From 34774bf73cd1706651e4cbf844caa5399a29f4b4 Mon Sep 17 00:00:00 2001
From: Katie Horne <katie@coder.com>
Date: Mon, 13 Sep 2021 12:14:36 -0500
Subject: [PATCH 1/4] chore: add shared security responsibility doc

---
 guides/admin/share-security.md | 87 ++++++++++++++++++++++++++++++++++
 manifest.json                  |  3 ++
 2 files changed, 90 insertions(+)
 create mode 100644 guides/admin/share-security.md

diff --git a/guides/admin/share-security.md b/guides/admin/share-security.md
new file mode 100644
index 000000000..d7c77ff96
--- /dev/null
+++ b/guides/admin/share-security.md
@@ -0,0 +1,87 @@
+---
+title: Shared security responsibility
+description:
+  Learn how Coder and its users carry security-related responsibilities.
+---
+
+To guarantee the security of the Coder workspace, which includes the entire
+ecosystem of components needed to support the developer's user experience,
+several parties must carry different responsibilities. While this is not an
+exhaustive list, this article lists the security responsibilities for both Coder
+and its users (specifically the site admin/site managers).
+
+There are two categories of integration points for a Coder workspace:
+
+1. Kubernetes and networking
+1. External tie-ins (authentication, container registries, Git providers, etc.)
+
+## Kubernetes and networking
+
+Like most software, Coder depends on the system on which it is installed to
+provide some security boundaries. Coder is installed onto Kubernetes clusters
+and includes expectations of how to cluster is configured. As such, changes to
+the following aspects of your cluster may impact Coder's security and
+performance:
+
+- Storage
+  - Quotas
+  - Encryption
+  - Cloud access to volumes
+  - Depletion as denial of service
+    - PVC
+    - Ephemeral
+  - Networking
+    - Encryption (mTLS)
+      - Certificates
+        - TLS certificates presented by `coderd`
+        - TLS certificats presented by the applications with which Coder
+          interacts
+    - Boundaries (e.g., network policies)
+    - External interactions (ingress and egress)
+    - IP address depletion as denial of service
+      - Each workspace gets an IP address in the `pod` subset
+      - Each dev URL gets an IP address in the `services` subnet
+  - Kubernetes roles
+    - Service accounts for Coder to create pods
+    - Cluster admins (use of cluster admins can pose a security risk)
+    - Cloud access to the control plane
+  - Node security
+    - Upgrades to keep up with Kubernetes
+    - Access to node user accounts
+    - Cloud access to nodes
+
+### Recommendations
+
+We recommend that you **deploy Coder to its own cluster**. With this option, the
+security boundary is around the cluster, so things like PVC access, password
+resets, and database access are clearly actions taken against Coder. Cluster
+admins can perform any necessary action, while all others are constrained by
+their Coder role.
+
+Though you can deploy Coder to a shared cluster, the security boundary is
+threaded through the components mentioned in the section above due to the
+multiple applications present in the cluster.
+
+## External tie-ins
+
+Coder makes assumptions about how the following tie-ins are configured when
+deploying security controls:
+
+- Authentication provider
+  - Changing the authentication provider settings can render Coder insecure
+  - Site admins could convert a user authenticating via OIDC to built-in,
+    allowing the admin to impersonate the user
+- Container registry
+  - The registry account used to add the registry should be a specific
+    Coder-only account so that Coder users can only pull approved images
+  - CVMs can only pull unauthenticated containers, which means that any user can
+    reference any container within the registry
+- Git provider
+  - OAuth linkage allows Coder admins to perform actions as the linked Git user
+  - SSH keys generated by Coder and added to workspaces can be used to
+    facilitate 2FA to Coder via GitLab
+  - Git integration request both SSH and HTTPS access to function
+  - Access to all user repos must be added to a Coder workspace to clone private
+    dotfiles repos
+  - Coder doesn't allow the linking of multiple Git providers of the same type
+  - Disabling the OAuth linking account may cause a denial of service
diff --git a/manifest.json b/manifest.json
index ced8d3f52..32c2eda3c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -315,6 +315,9 @@
             {
               "path": "./guides/admin/oidc-okta.md"
             },
+            {
+              "path": "./guides/admin/shared-security.md"
+            },
             {
               "path": "./guides/admin/usage-monitoring.md"
             }

From ba92bf85f627a49ba2c74f9f7ec1b0574202dd4b Mon Sep 17 00:00:00 2001
From: Ben Potter <ben@coder.com>
Date: Mon, 13 Sep 2021 23:54:09 +0000
Subject: [PATCH 2/4] add docs 404 check

---
 .github/workflows/preview.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/preview.yaml b/.github/workflows/preview.yaml
index c6c86a39e..d34b5cd20 100644
--- a/.github/workflows/preview.yaml
+++ b/.github/workflows/preview.yaml
@@ -61,6 +61,14 @@ jobs:
           VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
           CODER_DOCS_MAIN_BRANCH: ${{ github.event.pull_request.head.sha }}
 
+      # This ensures the docs site is built properly
+      # as it will sometimes throw a 404 or 500
+      # error if Markdown/parsing errors are present
+      - name: Check docs
+        run: yarn ts-node ./product/coder.com/site/scripts/checkDocs.ts
+        env:
+          BASE_URL: ${{ steps.preview.outputs.url }}
+
       - name: Update Deployment
         # If we don't specify always, it won't run this check if failed.
         # This means the deployment would be stuck pending.

