coder
diff --git a/‎.vscode/settings.json
+1 b/‎.vscode/settings.json
+1
diff --git a/‎Makefile
+3-2 b/‎Makefile
+3-2
diff --git a/‎cli/state.go
+6-4 b/‎cli/state.go
+6-4
diff --git a/‎cli/templatepull_test.go
+26-14 b/‎cli/templatepull_test.go
+26-14
diff --git a/‎cli/testdata/coder_state_--help.golden
+2-2 b/‎cli/testdata/coder_state_--help.golden
+2-2
diff --git a/‎cli/testdata/coder_state_pull_--help.golden
+2 b/‎cli/testdata/coder_state_pull_--help.golden
+2
diff --git a/‎cli/testdata/coder_state_push_--help.golden
+2 b/‎cli/testdata/coder_state_push_--help.golden
+2
diff --git a/‎cli/testdata/coder_tokens_list_--help.golden
+4-1 b/‎cli/testdata/coder_tokens_list_--help.golden
+4-1
diff --git a/‎cli/tokens.go
+67-8 b/‎cli/tokens.go
+67-8
diff --git a/‎coderd/apikey.go
+29-8 b/‎coderd/apikey.go
+29-8
diff --git a/‎coderd/apikey_test.go
+5-5 b/‎coderd/apikey_test.go
+5-5
diff --git a/‎coderd/coderdtest/authorize.go
+3-1 b/‎coderd/coderdtest/authorize.go
+3-1
diff --git a/‎coderd/database/dbauthz/querier.go
+4 b/‎coderd/database/dbauthz/querier.go
+4
@@ -113,6 +113,7 @@
     "stretchr",
     "STTY",
     "stuntest",
+    "tanstack",
     "tailbroker",
     "tailcfg",
     "tailexchange",
 
@@ -501,9 +501,10 @@ docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/me
 	yarn run format:write:only ../docs/admin/prometheus.md
 
 docs/cli/coder.md: scripts/clidocgen/main.go $(GO_SRC_FILES) docs/manifest.json
-	BASE_PATH="." go run scripts/clidocgen/main.go
+	rm -rf ./docs/cli/*.md
+	BASE_PATH="." go run ./scripts/clidocgen
 	cd site
-	yarn run format:write:only ../docs/cli/*.md ../docs/manifest.json
+	yarn run format:write:only ../docs/cli.md ../docs/cli/*.md ../docs/manifest.json
 
 docs/admin/audit-logs.md: scripts/auditdocgen/main.go enterprise/audit/table.go
 	go run scripts/auditdocgen/main.go
 
@@ -27,8 +27,9 @@ func state() *cobra.Command {
 func statePull() *cobra.Command {
 	var buildNumber int
 	cmd := &cobra.Command{
-		Use:  "pull <workspace> [file]",
-		Args: cobra.MinimumNArgs(1),
+		Use:   "pull <workspace> [file]",
+		Short: "Pull a Terraform state file from a workspace.",
+		Args:  cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client, err := CreateClient(cmd)
 			if err != nil {
@@ -68,8 +69,9 @@ func statePull() *cobra.Command {
 func statePush() *cobra.Command {
 	var buildNumber int
 	cmd := &cobra.Command{
-		Use:  "push <workspace> <file>",
-		Args: cobra.ExactArgs(2),
+		Use:   "push <workspace> <file>",
+		Args:  cobra.ExactArgs(2),
+		Short: "Push a Terraform state file to a workspace.",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client, err := CreateClient(cmd)
 			if err != nil {
 
@@ -3,14 +3,14 @@ package cli_test
 import (
 	"bytes"
 	"context"
-	"io"
+	"crypto/sha256"
+	"encoding/hex"
 	"os"
 	"path/filepath"
 	"testing"
 
 	"github.com/codeclysm/extract"
 	"github.com/google/uuid"
-	"github.com/ory/dockertest/v3/docker/pkg/archive"
 	"github.com/stretchr/testify/require"
 
 	"github.com/coder/coder/cli/clitest"
@@ -20,6 +20,26 @@ import (
 	"github.com/coder/coder/pty/ptytest"
 )
 
