coder
diff --git a/‎cli/testdata/coder_provisioner_list_--output_json.golden
Lines changed: 1 addition & 1 deletion b/‎cli/testdata/coder_provisioner_list_--output_json.golden
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/coderd.go
Lines changed: 2 additions & 12 deletions b/‎coderd/coderd.go
Lines changed: 2 additions & 12 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dbgen/dbgen.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/dbgen/dbgen.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dump.sql
Lines changed: 7 additions & 7 deletions b/‎coderd/database/dump.sql
Lines changed: 7 additions & 7 deletions
diff --git a/‎coderd/database/migrations/000320_add_api_key_scope_to_workspace_agents.down.sql
Lines changed: 1 addition & 1 deletion b/‎coderd/database/migrations/000320_add_api_key_scope_to_workspace_agents.down.sql
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/migrations/000320_add_api_key_scope_to_workspace_agents.up.sql
Lines changed: 4 additions & 4 deletions b/‎coderd/database/migrations/000320_add_api_key_scope_to_workspace_agents.up.sql
Lines changed: 4 additions & 4 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 24 additions & 24 deletions b/‎coderd/database/models.go
Lines changed: 24 additions & 24 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/queries.sql.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/externalauth_test.go
Lines changed: 12 additions & 11 deletions b/‎coderd/externalauth_test.go
Lines changed: 12 additions & 11 deletions
@@ -7,7 +7,7 @@
     "last_seen_at": "====[timestamp]=====",
     "name": "test",
     "version": "v0.0.0-devel",
-    "api_version": "1.4",
+    "api_version": "1.5",
     "provisioners": [
       "echo"
     ],
 
@@ -804,11 +804,6 @@ func New(options *Options) *API {
 		DB:       options.Database,
 		Optional: false,
 	})
-	// Same as above but optional
-	workspaceAgentInfoOptional := httpmw.ExtractWorkspaceAgentAndLatestBuild(httpmw.ExtractWorkspaceAgentAndLatestBuildConfig{
-		DB:       options.Database,
-		Optional: true,
-	})
 
 	// API rate limit middleware. The counter is local and not shared between
 	// replicas or instances of this middleware.
@@ -1029,7 +1024,6 @@ func New(options *Options) *API {
 		r.Route("/external-auth", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				workspaceAgentInfoOptional,
 			)
 			// Get without a specific external auth ID will return all external auths.
 			r.Get("/", api.listUserExternalAuths)
@@ -1265,12 +1259,8 @@ func New(options *Options) *API {
 							r.Get("/", api.workspaceByOwnerAndName)
 							r.Get("/builds/{buildnumber}", api.workspaceBuildByBuildNumber)
 						})
-						r.With(
-							workspaceAgentInfoOptional,
-						).Get("/gitsshkey", api.gitSSHKey)
-						r.With(
-							workspaceAgentInfoOptional,
-						).Put("/gitsshkey", api.regenerateGitSSHKey)
+						r.Get("/gitsshkey", api.gitSSHKey)
+						r.Put("/gitsshkey", api.regenerateGitSSHKey)
 						r.Route("/notifications", func(r chi.Router) {
 							r.Route("/preferences", func(r chi.Router) {
 								r.Get("/", api.userNotificationPreferences)
 
@@ -3988,7 +3988,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
 		check.Args(database.InsertWorkspaceAgentParams{
 			ID:          uuid.New(),
 			Name:        "dev",
-			APIKeyScope: database.ApiKeyScopeEnumDefault,
+			APIKeyScope: database.AgentKeyScopeEnumAll,
 		}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
 	}))
 	s.Run("InsertWorkspaceApp", s.Subtest(func(db database.Store, check *expects) {
 
