coder
diff --git a/‎agent/proto/agent.pb.go
Lines changed: 384 additions & 374 deletions b/‎agent/proto/agent.pb.go
Lines changed: 384 additions & 374 deletions
diff --git a/‎agent/proto/agent.proto
Lines changed: 1 addition & 0 deletions b/‎agent/proto/agent.proto
Lines changed: 1 addition & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 3 additions & 0 deletions b/‎cli/server.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/agentapi/manifest.go
Lines changed: 1 addition & 0 deletions b/‎coderd/agentapi/manifest.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/agentapi/manifest_test.go
Lines changed: 5 additions & 0 deletions b/‎coderd/agentapi/manifest_test.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 2 additions & 0 deletions b/‎coderd/coderd.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 7 additions & 1 deletion b/‎coderd/coderdtest/coderdtest.go
Lines changed: 7 additions & 1 deletion
diff --git a/‎coderd/coderdtest/oidctest/idp.go
Lines changed: 13 additions & 4 deletions b/‎coderd/coderdtest/oidctest/idp.go
Lines changed: 13 additions & 4 deletions
diff --git a/‎coderd/database/db2sdk/db2sdk.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/db2sdk/db2sdk.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 23 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 23 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 16 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 16 additions & 0 deletions
diff --git a/‎coderd/database/dbgen/dbgen.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/dbgen/dbgen.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 39 additions & 8 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 39 additions & 8 deletions
@@ -41,6 +41,7 @@ message WorkspaceApp {
 		UNHEALTHY = 4;
 	}
 	Health health = 12;
+	bool hidden = 13;
 }
 
 message WorkspaceAgentScript {
 
@@ -57,6 +57,7 @@ import (
 	"cdr.dev/slog/sloggers/sloghuman"
 	"github.com/coder/coder/v2/coderd/entitlements"
 	"github.com/coder/coder/v2/coderd/notifications/reports"
+	"github.com/coder/coder/v2/coderd/runtimeconfig"
 	"github.com/coder/pretty"
 	"github.com/coder/quartz"
 	"github.com/coder/retry"
@@ -821,6 +822,8 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 				return err
 			}
 
+			options.RuntimeConfig = runtimeconfig.NewManager()
+
 			// This should be output before the logs start streaming.
 			cliui.Infof(inv.Stdout, "\n==> Logs will stream in below (press ctrl+c to gracefully exit):")
 
 
@@ -229,5 +229,6 @@ func dbAppToProto(dbApp database.WorkspaceApp, agent database.WorkspaceAgent, ow
 			Threshold: dbApp.HealthcheckThreshold,
 		},
 		Health: agentproto.WorkspaceApp_Health(healthRaw),
+		Hidden: dbApp.Hidden,
 	}, nil
 }
@@ -87,6 +87,7 @@ func TestGetManifest(t *testing.T) {
 				Subdomain:    false,
 				SharingLevel: database.AppSharingLevelPublic,
 				Health:       database.WorkspaceAppHealthDisabled,
+				Hidden:       false,
 			},
 			{
 				ID:                   uuid.New(),
@@ -102,6 +103,7 @@ func TestGetManifest(t *testing.T) {
 				HealthcheckUrl:       "http://localhost:4321/health",
 				HealthcheckInterval:  20,
 				HealthcheckThreshold: 5,
+				Hidden:               true,
 			},
 		}
 		scripts = []database.WorkspaceAgentScript{
@@ -182,6 +184,7 @@ func TestGetManifest(t *testing.T) {
 					Threshold: apps[0].HealthcheckThreshold,
 				},
 				Health: agentproto.WorkspaceApp_HEALTHY,
+				Hidden: false,
 			},
 			{
 				Id:            apps[1].ID[:],
@@ -200,6 +203,7 @@ func TestGetManifest(t *testing.T) {
 					Threshold: 0,
 				},
 				Health: agentproto.WorkspaceApp_DISABLED,
+				Hidden: false,
 			},
 			{
 				Id:            apps[2].ID[:],
@@ -218,6 +222,7 @@ func TestGetManifest(t *testing.T) {
 					Threshold: apps[2].HealthcheckThreshold,
 				},
 				Health: agentproto.WorkspaceApp_UNHEALTHY,
+				Hidden: true,
 			},
 		}
 		protoScripts = []*agentproto.WorkspaceAgentScript{
 
@@ -39,6 +39,7 @@ import (
 	"cdr.dev/slog"
 	"github.com/coder/coder/v2/coderd/entitlements"
 	"github.com/coder/coder/v2/coderd/idpsync"
+	"github.com/coder/coder/v2/coderd/runtimeconfig"
 	"github.com/coder/quartz"
 	"github.com/coder/serpent"
 
