Release 1.19 (#313)

greyscaled · web-flow · commit 90ebd16c8fea · 2021-05-20T09:48:25.000-05:00
diff --git a/admin/devurls.md b/admin/devurls.md
@@ -51,3 +51,46 @@ The final step to enabling dev URLs is to update your wildcard DNS record. Get
 the **ingress IP address** using `kubectl --namespace coder get ingress` and
 point your wildcard DNS record (e.g., \*.my-custom-domain.io) to the ingress IP
 address.
+
+## Setting dev URL access permissions
+
+Once you've enabled dev URLs for users, you can set the **maximum access
+level**. To do so, go to **Manage** > **Admin**. On the **Infrastructure** tab,
+scroll down to **Dev URL Access Permissions**.
+
+<table>
+  <tr>
+    <th>Maximum access level</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <th>Public</th>
+    <td>Accessible by anyone with access to the
+    network your cluster is on</td>
+  </tr>
+  <tr>
+    <th>Authenticated</th>
+    <td>Accessible by any authenticated Coder user</td>
+  </tr>
+  <tr>
+    <th>Organization</th>
+    <td>Accessible by anyone in the user's organization</td>
+  </tr>
+  <tr>
+    <th>Private</th>
+    <td>Accessible only by the user</td>
+  </tr>
+</table>
+
+![Setting dev URL permissions](../assets/admin-devurl-permissions.png)
+
+You can set the maximum access level, but developers may choose to restrict
+access further.
+
+For example, if you set the maximum access level as
+**Authenticated**, then any dev URLs created for workspaces in your Coder
+deployment will be accessible to any authenticated Coder user.
+
+The developer, however, can choose to set a stricter permission level (e.g.,
+allowing only those in their organization to use the dev URL). Developers cannot
+choose a more permissive option.
diff --git a/admin/workspace-management/ssh-access.md b/admin/workspace-management/ssh-access.md
@@ -42,7 +42,7 @@ RUN echo "PermitUserWorkspace yes" >> /etc/ssh/sshd_config && \
 ```
 
 Then, make sure that you're creating your workspaces with the
-[CVM option](https://coder.com/docs/workspaces/cvms) enabled.
+[CVM option](../../workspaces/cvms.md) enabled.
 
 > If Coder detects a running TCP server on port 22, it will forward incoming SSH
 > traffic to this server. This means that workspaces should not run a TCP server
@@ -87,7 +87,7 @@ HOSTNAME=dev
 CODER_USERNAME=john
 SSH_AUTH_SOCK=/home/coder/.coder-ssh-agent.sock
 PWD=/home/coder
-CODER_ASSETS_ROOT=/opt/coder
+CODER_ASSETS_ROOT=/var/tmp/coder
 HOME=/home/coder
 LANG=en_US.UTF-8
 CODER_CPU_LIMIT=24.00
@@ -98,9 +98,9 @@ CODER_IMAGE_TAG=latest
 CODER_IMAGE_DIGEST=sha256:1586122346e7d9d64a0c49a28df7538de4c5da5bfe0df672b1552dd52932c9a7
 SERVICE_URL=https://extensions.coder.com/api
 CODER_IMAGE_URI=codercom/enterprise-base:ubuntu
-PATH=/usr/local/google-cloud-sdk/bin:/home/coder/go/bin:/home/linuxbrew/.linuxbrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/coder/coder-cli
+PATH=/usr/local/google-cloud-sdk/bin:/home/coder/go/bin:/home/linuxbrew/.linuxbrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/tmp/coder/coder-cli
 BASE_PATH=/proxy/workspaces/60162f9e-78809dfc9a9e24b8f5e580ff/ide
-_=/opt/coder/envagent
+_=/var/tmp/coder/envagent
 
 # ----------------- END CODER -----------------------
 ```
diff --git a/assets/admin-devurl-permissions.png b/assets/admin-devurl-permissions.png
diff --git a/changelog/1.19.0.md b/changelog/1.19.0.md
@@ -0,0 +1,74 @@
+---
+title: "1.19.0"
+description: "Released on 05/19/2021"
+---
+
+### Breaking changes ❗
+
+- infra: Workspace assets created by Coder that were previously located at
+  `/opt/coder`, such as code-server and coder-cli, have been moved to
+  `/var/tmp/coder`
+- infra: Workspaces as code templates have been updated from version _0.1_ to
+  _0.2_. Existing workspaces using version _0.1_ templates can be rebuilt,
+  but no new workspaces can be created using the old format.
+- web: The workspace as code _Open in Coder_ embeddable button flow no longer
+  includes a _clone_ step; buttons created from prior versions will still work,
+  but Coder will not clone the project. To automate project cloning, use
+  [`workspace.configure.start`](../workspaces/workspaces-as-code/templates.md#workspaceconfigurestart)
