
 	err = cmd.Run()
@@ -1044,16 +1046,6 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 			circularBuffer: circularBuffer,
 		}
 		a.reconnectingPTYs.Store(msg.ID, rpty)
-		go func() {
-			// CommandContext isn't respected for Windows PTYs right now,
-			// so we need to manually track the lifecycle.
-			// When the context has been completed either:
-			// 1. The timeout completed.
-			// 2. The parent context was canceled.
-			<-ctx.Done()
-			logger.Debug(ctx, "context done", slog.Error(ctx.Err()))
-			_ = process.Kill()
-		}()
 		// We don't need to separately monitor for the process exiting.
 		// When it exits, our ptty.OutputReader() will return EOF after
 		// reading all process output.
 
@@ -12,7 +12,6 @@ import (
 	"net/http/httptest"
 	"net/netip"
 	"os"
-	"os/exec"
 	"os/user"
 	"path"
 	"path/filepath"
@@ -1697,7 +1696,7 @@ func setupSSHCommand(t *testing.T, beforeArgs []string, afterArgs []string) (*pt
 		"host",
 	)
 	args = append(args, afterArgs...)
-	cmd := exec.Command("ssh", args...)
+	cmd := pty.Command("ssh", args...)
 	return ptytest.Start(t, cmd)
 }
 
 
@@ -255,7 +255,7 @@ func (s *Server) sessionStart(session ssh.Session, extraEnv []string) (retErr er
 	if isPty {
 		return s.startPTYSession(session, cmd, sshPty, windowSize)
 	}
-	return startNonPTYSession(session, cmd)
+	return startNonPTYSession(session, cmd.AsExec())
 }
 
 func startNonPTYSession(session ssh.Session, cmd *exec.Cmd) error {
@@ -287,7 +287,7 @@ type ptySession interface {
 	RawCommand() string
 }
 
-func (s *Server) startPTYSession(session ptySession, cmd *exec.Cmd, sshPty ssh.Pty, windowSize <-chan ssh.Window) (retErr error) {
+func (s *Server) startPTYSession(session ptySession, cmd *pty.Cmd, sshPty ssh.Pty, windowSize <-chan ssh.Window) (retErr error) {
 	ctx := session.Context()
 	// Disable minimal PTY emulation set by gliderlabs/ssh (NL-to-CRNL).
 	// See https://github.com/coder/coder/issues/3371.
@@ -413,7 +413,7 @@ func (s *Server) sftpHandler(session ssh.Session) {
 // CreateCommand processes raw command input with OpenSSH-like behavior.
 // If the script provided is empty, it will default to the users shell.
 // This injects environment variables specified by the user at launch too.
-func (s *Server) CreateCommand(ctx context.Context, script string, env []string) (*exec.Cmd, error) {
+func (s *Server) CreateCommand(ctx context.Context, script string, env []string) (*pty.Cmd, error) {
 	currentUser, err := user.Current()
 	if err != nil {
 		return nil, xerrors.Errorf("get current user: %w", err)
@@ -449,7 +449,7 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string)
 		}
 	}
 
-	cmd := exec.CommandContext(ctx, shell, args...)
+	cmd := pty.CommandContext(ctx, shell, args...)
 	cmd.Dir = manifest.Directory
 
 	// If the metadata directory doesn't exist, we run the command
 
@@ -7,14 +7,14 @@ import (
 	"context"
 	"io"
 	"net"
-	"os/exec"
 	"testing"
 
 	gliderssh "github.com/gliderlabs/ssh"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/coder/coder/pty"
 	"github.com/coder/coder/testutil"
 
 	"cdr.dev/slog/sloggers/slogtest"
@@ -52,7 +52,7 @@ func Test_sessionStart_orphan(t *testing.T) {
 	close(windowSize)
 	// the command gets the session context so that Go will terminate it when
 	// the session expires.
-	cmd := exec.CommandContext(sessionCtx, "sh", "-c", longScript)
+	cmd := pty.CommandContext(sessionCtx, "sh", "-c", longScript)
 
 	done := make(chan struct{})
 	go func() {
 
@@ -256,7 +256,13 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 			// which is caught by goleaks.
 			defer http.DefaultClient.CloseIdleConnections()
 
