coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 0 additions & 1 deletion b/‎coderd/apidoc/docs.go
Lines changed: 0 additions & 1 deletion
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 1 addition & 1 deletion b/‎coderd/apidoc/swagger.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/userauth.go
Lines changed: 5 additions & 1 deletion b/‎coderd/userauth.go
Lines changed: 5 additions & 1 deletion
diff --git a/‎coderd/users.go
Lines changed: 43 additions & 15 deletions b/‎coderd/users.go
Lines changed: 43 additions & 15 deletions
diff --git a/‎coderd/users_test.go
Lines changed: 35 additions & 3 deletions b/‎coderd/users_test.go
Lines changed: 35 additions & 3 deletions
diff --git a/‎codersdk/users.go
Lines changed: 1 addition & 1 deletion b/‎codersdk/users.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/admin/configure.md
Lines changed: 11 additions & 0 deletions b/‎docs/admin/configure.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎docs/api/schemas.md
Lines changed: 1 addition & 1 deletion b/‎docs/api/schemas.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎dogfood/Dockerfile
Lines changed: 2 additions & 3 deletions b/‎dogfood/Dockerfile
Lines changed: 2 additions & 3 deletions
diff --git a/‎dogfood/files/usr/share/keyrings/ansible.gpg
-852 Bytes b/‎dogfood/files/usr/share/keyrings/ansible.gpg
-852 Bytes
@@ -921,7 +921,11 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
 					Username:       params.Username,
 					OrganizationID: organizationID,
 				},
-				LoginType: params.LoginType,
+				// All of the userauth tests depend on this being able to create
+				// the first organization. It shouldn't be possible in normal
+				// operation.
+				CreateOrganization: len(organizations) == 0,
+				LoginType:          params.LoginType,
 			})
 			if err != nil {
 				return xerrors.Errorf("create user: %w", err)
 
@@ -128,7 +128,8 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
 			// Create an org for the first user.
 			OrganizationID: uuid.Nil,
 		},
-		LoginType: database.LoginTypePassword,
+		CreateOrganization: true,
+		LoginType:          database.LoginTypePassword,
 	})
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
@@ -313,19 +314,41 @@ func (api *API) postUser(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err = api.Database.GetOrganizationByID(ctx, req.OrganizationID)
-	if httpapi.Is404Error(err) {
-		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
-			Message: fmt.Sprintf("Organization does not exist with the provided id %q.", req.OrganizationID),
-		})
-		return
-	}
-	if err != nil {
-		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
-			Message: "Internal error fetching organization.",
-			Detail:  err.Error(),
-		})
-		return
+	if req.OrganizationID != uuid.Nil {
+		// If an organization was provided, make sure it exists.
+		_, err := api.Database.GetOrganizationByID(ctx, req.OrganizationID)
+		if err != nil {
+			if httpapi.Is404Error(err) {
+				httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
+					Message: fmt.Sprintf("Organization does not exist with the provided id %q.", req.OrganizationID),
+				})
+				return
+			}
+
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error fetching organization.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+	} else {
+		// If no organization is provided, add the user to the first
+		// organization.
+		organizations, err := api.Database.GetOrganizations(ctx)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Internal error fetching orgs.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+
+		if len(organizations) > 0 {
+			// Add the user to the first organization. Once multi-organization
+			// support is added, we should enable a configuration map of user
+			// email to organization.
+			req.OrganizationID = organizations[0].ID
+		}
 	}
 
 	err = userpassword.Validate(req.Password)
@@ -955,7 +978,8 @@ func (api *API) organizationByUserAndName(rw http.ResponseWriter, r *http.Reques
 
 type CreateUserRequest struct {
 	codersdk.CreateUserRequest
-	LoginType database.LoginType
+	CreateOrganization bool
+	LoginType          database.LoginType
 }
 
 func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error) {
@@ -964,6 +988,10 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
 		orgRoles := make([]string, 0)
 		// If no organization is provided, create a new one for the user.
 		if req.OrganizationID == uuid.Nil {
+			if !req.CreateOrganization {
+				return xerrors.Errorf("organization ID must be provided")
+			}
+
 			organization, err := tx.InsertOrganization(ctx, database.InsertOrganizationParams{
 				ID:        uuid.New(),
 				Name:      req.Username,
 
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/sync/errgroup"
 
@@ -478,21 +479,49 @@ func TestPostUsers(t *testing.T) {
 		require.Equal(t, http.StatusNotFound, apiErr.StatusCode())
 	})
 