@@ -135,6 +136,7 @@ type Options struct {
 	Logger           slog.Logger
 	Database         database.Store
 	Pubsub           pubsub.Pubsub
+	RuntimeConfig    *runtimeconfig.Manager
 
 	// CacheDir is used for caching files served by the API.
 	CacheDir string
 
@@ -67,6 +67,7 @@ import (
 	"github.com/coder/coder/v2/coderd/notifications"
 	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/rbac/policy"
+	"github.com/coder/coder/v2/coderd/runtimeconfig"
 	"github.com/coder/coder/v2/coderd/schedule"
 	"github.com/coder/coder/v2/coderd/telemetry"
 	"github.com/coder/coder/v2/coderd/unhanger"
@@ -254,6 +255,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can
 	var acs dbauthz.AccessControlStore = dbauthz.AGPLTemplateAccessControlStore{}
 	accessControlStore.Store(&acs)
 
+	runtimeManager := runtimeconfig.NewManager()
 	options.Database = dbauthz.New(options.Database, options.Authorizer, *options.Logger, accessControlStore)
 
 	// Some routes expect a deployment ID, so just make sure one exists.
@@ -482,6 +484,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can
 			AppHostnameRegex:               appHostnameRegex,
 			Logger:                         *options.Logger,
 			CacheDir:                       t.TempDir(),
+			RuntimeConfig:                  runtimeManager,
 			Database:                       options.Database,
 			Pubsub:                         options.Pubsub,
 			ExternalAuthConfigs:            options.ExternalAuthConfigs,
@@ -1140,7 +1143,7 @@ func MustWorkspace(t testing.TB, client *codersdk.Client, workspaceID uuid.UUID)
 
 // RequestExternalAuthCallback makes a request with the proper OAuth2 state cookie
 // to the external auth callback endpoint.
-func RequestExternalAuthCallback(t testing.TB, providerID string, client *codersdk.Client) *http.Response {
+func RequestExternalAuthCallback(t testing.TB, providerID string, client *codersdk.Client, opts ...func(*http.Request)) *http.Response {
 	client.HTTPClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
 		return http.ErrUseLastResponse
 	}
@@ -1157,6 +1160,9 @@ func RequestExternalAuthCallback(t testing.TB, providerID string, client *coders
 		Name:  codersdk.SessionTokenCookie,
 		Value: client.SessionToken(),
 	})
+	for _, opt := range opts {
+		opt(req)
+	}
 	res, err := client.HTTPClient.Do(req)
 	require.NoError(t, err)
 	t.Cleanup(func() {
 
@@ -479,7 +479,6 @@ func (f *FakeIDP) AttemptLogin(t testing.TB, client *codersdk.Client, idTokenCla
 // This is a niche case, but it is needed for testing ConvertLoginType.
 func (f *FakeIDP) LoginWithClient(t testing.TB, client *codersdk.Client, idTokenClaims jwt.MapClaims, opts ...func(r *http.Request)) (*codersdk.Client, *http.Response) {
 	t.Helper()
-
 	path := "/api/v2/users/oidc/callback"
 	if f.callbackPath != "" {
 		path = f.callbackPath
@@ -489,13 +488,23 @@ func (f *FakeIDP) LoginWithClient(t testing.TB, client *codersdk.Client, idToken
 	f.SetRedirect(t, coderOauthURL.String())
 
 	cli := f.HTTPClient(client.HTTPClient)
-	cli.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+	redirectFn := cli.CheckRedirect
+	checkRedirect := func(req *http.Request, via []*http.Request) error {
 		// Store the idTokenClaims to the specific state request. This ties
 		// the claims 1:1 with a given authentication flow.
-		state := req.URL.Query().Get("state")
-		f.stateToIDTokenClaims.Store(state, idTokenClaims)
+		if state := req.URL.Query().Get("state"); state != "" {
+			f.stateToIDTokenClaims.Store(state, idTokenClaims)
+			return nil
+		}
+		// This is mainly intended to prevent the _last_ redirect
+		// The one involving the state param is a core part of the
+		// OIDC flow and shouldn't be redirected.
+		if redirectFn != nil {
+			return redirectFn(req, via)
+		}
 		return nil
 	}
+	cli.CheckRedirect = checkRedirect
 
 	req, err := http.NewRequestWithContext(context.Background(), "GET", coderOauthURL.String(), nil)
 	require.NoError(t, err)
 
@@ -517,6 +517,7 @@ func Apps(dbApps []database.WorkspaceApp, agent database.WorkspaceAgent, ownerNa
 				Threshold: dbApp.HealthcheckThreshold,
 			},
 			Health: codersdk.WorkspaceAppHealth(dbApp.Health),
+			Hidden: dbApp.Hidden,
 		})
 	}
 	return apps
 
