Context

Currently, we have three options for sharing a coder_app.

share (String) Determines the "level" which the application is shared at. Valid levels are "owner" (default), "authenticated" and "public". Level "owner" disables sharing on the app, so only the workspace owner can access it. Level "authenticated" shares the app with all authenticated users. Level "public" shares it with any user, including unauthenticated users. Permitted application sharing levels can be configured site-wide via a flag on coder server (Enterprise only).

I think the authenticated permission is too broad, and most users would not wish to expose their workspace to everyone in the organization.

Suggestion

Allow exposing apps to a single user by specifying the target username.

Proposal 1

This can be achieved by setting share = "matifali" in the coder_app resource.

A template admin can configure it as a coder_parameter, and the user can configure it while creating or updating their workspace.

data "coder_parameter" "share_code_server" {
  name         = "share_code_server"
  display_name = "Share code-server"
  description  = "Sharing code-server with user: e.g matifali, bpmct"
  type         = "string"
  mutable      = true
  default      = ""
}

resource "coder_app" "code-server" {
  count        = local.code-server-count
  agent_id     = coder_agent.main.id
  display_name = "VS Code Web"
  slug         = "code-server"
  url          = "http://localhost:13337"
  icon         = "/icon/code.svg"
  subdomain    = true
  share        = data.coder_parameter.share_code_server.value == "" ? "owner" : data.coder_parameter.share_code_server.value
}

This should then share this coder_app with the username specified for the share property.

Proposal 2

Allow doing this from the workspace page without any template admins, and it could be disabled/enabled deployment-wide using a flag e.g., CODER_DISBALE_SHARING_CODER_APPS=false/true
This could be done along with #10908

cc: @sharkymark and @coder/pms for commnets