From 9da511a322251790b44e98f95f581f1dc402111d Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Wed, 20 Mar 2024 12:34:20 +0000 Subject: [PATCH 01/26] fix: the extension should get a session Signed-off-by: vitaliy-guliy --- code/src/vs/workbench/api/browser/mainThreadAuthentication.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index b3ebdd940c3..a7d2e84cb79 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -233,6 +233,8 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } // passive flows (silent or default) + // ( turn off the silent to allow the extensions to get a session ) + options.silent = false; if (!options.silent) { // If there is a potential session, but the extension doesn't have access to it, use the "grant access" flow, // otherwise request a new one. From 10c6de2f07ddef1217d09f1f9b9d8c6ea7cf10d4 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Wed, 20 Mar 2024 14:40:48 +0000 Subject: [PATCH 02/26] add extra output Signed-off-by: vitaliy-guliy --- code/src/vs/workbench/api/browser/mainThreadAuthentication.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index a7d2e84cb79..303dcc3cdca 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -152,6 +152,8 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } private async doGetSession(providerId: string, scopes: string[], extensionId: string, extensionName: string, options: AuthenticationGetSessionOptions): Promise { + console.log(`>> extension [${extensionId}] wants to get a session. Provider [${providerId}], scopes [${scopes? scopes.toString() : 'default'}] options [${options ? JSON.stringify(options) : 'undefined'}]`); + const sessions = await this.authenticationService.getSessions(providerId, scopes, true); const provider = this.authenticationService.getProvider(providerId); From b73af0da3d908097e1d00cd3ce1420980cfb4114 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Wed, 20 Mar 2024 16:23:47 +0000 Subject: [PATCH 03/26] update Signed-off-by: vitaliy-guliy --- code/src/vs/workbench/api/browser/mainThreadAuthentication.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index 303dcc3cdca..3fb6f2d63d0 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -235,8 +235,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } // passive flows (silent or default) - // ( turn off the silent to allow the extensions to get a session ) - options.silent = false; + console.log(` > sessions.length ${sessions.length}`); if (!options.silent) { // If there is a potential session, but the extension doesn't have access to it, use the "grant access" flow, // otherwise request a new one. From 206d69054ad0ab6fe2c18521e3e31c207f0c6373 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 21 Mar 2024 13:40:42 +0000 Subject: [PATCH 04/26] update --- code/product.json | 4 ++++ code/src/vs/workbench/api/browser/mainThreadAuthentication.ts | 1 + .../authentication/browser/authenticationAccessService.ts | 1 + 3 files changed, 6 insertions(+) diff --git a/code/product.json b/code/product.json index 90522f449b0..b7496b8e7b1 100644 --- a/code/product.json +++ b/code/product.json @@ -98,6 +98,10 @@ "textSearchProvider" ] }, + "trustedExtensionAuthAccess": [ + "github.copilot", + "github.copilot-chat" + ], "sendASmile": { "reportIssueUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml", "requestFeatureUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fenhancement&template=enhancement.yaml" diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index 3fb6f2d63d0..981b645d924 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -247,6 +247,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } async $getSession(providerId: string, scopes: string[], extensionId: string, extensionName: string, options: AuthenticationGetSessionOptions): Promise { + console.log(`>> $getSession. providerId:[${providerId}], scopes:[${scopes.toString()}], extensionId:[${extensionId}], options:[${JSON.stringify(scopes)}]`); const session = await this.doGetSession(providerId, scopes, extensionId, extensionName, options); if (session) { diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts index 565821fcb50..010814fecf4 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts @@ -46,6 +46,7 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti } isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean | undefined { + console.log(`>> isAccessAllowed. providerId [${providerId}], accountName [${accountName}] extensionId [${extensionId}]`); const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess; if (Array.isArray(trustedExtensionAuthAccess)) { if (trustedExtensionAuthAccess.includes(extensionId)) { From 6b8ec4e58b87193cc8a5994996bf2bd9dc66f91a Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 21 Mar 2024 15:31:30 +0000 Subject: [PATCH 05/26] update --- code/src/vs/workbench/api/browser/mainThreadAuthentication.ts | 2 +- code/src/vs/workbench/api/common/extHostAuthentication.ts | 1 + .../authentication/browser/authenticationAccessService.ts | 3 +++ .../services/authentication/browser/authenticationService.ts | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index 981b645d924..09b7585bf14 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -247,7 +247,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } async $getSession(providerId: string, scopes: string[], extensionId: string, extensionName: string, options: AuthenticationGetSessionOptions): Promise { - console.log(`>> $getSession. providerId:[${providerId}], scopes:[${scopes.toString()}], extensionId:[${extensionId}], options:[${JSON.stringify(scopes)}]`); + console.log(`>> $getSession. providerId:[${providerId}], scopes:[${scopes.toString()}], extensionId:[${extensionId}], options:[${JSON.stringify(options)}]`); const session = await this.doGetSession(providerId, scopes, extensionId, extensionName, options); if (session) { diff --git a/code/src/vs/workbench/api/common/extHostAuthentication.ts b/code/src/vs/workbench/api/common/extHostAuthentication.ts index 1c562edf76a..a92cce3ed98 100644 --- a/code/src/vs/workbench/api/common/extHostAuthentication.ts +++ b/code/src/vs/workbench/api/common/extHostAuthentication.ts @@ -74,6 +74,7 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { } registerAuthenticationProvider(id: string, label: string, provider: vscode.AuthenticationProvider, options?: vscode.AuthenticationProviderOptions): vscode.Disposable { + console.log(`>>> extHostAuthentication :: registerAuthenticationProvider id [${id}], label [${label}]`); if (this._authenticationProviders.get(id)) { throw new Error(`An authentication provider with id '${id}' is already registered.`); } diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts index 010814fecf4..c14569d5242 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts @@ -50,15 +50,18 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess; if (Array.isArray(trustedExtensionAuthAccess)) { if (trustedExtensionAuthAccess.includes(extensionId)) { + console.log(' > return TRUE'); return true; } } else if (trustedExtensionAuthAccess?.[providerId]?.includes(extensionId)) { + console.log(' > return TRUE [2]'); return true; } const allowList = this.readAllowedExtensions(providerId, accountName); const extensionData = allowList.find(extension => extension.id === extensionId); if (!extensionData) { + console.log(' > return UNDEFINED'); return undefined; } // This property didn't exist on this data previously, inclusion in the list at all indicates allowance diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationService.ts index 6c22b70cd63..c21a6402fc6 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationService.ts @@ -113,6 +113,8 @@ export class AuthenticationService extends Disposable implements IAuthentication } registerAuthenticationProvider(id: string, authenticationProvider: IAuthenticationProvider): void { + console.log(`>>> authenticationService :: registerAuthenticationProvider id [${id}], provider.label [${authenticationProvider.label}]`); + this._authenticationProviders.set(id, authenticationProvider); const disposableStore = new DisposableStore(); disposableStore.add(authenticationProvider.onDidChangeSessions(e => this._onDidChangeSessions.fire({ From 15de59e2b376d9bcc547612c1c9f43501bd00c34 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 22 Mar 2024 16:14:51 +0000 Subject: [PATCH 06/26] update Signed-off-by: vitaliy-guliy --- code/product.json | 4 - launcher/src/main.ts | 2 + launcher/src/product-json.ts | 13 ++ launcher/src/trusted-extensions.ts | 103 ++++++++++++ launcher/tests/trusted-extensions.spec.ts | 186 ++++++++++++++++++++++ 5 files changed, 304 insertions(+), 4 deletions(-) create mode 100644 launcher/src/trusted-extensions.ts create mode 100644 launcher/tests/trusted-extensions.spec.ts diff --git a/code/product.json b/code/product.json index b7496b8e7b1..90522f449b0 100644 --- a/code/product.json +++ b/code/product.json @@ -98,10 +98,6 @@ "textSearchProvider" ] }, - "trustedExtensionAuthAccess": [ - "github.copilot", - "github.copilot-chat" - ], "sendASmile": { "reportIssueUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml", "requestFeatureUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fenhancement&template=enhancement.yaml" diff --git a/launcher/src/main.ts b/launcher/src/main.ts index 3fc22d248b8..90b33d4972b 100644 --- a/launcher/src/main.ts +++ b/launcher/src/main.ts @@ -12,6 +12,7 @@ import { CodeWorkspace } from './code-workspace'; import { DevWorkspaceId } from './devworkspace-id'; import { NodeExtraCertificate } from './node-extra-certificate'; import { OpenVSIXRegistry } from './openvsix-registry'; +import { TrustedExtensions } from './trusted-extensions'; import { VSCodeLauncher } from './vscode-launcher'; import { WebviewResources } from './webview-resources'; @@ -27,6 +28,7 @@ export class Main { await new OpenVSIXRegistry().configure(); await new WebviewResources().configure(); await new NodeExtraCertificate().configure(); + await new TrustedExtensions().configure(); const workspaceFile = await new CodeWorkspace().generate(); diff --git a/launcher/src/product-json.ts b/launcher/src/product-json.ts index bbd1a46fe2a..8419ad60ec9 100644 --- a/launcher/src/product-json.ts +++ b/launcher/src/product-json.ts @@ -12,6 +12,10 @@ import * as fs from './fs-extra'; const PRODUCT_JSON = 'product.json'; +export interface AuthAccessRecord { + [key: string]: string[]; +} + export class ProductJSON { private json: any; @@ -89,4 +93,13 @@ export class ProductJSON { gallery.itemUrl = url; } + + getTrustedExtensionAuthAccess(): string[] | AuthAccessRecord | undefined { + return this.json.trustedExtensionAuthAccess; + } + + setTrustedExtensionAuthAccess(trustedExtensionAuthAccess: string[] | AuthAccessRecord | undefined) { + this.json.trustedExtensionAuthAccess = trustedExtensionAuthAccess; + } + } diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts new file mode 100644 index 00000000000..e2de87edad2 --- /dev/null +++ b/launcher/src/trusted-extensions.ts @@ -0,0 +1,103 @@ +/********************************************************************** + * Copyright (c) 2023 Red Hat, Inc. + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + ***********************************************************************/ + +import { env } from 'process'; +import { ProductJSON } from './product-json'; + +export class TrustedExtensions { + async configure(): Promise { + console.log('# Configuring Trusted Extensions...'); + + if (env.TRUSTED_EXTENSIONS === undefined) { + console.log(' > env.TRUSTED_EXTENSIONS is not set, skip this step'); + return; + } + + try { + const extensions = env.TRUSTED_EXTENSIONS.split(','); + console.log(`> extensions: ${extensions.length}`); + + if (!extensions.length) { + console.log(' > env.TRUSTED_EXTENSIONS is empty, skip this step'); + return; + } + + for (const e of extensions) { + console.log(` > extension ${e}`); + } + + const productJSON = await new ProductJSON().load(); + let productJSONChanged = false; + + let access = productJSON.getTrustedExtensionAuthAccess(); + if (access === undefined) { + + console.log('> access is UNDEFINED'); + access = []; + access.push(...extensions); + console.log(`> access [${access.toString()}]`); + productJSON.setTrustedExtensionAuthAccess(access); + productJSONChanged = true; + + } else if (Array.isArray(access)) { + + console.log('>> access is ARRAY'); + + for (const e of extensions) { + if (!access.includes(e)) { + access.push(e); + productJSONChanged = true; + } + } + + console.log(`> access [${access.toString()}]`); + } else { + + console.log(`>> access is not an ARRAY. Type is: ${typeof access}`); + + const newList: string[] = []; + + for (const key of Object.keys(access)) { + console.log(`>>> key [${key}]`); + for (const e of access[key]) { + console.log(` > extension [${e}]`); + if (!newList.includes(e)) { + newList.push(e); + } + } + } + + console.log('> combined extensions'); + for (const e of newList) { + console.log(` > extension [${e}]`); + } + + // add missing + for (const e of extensions) { + if (!newList.includes(e)) { + newList.push(e); + productJSONChanged = true; + } + } + + if (productJSONChanged) { + productJSON.setTrustedExtensionAuthAccess(newList); + } + + } + + if (productJSONChanged) { + await productJSON.save(); + } + } catch (err) { + console.error(`${err.message} Failure to configure OpenVSIX registry.