coder · dannykopping · Jul 19, 2024 · Jul 12, 2024 · Jul 15, 2024 · Jul 16, 2024
diff --git a/.github/workflows/typos.toml b/.github/workflows/typos.toml
@@ -20,6 +20,8 @@ hel = "hel"
 pn = "pn"
 # typos doesn't like the EDE in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 EDE = "EDE"
+# HELO is an SMTP command
+HELO = "HELO"
 
 [files]
 extend-exclude = [

diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -327,6 +327,8 @@ can safely ignore these settings.
           "tls11", "tls12" or "tls13".
 
 NOTIFICATIONS OPTIONS: 
+Configure how notifications are processed and delivered.
+
       --notifications-dispatch-timeout duration, $CODER_NOTIFICATIONS_DISPATCH_TIMEOUT (default: 1m0s)
           How long to wait while a notification is being sent before giving up.
 
@@ -337,6 +339,11 @@ NOTIFICATIONS OPTIONS:
           Which delivery method to use (available options: 'smtp', 'webhook').
 
 NOTIFICATIONS / EMAIL OPTIONS: 
+Configure how email notifications are sent.
+
+      --notifications-email-force-tls bool, $CODER_NOTIFICATIONS_EMAIL_FORCE_TLS (default: false)
+          Force a TLS connection to the configured SMTP smarthost.
+
       --notifications-email-from string, $CODER_NOTIFICATIONS_EMAIL_FROM
           The sender's address to use.
 
@@ -346,6 +353,43 @@ NOTIFICATIONS / EMAIL OPTIONS:
       --notifications-email-smarthost host:port, $CODER_NOTIFICATIONS_EMAIL_SMARTHOST (default: localhost:587)
           The intermediary SMTP host through which emails are sent.
 
+NOTIFICATIONS / EMAIL / EMAIL AUTHENTICATION OPTIONS: 
+Configure SMTP authentication options.
+
+      --notifications-email-auth-identity string, $CODER_NOTIFICATIONS_EMAIL_AUTH_IDENTITY
+          Identity to use with PLAIN authentication.
+
+      --notifications-email-auth-password string, $CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD
+          Password to use with PLAIN/LOGIN authentication.
+
+      --notifications-email-auth-password-file string, $CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD_FILE
+          File from which to load password for use with PLAIN/LOGIN
+          authentication.
+
+      --notifications-email-auth-username string, $CODER_NOTIFICATIONS_EMAIL_AUTH_USERNAME
+          Username to use with PLAIN/LOGIN authentication.
+
+NOTIFICATIONS / EMAIL / EMAIL TLS OPTIONS: 
+Configure TLS for your SMTP server target.
+
+      --notifications-email-tls-ca-cert-file string, $CODER_NOTIFICATIONS_EMAIL_TLS_CACERTFILE
+          CA certificate file to use.
+
+      --notifications-email-tls-cert-file string, $CODER_NOTIFICATIONS_EMAIL_TLS_CERTFILE
+          Certificate file to use.
+
+      --notifications-email-tls-cert-key-file string, $CODER_NOTIFICATIONS_EMAIL_TLS_CERTKEYFILE
+          Certificate key file to use.
+
+      --notifications-email-tls-server-name string, $CODER_NOTIFICATIONS_EMAIL_TLS_SERVERNAME
+          Server name to verify against the target certificate.
+
+      --notifications-email-tls-skip-verify bool, $CODER_NOTIFICATIONS_EMAIL_TLS_SKIPVERIFY
+          Skip verification of the target server's certificate (insecure).
+
+      --notifications-email-tls-starttls bool, $CODER_NOTIFICATIONS_EMAIL_TLS_STARTTLS
+          Enable STARTTLS to upgrade insecure SMTP connections using TLS.
+
 NOTIFICATIONS / WEBHOOK OPTIONS: 
       --notifications-webhook-endpoint url, $CODER_NOTIFICATIONS_WEBHOOK_ENDPOINT
           The endpoint to which to send webhooks.

diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden
@@ -493,13 +493,15 @@ userQuietHoursSchedule:
 # compatibility reasons, this will be removed in a future release.
 # (default: false, type: bool)
 allowWorkspaceRenames: false
+# Configure how notifications are processed and delivered.
 notifications:
   # Which delivery method to use (available options: 'smtp', 'webhook').
   # (default: smtp, type: string)
   method: smtp
   # How long to wait while a notification is being sent before giving up.
   # (default: 1m0s, type: duration)
-  dispatch-timeout: 1m0s
+  dispatchTimeout: 1m0s
+  # Configure how email notifications are sent.
   email:
     # The sender's address to use.
     # (default: <unset>, type: string)
@@ -510,41 +512,78 @@ notifications:
     # The hostname identifying the SMTP server.
     # (default: localhost, type: string)
     hello: localhost
+    # Force a TLS connection to the configured SMTP smarthost.
+    # (default: false, type: bool)
+    forceTLS: false
+    # Configure SMTP authentication options.
+    emailAuth:
+      # Identity to use with PLAIN authentication.
+      # (default: <unset>, type: string)
+      identity: ""
+      # Username to use with PLAIN/LOGIN authentication.
+      # (default: <unset>, type: string)
+      username: ""
+      # Password to use with PLAIN/LOGIN authentication.
+      # (default: <unset>, type: string)
+      password: ""
+      # File from which to load password for use with PLAIN/LOGIN authentication.
+      # (default: <unset>, type: string)
+      passwordFile: ""
+    # Configure TLS for your SMTP server target.
+    emailTLS:
+      # Enable STARTTLS to upgrade insecure SMTP connections using TLS.
+      # (default: <unset>, type: bool)
+      startTLS: false
+      # Server name to verify against the target certificate.
+      # (default: <unset>, type: string)
+      serverName: ""
+      # Skip verification of the target server's certificate (insecure).
+      # (default: <unset>, type: bool)
+      insecureSkipVerify: false
+      # CA certificate file to use.
+      # (default: <unset>, type: string)
+      caCertFile: ""
+      # Certificate file to use.
+      # (default: <unset>, type: string)
+      certFile: ""
+      # Certificate key file to use.
+      # (default: <unset>, type: string)
+      certKeyFile: ""
   webhook:
     # The endpoint to which to send webhooks.
     # (default: <unset>, type: url)
     hello:
   # The upper limit of attempts to send a notification.
   # (default: 5, type: int)
-  max-send-attempts: 5
+  maxSendAttempts: 5
   # The minimum time between retries.
   # (default: 5m0s, type: duration)
-  retry-interval: 5m0s
+  retryInterval: 5m0s
   # The notifications system buffers message updates in memory to ease pressure on
   # the database. This option controls how often it synchronizes its state with the
   # database. The shorter this value the lower the change of state inconsistency in
   # a non-graceful shutdown - but it also increases load on the database. It is
   # recommended to keep this option at its default value.
   # (default: 2s, type: duration)
-  store-sync-interval: 2s
+  storeSyncInterval: 2s