+	t.Run("CreateWithoutOrg", func(t *testing.T) {
+		t.Parallel()
+		auditor := audit.NewMock()
+		client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
+		numLogs := len(auditor.AuditLogs())
+
+		firstUser := coderdtest.CreateFirstUser(t, client)
+		numLogs++ // add an audit log for user create
+		numLogs++ // add an audit log for login
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		user, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
+			Email:    "another@user.org",
+			Username: "someone-else",
+			Password: "SomeSecurePassword!",
+		})
+		require.NoError(t, err)
+
+		require.Len(t, auditor.AuditLogs(), numLogs)
+		require.Equal(t, database.AuditActionCreate, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-2].Action)
+
+		require.Len(t, user.OrganizationIDs, 1)
+		assert.Equal(t, firstUser.OrganizationID, user.OrganizationIDs[0])
+	})
+
 	t.Run("Create", func(t *testing.T) {
 		t.Parallel()
 		auditor := audit.NewMock()
 		client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
 		numLogs := len(auditor.AuditLogs())
 
-		user := coderdtest.CreateFirstUser(t, client)
+		firstUser := coderdtest.CreateFirstUser(t, client)
 		numLogs++ // add an audit log for user create
 		numLogs++ // add an audit log for login
 
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		_, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
-			OrganizationID: user.OrganizationID,
+		user, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
+			OrganizationID: firstUser.OrganizationID,
 			Email:          "another@user.org",
 			Username:       "someone-else",
 			Password:       "SomeSecurePassword!",
@@ -502,6 +531,9 @@ func TestPostUsers(t *testing.T) {
 		require.Len(t, auditor.AuditLogs(), numLogs)
 		require.Equal(t, database.AuditActionCreate, auditor.AuditLogs()[numLogs-1].Action)
 		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-2].Action)
+
+		require.Len(t, user.OrganizationIDs, 1)
+		assert.Equal(t, firstUser.OrganizationID, user.OrganizationIDs[0])
 	})
 
 	t.Run("LastSeenAt", func(t *testing.T) {
 
@@ -69,7 +69,7 @@ type CreateUserRequest struct {
 	Email          string    `json:"email" validate:"required,email" format:"email"`
 	Username       string    `json:"username" validate:"required,username"`
 	Password       string    `json:"password" validate:"required"`
-	OrganizationID uuid.UUID `json:"organization_id" validate:"required" format:"uuid"`
+	OrganizationID uuid.UUID `json:"organization_id" validate:"" format:"uuid"`
 }
 
 type UpdateUserProfileRequest struct {
 
@@ -65,6 +65,17 @@ coder server postgres-builtin-url
 psql "postgres://coder@localhost:49627/coder?sslmode=disable&password=feU...yI1"
 ```
 
+### Migrating from the built-in database to an external database
+
+To migrate from the built-in database to an external database, follow these steps:
+
+1. Stop your Coder deployment.
+2. Run `coder server postgres-builtin-serve` in a background terminal.
+3. Run `coder server postgres-builtin-url` and copy its output command.
+4. Run `pg_dump <built-in-connection-string> > coder.sql` to dump the internal database to a file.
+5. Restore that content to an external database with `psql <external-connection-string> < coder.sql`.
+6. Start your Coder deployment with `CODER_PG_CONNECTION_URL=<external-connection-string>`.
+
 ## System packages
 
 If you've installed Coder via a [system package](../install/packages.md) Coder, you can
 
@@ -1593,7 +1593,7 @@ CreateParameterRequest is a structure used to create a new parameter value for a
 | Name              | Type   | Required | Restrictions | Description |
 | ----------------- | ------ | -------- | ------------ | ----------- |
 | `email`           | string | true     |              |             |
-| `organization_id` | string | true     |              |             |
+| `organization_id` | string | false    |              |             |
 | `password`        | string | true     |              |             |
 | `username`        | string | true     |              |             |
 
 
@@ -226,7 +226,7 @@ ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \
 
 # cloud_sql_proxy, for connecting to cloudsql instances
 # the upstream go.mod prevents this from being installed with go install
-RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloudsql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud_sql_proxy.linux.amd64" && \
+RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \
 	chmod a=rx /usr/local/bin/cloud_sql_proxy && \
 	# dive for scanning image layer utilization metrics in CI
 	curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
@@ -246,8 +246,7 @@ RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_prox
 	tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
 	# kube-linter for linting Kubernetes objects, including those
 	# that Helm generates from our charts
-	curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
-	tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
+	curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \
 	# kubens and kubectx for managing Kubernetes namespaces and contexts
 	curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
 	tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ type CreateUserRequest struct {`
`69`	`69`	Email string `json:"email" validate:"required,email" format:"email"`
`70`	`70`	Username string `json:"username" validate:"required,username"`
`71`	`71`	Password string `json:"password" validate:"required"`
`72`		- OrganizationID uuid.UUID `json:"organization_id" validate:"required" format:"uuid"`
	`72`	+ OrganizationID uuid.UUID `json:"organization_id" validate:"" format:"uuid"`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`type UpdateUserProfileRequest struct {`