`); + } + } +} diff --git a/launcher/tests/trusted-extensions.spec.ts b/launcher/tests/trusted-extensions.spec.ts new file mode 100644 index 00000000000..53a359d7ba0 --- /dev/null +++ b/launcher/tests/trusted-extensions.spec.ts @@ -0,0 +1,186 @@ +/********************************************************************** + * Copyright (c) 2023 Red Hat, Inc. + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + ***********************************************************************/ + +import { env } from 'process'; +import * as fs from '../src/fs-extra'; + +import { TrustedExtensions } from '../src/trusted-extensions'; + +const PRODUCT_JSON_SIMPLE = `{ + "version": "1.0.0" +}`; + +const PRODUCT_JSON_TWO_EXTENSIONS = `{ + "version": "1.0.0", + "trustedExtensionAuthAccess": [ + "redhat.yaml", + "redhat.openshift" + ] +}`; + +const PRODUCT_JSON_THREE_EXTENSIONS = `{ + "version": "1.0.0", + "trustedExtensionAuthAccess": [ + "redhat.yaml", + "redhat.openshift", + "devfile.vscode-devfile" + ] +}`; + +const PRODUCT_JSON_WITH_EXTENSIONS_ALTERNATIVE = `{ + "version": "1.0.0", + "trustedExtensionAuthAccess": { + "github": [ + "redhat.yaml" + ], + "gitlab": [ + "redhat.yaml", + "redhat.openshift", + "devfile.vscode-devfile" + ] + } +}`; + +const PRODUCT_JSON_WITH_FOUR_EXTENSIONS = `{ + "version": "1.0.0", + "trustedExtensionAuthAccess": [ + "redhat.yaml", + "redhat.openshift", + "devfile.vscode-devfile", + "redhat.vscode-xml" + ] +}`; + +describe('Test Configuring of Trusted Extensions Auth Access:', () => { + const originalReadFile = fs.readFile; + const originalWriteFile = fs.writeFile; + + beforeEach(() => { + delete env.TRUSTED_EXTENSIONS_AUTH_ACCESS; + + Object.assign(fs, { + readFile: originalReadFile, + writeFile: originalWriteFile, + }); + }); + + test('should skip if TRUSTED_EXTENSIONS is not set', async () => { + const readFileMock = jest.fn(); + Object.assign(fs, { + readFile: readFileMock, + writeFile: jest.fn(), + }); + + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(readFileMock).toBeCalledTimes(0); + }); + + test('should add new trustedExtensionAuthAccess:array section', async () => { + env.TRUSTED_EXTENSIONS = 'redhat.yaml,redhat.openshift'; + + let savedProductJson; + + Object.assign(fs, { + readFile: async (file: string) => { + if ('product.json' === file) { + return PRODUCT_JSON_SIMPLE; + } + }, + + writeFile: async (file: string, data: string) => { + if ('product.json' === file) { + savedProductJson = data; + } + }, + }); + + // test + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(savedProductJson).toBe(PRODUCT_JSON_TWO_EXTENSIONS); + }); + + test('should add extensions to existing trustedExtensionAuthAccess:array section', async () => { + env.TRUSTED_EXTENSIONS = 'devfile.vscode-devfile'; + + let savedProductJson; + + Object.assign(fs, { + readFile: async (file: string) => { + if ('product.json' === file) { + return PRODUCT_JSON_TWO_EXTENSIONS; + } + }, + + writeFile: async (file: string, data: string) => { + if ('product.json' === file) { + savedProductJson = data; + } + }, + }); + + // test + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(savedProductJson).toBe(PRODUCT_JSON_THREE_EXTENSIONS); + }); + + test('should NOT add extensions to trustedExtensionAuthAccess:array section if extensions is already in the list', async () => { + env.TRUSTED_EXTENSIONS = 'redhat.openshift'; + + const writeFileMock = jest.fn(); + Object.assign(fs, { + readFile: async (file: string) => { + if ('product.json' === file) { + return PRODUCT_JSON_TWO_EXTENSIONS; + } + }, + + writeFile: writeFileMock + }); + + // test + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(writeFileMock).not.toHaveBeenCalled(); + }); + + test('should replace trustedExtensionAuthAccess object on array and add extensions', async () => { + env.TRUSTED_EXTENSIONS = 'devfile.vscode-devfile,redhat.vscode-xml'; + + let savedProductJson; + + Object.assign(fs, { + readFile: async (file: string) => { + if ('product.json' === file) { + return PRODUCT_JSON_WITH_EXTENSIONS_ALTERNATIVE; + } + }, + + writeFile: async (file: string, data: string) => { + if ('product.json' === file) { + savedProductJson = data; + } + }, + }); + + // test + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(savedProductJson).toBe(PRODUCT_JSON_WITH_FOUR_EXTENSIONS); + }); + +}); From 7d27351caeee019c474fe5d12d4b13c87c940efa Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 22 Mar 2024 18:15:05 +0000 Subject: [PATCH 07/26] update Signed-off-by: vitaliy-guliy --- launcher/src/product-json.ts | 1 - launcher/src/trusted-extensions.ts | 5 ----- launcher/tests/trusted-extensions.spec.ts | 3 +-- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/launcher/src/product-json.ts b/launcher/src/product-json.ts index 8419ad60ec9..5185f70d32a 100644 --- a/launcher/src/product-json.ts +++ b/launcher/src/product-json.ts @@ -101,5 +101,4 @@ export class ProductJSON { setTrustedExtensionAuthAccess(trustedExtensionAuthAccess: string[] | AuthAccessRecord | undefined) { this.json.trustedExtensionAuthAccess = trustedExtensionAuthAccess; } - } diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index e2de87edad2..ff3a1333a05 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -38,16 +38,13 @@ export class TrustedExtensions { let access = productJSON.getTrustedExtensionAuthAccess(); if (access === undefined) { - console.log('> access is UNDEFINED'); access = []; access.push(...extensions); console.log(`> access [${access.toString()}]`); productJSON.setTrustedExtensionAuthAccess(access); productJSONChanged = true; - } else if (Array.isArray(access)) { - console.log('>> access is ARRAY'); for (const e of extensions) { @@ -59,7 +56,6 @@ export class TrustedExtensions { console.log(`> access [${access.toString()}]`); } else { - console.log(`>> access is not an ARRAY. Type is: ${typeof access}`); const newList: string[] = []; @@ -90,7 +86,6 @@ export class TrustedExtensions { if (productJSONChanged) { productJSON.setTrustedExtensionAuthAccess(newList); } - } if (productJSONChanged) { diff --git a/launcher/tests/trusted-extensions.spec.ts b/launcher/tests/trusted-extensions.spec.ts index 53a359d7ba0..ff59d1b34e3 100644 --- a/launcher/tests/trusted-extensions.spec.ts +++ b/launcher/tests/trusted-extensions.spec.ts @@ -147,7 +147,7 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { } }, - writeFile: writeFileMock + writeFile: writeFileMock, }); // test @@ -182,5 +182,4 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(savedProductJson).toBe(PRODUCT_JSON_WITH_FOUR_EXTENSIONS); }); - }); From f0ff5747445a1144c42724e2b6d5e73dce1aad20 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 22 Mar 2024 20:10:57 +0000 Subject: [PATCH 08/26] update Signed-off-by: vitaliy-guliy --- build/scripts/entrypoint-volume.sh | 2 ++ .../authentication/browser/authenticationAccessService.ts | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh index 2c60f4ac52a..e5527d60121 100755 --- a/build/scripts/entrypoint-volume.sh +++ b/build/scripts/entrypoint-volume.sh @@ -118,5 +118,7 @@ fi echo "[INFO] Node.js dir for running VS Code: $VSCODE_NODEJS_RUNTIME_DIR" +cp product.json product.json.backup + # Run launcher "$VSCODE_NODEJS_RUNTIME_DIR/node" ./launcher/entrypoint.js diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts index c14569d5242..8c92f31db81 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts @@ -48,12 +48,18 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean | undefined { console.log(`>> isAccessAllowed. providerId [${providerId}], accountName [${accountName}] extensionId [${extensionId}]`); const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess; + if (Array.isArray(trustedExtensionAuthAccess)) { + console.log(' > productService.trustedExtensionAuthAccess is ARRAY'); + console.log(` > array [${trustedExtensionAuthAccess.toString()}]`); + if (trustedExtensionAuthAccess.includes(extensionId)) { console.log(' > return TRUE'); return true; } } else if (trustedExtensionAuthAccess?.