Skip to content

feat(cli): organize flags #6269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 14 commits into from
Closed

feat(cli): organize flags #6269

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
7cd6896
feat(cli): use full terminal width to display flags
ammario Feb 17, 2023
2187947
Categorize flags
ammario Feb 17, 2023
80972d0
Update golden files
ammario Feb 17, 2023
6a70cfb
fixup! Update golden files
ammario Feb 17, 2023
53d17ff
fixup! Update golden files
ammario Feb 17, 2023
77db66d
fixup! Update golden files
ammario Feb 17, 2023
ae42a13
fixup! Update golden files
ammario Feb 17, 2023
9052c01
fixup! Update golden files
ammario Feb 18, 2023
70db9c9
fixup! Update golden files
ammario Feb 18, 2023
1c669c3
fixup! Update golden files
ammario Feb 18, 2023
efed5f7
Remove help
ammario Feb 18, 2023
23a6cb2
fixup! Remove help
ammario Feb 18, 2023
2cda34b
Merge remote-tracking branch 'origin/main' into admin-flags
ammario Feb 19, 2023
d398d9d
Update cli/usage.go
ammario Feb 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fixup! Update golden files
  • Loading branch information
@ammario
ammario committed Feb 17, 2023
commit 53d17ff3e999963077650126aa0e39177dcf5563
4 changes: 4 additions & 0 deletions cli/deployment/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ func newConfig() *codersdk.DeploymentConfig {
Usage: "Disables all rate limits. This is not recommended in production.",
Flag: "dangerous-disable-rate-limits",
Default: false,
Hidden: true,
},
API: &codersdk.DeploymentConfigField[int]{
Name: "API Rate Limit",
Expand All @@ -476,6 +477,7 @@ func newConfig() *codersdk.DeploymentConfig {
EnvOverride: "CODER_API_RATE_LIMIT",
Flag: "api-rate-limit",
Default: 512,
Hidden: true,
},
},
// DEPRECATED: use Experiments instead.
Expand Down Expand Up @@ -538,12 +540,14 @@ func newConfig() *codersdk.DeploymentConfig {
Usage: "Allow workspace apps that are not served from subdomains to be shared. Path-based app sharing is DISABLED by default for security purposes. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. Path-based apps can be disabled entirely with --disable-path-apps for further security.",
Flag: "dangerous-allow-path-app-sharing",
Default: false,
Hidden: true,
},
AllowPathAppSiteOwnerAccess: &codersdk.DeploymentConfigField[bool]{
Name: "DANGEROUS: Allow Site Owners to Access Path Apps",
Usage: "Allow site-owners to access workspace apps from workspaces they do not own. Owners cannot access path-based apps they do not own by default. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. Path-based apps can be disabled entirely with --disable-path-apps for further security.",
Flag: "dangerous-allow-path-app-site-owner-access",
Default: false,
Hidden: true,
},
},
DisablePathApps: &codersdk.DeploymentConfigField[bool]{
Expand Down
5 changes: 3 additions & 2 deletions cli/testdata/coder_agent_--help.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
Usage:
coder agent [flags]

Auth Flags:
--auth string Specify the authentication type to use for the agent.
Consumes $CODER_AGENT_AUTH (default "token")
Operability Flags:
--log-dir string Specify the location for the agent log files.
Consumes $CODER_AGENT_LOG_DIR (default "/tmp")
--pprof-address string The address to serve pprof.
Consumes $CODER_AGENT_PPROF_ADDRESS (default "127.0.0.1:6060")
Other Flags:
--auth string Specify the authentication type to use for the agent.
Consumes $CODER_AGENT_AUTH (default "token")
-h, --help help for agent
--no-reap Do not start a process reaper.

Expand Down
9 changes: 4 additions & 5 deletions cli/testdata/coder_scaletest_create-workspaces_--help.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@ It is recommended that all rate limits are disabled on the server before running
Usage:
coder scaletest create-workspaces [flags]