-			tracerProvider, sqlDriver := ConfigureTraceProvider(ctx, logger, inv, cfg)
+			tracerProvider, sqlDriver, closeTracing := ConfigureTraceProvider(ctx, logger, inv, cfg)
+			defer func() {
+				logger.Debug(ctx, "closing tracing")
+				traceCloseErr := shutdownWithTimeout(closeTracing, 5*time.Second)
+				logger.Debug(ctx, "tracing closed", slog.Error(traceCloseErr))
+			}()
+
 			httpServers, err := ConfigureHTTPServers(inv, cfg)
 			if err != nil {
 				return xerrors.Errorf("configure http(s): %w", err)
@@ -1179,6 +1185,7 @@ func newProvisionerDaemon(
 		return nil, xerrors.Errorf("mkdir %q: %w", cacheDir, err)
 	}
 
+	tracer := coderAPI.TracerProvider.Tracer(tracing.TracerName)
 	terraformClient, terraformServer := provisionersdk.MemTransportPipe()
 	wg.Add(1)
 	go func() {
@@ -1198,6 +1205,7 @@ func newProvisionerDaemon(
 			},
 			CachePath: cacheDir,
 			Logger:    logger,
+			Tracer:    tracer,
 		})
 		if err != nil && !xerrors.Is(err, context.Canceled) {
 			select {
@@ -1863,9 +1871,15 @@ func (s *HTTPServers) Close() {
 	}
 }
 
-func ConfigureTraceProvider(ctx context.Context, logger slog.Logger, inv *clibase.Invocation, cfg *codersdk.DeploymentValues) (trace.TracerProvider, string) {
+func ConfigureTraceProvider(
+	ctx context.Context,
+	logger slog.Logger,
+	inv *clibase.Invocation,
+	cfg *codersdk.DeploymentValues,
+) (trace.TracerProvider, string, func(context.Context) error) {
 	var (
-		tracerProvider trace.TracerProvider
+		tracerProvider = trace.NewNoopTracerProvider()
+		closeTracing   = func(context.Context) error { return nil }
 		sqlDriver      = "postgres"
 	)
 	// Coder tracing should be disabled if telemetry is disabled unless
@@ -1878,19 +1892,14 @@ func ConfigureTraceProvider(ctx context.Context, logger slog.Logger, inv *clibas
 	}
 
 	if cfg.Trace.Enable.Value() || shouldCoderTrace || cfg.Trace.HoneycombAPIKey != "" {
-		sdkTracerProvider, closeTracing, err := tracing.TracerProvider(ctx, "coderd", tracing.TracerOpts{
+		sdkTracerProvider, _closeTracing, err := tracing.TracerProvider(ctx, "coderd", tracing.TracerOpts{
 			Default:   cfg.Trace.Enable.Value(),
 			Coder:     shouldCoderTrace,
 			Honeycomb: cfg.Trace.HoneycombAPIKey.String(),
 		})
 		if err != nil {
 			logger.Warn(ctx, "start telemetry exporter", slog.Error(err))
 		} else {
-			// allow time for traces to flush even if command context is canceled
-			defer func() {
-				_ = shutdownWithTimeout(closeTracing, 5*time.Second)
-			}()
-
 			d, err := tracing.PostgresDriver(sdkTracerProvider, "coderd.database")
 			if err != nil {
 				logger.Warn(ctx, "start postgres tracing driver", slog.Error(err))
@@ -1899,9 +1908,10 @@ func ConfigureTraceProvider(ctx context.Context, logger slog.Logger, inv *clibas
 			}
 
 			tracerProvider = sdkTracerProvider
+			closeTracing = _closeTracing
 		}
 	}
-	return tracerProvider, sqlDriver
+	return tracerProvider, sqlDriver, closeTracing
 }
 
 func ConfigureHTTPServers(inv *clibase.Invocation, cfg *codersdk.DeploymentValues) (_ *HTTPServers, err error) {
 
@@ -540,7 +540,7 @@ Expire-Date: 0
 	require.NoError(t, err, "import ownertrust failed: %s", out)
 
 	// Start the GPG agent.
-	agentCmd := exec.CommandContext(ctx, gpgAgentPath, "--no-detach", "--extra-socket", extraSocketPath)
+	agentCmd := pty.CommandContext(ctx, gpgAgentPath, "--no-detach", "--extra-socket", extraSocketPath)
 	agentCmd.Env = append(agentCmd.Env, "GNUPGHOME="+gnupgHomeClient)
 	agentPTY, agentProc, err := pty.Start(agentCmd, pty.WithPTYOption(pty.WithGPGTTY()))
 	require.NoError(t, err, "launch agent failed")
 
