Merge branch 'main' into flaky-test-1

mtojek · mtojek · commit fb22c2154e1a · 2022-12-06T08:15:45.000+01:00
diff --git a/agent/agent.go b/agent/agent.go
@@ -245,13 +245,13 @@ func (a *agent) trackConnGoroutine(fn func()) error {
 	return nil
 }
 
-func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (network *tailnet.Conn, err error) {
+func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (_ *tailnet.Conn, err error) {
 	a.closeMutex.Lock()
 	if a.isClosed() {
 		a.closeMutex.Unlock()
 		return nil, xerrors.New("closed")
 	}
-	network, err = tailnet.NewConn(&tailnet.Options{
+	network, err := tailnet.NewConn(&tailnet.Options{
 		Addresses:          []netip.Prefix{netip.PrefixFrom(codersdk.TailnetIP, 128)},
 		DERPMap:            derpMap,
 		Logger:             a.logger.Named("tailnet"),
@@ -266,7 +266,6 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (ne
 			network.Close()
 		}
 	}()
-	a.network = network
 	a.closeMutex.Unlock()
 
 	sshListener, err := network.Listen("tcp", ":"+strconv.Itoa(codersdk.TailnetSSHPort))
diff --git a/cli/deployment/config.go b/cli/deployment/config.go
@@ -216,9 +216,9 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:   "oidc-client-secret",
 				Secret: true,
 			},
-			EmailDomain: &codersdk.DeploymentConfigField[string]{
+			EmailDomain: &codersdk.DeploymentConfigField[[]string]{
 				Name:  "OIDC Email Domain",
-				Usage: "Email domain that clients logging in with OIDC must match.",
+				Usage: "Email domains that clients logging in with OIDC must match.",
 				Flag:  "oidc-email-domain",
 			},
 			IssuerURL: &codersdk.DeploymentConfigField[string]{
diff --git a/cli/deployment/config_test.go b/cli/deployment/config_test.go
@@ -154,7 +154,7 @@ func TestConfig(t *testing.T) {
 		},
 		Valid: func(config *codersdk.DeploymentConfig) {
 			require.Equal(t, config.OIDC.IssuerURL.Value, "https://accounts.google.com")
-			require.Equal(t, config.OIDC.EmailDomain.Value, "coder.com")
+			require.Equal(t, config.OIDC.EmailDomain.Value, []string{"coder.com"})
 			require.Equal(t, config.OIDC.ClientID.Value, "client")
 			require.Equal(t, config.OIDC.ClientSecret.Value, "secret")
 			require.False(t, config.OIDC.AllowSignups.Value)
diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -95,8 +95,8 @@ Flags:
                                                      Consumes $CODER_OIDC_CLIENT_ID
       --oidc-client-secret string                    Client secret to use for Login with OIDC.
                                                      Consumes $CODER_OIDC_CLIENT_SECRET
-      --oidc-email-domain string                     Email domain that clients logging in with
-                                                     OIDC must match.
+      --oidc-email-domain strings                    Email domains that clients logging in
+                                                     with OIDC must match.
                                                      Consumes $CODER_OIDC_EMAIL_DOMAIN
       --oidc-ignore-email-verified                   Ignore the email_verified claim from the
                                                      upstream provider.
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -192,8 +192,8 @@ type OIDCConfig struct {
 	httpmw.OAuth2Config
 