+- web: The embedded form for workspaces as code located at **Manage** >
+  **Admin** > **Templates** no longer uses the following fields: **Project
+  Repository URL** and **Project Git Service**
+
+### Features ✨
+
+- web: Introduced resource quotas to organizations. Resource quotas define the
+  maximum resource utilization allowable for each member within an organization
+  for which such quotas are enabled. Modify them at **Manage** >
+  **Organizations** > **Edit Organization**
+- web: Added a reactivation step for returning users that had been marked as
+  dormant. The reactivation step requires the user to agree to use a license
+  seat
+- web: Added an admin setting controlling the maximum dev URL access level
+  across all workspaces within the deployment. Modify the maximum dev URL access
+  level at **Manage** > **Admin** > **Infrastructure** in the card titled **Dev
+  URL Access Permissions**
+- web: The CVM option will be selected by default when creating a custom
+  environment (if CVMs are enabled at the site level)
+- web: Improved display and support for errors returned by an Identity Provider
+  (IdP) during sign-in
+- infra: Changed permissions of `/home/coder/` and subdirectories to _755_ in
+  control plane containers to support OpenShift `anyuid`
+- infra: Workspace builds are now properly validated when setting policy
+  templates
+- code-server: Upgraded code-server to 3.10.1 (latest version)
+
+### Bug fixes 🐛
+
+- web: Fixed issue where the **Edit Workspace** dialog showed the resource
+  selectors as disabled while still allowing modifications
+- web: Fixed issue where the **Edit Workspace** dialog displayed resource
+  allocation incorrectly if the workspace was initially built using a template
+- web: Updated validation logic so that workspaces with invalid names can no
+  longer be created
+- web: Fixed issue causing web-based terminals to show two scrollbars and
+  overflowing content when system banners are present
+- infra: Fixed issue causing workspace autostart to stop or fail intermittently
+- web: Fixed issue in the **Audit Logs** preventing users from clearing the
+  filters
+- web: Added a _.csv_ extension to exported audit logs
+
+### Security updates 🔐
+
+- web: Upgraded version of `next` to 10.2.0.
+- web: Upgraded and addressed CVE-2021-21306 in `marked`.
+- web: Upgraded and addressed Fix CVE-2021-23368 in `postcss`.
+- web: Client secret is now omitted from `GET` requests to OAuth configurations.
+- web: When authenticating with the CLI, a new API key is always generated.
+- web: Fixed authentication for the _watch-update_ workspace endpoint. This was
+  previously open to any authenticated user
+- web: Fixed issue where audit logs for **workspace auto-off** was always
+  attributed to the site admin; the audit log has been corrected to display the
+  user owning the workspace.
+- infra: Increased the minimum requirement for inbound and outbound connections
+  to TLS 1.2
+- infra: Added debug logs to show TLS certificates
diff --git a/guides/troubleshooting/inotify-watch-limits.md b/guides/troubleshooting/inotify-watch-limits.md
@@ -78,9 +78,9 @@ $ ./inotify-consumers
    WATCHER
     COUNT     PID USER     COMMAND
 --------------------------------------
-     269   254560 coder    /opt/coder/code-server/lib/node /opt/coder/code-server/lib/vscode/out/bootstrap-fork --type=watcherService
-       5     1722 coder    /opt/coder/code-server/lib/node /opt/coder/code-server/lib/vscode/out/vs/server/fork
-       2   254538 coder    /opt/coder/code-server/lib/node /opt/coder/code-server/lib/vscode/out/bootstrap-fork --type=extensionHost
+     269   254560 coder    /var/tmp/coder/code-server/lib/node /var/tmp/coder/code-server/lib/vscode/out/bootstrap-fork --type=watcherService
+       5     1722 coder    /var/tmp/coder/code-server/lib/node /var/tmp/coder/code-server/lib/vscode/out/vs/server/fork
+       2   254538 coder    /var/tmp/coder/code-server/lib/node /var/tmp/coder/code-server/lib/vscode/out/bootstrap-fork --type=extensionHost
        2     1507 coder    gpg-agent --homedir /home/coder/.gnupg --use-standard-socket --daemon
 