   # The notifications system buffers message updates in memory to ease pressure on
   # the database. This option controls how many updates are kept in memory. The
   # lower this value the lower the change of state inconsistency in a non-graceful
   # shutdown - but it also increases load on the database. It is recommended to keep
   # this option at its default value.
   # (default: 50, type: int)
-  store-sync-buffer-size: 50
+  storeSyncBufferSize: 50
   # How long a notifier should lease a message. This is effectively how long a
   # notification is 'owned' by a notifier, and once this period expires it will be
   # available for lease by another notifier. Leasing is important in order for
   # multiple running notifiers to not pick the same messages to deliver
   # concurrently. This lease period will only expire if a notifier shuts down
   # ungracefully; a dispatch of the notification releases the lease.
   # (default: 2m0s, type: duration)
-  lease-period: 2m0s
+  leasePeriod: 2m0s
   # How many notifications a notifier should lease per fetch interval.
   # (default: 20, type: int)
-  lease-count: 20
+  leaseCount: 20
   # How often to query the database for queued notifications.
   # (default: 15s, type: duration)
-  fetch-interval: 15s
+  fetchInterval: 15s
diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/notifications/dispatch/fixtures/ca.conf b/coderd/notifications/dispatch/fixtures/ca.conf
@@ -0,0 +1,18 @@
+[ req ]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+prompt = no
+
+[ req_distinguished_name ]
+C = ZA
+ST = WC
+L = Cape Town
+O = Coder
+OU = Team Coconut
+CN = Coder CA
+
+[ v3_ca ]
+basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
diff --git a/coderd/notifications/dispatch/fixtures/ca.crt b/coderd/notifications/dispatch/fixtures/ca.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIUceUne8C8ezg1leBzhm5M5QLjBc4wDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQHDAlDYXBlIFRv
+d24xDjAMBgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29udXQxETAPBgNV
+BAMMCENvZGVyIENBMB4XDTI0MDcxNTEzMzYwOFoXDTM0MDcxMzEzMzYwOFowaDEL
+MAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQHDAlDYXBlIFRvd24xDjAM
+BgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29udXQxETAPBgNVBAMMCENv
+ZGVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijVhQfmImkQF
+kDiBqCdSAaG7dO7slAjJH0jYizYCwVzCKP72Z7DJ2b/ohcGBw1YWZ8dOm88uCpsS
+oWM5FvxIeaNeGpcFar+wEoR/o5p91DgwvpmkbNyu3uQaNRvIKoqGdTAu5GUNd+Ej
+MxvwfofgRetziA56sa6ovQV11hPbKxp0YbSJXMRN64sGCqx+VNqpk2A57JCdCjcB
+T1fc7LIqKc9uoqCaC0Hr2OaBCc8IxLwpwwOz5qCaOGmylXY3YE4lKNJkA1s/HXO/
+GAZ6aO0GqkO00fxIQwW13BexuaiDJfcAhUmJ8CjFt9qgKfnkP26jU8gfMxOkRkn2
+qG8sWy3z8wIDAQABo4HrMIHoMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBSk2BGdRQZDMvzOfLQkUmkwzjrOFzCBpQYDVR0jBIGdMIGa
+gBSk2BGdRQZDMvzOfLQkUmkwzjrOF6FspGowaDELMAkGA1UEBhMCWkExCzAJBgNV
+BAgMAldDMRIwEAYDVQQHDAlDYXBlIFRvd24xDjAMBgNVBAoMBUNvZGVyMRUwEwYD
+VQQLDAxUZWFtIENvY29udXQxETAPBgNVBAMMCENvZGVyIENBghRx5Sd7wLx7ODWV
+4HOGbkzlAuMFzjANBgkqhkiG9w0BAQsFAAOCAQEAFJtks88lruyIIbFpzQ8M932a
+hNmkm3ZFM8qrjFWCEINmzeeQHV+rviu4Spd4Cltx+lf6+51V68jE730IGEzAu14o
+U2dmhRxn+w17H6/Qmnxlbz4Da2HvVgL9C4IoEbCTTGEa+hDg3cH6Mah1rfC0zAXH
+zxe/M2ahM+SOMDxmoUUf6M4tDVqu98FpELfsFe4MqTUbzQ32PyoP4ZOBpma1dl8Y
+fMm0rJE9/g/9Tkj8WfA4AwedCWUA4e7MLZikmntcein310uSy1sEpA+HVji+Gt68
+2+TJgIGOX1EHj44SqK5hVExQNzqqi1IIhR05imFaJ426DX82LtOA1bIg7HNCWA==
+-----END CERTIFICATE-----