[providerId]?.includes(extensionId)) { + console.log(' > productService.trustedExtensionAuthAccess is OBJECT'); + console.log(' > return TRUE [2]'); return true; } From 042fbc1b42a0c7e12154b6f8adfe388ca0d57927 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 22 Mar 2024 22:17:06 +0000 Subject: [PATCH 09/26] update Signed-off-by: vitaliy-guliy --- build/scripts/entrypoint-volume.sh | 3 +++ .../authentication/browser/authenticationAccessService.ts | 1 + 2 files changed, 4 insertions(+) diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh index e5527d60121..4292262b3c7 100755 --- a/build/scripts/entrypoint-volume.sh +++ b/build/scripts/entrypoint-volume.sh @@ -118,6 +118,9 @@ fi echo "[INFO] Node.js dir for running VS Code: $VSCODE_NODEJS_RUNTIME_DIR" +echo +echo '------------------------------------------------------------' +ls -la cp product.json product.json.backup # Run launcher diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts index 8c92f31db81..6683cf25918 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts @@ -48,6 +48,7 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean | undefined { console.log(`>> isAccessAllowed. providerId [${providerId}], accountName [${accountName}] extensionId [${extensionId}]`); const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess; + console.log(`> got trustedExtensionAuthAccess: ${trustedExtensionAuthAccess}`); if (Array.isArray(trustedExtensionAuthAccess)) { console.log(' > productService.trustedExtensionAuthAccess is ARRAY'); From e790ba4d35bf000795fdb426e7e70c232e2b31ba Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 10:11:28 +0000 Subject: [PATCH 10/26] update Signed-off-by: vitaliy-guliy --- build/scripts/entrypoint-volume.sh | 5 ++++- launcher/src/trusted-extensions.ts | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh index 4292262b3c7..e6621d450c0 100755 --- a/build/scripts/entrypoint-volume.sh +++ b/build/scripts/entrypoint-volume.sh @@ -119,9 +119,12 @@ fi echo "[INFO] Node.js dir for running VS Code: $VSCODE_NODEJS_RUNTIME_DIR" echo -echo '------------------------------------------------------------' +echo '- before -----------------------------------------------------------' ls -la cp product.json product.json.backup +echo '- after -----------------------------------------------------------' +ls -la +echo '--------------------------------------------------------------------' # Run launcher "$VSCODE_NODEJS_RUNTIME_DIR/node" ./launcher/entrypoint.js diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index ff3a1333a05..9f859d4161d 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -41,7 +41,7 @@ export class TrustedExtensions { console.log('> access is UNDEFINED'); access = []; access.push(...extensions); - console.log(`> access [${access.toString()}]`); + console.log(`> result [${access.toString()}]`); productJSON.setTrustedExtensionAuthAccess(access); productJSONChanged = true; } else if (Array.isArray(access)) { @@ -54,7 +54,7 @@ export class TrustedExtensions { } } - console.log(`> access [${access.toString()}]`); + console.log(`> result [${access.toString()}]`); } else { console.log(`>> access is not an ARRAY. Type is: ${typeof access}`); From 256e840905e1bd5ff73330c62abdd4ebfab9b9fc Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 11:29:57 +0000 Subject: [PATCH 11/26] update Signed-off-by: vitaliy-guliy --- code/product.json | 4 ++++ .../vs/workbench/api/browser/mainThreadAuthentication.ts | 6 +++--- launcher/src/main.ts | 4 ++-- launcher/tests/main.spec.ts | 1 + 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/code/product.json b/code/product.json index 90522f449b0..b7496b8e7b1 100644 --- a/code/product.json +++ b/code/product.json @@ -98,6 +98,10 @@ "textSearchProvider" ] }, + "trustedExtensionAuthAccess": [ + "github.copilot", + "github.copilot-chat" + ], "sendASmile": { "reportIssueUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml", "requestFeatureUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fenhancement&template=enhancement.yaml" diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index 09b7585bf14..9d4987d5e5e 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -152,8 +152,8 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } private async doGetSession(providerId: string, scopes: string[], extensionId: string, extensionName: string, options: AuthenticationGetSessionOptions): Promise { - console.log(`>> extension [${extensionId}] wants to get a session. Provider [${providerId}], scopes [${scopes? scopes.toString() : 'default'}] options [${options ? JSON.stringify(options) : 'undefined'}]`); - + console.log(`>> doGetSession :: extension [${extensionId}] wants to get a session. Provider [${providerId}], scopes [${scopes? scopes.toString() : 'default'}] options [${options ? JSON.stringify(options) : 'undefined'}]`); + const sessions = await this.authenticationService.getSessions(providerId, scopes, true); const provider = this.authenticationService.getProvider(providerId); @@ -235,7 +235,7 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } // passive flows (silent or default) - console.log(` > sessions.length ${sessions.length}`); + console.log(`>> sessions.length ${sessions.length}`); if (!options.silent) { // If there is a potential session, but the extension doesn't have access to it, use the "grant access" flow, // otherwise request a new one. diff --git a/launcher/src/main.ts b/launcher/src/main.ts index 90b33d4972b..9606105aa24 100644 --- a/launcher/src/main.ts +++ b/launcher/src/main.ts @@ -12,7 +12,7 @@ import { CodeWorkspace } from './code-workspace'; import { DevWorkspaceId } from './devworkspace-id'; import { NodeExtraCertificate } from './node-extra-certificate'; import { OpenVSIXRegistry } from './openvsix-registry'; -import { TrustedExtensions } from './trusted-extensions'; +// import { TrustedExtensions } from './trusted-extensions'; import { VSCodeLauncher } from './vscode-launcher'; import { WebviewResources } from './webview-resources'; @@ -28,7 +28,7 @@ export class Main { await new OpenVSIXRegistry().configure(); await new WebviewResources().configure(); await new NodeExtraCertificate().configure(); - await new TrustedExtensions().configure(); + // await new TrustedExtensions().configure(); const workspaceFile = await new CodeWorkspace().generate(); diff --git a/launcher/tests/main.spec.ts b/launcher/tests/main.spec.ts index 0a59a921f1b..f94dcf7254d 100644 --- a/launcher/tests/main.spec.ts +++ b/launcher/tests/main.spec.ts @@ -60,6 +60,7 @@ describe('Test main flow:', () => { expect(configureOpenVSIXRegistryMock).toBeCalled(); expect(configureWebviewResourcesMock).toBeCalled(); expect(configureNodeExtraCertificate).toBeCalled(); + // should add here test for truested extensions expect(generateCodeWorkspace).toBeCalled(); From c0995c2ec896f7cd49d99f86a75d628214215f5c Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 12:18:03 +0000 Subject: [PATCH 12/26] update Signed-off-by: vitaliy-guliy --- .../pr-check-build-che-code-image.yaml | 21 ++--- ...yaml => smoke-test-pr-check.yaml.disabled} | 0 build/dockerfiles/assembly.Dockerfile | 8 +- build/dockerfiles/linux-libc-ubi8.Dockerfile | 86 +++++++++---------- 4 files changed, 58 insertions(+), 57 deletions(-) rename .github/workflows/{smoke-test-pr-check.yaml => smoke-test-pr-check.yaml.disabled} (100%) diff --git a/.github/workflows/pr-check-build-che-code-image.yaml b/.github/workflows/pr-check-build-che-code-image.yaml index 2ad19ac819e..0f3f5f83a2e 100644 --- a/.github/workflows/pr-check-build-che-code-image.yaml +++ b/.github/workflows/pr-check-build-che-code-image.yaml @@ -22,7 +22,8 @@ jobs: strategy: fail-fast: false matrix: - dist: [ 'musl', 'libc-ubi8', 'libc-ubi9' ] + # dist: [ 'musl', 'libc-ubi8', 'libc-ubi9' ] + dist: [ 'libc-ubi8' ] arch: ['amd64'] steps: @@ -60,15 +61,15 @@ jobs: with: image: "linux-libc-ubi8-amd64" - - name: Download linux-libc-ubi9-amd64 image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "linux-libc-ubi9-amd64" - - - name: Download linux-musl-amd64 image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "linux-musl-amd64" + # - name: Download linux-libc-ubi9-amd64 image + # uses: ishworkh/docker-image-artifact-download@v1 + # with: + # image: "linux-libc-ubi9-amd64" + + # - name: Download linux-musl-amd64 image + # uses: ishworkh/docker-image-artifact-download@v1 + # with: + # image: "linux-musl-amd64" - name: Login to Quay.io uses: docker/login-action@v2 diff --git a/.github/workflows/smoke-test-pr-check.yaml b/.github/workflows/smoke-test-pr-check.yaml.disabled similarity index 100% rename from .github/workflows/smoke-test-pr-check.yaml rename to .github/workflows/smoke-test-pr-check.yaml.disabled diff --git a/build/dockerfiles/assembly.Dockerfile b/build/dockerfiles/assembly.Dockerfile index 448b368e37a..0a56189cea3 100644 --- a/build/dockerfiles/assembly.Dockerfile +++ b/build/dockerfiles/assembly.Dockerfile @@ -8,8 +8,8 @@ # Grab content from previously build images FROM linux-libc-ubi8-amd64 as linux-libc-ubi8-content -FROM linux-libc-ubi9-amd64 as linux-libc-ubi9-content -FROM linux-musl-amd64 as linux-musl-content +# FROM linux-libc-ubi9-amd64 as linux-libc-ubi9-content +# FROM linux-musl-amd64 as linux-musl-content # https://quay.io/eclipse/che-machine-exec#^7\. FROM quay.io/eclipse/che-machine-exec:7.56.0 as machine-exec @@ -22,9 +22,9 @@ RUN rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/ WORKDIR /mnt/rootfs -COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl +# COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl COPY --from=linux-libc-ubi8-content --chown=0:0 /checode-linux-libc/ubi8 /mnt/rootfs/checode-linux-libc/ubi8 -COPY --from=linux-libc-ubi9-content --chown=0:0 /checode-linux-libc/ubi9 /mnt/rootfs/checode-linux-libc/ubi9 +# COPY --from=linux-libc-ubi9-content --chown=0:0 /checode-linux-libc/ubi9 /mnt/rootfs/checode-linux-libc/ubi9 RUN mkdir -p /mnt/rootfs/projects && mkdir -p /mnt/rootfs/home/che && mkdir -p /mnt/rootfs/bin/ RUN cat /mnt/rootfs/etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > /mnt/rootfs/home/che/.passwd.template \ diff --git a/build/dockerfiles/linux-libc-ubi8.Dockerfile b/build/dockerfiles/linux-libc-ubi8.Dockerfile index 87d4ae1bd7f..cfc37855d36 100644 --- a/build/dockerfiles/linux-libc-ubi8.Dockerfile +++ b/build/dockerfiles/linux-libc-ubi8.Dockerfile @@ -85,49 +85,49 @@ RUN chmod a+x /checode/out/server-main.js \ ### Beginning of tests # Do not change line above! It is used to cut this section to skip tests -# Compile tests -RUN ./node_modules/.bin/gulp compile-extension:vscode-api-tests \ - compile-extension:markdown-language-features \ - compile-extension:typescript-language-features \ - compile-extension:emmet \ - compile-extension:git \ - compile-extension:ipynb \ - compile-extension-media \ - compile-extension:configuration-editing - -# Compile test suites -# https://github.com/microsoft/vscode/blob/cdde5bedbf3ed88f93b5090bb3ed9ef2deb7a1b4/test/integration/browser/README.md#compile -RUN [[ $(uname -m) == "x86_64" ]] && yarn --cwd test/smoke compile && yarn --cwd test/integration/browser compile - -# install test dependencies -ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=0 -RUN [[ $(uname -m) == "x86_64" ]] && yarn playwright-install -# Install procps to manage to kill processes and centos stream repository -RUN [[ $(uname -m) == "x86_64" ]] && \ - ARCH=$(uname -m) && \ - yum install --nobest -y procps \ - http://mirror.centos.org/centos/8/extras/${ARCH}/os/Packages/epel-release-8-11.el8.noarch.rpm \ - http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-gpg-keys-8-3.el8.noarch.rpm \ - http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-stream-repos-8-3.el8.noarch.rpm - -RUN [[ $(uname -m) == "x86_64" ]] && yum install -y chromium && \ - PLAYWRIGHT_CHROMIUM_PATH=$(echo /opt/app-root/src/.cache/ms-playwright/chromium-*/) && \ - rm "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" && \ - ln -s /usr/bin/chromium-browser "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" - -# use of retry and timeout -COPY /build/scripts/helper/retry.sh /opt/app-root/src/retry.sh -RUN chmod u+x /opt/app-root/src/retry.sh - -# Run integration tests (Browser) -RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ - VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ - /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m ./scripts/test-web-integration.sh --browser chromium - -# Run smoke tests (Browser) -RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ - VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ - /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m yarn smoketest-no-compile --web --headless --electronArgs="--disable-dev-shm-usage --use-gl=swiftshader" +# # Compile tests +# RUN ./node_modules/.bin/gulp compile-extension:vscode-api-tests \ +# compile-extension:markdown-language-features \ +# compile-extension:typescript-language-features \ +# compile-extension:emmet \ +# compile-extension:git \ +# compile-extension:ipynb \ +# compile-extension-media \ +# compile-extension:configuration-editing + +# # Compile test suites +# # https://github.com/microsoft/vscode/blob/cdde5bedbf3ed88f93b5090bb3ed9ef2deb7a1b4/test/integration/browser/README.md#compile +# RUN [[ $(uname -m) == "x86_64" ]] && yarn --cwd test/smoke compile && yarn --cwd test/integration/browser compile + +# # install test dependencies +# ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=0 +# RUN [[ $(uname -m) == "x86_64" ]] && yarn playwright-install +# # Install procps to manage to kill processes and centos stream repository +# RUN [[ $(uname -m) == "x86_64" ]] && \ +# ARCH=$(uname -m) && \ +# yum install --nobest -y procps \ +# http://mirror.centos.org/centos/8/extras/${ARCH}/os/Packages/epel-release-8-11.el8.noarch.rpm \ +# http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-gpg-keys-8-3.el8.noarch.rpm \ +# http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-stream-repos-8-3.el8.noarch.rpm + +# RUN [[ $(uname -m) == "x86_64" ]] && yum install -y chromium && \ +# PLAYWRIGHT_CHROMIUM_PATH=$(echo /opt/app-root/src/.cache/ms-playwright/chromium-*/) && \ +# rm "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" && \ +# ln -s /usr/bin/chromium-browser "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" + +# # use of retry and timeout +# COPY /build/scripts/helper/retry.sh /opt/app-root/src/retry.sh +# RUN chmod u+x /opt/app-root/src/retry.sh + +# # Run integration tests (Browser) +# RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ +# VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ +# /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m ./scripts/test-web-integration.sh --browser chromium + +# # Run smoke tests (Browser) +# RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ +# VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ +# /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m yarn smoketest-no-compile --web --headless --electronArgs="--disable-dev-shm-usage --use-gl=swiftshader" # Do not change line below! It is used to cut this section to skip tests ### Ending of tests From 3b962ab99d297ae78d2a60d168e6777e0555815e Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 13:35:20 +0000 Subject: [PATCH 13/26] update Signed-off-by: vitaliy-guliy --- code/product.json | 4 ---- launcher/src/main.ts | 4 ++-- launcher/tests/main.spec.ts | 9 ++++++++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/code/product.json b/code/product.json index b7496b8e7b1..90522f449b0 100644 --- a/code/product.json +++ b/code/product.json @@ -98,10 +98,6 @@ "textSearchProvider" ] }, - "trustedExtensionAuthAccess": [ - "github.copilot", - "github.copilot-chat" - ], "sendASmile": { "reportIssueUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml", "requestFeatureUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fenhancement&template=enhancement.yaml" diff --git a/launcher/src/main.ts b/launcher/src/main.ts index 9606105aa24..90b33d4972b 100644 --- a/launcher/src/main.ts +++ b/launcher/src/main.ts @@ -12,7 +12,7 @@ import { CodeWorkspace } from './code-workspace'; import { DevWorkspaceId } from './devworkspace-id'; import { NodeExtraCertificate } from './node-extra-certificate'; import { OpenVSIXRegistry } from './openvsix-registry'; -// import { TrustedExtensions } from './trusted-extensions'; +import { TrustedExtensions } from './trusted-extensions'; import { VSCodeLauncher } from './vscode-launcher'; import { WebviewResources } from './webview-resources'; @@ -28,7 +28,7 @@ export class Main { await new OpenVSIXRegistry().configure(); await new WebviewResources().configure(); await new NodeExtraCertificate().configure(); - // await new TrustedExtensions().configure(); + await new TrustedExtensions().configure(); const workspaceFile = await new CodeWorkspace().generate(); diff --git a/launcher/tests/main.spec.ts b/launcher/tests/main.spec.ts index f94dcf7254d..42307c02b99 100644 --- a/launcher/tests/main.spec.ts +++ b/launcher/tests/main.spec.ts @@ -38,6 +38,13 @@ jest.mock('../src/node-extra-certificate', () => ({ }, })); +const configureTustedExtensions = jest.fn(); +jest.mock('../src/trusted-extensions', () => ({ + TrustedExtensions: function () { + return { configure: configureTustedExtensions }; + }, +})); + const generateCodeWorkspace = jest.fn(); jest.mock('../src/code-workspace', () => ({ CodeWorkspace: function () { @@ -60,7 +67,7 @@ describe('Test main flow:', () => { expect(configureOpenVSIXRegistryMock).toBeCalled(); expect(configureWebviewResourcesMock).toBeCalled(); expect(configureNodeExtraCertificate).toBeCalled(); - // should add here test for truested extensions + expect(configureTustedExtensions).toBeCalled(); expect(generateCodeWorkspace).toBeCalled(); From 9ec294d86e0b81b9bcf25ec7dd57b2ec0ae3ec5f Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 16:04:59 +0000 Subject: [PATCH 14/26] update Signed-off-by: vitaliy-guliy --- code/product.json | 3 ++ .../src/vs/platform/product/common/product.ts | 31 +++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/code/product.json b/code/product.json index 90522f449b0..23155ef1359 100644 --- a/code/product.json +++ b/code/product.json @@ -98,6 +98,9 @@ "textSearchProvider" ] }, + "trustedExtensionAuthAccess": [ + "{{publisher}}.{{id}}" + ], "sendASmile": { "reportIssueUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml", "requestFeatureUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fenhancement&template=enhancement.yaml" diff --git a/code/src/vs/platform/product/common/product.ts b/code/src/vs/platform/product/common/product.ts index d6dd0fc33b5..6dcce5748cc 100644 --- a/code/src/vs/platform/product/common/product.ts +++ b/code/src/vs/platform/product/common/product.ts @@ -55,6 +55,37 @@ else { // Built time configuration (do NOT modify) product = { /*BUILD->INSERT_PRODUCT_CONFIGURATION*/ } as IProductConfiguration; + // need to add something here + try { + const href = `${window.location.href}oss-dev/static/product.json`; + console.log(`>> TRY TO GET product.json from ${href}`); + + var xmlhttp = new XMLHttpRequest(); + xmlhttp.open("GET", href, false); + xmlhttp.send(); + if (xmlhttp.status == 200 && xmlhttp.readyState == 4) { + const content = xmlhttp.responseText; + console.log('>>>> GOT product.json'); + console.log(content); + + const json = JSON.parse(content); + if (json && json.licenseFileName) { + console.log(`>> got