+// dirSum calculates a checksum of the files in a directory.
+func dirSum(t *testing.T, dir string) string {
+	ents, err := os.ReadDir(dir)
+	require.NoError(t, err)
+	sum := sha256.New()
+	for _, e := range ents {
+		path := filepath.Join(dir, e.Name())
+
+		stat, err := os.Stat(path)
+		require.NoError(t, err)
+
+		byt, err := os.ReadFile(
+			path,
+		)
+		require.NoError(t, err, "mode: %+v", stat.Mode())
+		_, _ = sum.Write(byt)
+	}
+	return hex.EncodeToString(sum.Sum(nil))
+}
+
 func TestTemplatePull(t *testing.T) {
 	t.Parallel()
 
@@ -119,18 +139,10 @@ func TestTemplatePull(t *testing.T) {
 
 		require.NoError(t, <-errChan)
 
-		expectedTarRd, err := archive.Tar(expectedDest, archive.Uncompressed)
-		require.NoError(t, err)
-		expectedTar, err := io.ReadAll(expectedTarRd)
-		require.NoError(t, err)
-
-		actualTarRd, err := archive.Tar(actualDest, archive.Uncompressed)
-		require.NoError(t, err)
-
-		actualTar, err := io.ReadAll(actualTarRd)
-		require.NoError(t, err)
-
-		require.True(t, bytes.Equal(expectedTar, actualTar), "tar files differ")
+		require.Equal(t,
+			dirSum(t, expectedDest),
+			dirSum(t, actualDest),
+		)
 	})
 
 	// FolderConflict tests that 'templates pull' fails when a folder with has
 
@@ -6,8 +6,8 @@ Usage:
   coder state [command]
 
 Commands:
-  pull        
-  push        
+  pull        Pull a Terraform state file from a workspace.
+  push        Push a Terraform state file to a workspace.
 
 Flags:
   -h, --help   help for state
 
@@ -1,3 +1,5 @@
+Pull a Terraform state file from a workspace.
+
 Usage:
   coder state pull <workspace> [file] [flags]
 
 
@@ -1,3 +1,5 @@
+Push a Terraform state file to a workspace.
+
 Usage:
   coder state push <workspace> <file> [flags]
 
 
@@ -7,8 +7,11 @@ Aliases:
   list, ls
 
 Flags:
+  -a, --all              Specifies whether all users' tokens will be listed or not (must have
+                         Owner role to see all tokens).
   -c, --column strings   Columns to display in table output. Available columns: id, last used,
-                         expires at, created at (default [id,last used,expires at,created at])
+                         expires at, created at, owner (default [id,last used,expires
+                         at,created at])
   -h, --help             help for list
   -o, --output string    Output format. Available formats: table, json (default "table")
 
 
@@ -2,10 +2,13 @@ package cli
 
 import (
 	"fmt"
+	"os"
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/spf13/cobra"
+	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
 	"github.com/coder/coder/cli/cliflag"
@@ -83,12 +86,47 @@ func createToken() *cobra.Command {
 	return cmd
 }
 
+// tokenListRow is the type provided to the OutputFormatter.
+type tokenListRow struct {
+	// For JSON format:
+	codersdk.APIKey `table:"-"`
+
+	// For table format:
+	ID        string    `json:"-" table:"id,default_sort"`
+	LastUsed  time.Time `json:"-" table:"last used"`
+	ExpiresAt time.Time `json:"-" table:"expires at"`
+	CreatedAt time.Time `json:"-" table:"created at"`
+	Owner     string    `json:"-" table:"owner"`
+}
+
+func tokenListRowFromToken(token codersdk.APIKey, usersByID map[uuid.UUID]codersdk.User) tokenListRow {
+	user := usersByID[token.UserID]
+
+	return tokenListRow{
+		APIKey:    token,
+		ID:        token.ID,
+		LastUsed:  token.LastUsed,
+		ExpiresAt: token.ExpiresAt,
+		CreatedAt: token.CreatedAt,
+		Owner:     user.Username,
+	}
+}
+
 func listTokens() *cobra.Command {
-	formatter := cliui.NewOutputFormatter(
-		cliui.TableFormat([]codersdk.APIKey{}, nil),
-		cliui.JSONFormat(),
-	)
+	// we only display the 'owner' column if the --all argument is passed in
+	defaultCols := []string{"id", "last used", "expires at", "created at"}
+	if slices.Contains(os.Args, "-a") || slices.Contains(os.Args, "--all") {
+		defaultCols = append(defaultCols, "owner")
+	}
 