@@ -1187,6 +1187,13 @@ func (q *querier) DeleteReplicasUpdatedBefore(ctx context.Context, updatedAt tim
 	return q.db.DeleteReplicasUpdatedBefore(ctx, updatedAt)
 }
 
+func (q *querier) DeleteRuntimeConfig(ctx context.Context, key string) error {
+	if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceSystem); err != nil {
+		return err
+	}
+	return q.db.DeleteRuntimeConfig(ctx, key)
+}
+
 func (q *querier) DeleteTailnetAgent(ctx context.Context, arg database.DeleteTailnetAgentParams) (database.DeleteTailnetAgentRow, error) {
 	if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceTailnetCoordinator); err != nil {
 		return database.DeleteTailnetAgentRow{}, err
@@ -1864,8 +1871,16 @@ func (q *querier) GetReplicasUpdatedAfter(ctx context.Context, updatedAt time.Ti
 	return q.db.GetReplicasUpdatedAfter(ctx, updatedAt)
 }
 
+<<<<<<< HEAD
 func (q *querier) GetReportGeneratorLogByUserAndTemplate(ctx context.Context, arg database.GetReportGeneratorLogByUserAndTemplateParams) (database.ReportGeneratorLog, error) {
 	panic("not implemented")
+=======
+func (q *querier) GetRuntimeConfig(ctx context.Context, key string) (string, error) {
+	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
+		return "", err
+	}
+	return q.db.GetRuntimeConfig(ctx, key)
+>>>>>>> main
 }
 
 func (q *querier) GetTailnetAgents(ctx context.Context, id uuid.UUID) ([]database.TailnetAgent, error) {
@@ -3922,8 +3937,16 @@ func (q *querier) UpsertProvisionerDaemon(ctx context.Context, arg database.Upse
 	return q.db.UpsertProvisionerDaemon(ctx, arg)
 }
 
+<<<<<<< HEAD
 func (q *querier) UpsertReportGeneratorLog(ctx context.Context, arg database.UpsertReportGeneratorLogParams) error {
 	panic("not implemented")
+=======
+func (q *querier) UpsertRuntimeConfig(ctx context.Context, arg database.UpsertRuntimeConfigParams) error {
+	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil {
+		return err
+	}
+	return q.db.UpsertRuntimeConfig(ctx, arg)
+>>>>>>> main
 }
 
 func (q *querier) UpsertTailnetAgent(ctx context.Context, arg database.UpsertTailnetAgentParams) (database.TailnetAgent, error) {
 
@@ -2696,6 +2696,22 @@ func (s *MethodTestSuite) TestSystemFunctions() {
 			AgentID:     uuid.New(),
 		}).Asserts(tpl, policy.ActionCreate)
 	}))
+	s.Run("DeleteRuntimeConfig", s.Subtest(func(db database.Store, check *expects) {
+		check.Args("test").Asserts(rbac.ResourceSystem, policy.ActionDelete)
+	}))
+	s.Run("GetRuntimeConfig", s.Subtest(func(db database.Store, check *expects) {
+		_ = db.UpsertRuntimeConfig(context.Background(), database.UpsertRuntimeConfigParams{
+			Key:   "test",
+			Value: "value",
+		})
+		check.Args("test").Asserts(rbac.ResourceSystem, policy.ActionRead)
+	}))
+	s.Run("UpsertRuntimeConfig", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.UpsertRuntimeConfigParams{
+			Key:   "test",
+			Value: "value",
+		}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
+	}))
 }
 
 func (s *MethodTestSuite) TestNotifications() {
 
@@ -547,6 +547,7 @@ func WorkspaceApp(t testing.TB, db database.Store, orig database.WorkspaceApp) d
 		HealthcheckThreshold: takeFirst(orig.HealthcheckThreshold, 60),
 		Health:               takeFirst(orig.Health, database.WorkspaceAppHealthHealthy),
 		DisplayOrder:         takeFirst(orig.DisplayOrder, 1),
+		Hidden:               orig.Hidden,
 	})
 	require.NoError(t, err, "insert app")
 	return resource
 
@@ -84,6 +84,7 @@ func New() database.Store {
 			workspaceProxies:          make([]database.WorkspaceProxy, 0),
 			customRoles:               make([]database.CustomRole, 0),
 			locks:                     map[int64]struct{}{},
+			runtimeConfig:             map[string]string{},
 		},
 	}
 	// Always start with a default org. Matching migration 198.
@@ -194,6 +195,7 @@ type data struct {
 	workspaces                    []database.Workspace
 	workspaceProxies              []database.WorkspaceProxy
 	customRoles                   []database.CustomRole
+	runtimeConfig                 map[string]string
 	// Locks is a map of lock names. Any keys within the map are currently
 	// locked.
 	locks                            map[int64]struct{}
@@ -1932,6 +1934,14 @@ func (q *FakeQuerier) DeleteReplicasUpdatedBefore(_ context.Context, before time
 	return nil
 }
 