@@ -210,7 +210,7 @@ func WorkspaceAgent(t testing.TB, db database.Store, orig database.WorkspaceAgen
 		MOTDFile:                 takeFirst(orig.TroubleshootingURL, ""),
 		DisplayApps:              append([]database.DisplayApp{}, orig.DisplayApps...),
 		DisplayOrder:             takeFirst(orig.DisplayOrder, 1),
-		APIKeyScope:              takeFirst(orig.APIKeyScope, database.ApiKeyScopeEnumDefault),
+		APIKeyScope:              takeFirst(orig.APIKeyScope, database.AgentKeyScopeEnumAll),
 	})
 	require.NoError(t, err, "insert workspace agent")
 	return agt
 
@@ -3,4 +3,4 @@ ALTER TABLE workspace_agents
 DROP COLUMN IF EXISTS api_key_scope;
 
 -- Drop the enum type for API key scope
-DROP TYPE IF EXISTS api_key_scope_enum;
+DROP TYPE IF EXISTS agent_key_scope_enum;
@@ -1,10 +1,10 @@
 -- Create the enum type for API key scope
-CREATE TYPE api_key_scope_enum AS ENUM ('default', 'no_user_data');
+CREATE TYPE agent_key_scope_enum AS ENUM ('all', 'no_user_data');
 
 -- Add the api_key_scope column to the workspace_agents table
--- It defaults to 'default' to maintain existing behavior for current agents.
+-- It defaults to 'all' to maintain existing behavior for current agents.
 ALTER TABLE workspace_agents
-ADD COLUMN api_key_scope api_key_scope_enum NOT NULL DEFAULT 'default';
+ADD COLUMN api_key_scope agent_key_scope_enum NOT NULL DEFAULT 'all';
 
 -- Add a comment explaining the purpose of the column
-COMMENT ON COLUMN workspace_agents.api_key_scope IS 'Defines the scope of the API key associated with the agent. ''default'' allows access to everything, ''no_user_data'' restricts it to exclude user data.';
+COMMENT ON COLUMN workspace_agents.api_key_scope IS 'Defines the scope of the API key associated with the agent. ''all'' allows access to everything, ''no_user_data'' restricts it to exclude user data.';
@@ -713,7 +713,7 @@ func TestExternalAuthCallback(t *testing.T) {
 			apiKeyScope  string
 			expectsError bool
 		}{
-			{apiKeyScope: "default", expectsError: false},
+			{apiKeyScope: "all", expectsError: false},
 			{apiKeyScope: "no_user_data", expectsError: true},
 		} {
 			t.Run(tt.apiKeyScope, func(t *testing.T) {
@@ -746,6 +746,15 @@ func TestExternalAuthCallback(t *testing.T) {
 				token, err := agentClient.ExternalAuth(t.Context(), agentsdk.ExternalAuthRequest{
 					Match: "github.com/asd/asd",
 				})
+
+				if tt.expectsError {
+					require.Error(t, err)
+					var sdkErr *codersdk.Error
+					require.ErrorAs(t, err, &sdkErr)
+					require.Equal(t, http.StatusForbidden, sdkErr.StatusCode())
+					return
+				}
+
 				require.NoError(t, err)
 				require.NotEmpty(t, token.URL)
 
@@ -756,13 +765,8 @@ func TestExternalAuthCallback(t *testing.T) {
 						Match:  "github.com/asd/asd",
 						Listen: true,
 					})
-					if tt.expectsError {
-						assert.Error(t, err)
-						close(tokenChan)
-					} else {
-						assert.NoError(t, err)
-						tokenChan <- token
-					}
+					assert.NoError(t, err)
+					tokenChan <- token
 				}()
 
 				time.Sleep(250 * time.Millisecond)
@@ -771,9 +775,6 @@ func TestExternalAuthCallback(t *testing.T) {
 				require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
 
 				token = <-tokenChan
-				if tt.expectsError {
-					return
-				}
 				require.Equal(t, "access_token", token.Username)
 
 				token, err = agentClient.ExternalAuth(t.Context(), agentsdk.ExternalAuthRequest{