Merge branch 'main' of github.com:coder/coder into bq/refactor-auth-p…

…rovider-2
coder · BrunoQuaresma · Jan 20, 2023 · Jan 18, 2023 · Jan 18, 2023 · Jan 18, 2023
commit 6e572e3c4d708daee43f5b1917aa51fa333c867c
diff --git a/cli/deployment/config.go b/cli/deployment/config.go
@@ -446,10 +446,19 @@ func newConfig() *codersdk.DeploymentConfig {
 				Default:     512,
 			},
 		},
+		// DEPRECATED: use Experiments instead.
 		Experimental: &codersdk.DeploymentConfigField[bool]{
-			Name:  "Experimental",
-			Usage: "Enable experimental features. Experimental features are not ready for production.",
-			Flag:  "experimental",
+			Name:    "Experimental",
+			Usage:   "Enable experimental features. Experimental features are not ready for production.",
+			Flag:    "experimental",
+			Default: false,
+			Hidden:  true,
+		},
+		Experiments: &codersdk.DeploymentConfigField[[]string]{
+			Name:    "Experiments",
+			Usage:   "Enable one or more experiments. These are not ready for production. Separate multiple experiments with commas, or enter '*' to opt-in to all available experiments.",
+			Flag:    "experiments",
+			Default: []string{},
 		},
 		UpdateCheck: &codersdk.DeploymentConfigField[bool]{
 			Name:    "Update Check",
@@ -491,6 +500,26 @@ func newConfig() *codersdk.DeploymentConfig {
 				Default: "",
 			},
 		},
+		Dangerous: &codersdk.DangerousConfig{
+			AllowPathAppSharing: &codersdk.DeploymentConfigField[bool]{
+				Name:    "DANGEROUS: Allow Path App Sharing",
+				Usage:   "Allow workspace apps that are not served from subdomains to be shared. Path-based app sharing is DISABLED by default for security purposes. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. Path-based apps can be disabled entirely with --disable-path-apps for further security.",
+				Flag:    "dangerous-allow-path-app-sharing",
+				Default: false,
+			},
+			AllowPathAppSiteOwnerAccess: &codersdk.DeploymentConfigField[bool]{
+				Name:    "DANGEROUS: Allow Site Owners to Access Path Apps",
+				Usage:   "Allow site-owners to access workspace apps from workspaces they do not own. Owners cannot access path-based apps they do not own by default. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. Path-based apps can be disabled entirely with --disable-path-apps for further security.",
+				Flag:    "dangerous-allow-path-app-site-owner-access",
+				Default: false,
+			},
+		},
+		DisablePathApps: &codersdk.DeploymentConfigField[bool]{
+			Name:    "Disable Path Apps",
+			Usage:   "Disable workspace apps that are not served from subdomains. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. This is recommended for security purposes if a --wildcard-access-url is configured.",
+			Flag:    "disable-path-apps",
+			Default: false,
+		},
 	}
 }
 
@@ -557,12 +586,12 @@ func setConfig(prefix string, vip *viper.Viper, target interface{}) {
 			// with a comma, but Viper only supports with a space. This
 			// is a small hack around it!
 			rawSlice := reflect.ValueOf(vip.GetStringSlice(prefix)).Interface()
-			slice, ok := rawSlice.([]string)
+			stringSlice, ok := rawSlice.([]string)
 			if !ok {
 				panic(fmt.Sprintf("string slice is of type %T", rawSlice))
 			}
-			value := make([]string, 0, len(slice))
-			for _, entry := range slice {
+			value := make([]string, 0, len(stringSlice))
+			for _, entry := range stringSlice {
 				value = append(value, strings.Split(entry, ",")...)
 			}
 			val.FieldByName("Value").Set(reflect.ValueOf(value))

diff --git a/cli/deployment/config_test.go b/cli/deployment/config_test.go
@@ -232,6 +232,23 @@ func TestConfig(t *testing.T) {
 			require.Equal(t, config.Prometheus.Enable.Value, true)
 			require.Equal(t, config.Prometheus.Address.Value, config.Prometheus.Address.Default)
 		},
+	}, {
+		Name: "Experiments - no features",
+		Env: map[string]string{
+			"CODER_EXPERIMENTS": "",
+		},
+		Valid: func(config *codersdk.DeploymentConfig) {
+			require.Empty(t, config.Experiments.Value)
+		},
+	}, {
+		Name: "Experiments - multiple features",
+		Env: map[string]string{
+			"CODER_EXPERIMENTS": "foo,bar",
+		},
+		Valid: func(config *codersdk.DeploymentConfig) {
+			expected := []string{"foo", "bar"}
+			require.ElementsMatch(t, expected, config.Experiments.Value)
+		},
 	}} {
 		tc := tc
 		t.Run(tc.Name, func(t *testing.T) {

diff --git a/cli/server.go b/cli/server.go
@@ -112,7 +112,7 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				return xerrors.Errorf("TLS address must be set if TLS is enabled")
 			}
 			if !cfg.TLS.Enable.Value && cfg.HTTPAddress.Value == "" {
-				return xerrors.Errorf("either HTTP or TLS must be enabled")
+				return xerrors.Errorf("TLS is disabled. Enable with --tls-enable or specify a HTTP address")
 			}
 