+	var (
+		all           bool
+		displayTokens []tokenListRow
+		formatter     = cliui.NewOutputFormatter(
+			cliui.TableFormat([]tokenListRow{}, defaultCols),
+			cliui.JSONFormat(),
+		)
+	)
 	cmd := &cobra.Command{
 		Use:     "list",
 		Aliases: []string{"ls"},
@@ -99,18 +137,36 @@ func listTokens() *cobra.Command {
 				return xerrors.Errorf("create codersdk client: %w", err)
 			}
 
-			keys, err := client.Tokens(cmd.Context(), codersdk.Me)
+			tokens, err := client.Tokens(cmd.Context(), codersdk.Me, codersdk.TokensFilter{
+				IncludeAll: all,
+			})
 			if err != nil {
-				return xerrors.Errorf("create tokens: %w", err)
+				return xerrors.Errorf("list tokens: %w", err)
 			}
 
-			if len(keys) == 0 {
+			if len(tokens) == 0 {
 				cmd.Println(cliui.Styles.Wrap.Render(
 					"No tokens found.",
 				))
 			}
 
-			out, err := formatter.Format(cmd.Context(), keys)
+			userRes, err := client.Users(cmd.Context(), codersdk.UsersRequest{})
+			if err != nil {
+				return err
+			}
+
+			usersByID := map[uuid.UUID]codersdk.User{}
+			for _, user := range userRes.Users {
+				usersByID[user.ID] = user
+			}
+
+			displayTokens = make([]tokenListRow, len(tokens))
+
+			for i, token := range tokens {
+				displayTokens[i] = tokenListRowFromToken(token, usersByID)
+			}
+
+			out, err := formatter.Format(cmd.Context(), displayTokens)
 			if err != nil {
 				return err
 			}
@@ -120,6 +176,9 @@ func listTokens() *cobra.Command {
 		},
 	}
 
+	cmd.Flags().BoolVarP(&all, "all", "a", false,
+		"Specifies whether all users' tokens will be listed or not (must have Owner role to see all tokens).")
+
 	formatter.AttachFlags(cmd)
 	return cmd
 }
 
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"strconv"
 	"time"
 
 	"github.com/go-chi/chi/v5"
@@ -175,15 +176,35 @@ func (api *API) apiKey(rw http.ResponseWriter, r *http.Request) {
 // @Success 200 {array} codersdk.APIKey
 // @Router /users/{user}/keys/tokens [get]
 func (api *API) tokens(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
+	var (
+		ctx           = r.Context()
+		user          = httpmw.UserParam(r)
+		keys          []database.APIKey
+		err           error
+		queryStr      = r.URL.Query().Get("include_all")
+		includeAll, _ = strconv.ParseBool(queryStr)
+	)
 
-	keys, err := api.Database.GetAPIKeysByLoginType(ctx, database.LoginTypeToken)
-	if err != nil {
-		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
-			Message: "Internal error fetching API keys.",
-			Detail:  err.Error(),
-		})
-		return
+	if includeAll {
+		// get tokens for all users
+		keys, err = api.Database.GetAPIKeysByLoginType(ctx, database.LoginTypeToken)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error fetching API keys.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+	} else {
+		// get user's tokens only
+		keys, err = api.Database.GetAPIKeysByUserID(ctx, database.GetAPIKeysByUserIDParams{LoginType: database.LoginTypeToken, UserID: user.ID})
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error fetching API keys.",
+				Detail:  err.Error(),
+			})
+			return
+		}
 	}
 
 	keys, err = AuthorizeFilter(api.HTTPAuth, r, rbac.ActionRead, keys)
 
@@ -24,15 +24,15 @@ func TestTokenCRUD(t *testing.T) {
 	defer cancel()
 	client := coderdtest.New(t, nil)
 	_ = coderdtest.CreateFirstUser(t, client)
-	keys, err := client.Tokens(ctx, codersdk.Me)
+	keys, err := client.Tokens(ctx, codersdk.Me, codersdk.TokensFilter{})
 	require.NoError(t, err)
 	require.Empty(t, keys)
 
 	res, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{})
 	require.NoError(t, err)
 	require.Greater(t, len(res.Key), 2)
 