      278  WATCHERS TOTAL COUNT
diff --git a/images/configure.md b/images/configure.md
@@ -200,6 +200,6 @@ coder urls create $CODER_WORKSPACE_NAME 3000 --name webapp
        cp settings.json /home/coder/.local/share/code-server/User/settings.json
 
        # Install extensions
-       /opt/coder/code-server/bin/code-server --install-extension esbenp.prettier-vscode
+       /var/tmp/coder/code-server/bin/code-server --install-extension esbenp.prettier-vscode
    fi
    ```
diff --git a/manifest.json b/manifest.json
@@ -349,6 +349,9 @@
     {
       "path": "./changelog/index.md",
       "children": [
+        {
+          "path": "./changelog/1.19.0.md"
+        },
         {
           "path": "./changelog/1.18.1.md"
         },
diff --git a/setup/air-gapped/index.md b/setup/air-gapped/index.md
@@ -78,8 +78,6 @@ platform images are hosted in Coder's Docker Hub repo.
 
    [envbox](https://hub.docker.com/r/coderenvs/envbox)
 
-   [envbuilder](https://hub.docker.com/r/coderenvs/envbuilder)
-
    [timescale](https://hub.docker.com/r/coderenvs/timescale) (**Note**: We
    recommend you only use timescale for evaluation purposes if you don't have an
    external PostgreSQL database available. For production workspaces, we strong
@@ -148,7 +146,6 @@ platform images are hosted in Coder's Docker Hub repo.
    helm --namespace coder install coder /path/to/coder-X.Y.Z.tgz \
    --set cemanager.image=my-registry.com/coderenvs/coder-service:<version> \
    --set envproxy.image=my-registry.com/coderenvs/coder-service:<version> \
-   --set envbuilder.image=my-registry.com/coderenvs/envbuilder:<version> \
    --set timescale.image=my-registry.com/coderenvs/timescale:<version> \
    --set dashboard.image=my-registry.com/coderenvs/dashboard:<version> \
    --set envbox.image=my-registry.com/coderenvs/envbox:<version>
@@ -162,7 +159,6 @@ platform images are hosted in Coder's Docker Hub repo.
       --set cemanager.image=$REGISTRY_DOMAIN_NAME/coderenvs/coder-service:<version> \
       --set envproxy.image=$REGISTRY_DOMAIN_NAME/coderenvs/coder-service:<version> \
       --set envbox.image=$REGISTRY_DOMAIN_NAME/coderenvs/envbox:<version> \
-      --set envbuilder.image=$REGISTRY_DOMAIN_NAME/coderenvs/envbuilder:<version> \
       --set timescale.image=$REGISTRY_DOMAIN_NAME/coderenvs/timescale:<version> \
       --set dashboard.image=$REGISTRY_DOMAIN_NAME/coderenvs/dashboard:<version> \
       -f registry-cert-values.yml
diff --git a/workspaces/cvms.md b/workspaces/cvms.md
@@ -23,8 +23,8 @@ By choosing this option, your workspace behaves like a VM or raw host, yet
 retains the image, security, and performance properties of typical containers.
 
 To create a workspace capable of securely running system-level applications like
-Docker, check the `Run as Container-based Virtual Machine` box when you create a
-new workspace.
+Docker, make sure that the `Run as Container-based Virtual Machine` box is
+checked when you create a new workspace (it should be enabled by default).
 
 ![Create CVM](../assets/cvm-create.png)
 
diff --git a/workspaces/getting-started.md b/workspaces/getting-started.md
@@ -37,10 +37,14 @@ image, and runs custom configuration on startup. Learn about the
 
 ### Advanced
 
-Coder provides advanced settings that allow you to customize your workspace. You
-can choose to run your workspace as a
-[Container-based virtual machine](cvms.md), specifying the resources Coder
-should allocate.
+Coder provides advanced settings that allow you to customize your workspace.
+
+If your Coder deployment has [container-based virtual machines
+enabled](../admin/workspace-management/cvms.md), Coder creates your workspace as
+a [CVMs](cvms.md) by default (you can opt-out of this setting by unchecking the
+**Run as Container-based Virtual Machine** box).
+
+You can also specify the resources Coder should allocate.
 
 > By default, Coder allocates resources (CPU Cores, Memory, and Disk Space)
 > based on the parent image.
diff --git a/workspaces/workspaces-as-code/templates.md b/workspaces/workspaces-as-code/templates.md

Original file line number	Diff line number	Diff line change
`@@ -349,6 +349,9 @@`
`349`	`349`	`{`
`350`	`350`	`"path": "./changelog/index.md",`
`351`	`351`	`"children": [`
	`352`	`+ {`
	`353`	`+ "path": "./changelog/1.19.0.md"`
	`354`	`+ },`
`352`	`355`	`{`
`353`	`356`	`"path": "./changelog/1.18.1.md"`
`354`	`357`	`},`