 	Verifier *oidc.IDTokenVerifier
-	// EmailDomain is the domain to enforce when a user authenticates.
-	EmailDomain  string
+	// EmailDomains are the domains to enforce when a user authenticates.
+	EmailDomain  []string
 	AllowSignups bool
 	// IgnoreEmailVerified allows ignoring the email_verified claim
 	// from an upstream OIDC provider. See #5065 for context.
@@ -289,10 +289,17 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		}
 		username = httpapi.UsernameFrom(username)
 	}
-	if api.OIDCConfig.EmailDomain != "" {
-		if !strings.HasSuffix(strings.ToLower(email), strings.ToLower(api.OIDCConfig.EmailDomain)) {
+	if len(api.OIDCConfig.EmailDomain) > 0 {
+		ok = false
+		for _, domain := range api.OIDCConfig.EmailDomain {
+			if strings.HasSuffix(strings.ToLower(email), strings.ToLower(domain)) {
+				ok = true
+				break
+			}
+		}
+		if !ok {
 			httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
-				Message: fmt.Sprintf("Your email %q is not a part of the %q domain!", email, api.OIDCConfig.EmailDomain),
+				Message: fmt.Sprintf("Your email %q is not in domains %q !", email, api.OIDCConfig.EmailDomain),
 			})
 			return
 		}
diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go
@@ -482,7 +482,7 @@ func TestUserOIDC(t *testing.T) {
 		Name                string
 		Claims              jwt.MapClaims
 		AllowSignups        bool
-		EmailDomain         string
+		EmailDomain         []string
 		Username            string
 		AvatarURL           string
 		StatusCode          int
@@ -528,17 +528,21 @@ func TestUserOIDC(t *testing.T) {
 			"email_verified": true,
 		},
 		AllowSignups: true,
-		EmailDomain:  "coder.com",
-		StatusCode:   http.StatusForbidden,
+		EmailDomain: []string{
+			"coder.com",
+		},
+		StatusCode: http.StatusForbidden,
 	}, {
 		Name: "EmailDomainCaseInsensitive",
 		Claims: jwt.MapClaims{
 			"email":          "kyle@KWC.io",
 			"email_verified": true,
 		},
 		AllowSignups: true,
-		EmailDomain:  "kwc.io",
-		StatusCode:   http.StatusTemporaryRedirect,
+		EmailDomain: []string{
+			"kwc.io",
+		},
+		StatusCode: http.StatusTemporaryRedirect,
 	}, {
 		Name:         "EmptyClaims",
 		Claims:       jwt.MapClaims{},
diff --git a/coderd/workspaces.go b/coderd/workspaces.go
@@ -672,10 +672,11 @@ func (api *API) putWorkspaceTTL(rw http.ResponseWriter, r *http.Request) {
 	var dbTTL sql.NullInt64
 
 	err := api.Database.InTx(func(s database.Store) error {
+		var validityErr error
 		// don't override 0 ttl with template default here because it indicates disabled auto-stop
-		dbTTL, err := validWorkspaceTTLMillis(req.TTLMillis, 0)
-		if err != nil {
-			return codersdk.ValidationError{Field: "ttl_ms", Detail: err.Error()}
+		dbTTL, validityErr = validWorkspaceTTLMillis(req.TTLMillis, 0)
+		if validityErr != nil {
+			return codersdk.ValidationError{Field: "ttl_ms", Detail: validityErr.Error()}
 		}
 		if err := s.UpdateWorkspaceTTL(ctx, database.UpdateWorkspaceTTLParams{
 			ID:  workspace.ID,
diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go
@@ -91,7 +91,7 @@ type OIDCConfig struct {
 	AllowSignups        *DeploymentConfigField[bool]     `json:"allow_signups" typescript:",notnull"`
 	ClientID            *DeploymentConfigField[string]   `json:"client_id" typescript:",notnull"`
 	ClientSecret        *DeploymentConfigField[string]   `json:"client_secret" typescript:",notnull"`
-	EmailDomain         *DeploymentConfigField[string]   `json:"email_domain" typescript:",notnull"`
+	EmailDomain         *DeploymentConfigField[[]string] `json:"email_domain" typescript:",notnull"`
 	IssuerURL           *DeploymentConfigField[string]   `json:"issuer_url" typescript:",notnull"`
 	Scopes              *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
 	IgnoreEmailVerified *DeploymentConfigField[bool]     `json:"ignore_email_verified" typescript:",notnull"`
diff --git a/docs/admin/auth.md b/docs/admin/auth.md
@@ -63,7 +63,7 @@ Navigate to your Coder host and run the following command to start up the Coder
 server:
 
 ```console
-coder server --oidc-issuer-url="https://accounts.google.com" --oidc-email-domain="your-domain" --oidc-client-id="533...ent.com" --oidc-client-secret="G0CSP...7qSM"
+coder server --oidc-issuer-url="https://accounts.google.com" --oidc-email-domain="your-domain-1,your-domain-2" --oidc-client-id="533...ent.com" --oidc-client-secret="G0CSP...7qSM"
 ```
 