Networking Flags:
--connect-mode string Mode to use for connecting to the workspace. Can
be 'derp' or 'direct'.
Consumes $CODER_LOADTEST_CONNECT_MODE (default "derp")
Operability Flags:
--trace Whether application tracing data is collected. It
exports to a backend configured by environment
variables. See:
Expand All @@ -18,7 +15,6 @@ Networking Flags:
We recommend keeping this disabled unless we
advise you to enable it.
Consumes $CODER_LOADTEST_TRACE_CODER
Operability Flags:
--trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io using the
provided API key.
Consumes $CODER_LOADTEST_TRACE_HONEYCOMB_API_KEY
Expand Down Expand Up @@ -50,6 +46,9 @@ Other Flags:
--connect-interval duration How long to wait between making requests to the
--connect-url once the connection is established.
Consumes $CODER_LOADTEST_CONNECT_INTERVAL (default 1s)
--connect-mode string Mode to use for connecting to the workspace. Can
be 'derp' or 'direct'.
Consumes $CODER_LOADTEST_CONNECT_MODE (default "derp")
--connect-timeout duration Timeout for each request to the --connect-url.
Consumes $CODER_LOADTEST_CONNECT_TIMEOUT (default 5s)
--connect-url string URL to connect to inside the the workspace over
Expand Down
78 changes: 19 additions & 59 deletions cli/testdata/coder_server_--help.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,12 +138,6 @@ Networking Flags:
"tls11", "tls12" or "tls13"
Consumes $CODER_TLS_MIN_VERSION
(default "tls12")
--trace Whether application tracing data is
collected. It exports to a backend
configured by environment variables.
See:
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md
Consumes $CODER_TRACE_ENABLE
--update-check Periodically check for new releases
of Coder and inform the owner. The
check is performed once per day.
Expand All @@ -153,6 +147,19 @@ Networking Flags:
the form "*.example.com".
Consumes $CODER_WILDCARD_ACCESS_URL
Auth Flags:
--disable-password-auth coder server create-admin Disable password authentication.
This is recommended for security
purposes in production deployments
that rely on an identity provider.
Any user with the owner role will be
able to sign in with their password
regardless of this setting to avoid
potential lock out. If you are
locked out of your account, you can
use the coder server create-admin
command to create a new admin user
directly in the database.
Consumes $CODER_DISABLE_PASSWORD_AUTH
--disable-session-expiry-refresh Disable automatic session expiry
bumping due to activity. This forces
all sessions to become invalid after
Expand Down Expand Up @@ -261,6 +268,12 @@ Operability Flags:
address defined by prometheus
address.
Consumes $CODER_PROMETHEUS_ENABLE
--trace Whether application tracing data is
collected. It exports to a backend
configured by environment variables.
See:
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md
Consumes $CODER_TRACE_ENABLE
--trace-honeycomb-api-key string Enables trace exporting to
Honeycomb.io using the provided API
Key.
Expand Down Expand Up @@ -294,65 +307,12 @@ Provisioning Flags:
Consumes
$CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default 10m0s)
Other Flags:
--api-rate-limit int Maximum number of requests per
minute allowed to the API per user,
or per IP address for
unauthenticated users. Negative
values mean no rate limit. Some API
endpoints have separate strict rate
limits regardless of this value to
prevent denial-of-service or brute
force attacks.
Consumes $CODER_API_RATE_LIMIT
(default 512)
--cache-dir string The directory to cache temporary
files. If unspecified and
$CACHE_DIRECTORY is set, it will be
used for compatibility with systemd.
Consumes $CODER_CACHE_DIRECTORY
(default "~/.cache/coder")
--dangerous-allow-path-app-sharing Allow workspace apps that are not
served from subdomains to be shared.
Path-based app sharing is DISABLED
by default for security purposes.
Path-based apps can make requests to
the Coder API and pose a security
risk when the workspace serves
malicious JavaScript. Path-based
apps can be disabled entirely with
--disable-path-apps for further
security.
Consumes
$CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
--dangerous-allow-path-app-site-owner-access Allow site-owners to access
workspace apps from workspaces they
do not own. Owners cannot access
path-based apps they do not own by
default. Path-based apps can make
requests to the Coder API and pose a
security risk when the workspace
serves malicious JavaScript.
Path-based apps can be disabled
entirely with --disable-path-apps
for further security.
Consumes
$CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
--dangerous-disable-rate-limits Disables all rate limits. This is
not recommended in production.
Consumes $CODER_RATE_LIMIT_DISABLE_ALL
--disable-password-auth coder server create-admin Disable password authentication.
This is recommended for security
purposes in production deployments
that rely on an identity provider.
Any user with the owner role will be
able to sign in with their password
regardless of this setting to avoid
potential lock out. If you are
locked out of your account, you can
use the coder server create-admin
command to create a new admin user
directly in the database.
Consumes $CODER_DISABLE_PASSWORD_AUTH
--disable-path-apps Disable workspace apps that are not
served from subdomains. Path-based
apps can make requests to the Coder
Expand Down
29 changes: 19 additions & 10 deletions cli/usage.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,21 +60,22 @@ var flagCategories = []flagCategory{
{
name: "Networking",
matchers: []*regexp.Regexp{
regexp.MustCompile("derp"),
regexp.MustCompile("access-url"),
regexp.MustCompile("http-address"),
regexp.MustCompile("proxy"),
regexp.MustCompile("auth-cookie"),
regexp.MustCompile("strict-transport"),
regexp.MustCompile("tls"),
regexp.MustCompile("telemetry"),
regexp.MustCompile("update-check"),
regexp.MustCompile("-derp"),
regexp.MustCompile("-access-url"),
regexp.MustCompile("-http-address"),
regexp.MustCompile("-proxy"),
regexp.MustCompile("-auth-cookie"),
regexp.MustCompile("-strict-transport"),
regexp.MustCompile("-tls"),
// NOT open-telemetry
regexp.MustCompile("--telemetry"),
regexp.MustCompile("-update-check"),
},
},
{
name: "Auth",
matchers: []*regexp.Regexp{
regexp.MustCompile("oauth2"),
regexp.MustCompile(`-\w*auth`),
regexp.MustCompile("oidc"),
regexp.MustCompile(`-\w*token`),
regexp.MustCompile("session"),
Expand Down Expand Up @@ -127,6 +128,14 @@ func categorizeFlags(usageOutput string) string {
if _, ok := categories[cat.name]; !ok {
categories[cat.name] = &bytes.Buffer{}
}
if os.Getenv("DEBUG_FLAG_CATEGORIZATION") != "" {
_, _ = os.Stderr.WriteString(
fmt.Sprintf(
"--- \n%s\nwas matched by `%s`\n---\n",
currentFlag.String(), matcher.String(),
),
)
}
_, _ = categories[cat.name].WriteString(currentFlag.String())
currentFlag.Reset()
return
Expand Down