license file name ${json.licenseFileName}`) + } else { + console.log('>> something wrong with product.json'); + } + } + else { + // TODO Throw exception + console.log('>>>> FAILURE getting product.json'); + console.log(`http status: ${xmlhttp.status}`); + console.log(`http readyState: ${xmlhttp.readyState}`); + } + + } catch (err) { + console.error(`>>>> ERROR ${err.message}`, err); + } + // Running out of sources if (Object.keys(product).length === 0) { Object.assign(product, { From ea5e6561424641417a14da84dd5978eb909b19ab Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 17:29:17 +0000 Subject: [PATCH 15/26] update Signed-off-by: vitaliy-guliy --- code/product.json | 3 - .../vs/platform/product/common/che/product.ts | 55 +++++++++++++++++++ .../src/vs/platform/product/common/product.ts | 35 ++---------- 3 files changed, 59 insertions(+), 34 deletions(-) create mode 100644 code/src/vs/platform/product/common/che/product.ts diff --git a/code/product.json b/code/product.json index 23155ef1359..90522f449b0 100644 --- a/code/product.json +++ b/code/product.json @@ -98,9 +98,6 @@ "textSearchProvider" ] }, - "trustedExtensionAuthAccess": [ - "{{publisher}}.{{id}}" - ], "sendASmile": { "reportIssueUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml", "requestFeatureUrl": "https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fenhancement&template=enhancement.yaml" diff --git a/code/src/vs/platform/product/common/che/product.ts b/code/src/vs/platform/product/common/che/product.ts new file mode 100644 index 00000000000..90a645fe698 --- /dev/null +++ b/code/src/vs/platform/product/common/che/product.ts @@ -0,0 +1,55 @@ +/********************************************************************** + * Copyright (c) 2023 Red Hat, Inc. + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + ***********************************************************************/ +/* eslint-disable header/header */ + +import { IProductConfiguration } from 'vs/base/common/product'; + +export function loadFromFileSystem(): IProductConfiguration { + + // const href = `${window.location.href}oss-dev/static/product.json`; + const href = `./oss-dev/static/product.json`; + // const href = `./oss-dev/static/product.json`; + console.log(`>> TRY TO GET product.json from ${href}`); + + try { + var xmlhttp = new XMLHttpRequest(); + xmlhttp.open("GET", href, false); + xmlhttp.send(); + + console.log(`> status ${xmlhttp.status}`); + console.log(`> readyState ${xmlhttp.readyState}`); + + if (xmlhttp.status == 200 && xmlhttp.readyState == 4) { + const content = xmlhttp.responseText; + console.log('>>>> GOT product.json'); + console.log(content); + + const json = JSON.parse(content); + if (json && json.licenseFileName) { + console.log(`>> got license file name ${json.licenseFileName}`) + } else { + console.log('>> something wrong with product.json'); + } + + return json; + } + else { + // TODO Throw exception + console.log('>>>> FAILURE getting product.json'); + console.log(`http status: ${xmlhttp.status}`); + console.log(`http readyState: ${xmlhttp.readyState}`); + } + + } catch (err) { + console.error(`>>>> ERROR ${err.message}`, err); + } + + throw new Error(`Unable to load product.json from ${href}.`); +} diff --git a/code/src/vs/platform/product/common/product.ts b/code/src/vs/platform/product/common/product.ts index 6dcce5748cc..b7e0ff92535 100644 --- a/code/src/vs/platform/product/common/product.ts +++ b/code/src/vs/platform/product/common/product.ts @@ -6,6 +6,7 @@ import { env } from 'vs/base/common/process'; import { IProductConfiguration } from 'vs/base/common/product'; import { ISandboxConfiguration } from 'vs/base/parts/sandbox/common/sandboxTypes'; +import { loadFromFileSystem } from './che/product'; /** * @deprecated You MUST use `IProductService` if possible. @@ -54,40 +55,12 @@ else { // Built time configuration (do NOT modify) product = { /*BUILD->INSERT_PRODUCT_CONFIGURATION*/ } as IProductConfiguration; - - // need to add something here - try { - const href = `${window.location.href}oss-dev/static/product.json`; - console.log(`>> TRY TO GET product.json from ${href}`); - - var xmlhttp = new XMLHttpRequest(); - xmlhttp.open("GET", href, false); - xmlhttp.send(); - if (xmlhttp.status == 200 && xmlhttp.readyState == 4) { - const content = xmlhttp.responseText; - console.log('>>>> GOT product.json'); - console.log(content); - - const json = JSON.parse(content); - if (json && json.licenseFileName) { - console.log(`>> got license file name ${json.licenseFileName}`) - } else { - console.log('>> something wrong with product.json'); - } - } - else { - // TODO Throw exception - console.log('>>>> FAILURE getting product.json'); - console.log(`http status: ${xmlhttp.status}`); - console.log(`http readyState: ${xmlhttp.readyState}`); - } - - } catch (err) { - console.error(`>>>> ERROR ${err.message}`, err); - } + product = loadFromFileSystem(); // Running out of sources if (Object.keys(product).length === 0) { + console.log('> Init product.json with default values'); + Object.assign(product, { version: '1.87.0-dev', nameShort: 'Code - OSS Dev', From 9ac0aad56e4d78795b6bbde88422fe4f4aa1b9bf Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 18:36:51 +0000 Subject: [PATCH 16/26] update Signed-off-by: vitaliy-guliy --- .../vs/platform/product/common/che/product.ts | 26 +++---------------- .../src/vs/platform/product/common/product.ts | 4 +-- 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/code/src/vs/platform/product/common/che/product.ts b/code/src/vs/platform/product/common/che/product.ts index 90a645fe698..ffccb6d575e 100644 --- a/code/src/vs/platform/product/common/che/product.ts +++ b/code/src/vs/platform/product/common/che/product.ts @@ -15,40 +15,22 @@ export function loadFromFileSystem(): IProductConfiguration { // const href = `${window.location.href}oss-dev/static/product.json`; const href = `./oss-dev/static/product.json`; - // const href = `./oss-dev/static/product.json`; - console.log(`>> TRY TO GET product.json from ${href}`); + console.log(`>> Load product.json from ${href}`); try { var xmlhttp = new XMLHttpRequest(); xmlhttp.open("GET", href, false); xmlhttp.send(); - console.log(`> status ${xmlhttp.status}`); - console.log(`> readyState ${xmlhttp.readyState}`); - if (xmlhttp.status == 200 && xmlhttp.readyState == 4) { - const content = xmlhttp.responseText; - console.log('>>>> GOT product.json'); - console.log(content); - - const json = JSON.parse(content); - if (json && json.licenseFileName) { - console.log(`>> got license file name ${json.licenseFileName}`) - } else { - console.log('>> something wrong with product.json'); - } - - return json; + return JSON.parse(xmlhttp.responseText); } else { // TODO Throw exception - console.log('>>>> FAILURE getting product.json'); - console.log(`http status: ${xmlhttp.status}`); - console.log(`http readyState: ${xmlhttp.readyState}`); + console.log(`Request to get product.json failed. HTTP status: ${xmlhttp.status}, readyState: ${xmlhttp.readyState}`); } - } catch (err) { - console.error(`>>>> ERROR ${err.message}`, err); + console.error(err); } throw new Error(`Unable to load product.json from ${href}.