+func (q *FakeQuerier) DeleteRuntimeConfig(_ context.Context, key string) error {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	delete(q.runtimeConfig, key)
+	return nil
+}
+
 func (*FakeQuerier) DeleteTailnetAgent(context.Context, database.DeleteTailnetAgentParams) (database.DeleteTailnetAgentRow, error) {
 	return database.DeleteTailnetAgentRow{}, ErrUnimplemented
 }
@@ -2666,14 +2676,14 @@ func (q *FakeQuerier) GetGroupMembersByGroupID(ctx context.Context, id uuid.UUID
 
 	var groupMembers []database.GroupMember
 	for _, member := range q.groupMembers {
-		groupMember, err := q.getGroupMemberNoLock(ctx, member.UserID, member.GroupID)
-		if errors.Is(err, errUserDeleted) {
-			continue
-		}
-		if err != nil {
-			return nil, err
-		}
 		if member.GroupID == id {
+			groupMember, err := q.getGroupMemberNoLock(ctx, member.UserID, member.GroupID)
+			if errors.Is(err, errUserDeleted) {
+				continue
+			}
+			if err != nil {
+				return nil, err
+			}
 			groupMembers = append(groupMembers, groupMember)
 		}
 	}
@@ -3527,6 +3537,18 @@ func (q *FakeQuerier) GetReportGeneratorLogByUserAndTemplate(ctx context.Context
 	panic("not implemented")
 }
 
+func (q *FakeQuerier) GetRuntimeConfig(_ context.Context, key string) (string, error) {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	val, ok := q.runtimeConfig[key]
+	if !ok {
+		return "", sql.ErrNoRows
+	}
+
+	return val, nil
+}
+
 func (*FakeQuerier) GetTailnetAgents(context.Context, uuid.UUID) ([]database.TailnetAgent, error) {
 	return nil, ErrUnimplemented
 }
@@ -7317,6 +7339,7 @@ func (q *FakeQuerier) InsertWorkspaceApp(_ context.Context, arg database.InsertW
 		HealthcheckInterval:  arg.HealthcheckInterval,
 		HealthcheckThreshold: arg.HealthcheckThreshold,
 		Health:               arg.Health,
+		Hidden:               arg.Hidden,
 		DisplayOrder:         arg.DisplayOrder,
 	}
 	q.workspaceApps = append(q.workspaceApps, workspaceApp)
@@ -9213,12 +9236,20 @@ func (q *FakeQuerier) UpsertProvisionerDaemon(_ context.Context, arg database.Up
 }
 
 func (q *FakeQuerier) UpsertReportGeneratorLog(ctx context.Context, arg database.UpsertReportGeneratorLogParams) error {
+	panic("not implemented")
+}
+
+func (q *FakeQuerier) UpsertRuntimeConfig(_ context.Context, arg database.UpsertRuntimeConfigParams) error {
 	err := validateDatabaseType(arg)
 	if err != nil {
 		return err
 	}
 
-	panic("not implemented")
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	q.runtimeConfig[arg.Key] = arg.Value
+	return nil
 }
 
 func (*FakeQuerier) UpsertTailnetAgent(context.Context, database.UpsertTailnetAgentParams) (database.TailnetAgent, error) {
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ message WorkspaceApp {`
`41`	`41`	`UNHEALTHY = 4;`
`42`	`42`	`}`
`43`	`43`	`Health health = 12;`
	`44`	`+ bool hidden = 13;`
`44`	`45`	`}`
`45`	`46`
`46`	`47`	`message WorkspaceAgentScript {`
Original file line number	Diff line number	Diff line change
`@@ -229,5 +229,6 @@ func dbAppToProto(dbApp database.WorkspaceApp, agent database.WorkspaceAgent, ow`
`229`	`229`	`Threshold: dbApp.HealthcheckThreshold,`
`230`	`230`	`},`
`231`	`231`	`Health: agentproto.WorkspaceApp_Health(healthRaw),`
	`232`	`+ Hidden: dbApp.Hidden,`
`232`	`233`	`}, nil`
`233`	`234`	`}`
Original file line number	Diff line number	Diff line change
`@@ -517,6 +517,7 @@ func Apps(dbApps []database.WorkspaceApp, agent database.WorkspaceAgent, ownerNa`
`517`	`517`	`Threshold: dbApp.HealthcheckThreshold,`
`518`	`518`	`},`
`519`	`519`	`Health: codersdk.WorkspaceAppHealth(dbApp.Health),`
	`520`	`+ Hidden: dbApp.Hidden,`
`520`	`521`	`})`
`521`	`522`	`}`
`522`	`523`	`return apps`