Skip to content

Commit 53d17ff

Browse files
ammarioammario
committed
fixup! Update golden files
1 parent 6a70cfb commit 53d17ff

File tree

5 files changed

+49
-76
lines changed

5 files changed

+49
-76
lines changed

cli/deployment/config.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -467,6 +467,7 @@ func newConfig() *codersdk.DeploymentConfig {
467467
Usage: "Disables all rate limits. This is not recommended in production.",
468468
Flag: "dangerous-disable-rate-limits",
469469
Default: false,
470+
Hidden: true,
470471
},
471472
API: &codersdk.DeploymentConfigField[int]{
472473
Name: "API Rate Limit",
@@ -476,6 +477,7 @@ func newConfig() *codersdk.DeploymentConfig {
476477
EnvOverride: "CODER_API_RATE_LIMIT",
477478
Flag: "api-rate-limit",
478479
Default: 512,
480+
Hidden: true,
479481
},
480482
},
481483
// DEPRECATED: use Experiments instead.
@@ -538,12 +540,14 @@ func newConfig() *codersdk.DeploymentConfig {
538540
Usage: "Allow workspace apps that are not served from subdomains to be shared. Path-based app sharing is DISABLED by default for security purposes. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. Path-based apps can be disabled entirely with --disable-path-apps for further security.",
539541
Flag: "dangerous-allow-path-app-sharing",
540542
Default: false,
543+
Hidden: true,
541544
},
542545
AllowPathAppSiteOwnerAccess: &codersdk.DeploymentConfigField[bool]{
543546
Name: "DANGEROUS: Allow Site Owners to Access Path Apps",
544547
Usage: "Allow site-owners to access workspace apps from workspaces they do not own. Owners cannot access path-based apps they do not own by default. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. Path-based apps can be disabled entirely with --disable-path-apps for further security.",
545548
Flag: "dangerous-allow-path-app-site-owner-access",
546549
Default: false,
550+
Hidden: true,
547551
},
548552
},
549553
DisablePathApps: &codersdk.DeploymentConfigField[bool]{

cli/testdata/coder_agent_--help.golden

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,15 @@
11
Usage:
22
coder agent [flags]
33

4+
Auth Flags:
5+
--auth string Specify the authentication type to use for the agent.
6+
Consumes $CODER_AGENT_AUTH (default "token")
47
Operability Flags:
58
--log-dir string Specify the location for the agent log files.
69
Consumes $CODER_AGENT_LOG_DIR (default "/tmp")
710
--pprof-address string The address to serve pprof.
811
Consumes $CODER_AGENT_PPROF_ADDRESS (default "127.0.0.1:6060")
912
Other Flags:
10-
--auth string Specify the authentication type to use for the agent.
11-
Consumes $CODER_AGENT_AUTH (default "token")
1213
-h, --help help for agent
1314
--no-reap Do not start a process reaper.
1415

cli/testdata/coder_scaletest_create-workspaces_--help.golden

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,7 @@ It is recommended that all rate limits are disabled on the server before running
55
Usage:
66
coder scaletest create-workspaces [flags]
77

8-
Networking Flags:
9-
--connect-mode string Mode to use for connecting to the workspace. Can
10-
be 'derp' or 'direct'.
11-
Consumes $CODER_LOADTEST_CONNECT_MODE (default "derp")
8+
Operability Flags:
129
--trace Whether application tracing data is collected. It
1310
exports to a backend configured by environment
1411
variables. See:
@@ -18,7 +15,6 @@ Networking Flags:
1815
We recommend keeping this disabled unless we
1916
advise you to enable it.
2017
Consumes $CODER_LOADTEST_TRACE_CODER
21-
Operability Flags:
2218
--trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io using the
2319
provided API key.
2420
Consumes $CODER_LOADTEST_TRACE_HONEYCOMB_API_KEY
@@ -50,6 +46,9 @@ Other Flags:
5046
--connect-interval duration How long to wait between making requests to the
5147
--connect-url once the connection is established.
5248
Consumes $CODER_LOADTEST_CONNECT_INTERVAL (default 1s)
49+
--connect-mode string Mode to use for connecting to the workspace. Can
50+
be 'derp' or 'direct'.
51+
Consumes $CODER_LOADTEST_CONNECT_MODE (default "derp")
5352
--connect-timeout duration Timeout for each request to the --connect-url.
5453
Consumes $CODER_LOADTEST_CONNECT_TIMEOUT (default 5s)
5554
--connect-url string URL to connect to inside the the workspace over