 			// Disable rate limits if the `--dangerous-disable-rate-limits` flag

diff --git a/cli/server_test.go b/cli/server_test.go
@@ -742,7 +742,7 @@ func TestServer(t *testing.T) {
 		)
 		err := root.ExecuteContext(ctx)
 		require.Error(t, err)
-		require.ErrorContains(t, err, "either HTTP or TLS must be enabled")
+		require.ErrorContains(t, err, "TLS is disabled. Enable with --tls-enable or specify a HTTP address")
 	})
 
 	t.Run("NoTLSAddress", func(t *testing.T) {

diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -29,6 +29,28 @@ Flags:
                                                      with systemd.
                                                      Consumes $CODER_CACHE_DIRECTORY (default
                                                      "/tmp/coder-cli-test-cache")
+      --dangerous-allow-path-app-sharing             Allow workspace apps that are not served
+                                                     from subdomains to be shared. Path-based
+                                                     app sharing is DISABLED by default for
+                                                     security purposes. Path-based apps can
+                                                     make requests to the Coder API and pose a
+                                                     security risk when the workspace serves
+                                                     malicious JavaScript. Path-based apps can
+                                                     be disabled entirely with
+                                                     --disable-path-apps for further security.
+                                                     Consumes
+                                                     $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
+      --dangerous-allow-path-app-site-owner-access   Allow site-owners to access workspace
+                                                     apps from workspaces they do not own.
+                                                     Owners cannot access path-based apps they
+                                                     do not own by default. Path-based apps
+                                                     can make requests to the Coder API and
+                                                     pose a security risk when the workspace
+                                                     serves malicious JavaScript. Path-based
+                                                     apps can be disabled entirely with
+                                                     --disable-path-apps for further security.
+                                                     Consumes
+                                                     $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
       --dangerous-disable-rate-limits                Disables all rate limits. This is not
                                                      recommended in production.
                                                      Consumes $CODER_RATE_LIMIT_DISABLE_ALL
@@ -61,10 +83,20 @@ Flags:
                                                      Consumes
                                                      $CODER_DERP_SERVER_STUN_ADDRESSES
                                                      (default [stun.l.google.com:19302])
-      --experimental                                 Enable experimental features.
-                                                     Experimental features are not ready for
-                                                     production.
-                                                     Consumes $CODER_EXPERIMENTAL
+      --disable-path-apps                            Disable workspace apps that are not
+                                                     served from subdomains. Path-based apps
+                                                     can make requests to the Coder API and
+                                                     pose a security risk when the workspace
+                                                     serves malicious JavaScript. This is
+                                                     recommended for security purposes if a
+                                                     --wildcard-access-url is configured.
+                                                     Consumes $CODER_DISABLE_PATH_APPS
+      --experiments strings                          Enable one or more experiments. These are
+                                                     not ready for production. Separate
+                                                     multiple experiments with commas, or
+                                                     enter '*' to opt-in to all available
+                                                     experiments.
+                                                     Consumes $CODER_EXPERIMENTS
   -h, --help                                         help for server
       --http-address string                          HTTP bind address of the server. Unset to
                                                      disable the HTTP endpoint.

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/audit.go b/coderd/audit.go
@@ -464,6 +464,8 @@ func resourceTypeFromString(resourceTypeString string) string {
 		return resourceTypeString
 	case codersdk.ResourceTypeAPIKey:
 		return resourceTypeString
+	case codersdk.ResourceTypeGroup:
+		return resourceTypeString
 	}
 	return ""
 }

diff --git a/coderd/audit/diff.go b/coderd/audit/diff.go
@@ -16,8 +16,8 @@ type Auditable interface {
 		database.User |
 		database.Workspace |
 		database.GitSSHKey |
-		database.Group |
-		database.WorkspaceBuild
+		database.WorkspaceBuild |
+		database.AuditableGroup
 }
 
 // Map is a map of changed fields in an audited resource. It maps field names to