@@ -235,6 +235,9 @@ func New(options *Options) *API {
 	if options.SSHConfig.HostnamePrefix == "" {
 		options.SSHConfig.HostnamePrefix = "coder."
 	}
+	if options.TracerProvider == nil {
+		options.TracerProvider = trace.NewNoopTracerProvider()
+	}
 	if options.SetUserGroups == nil {
 		options.SetUserGroups = func(ctx context.Context, _ database.Store, id uuid.UUID, groups []string) error {
 			options.Logger.Warn(ctx, "attempted to assign OIDC groups without enterprise license",
@@ -445,7 +448,7 @@ func New(options *Options) *API {
 			r.Route(fmt.Sprintf("/%s", gitAuthConfig.ID), func(r chi.Router) {
 				r.Use(
 					httpmw.ExtractOAuth2(gitAuthConfig, options.HTTPClient, nil),
-					apiKeyMiddleware,
+					apiKeyMiddlewareRedirect,
 				)
 				r.Get("/callback", api.gitAuthCallback(gitAuthConfig))
 			})
@@ -792,7 +795,16 @@ func New(options *Options) *API {
 		r.Get("/swagger/*", globalHTTPSwaggerHandler)
 	}
 
-	r.NotFound(compressHandler(http.HandlerFunc(api.siteHandler.ServeHTTP)).ServeHTTP)
+	// Add CSP headers to all static assets and pages. CSP headers only affect
+	// browsers, so these don't make sense on api routes.
+	cspMW := httpmw.CSPHeaders(func() []string {
+		if f := api.WorkspaceProxyHostsFn.Load(); f != nil {
+			return (*f)()
+		}
+		// By default we do not add extra websocket connections to the CSP
+		return []string{}
+	})
+	r.NotFound(cspMW(compressHandler(http.HandlerFunc(api.siteHandler.ServeHTTP))).ServeHTTP)
 	return api
 }
 
@@ -812,8 +824,14 @@ type API struct {
 	WorkspaceClientCoordinateOverride atomic.Pointer[func(rw http.ResponseWriter) bool]
 	TailnetCoordinator                atomic.Pointer[tailnet.Coordinator]
 	QuotaCommitter                    atomic.Pointer[proto.QuotaCommitter]
-	TemplateScheduleStore             *atomic.Pointer[schedule.TemplateScheduleStore]
-	DERPMapper                        atomic.Pointer[func(derpMap *tailcfg.DERPMap) *tailcfg.DERPMap]
+	// WorkspaceProxyHostsFn returns the hosts of healthy workspace proxies
+	// for header reasons.
+	WorkspaceProxyHostsFn atomic.Pointer[func() []string]
+	// TemplateScheduleStore is a pointer to an atomic pointer because this is
+	// passed to another struct, and we want them all to be the same reference.
+	TemplateScheduleStore *atomic.Pointer[schedule.TemplateScheduleStore]
+	// DERPMapper mutates the DERPMap to include workspace proxies.
+	DERPMapper atomic.Pointer[func(derpMap *tailcfg.DERPMap) *tailcfg.DERPMap]
 
 	HTTPAuth *HTTPAuthorizer
 
@@ -884,6 +902,7 @@ func compressHandler(h http.Handler) http.Handler {
 // CreateInMemoryProvisionerDaemon is an in-memory connection to a provisionerd.
 // Useful when starting coderd and provisionerd in the same process.
 func (api *API) CreateInMemoryProvisionerDaemon(ctx context.Context, debounce time.Duration) (client proto.DRPCProvisionerDaemonClient, err error) {
+	tracer := api.TracerProvider.Tracer(tracing.TracerName)
 	clientSession, serverSession := provisionersdk.MemTransportPipe()
 	defer func() {
 		if err != nil {
@@ -923,6 +942,7 @@ func (api *API) CreateInMemoryProvisionerDaemon(ctx context.Context, debounce ti
 		Provisioners:          daemon.Provisioners,
 		GitAuthConfigs:        api.GitAuthConfigs,
 		Telemetry:             api.Telemetry,
+		Tracer:                tracer,
 		Tags:                  tags,
 		QuotaCommitter:        &api.QuotaCommitter,
 		Auditor:               &api.Auditor,
@@ -933,14 +953,16 @@ func (api *API) CreateInMemoryProvisionerDaemon(ctx context.Context, debounce ti
 	if err != nil {
 		return nil, err
 	}
-	server := drpcserver.NewWithOptions(mux, drpcserver.Options{
-		Log: func(err error) {
-			if xerrors.Is(err, io.EOF) {
-				return
-			}
-			api.Logger.Debug(ctx, "drpc server error", slog.Error(err))
+	server := drpcserver.NewWithOptions(&tracing.DRPCHandler{Handler: mux},
+		drpcserver.Options{
+			Log: func(err error) {
+				if xerrors.Is(err, io.EOF) {
+					return
+				}
+				api.Logger.Debug(ctx, "drpc server error", slog.Error(err))
+			},
 		},
-	})
+	)
 	go func() {
 		err := server.Serve(ctx, serverSession)
 		if err != nil && !xerrors.Is(err, io.EOF) {
 