-	keys, err = client.Tokens(ctx, codersdk.Me)
+	keys, err = client.Tokens(ctx, codersdk.Me, codersdk.TokensFilter{})
 	require.NoError(t, err)
 	require.EqualValues(t, len(keys), 1)
 	require.Contains(t, res.Key, keys[0].ID)
@@ -45,7 +45,7 @@ func TestTokenCRUD(t *testing.T) {
 
 	err = client.DeleteAPIKey(ctx, codersdk.Me, keys[0].ID)
 	require.NoError(t, err)
-	keys, err = client.Tokens(ctx, codersdk.Me)
+	keys, err = client.Tokens(ctx, codersdk.Me, codersdk.TokensFilter{})
 	require.NoError(t, err)
 	require.Empty(t, keys)
 }
@@ -64,7 +64,7 @@ func TestTokenScoped(t *testing.T) {
 	require.NoError(t, err)
 	require.Greater(t, len(res.Key), 2)
 
-	keys, err := client.Tokens(ctx, codersdk.Me)
+	keys, err := client.Tokens(ctx, codersdk.Me, codersdk.TokensFilter{})
 	require.NoError(t, err)
 	require.EqualValues(t, len(keys), 1)
 	require.Contains(t, res.Key, keys[0].ID)
@@ -83,7 +83,7 @@ func TestTokenDuration(t *testing.T) {
 		Lifetime: time.Hour * 24 * 7,
 	})
 	require.NoError(t, err)
-	keys, err := client.Tokens(ctx, codersdk.Me)
+	keys, err := client.Tokens(ctx, codersdk.Me, codersdk.TokensFilter{})
 	require.NoError(t, err)
 	require.Greater(t, keys[0].ExpiresAt, time.Now().Add(time.Hour*6*24))
 	require.Less(t, keys[0].ExpiresAt, time.Now().Add(time.Hour*8*24))
 
@@ -347,7 +347,9 @@ func NewAuthTester(ctx context.Context, t *testing.T, client *codersdk.Client, a
 	})
 	require.NoError(t, err, "create token")
 
-	apiKeys, err := client.Tokens(ctx, admin.UserID.String())
+	apiKeys, err := client.Tokens(ctx, admin.UserID.String(), codersdk.TokensFilter{
+		IncludeAll: true,
+	})
 	require.NoError(t, err, "get tokens")
 	apiKey := apiKeys[0]
 
 
@@ -40,6 +40,10 @@ func (q *querier) GetAPIKeysByLoginType(ctx context.Context, loginType database.
 	return fetchWithPostFilter(q.auth, q.db.GetAPIKeysByLoginType)(ctx, loginType)
 }
 
+func (q *querier) GetAPIKeysByUserID(ctx context.Context, params database.GetAPIKeysByUserIDParams) ([]database.APIKey, error) {
+	return fetchWithPostFilter(q.auth, q.db.GetAPIKeysByUserID)(ctx, database.GetAPIKeysByUserIDParams{LoginType: params.LoginType, UserID: params.UserID})
+}
+
 func (q *querier) GetAPIKeysLastUsedAfter(ctx context.Context, lastUsed time.Time) ([]database.APIKey, error) {
 	return fetchWithPostFilter(q.auth, q.db.GetAPIKeysLastUsedAfter)(ctx, lastUsed)
 }
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+Pull a Terraform state file from a workspace.`
	`2`	`+`
`1`	`3`	`Usage:`
`2`	`4`	`coder state pull <workspace> [file] [flags]`
`3`	`5`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+Push a Terraform state file to a workspace.`
	`2`	`+`
`1`	`3`	`Usage:`
`2`	`4`	`coder state push <workspace> <file> [flags]`
`3`	`5`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,10 @@ func (q *querier) GetAPIKeysByLoginType(ctx context.Context, loginType database.`
`40`	`40`	`return fetchWithPostFilter(q.auth, q.db.GetAPIKeysByLoginType)(ctx, loginType)`
`41`	`41`	`}`
`42`	`42`
	`43`	`+func (q *querier) GetAPIKeysByUserID(ctx context.Context, params database.GetAPIKeysByUserIDParams) ([]database.APIKey, error) {`
	`44`	`+ return fetchWithPostFilter(q.auth, q.db.GetAPIKeysByUserID)(ctx, database.GetAPIKeysByUserIDParams{LoginType: params.LoginType, UserID: params.UserID})`
	`45`	`+}`
	`46`	`+`
`43`	`47`	`func (q *querier) GetAPIKeysLastUsedAfter(ctx context.Context, lastUsed time.Time) ([]database.APIKey, error) {`
`44`	`48`	`return fetchWithPostFilter(q.auth, q.db.GetAPIKeysLastUsedAfter)(ctx, lastUsed)`
`45`	`49`	`}`