 Alternatively, if you are running Coder as a system service, you can achieve the
@@ -72,7 +72,7 @@ to the `/etc/coder.d/coder.env` file:
 
 ```console
 CODER_OIDC_ISSUER_URL="https://accounts.google.com"
-CODER_OIDC_EMAIL_DOMAIN="your-domain"
+CODER_OIDC_EMAIL_DOMAIN="your-domain-1,your-domain-2"
 CODER_OIDC_CLIENT_ID="533...ent.com"
 CODER_OIDC_CLIENT_SECRET="G0CSP...7qSM"
 ```
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
@@ -442,7 +442,7 @@ export interface OIDCConfig {
   readonly allow_signups: DeploymentConfigField<boolean>
   readonly client_id: DeploymentConfigField<string>
   readonly client_secret: DeploymentConfigField<string>
-  readonly email_domain: DeploymentConfigField<string>
+  readonly email_domain: DeploymentConfigField<string[]>
   readonly issuer_url: DeploymentConfigField<string>
   readonly scopes: DeploymentConfigField<string[]>
   readonly ignore_email_verified: DeploymentConfigField<boolean>
diff --git a/site/src/components/Resources/ResourceAvatar.stories.tsx b/site/src/components/Resources/ResourceAvatar.stories.tsx
@@ -50,3 +50,12 @@ UnknownResource.args = {
     type: "noexistentvalue",
   },
 }
+
+export const EmptyIcon = Template.bind({})
+EmptyIcon.args = {
+  resource: {
+    ...MockWorkspaceResource,
+    type: "helm_release",
+    icon: "",
+  },
+}
diff --git a/site/src/components/Resources/ResourceAvatar.tsx b/site/src/components/Resources/ResourceAvatar.tsx
@@ -3,11 +3,13 @@ import { makeStyles } from "@material-ui/core/styles"
 import React from "react"
 import { WorkspaceResource } from "../../api/typesGenerated"
 
+const FALLBACK_ICON = "/icon/widgets.svg"
+
 // NOTE @jsjoeio, @BrunoQuaresma
 // These resources (i.e. docker_image, kubernetes_deployment) map to Terraform
 // resource types. These are the most used ones and are based on user usage.
 // We may want to update from time-to-time.
-const DEFAULT_ICON_PATHS: {
+const BUILT_IN_ICON_PATHS: {
   [resourceType: WorkspaceResource["type"]]: string
 } = {
   docker_volume: "/icon/folder.svg",
@@ -19,15 +21,15 @@ const DEFAULT_ICON_PATHS: {
   google_compute_instance: "/icon/memory.svg",
   aws_instance: "/icon/memory.svg",
   kubernetes_deployment: "/icon/memory.svg",
-  null_resource: "/icon/widgets.svg",
+  null_resource: FALLBACK_ICON,
 }
 
 const getIconPathResource = (resourceType: string): string => {
-  if (resourceType in DEFAULT_ICON_PATHS) {
-    return DEFAULT_ICON_PATHS[resourceType]
+  if (resourceType in BUILT_IN_ICON_PATHS) {
+    return BUILT_IN_ICON_PATHS[resourceType]
   }
 
-  return DEFAULT_ICON_PATHS[resourceType]
+  return FALLBACK_ICON
 }
 
 export type ResourceAvatarProps = { resource: WorkspaceResource }
diff --git a/site/src/pages/CreateWorkspacePage/CreateWorkspacePageView.tsx b/site/src/pages/CreateWorkspacePage/CreateWorkspacePageView.tsx
@@ -14,6 +14,7 @@ import { AlertBanner } from "components/AlertBanner/AlertBanner"
 import { makeStyles } from "@material-ui/core/styles"
 import { FullPageHorizontalForm } from "components/FullPageForm/FullPageHorizontalForm"
 import { FullScreenLoader } from "components/Loader/FullScreenLoader"
+import { SelectedTemplate } from "./SelectedTemplate"
 
 export enum CreateWorkspaceErrors {
   GET_TEMPLATES_ERROR = "getTemplatesError",
@@ -171,28 +172,7 @@ export const CreateWorkspacePageView: FC<
               className={styles.formSectionFields}
             >
               {props.selectedTemplate && (
-                <Stack
-                  direction="row"
-                  spacing={2}
-                  className={styles.template}
-                  alignItems="center"
-                >
-                  <div className={styles.templateIcon}>
-                    <img src={props.selectedTemplate.icon} alt="" />
-                  </div>
-                  <Stack direction="column" spacing={0.5}>
-                    <span className={styles.templateName}>
-                      {props.selectedTemplate.display_name.length > 0
-                        ? props.selectedTemplate.display_name
-                        : props.selectedTemplate.name}
-                    </span>
-                    {props.selectedTemplate.description && (
-                      <span className={styles.templateDescription}>
-                        {props.selectedTemplate.description}
-                      </span>
-                    )}
-                  </Stack>
-                </Stack>
+                <SelectedTemplate template={props.selectedTemplate} />
               )}
 