@@ -144,7 +144,8 @@ var (
 			},
 		}),
 		Scope: rbac.ScopeAll,
-	}
+	}.WithCachedASTValue()
+
 	subjectAutostart = rbac.Subject{
 		ID: uuid.Nil.String(),
 		Roles: rbac.Roles([]rbac.Role{
@@ -161,7 +162,8 @@ var (
 			},
 		}),
 		Scope: rbac.ScopeAll,
-	}
+	}.WithCachedASTValue()
+
 	subjectSystemRestricted = rbac.Subject{
 		ID: uuid.Nil.String(),
 		Roles: rbac.Roles([]rbac.Role{
@@ -188,7 +190,7 @@ var (
 			},
 		}),
 		Scope: rbac.ScopeAll,
-	}
+	}.WithCachedASTValue()
 )
 
 // AsProvisionerd returns a context with an actor that has permissions required
Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@ func (s *Server) sessionStart(session ssh.Session, extraEnv []string) (retErr er`
`255`	`255`	`if isPty {`
`256`	`256`	`return s.startPTYSession(session, cmd, sshPty, windowSize)`
`257`	`257`	`}`
`258`		`- return startNonPTYSession(session, cmd)`
	`258`	`+ return startNonPTYSession(session, cmd.AsExec())`
`259`	`259`	`}`
`260`	`260`
`261`	`261`	`func startNonPTYSession(session ssh.Session, cmd *exec.Cmd) error {`
`@@ -287,7 +287,7 @@ type ptySession interface {`
`287`	`287`	`RawCommand() string`
`288`	`288`	`}`
`289`	`289`
`290`		`-func (s Server) startPTYSession(session ptySession, cmd exec.Cmd, sshPty ssh.Pty, windowSize <-chan ssh.Window) (retErr error) {`
	`290`	`+func (s Server) startPTYSession(session ptySession, cmd pty.Cmd, sshPty ssh.Pty, windowSize <-chan ssh.Window) (retErr error) {`
`291`	`291`	`ctx := session.Context()`
`292`	`292`	`// Disable minimal PTY emulation set by gliderlabs/ssh (NL-to-CRNL).`
`293`	`293`	`// See https://github.com/coder/coder/issues/3371.`
`@@ -413,7 +413,7 @@ func (s *Server) sftpHandler(session ssh.Session) {`
`413`	`413`	`// CreateCommand processes raw command input with OpenSSH-like behavior.`
`414`	`414`	`// If the script provided is empty, it will default to the users shell.`
`415`	`415`	`// This injects environment variables specified by the user at launch too.`
`416`		`-func (s Server) CreateCommand(ctx context.Context, script string, env []string) (exec.Cmd, error) {`
	`416`	`+func (s Server) CreateCommand(ctx context.Context, script string, env []string) (pty.Cmd, error) {`
`417`	`417`	`currentUser, err := user.Current()`
`418`	`418`	`if err != nil {`
`419`	`419`	`return nil, xerrors.Errorf("get current user: %w", err)`
`@@ -449,7 +449,7 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string)`
`449`	`449`	`}`
`450`	`450`	`}`
`451`	`451`
`452`		`- cmd := exec.CommandContext(ctx, shell, args...)`
	`452`	`+ cmd := pty.CommandContext(ctx, shell, args...)`
`453`	`453`	`cmd.Dir = manifest.Directory`
`454`	`454`
`455`	`455`	`// If the metadata directory doesn't exist, we run the command`