From 532c1b89ea598b80cc0b3aee0094f6ba6bca4fb1 Mon Sep 17 00:00:00 2001
From: Ben Potter <ben@coder.com>
Date: Tue, 14 Sep 2021 00:12:18 +0000
Subject: [PATCH 3/4] install dependencies

---
 .github/workflows/preview.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/preview.yaml b/.github/workflows/preview.yaml
index d34b5cd20..9fb27ffff 100644
--- a/.github/workflows/preview.yaml
+++ b/.github/workflows/preview.yaml
@@ -64,6 +64,8 @@ jobs:
       # This ensures the docs site is built properly
       # as it will sometimes throw a 404 or 500
       # error if Markdown/parsing errors are present
+      - name: Install node_modules
+        run: yarn install
       - name: Check docs
         run: yarn ts-node ./product/coder.com/site/scripts/checkDocs.ts
         env:

From 51fbc9df2259b22a1df3de3d5cd3cb5e35586cff Mon Sep 17 00:00:00 2001
From: Ben Potter <ben@coder.com>
Date: Tue, 14 Sep 2021 00:35:23 +0000
Subject: [PATCH 4/4] Revert "Merge remote-tracking branch
 'origin/katiehorne/ch14532' into bpmct/detect-docs-404"

This reverts commit 9cecf221afc2ff75ecc2c67ddd111bfdb98ee6c0, reversing
changes made to 532c1b89ea598b80cc0b3aee0094f6ba6bca4fb1.
---
 guides/admin/share-security.md | 87 ----------------------------------
 manifest.json                  |  3 --
 2 files changed, 90 deletions(-)
 delete mode 100644 guides/admin/share-security.md

diff --git a/guides/admin/share-security.md b/guides/admin/share-security.md
deleted file mode 100644
index d7c77ff96..000000000
--- a/guides/admin/share-security.md
+++ /dev/null
@@ -1,87 +0,0 @@
----
-title: Shared security responsibility
-description:
-  Learn how Coder and its users carry security-related responsibilities.
----
-
-To guarantee the security of the Coder workspace, which includes the entire
-ecosystem of components needed to support the developer's user experience,
-several parties must carry different responsibilities. While this is not an
-exhaustive list, this article lists the security responsibilities for both Coder
-and its users (specifically the site admin/site managers).
-
-There are two categories of integration points for a Coder workspace:
-
-1. Kubernetes and networking
-1. External tie-ins (authentication, container registries, Git providers, etc.)
-
-## Kubernetes and networking
-
-Like most software, Coder depends on the system on which it is installed to
-provide some security boundaries. Coder is installed onto Kubernetes clusters
-and includes expectations of how to cluster is configured. As such, changes to
-the following aspects of your cluster may impact Coder's security and
-performance:
-
-- Storage
-  - Quotas
-  - Encryption
-  - Cloud access to volumes
-  - Depletion as denial of service
-    - PVC
-    - Ephemeral
-  - Networking
-    - Encryption (mTLS)
-      - Certificates
-        - TLS certificates presented by `coderd`
-        - TLS certificats presented by the applications with which Coder
-          interacts
-    - Boundaries (e.g., network policies)
-    - External interactions (ingress and egress)
-    - IP address depletion as denial of service
-      - Each workspace gets an IP address in the `pod` subset
-      - Each dev URL gets an IP address in the `services` subnet
-  - Kubernetes roles
-    - Service accounts for Coder to create pods
-    - Cluster admins (use of cluster admins can pose a security risk)
-    - Cloud access to the control plane
-  - Node security
-    - Upgrades to keep up with Kubernetes
-    - Access to node user accounts
-    - Cloud access to nodes
-
-### Recommendations
-
-We recommend that you **deploy Coder to its own cluster**. With this option, the
-security boundary is around the cluster, so things like PVC access, password
-resets, and database access are clearly actions taken against Coder. Cluster
-admins can perform any necessary action, while all others are constrained by
-their Coder role.
-
-Though you can deploy Coder to a shared cluster, the security boundary is
-threaded through the components mentioned in the section above due to the
-multiple applications present in the cluster.
-
-## External tie-ins
-
-Coder makes assumptions about how the following tie-ins are configured when
-deploying security controls:
-
-- Authentication provider
-  - Changing the authentication provider settings can render Coder insecure
-  - Site admins could convert a user authenticating via OIDC to built-in,
-    allowing the admin to impersonate the user
-- Container registry
-  - The registry account used to add the registry should be a specific
-    Coder-only account so that Coder users can only pull approved images
-  - CVMs can only pull unauthenticated containers, which means that any user can
-    reference any container within the registry
-- Git provider
-  - OAuth linkage allows Coder admins to perform actions as the linked Git user
-  - SSH keys generated by Coder and added to workspaces can be used to
-    facilitate 2FA to Coder via GitLab
-  - Git integration request both SSH and HTTPS access to function
-  - Access to all user repos must be added to a Coder workspace to clone private
-    dotfiles repos
-  - Coder doesn't allow the linking of multiple Git providers of the same type
-  - Disabling the OAuth linking account may cause a denial of service
diff --git a/manifest.json b/manifest.json
index 2c419fb0f..10758fb3b 100644
--- a/manifest.json
+++ b/manifest.json
@@ -315,9 +315,6 @@
             {
               "path": "./guides/admin/oidc-okta.md"
             },
-            {
-              "path": "./guides/admin/shared-security.md"
-            },
             {
               "path": "./guides/admin/usage-monitoring.md"
             }