               <TextField
@@ -327,31 +307,6 @@ const useStyles = makeStyles((theme) => ({
   formSectionFields: {
     width: "100%",
   },
-
-  template: {
-    padding: theme.spacing(2.5, 3),
-    borderRadius: theme.shape.borderRadius,
-    backgroundColor: theme.palette.background.paper,
-    border: `1px solid ${theme.palette.divider}`,
-  },
-
-  templateName: {
-    fontSize: 16,
-  },
-
-  templateDescription: {
-    fontSize: 14,
-    color: theme.palette.text.secondary,
-  },
-
-  templateIcon: {
-    width: theme.spacing(5),
-    lineHeight: 1,
-
-    "& img": {
-      width: "100%",
-    },
-  },
 }))
 
 const useFormFooterStyles = makeStyles((theme) => ({
diff --git a/site/src/pages/CreateWorkspacePage/SelectedTemplate.stories.tsx b/site/src/pages/CreateWorkspacePage/SelectedTemplate.stories.tsx
@@ -0,0 +1,25 @@
+import { ComponentMeta, Story } from "@storybook/react"
+import { MockTemplate } from "../../testHelpers/entities"
+import { SelectedTemplate, SelectedTemplateProps } from "./SelectedTemplate"
+
+export default {
+  title: "components/SelectedTemplate",
+  component: SelectedTemplate,
+} as ComponentMeta<typeof SelectedTemplate>
+
+const Template: Story<SelectedTemplateProps> = (args) => (
+  <SelectedTemplate {...args} />
+)
+
+export const WithIcon = Template.bind({})
+WithIcon.args = {
+  template: MockTemplate,
+}
+
+export const WithoutIcon = Template.bind({})
+WithoutIcon.args = {
+  template: {
+    ...MockTemplate,
+    icon: "",
+  },
+}
diff --git a/site/src/pages/CreateWorkspacePage/SelectedTemplate.tsx b/site/src/pages/CreateWorkspacePage/SelectedTemplate.tsx
@@ -0,0 +1,70 @@
+import Avatar from "@material-ui/core/Avatar"
+import { makeStyles } from "@material-ui/core/styles"
+import { Template } from "api/typesGenerated"
+import { Stack } from "components/Stack/Stack"
+import React, { FC } from "react"
+import { firstLetter } from "util/firstLetter"
+
+export interface SelectedTemplateProps {
+  template: Template
+}
+
+export const SelectedTemplate: FC<SelectedTemplateProps> = ({ template }) => {
+  const styles = useStyles()
+
+  return (
+    <Stack
+      direction="row"
+      spacing={3}
+      className={styles.template}
+      alignItems="center"
+    >
+      <div className={styles.templateIcon}>
+        {template.icon === "" ? (
+          <Avatar>{firstLetter(template.name)}</Avatar>
+        ) : (
+          <img src={template.icon} alt="" />
+        )}
+      </div>
+      <Stack direction="column" spacing={0.5}>
+        <span className={styles.templateName}>
+          {template.display_name.length > 0
+            ? template.display_name
+            : template.name}
+        </span>
+        {template.description && (
+          <span className={styles.templateDescription}>
+            {template.description}
+          </span>
+        )}
+      </Stack>
+    </Stack>
+  )
+}
+
+const useStyles = makeStyles((theme) => ({
+  template: {
+    padding: theme.spacing(2.5, 3),
+    borderRadius: theme.shape.borderRadius,
+    backgroundColor: theme.palette.background.paper,
+    border: `1px solid ${theme.palette.divider}`,
+  },
+
+  templateName: {
+    fontSize: 16,
+  },
+
+  templateDescription: {
+    fontSize: 14,
+    color: theme.palette.text.secondary,
+  },
+
+  templateIcon: {
+    width: theme.spacing(4),
+    lineHeight: 1,
+
+    "& img": {
+      width: "100%",
+    },
+  },
+}))