cli/testdata/coder_server_--help.golden

Lines changed: 19 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -138,12 +138,6 @@ Networking Flags:
138138
"tls11", "tls12" or "tls13"
139139
Consumes $CODER_TLS_MIN_VERSION
140140
(default "tls12")
141-
--trace Whether application tracing data is
142-
collected. It exports to a backend
143-
configured by environment variables.
144-
See:
145-
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md
146-
Consumes $CODER_TRACE_ENABLE
147141
--update-check Periodically check for new releases
148142
of Coder and inform the owner. The
149143
check is performed once per day.
@@ -153,6 +147,19 @@ Networking Flags:
153147
the form "*.example.com".
154148
Consumes $CODER_WILDCARD_ACCESS_URL
155149
Auth Flags:
150+
--disable-password-auth coder server create-admin Disable password authentication.
151+
This is recommended for security
152+
purposes in production deployments
153+
that rely on an identity provider.
154+
Any user with the owner role will be
155+
able to sign in with their password
156+
regardless of this setting to avoid
157+
potential lock out. If you are
158+
locked out of your account, you can
159+
use the coder server create-admin
160+
command to create a new admin user
161+
directly in the database.
162+
Consumes $CODER_DISABLE_PASSWORD_AUTH
156163
--disable-session-expiry-refresh Disable automatic session expiry
157164
bumping due to activity. This forces
158165
all sessions to become invalid after
@@ -261,6 +268,12 @@ Operability Flags:
261268
address defined by prometheus
262269
address.
263270
Consumes $CODER_PROMETHEUS_ENABLE
271+
--trace Whether application tracing data is
272+
collected. It exports to a backend
273+
configured by environment variables.
274+
See:
275+
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md
276+
Consumes $CODER_TRACE_ENABLE
264277
--trace-honeycomb-api-key string Enables trace exporting to
265278
Honeycomb.io using the provided API
266279
Key.
@@ -294,65 +307,12 @@ Provisioning Flags:
294307
Consumes
295308
$CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default 10m0s)
296309
Other Flags:
297-
--api-rate-limit int Maximum number of requests per
298-
minute allowed to the API per user,
299-
or per IP address for
300-
unauthenticated users. Negative
301-
values mean no rate limit. Some API
302-
endpoints have separate strict rate
303-
limits regardless of this value to
304-
prevent denial-of-service or brute
305-
force attacks.
306-
Consumes $CODER_API_RATE_LIMIT
307-
(default 512)
308310
--cache-dir string The directory to cache temporary
309311
files. If unspecified and
310312
$CACHE_DIRECTORY is set, it will be
311313
used for compatibility with systemd.
312314
Consumes $CODER_CACHE_DIRECTORY
313315
(default "~/.cache/coder")
314-
--dangerous-allow-path-app-sharing Allow workspace apps that are not
315-
served from subdomains to be shared.
316-
Path-based app sharing is DISABLED
317-
by default for security purposes.
318-
Path-based apps can make requests to
319-
the Coder API and pose a security
320-
risk when the workspace serves
321-
malicious JavaScript. Path-based
322-
apps can be disabled entirely with
323-
--disable-path-apps for further
324-
security.
325-
Consumes
326-
$CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
327-
--dangerous-allow-path-app-site-owner-access Allow site-owners to access
328-
workspace apps from workspaces they
329-
do not own. Owners cannot access
330-
path-based apps they do not own by
331-
default. Path-based apps can make
332-
requests to the Coder API and pose a
333-
security risk when the workspace
334-
serves malicious JavaScript.
335-
Path-based apps can be disabled
336-
entirely with --disable-path-apps
337-
for further security.
338-
Consumes
339-
$CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
340-
--dangerous-disable-rate-limits Disables all rate limits. This is
341-
not recommended in production.
342-
Consumes $CODER_RATE_LIMIT_DISABLE_ALL
343-
--disable-password-auth coder server create-admin Disable password authentication.
344-
This is recommended for security
345-
purposes in production deployments
346-
that rely on an identity provider.
347-
Any user with the owner role will be
348-
able to sign in with their password
349-
regardless of this setting to avoid
350-
potential lock out. If you are
351-
locked out of your account, you can
352-
use the coder server create-admin
353-
command to create a new admin user
354-
directly in the database.
355-
Consumes $CODER_DISABLE_PASSWORD_AUTH
356316
--disable-path-apps Disable workspace apps that are not
357317
served from subdomains. Path-based
358318
apps can make requests to the Coder

cli/usage.go

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -60,21 +60,22 @@ var flagCategories = []flagCategory{
6060
{
6161
name: "Networking",
6262
matchers: []*regexp.Regexp{
63-
regexp.MustCompile("derp"),
64-
regexp.MustCompile("access-url"),
65-
regexp.MustCompile("http-address"),
66-
regexp.MustCompile("proxy"),
67-
regexp.MustCompile("auth-cookie"),
68-
regexp.MustCompile("strict-transport"),
69-
regexp.MustCompile("tls"),
70-
regexp.MustCompile("telemetry"),
71-
regexp.MustCompile("update-check"),
63+
regexp.MustCompile("-derp"),
64+
regexp.MustCompile("-access-url"),
65+
regexp.MustCompile("-http-address"),
66+
regexp.MustCompile("-proxy"),
67+
regexp.MustCompile("-auth-cookie"),
68+
regexp.MustCompile("-strict-transport"),
69+
regexp.MustCompile("-tls"),
70+
// NOT open-telemetry
71+
regexp.MustCompile("--telemetry"),
72+
regexp.MustCompile("-update-check"),
7273
},
7374
},
7475
{
7576
name: "Auth",
7677
matchers: []*regexp.Regexp{
77-
regexp.MustCompile("oauth2"),
78+
regexp.MustCompile(`-\w*auth`),
7879
regexp.MustCompile("oidc"),
7980
regexp.MustCompile(`-\w*token`),
8081
regexp.MustCompile("session"),
@@ -127,6 +128,14 @@ func categorizeFlags(usageOutput string) string {
127128
if _, ok := categories[cat.name]; !ok {
128129
categories[cat.name] = &bytes.Buffer{}
129130
}
131+
if os.Getenv("DEBUG_FLAG_CATEGORIZATION") != "" {
132+
_, _ = os.Stderr.WriteString(
133+
fmt.Sprintf(
134+
"--- \n%s\nwas matched by `%s`\n---\n",
135+
currentFlag.String(), matcher.String(),
136+
),
137+
)
138+
}
130139
_, _ = categories[cat.name].WriteString(currentFlag.String())
131140
currentFlag.Reset()
132141
return

0 commit comments

Comments
 (0)