`); diff --git a/code/src/vs/platform/product/common/product.ts b/code/src/vs/platform/product/common/product.ts index b7e0ff92535..403b287a43c 100644 --- a/code/src/vs/platform/product/common/product.ts +++ b/code/src/vs/platform/product/common/product.ts @@ -6,7 +6,7 @@ import { env } from 'vs/base/common/process'; import { IProductConfiguration } from 'vs/base/common/product'; import { ISandboxConfiguration } from 'vs/base/parts/sandbox/common/sandboxTypes'; -import { loadFromFileSystem } from './che/product'; +import { loadFromFileSystem } from 'vs/platform/product/common/che/product'; /** * @deprecated You MUST use `IProductService` if possible. @@ -59,8 +59,6 @@ else { // Running out of sources if (Object.keys(product).length === 0) { - console.log('> Init product.json with default values'); - Object.assign(product, { version: '1.87.0-dev', nameShort: 'Code - OSS Dev', From 57bf1f8e15f6696e1d3c11e324744243dd1a1929 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 21:10:11 +0000 Subject: [PATCH 17/26] update Signed-off-by: vitaliy-guliy --- build/scripts/entrypoint-volume.sh | 8 -------- .../che-api/src/impl/github-service-impl.ts | 6 +++--- code/src/vs/platform/product/common/che/product.ts | 11 +++-------- .../workbench/api/browser/mainThreadAuthentication.ts | 4 ---- .../vs/workbench/api/common/extHostAuthentication.ts | 1 - .../browser/authenticationAccessService.ts | 11 ----------- .../authentication/browser/authenticationService.ts | 2 -- launcher/src/product-json.ts | 6 +++--- 8 files changed, 9 insertions(+), 40 deletions(-) diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh index e6621d450c0..2c60f4ac52a 100755 --- a/build/scripts/entrypoint-volume.sh +++ b/build/scripts/entrypoint-volume.sh @@ -118,13 +118,5 @@ fi echo "[INFO] Node.js dir for running VS Code: $VSCODE_NODEJS_RUNTIME_DIR" -echo -echo '- before -----------------------------------------------------------' -ls -la -cp product.json product.json.backup -echo '- after -----------------------------------------------------------' -ls -la -echo '--------------------------------------------------------------------' - # Run launcher "$VSCODE_NODEJS_RUNTIME_DIR/node" ./launcher/entrypoint.js diff --git a/code/extensions/che-api/src/impl/github-service-impl.ts b/code/extensions/che-api/src/impl/github-service-impl.ts index 62144edc386..e0ea3abf9e5 100644 --- a/code/extensions/che-api/src/impl/github-service-impl.ts +++ b/code/extensions/che-api/src/impl/github-service-impl.ts @@ -42,7 +42,7 @@ export class GithubServiceImpl implements GithubService { @inject(K8SServiceImpl) private readonly k8sService: K8SServiceImpl, @inject(Symbol.for('AxiosInstance')) private readonly axiosInstance: AxiosInstance ) { - this.iniitializeToken(); + this.initializeToken(); } private checkToken(): void { @@ -117,10 +117,10 @@ export class GithubServiceImpl implements GithubService { } // another token should be used by the Github Service after removing the Device Authentication token - this.iniitializeToken(); + this.initializeToken(); } - private async iniitializeToken(): Promise { + private async initializeToken(): Promise { this.logger.info('Github Service: extracting token...'); const deviceAuthToken = await this.getDeviceAuthToken(); diff --git a/code/src/vs/platform/product/common/che/product.ts b/code/src/vs/platform/product/common/che/product.ts index ffccb6d575e..9e3750bbefd 100644 --- a/code/src/vs/platform/product/common/che/product.ts +++ b/code/src/vs/platform/product/common/che/product.ts @@ -12,12 +12,9 @@ import { IProductConfiguration } from 'vs/base/common/product'; export function loadFromFileSystem(): IProductConfiguration { - - // const href = `${window.location.href}oss-dev/static/product.json`; const href = `./oss-dev/static/product.json`; - console.log(`>> Load product.json from ${href}`); - try { + try { var xmlhttp = new XMLHttpRequest(); xmlhttp.open("GET", href, false); xmlhttp.send(); @@ -25,10 +22,8 @@ export function loadFromFileSystem(): IProductConfiguration { if (xmlhttp.status == 200 && xmlhttp.readyState == 4) { return JSON.parse(xmlhttp.responseText); } - else { - // TODO Throw exception - console.log(`Request to get product.json failed. HTTP status: ${xmlhttp.status}, readyState: ${xmlhttp.readyState}`); - } + + console.log(`Request failed with status: ${xmlhttp.status}, readyState: ${xmlhttp.readyState}`); } catch (err) { console.error(err); } diff --git a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts index 9d4987d5e5e..b3ebdd940c3 100644 --- a/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts +++ b/code/src/vs/workbench/api/browser/mainThreadAuthentication.ts @@ -152,8 +152,6 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } private async doGetSession(providerId: string, scopes: string[], extensionId: string, extensionName: string, options: AuthenticationGetSessionOptions): Promise { - console.log(`>> doGetSession :: extension [${extensionId}] wants to get a session. Provider [${providerId}], scopes [${scopes? scopes.toString() : 'default'}] options [${options ? JSON.stringify(options) : 'undefined'}]`); - const sessions = await this.authenticationService.getSessions(providerId, scopes, true); const provider = this.authenticationService.getProvider(providerId); @@ -235,7 +233,6 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } // passive flows (silent or default) - console.log(`>> sessions.length ${sessions.length}`); if (!options.silent) { // If there is a potential session, but the extension doesn't have access to it, use the "grant access" flow, // otherwise request a new one. @@ -247,7 +244,6 @@ export class MainThreadAuthentication extends Disposable implements MainThreadAu } async $getSession(providerId: string, scopes: string[], extensionId: string, extensionName: string, options: AuthenticationGetSessionOptions): Promise { - console.log(`>> $getSession. providerId:[${providerId}], scopes:[${scopes.toString()}], extensionId:[${extensionId}], options:[${JSON.stringify(options)}]`); const session = await this.doGetSession(providerId, scopes, extensionId, extensionName, options); if (session) { diff --git a/code/src/vs/workbench/api/common/extHostAuthentication.ts b/code/src/vs/workbench/api/common/extHostAuthentication.ts index a92cce3ed98..1c562edf76a 100644 --- a/code/src/vs/workbench/api/common/extHostAuthentication.ts +++ b/code/src/vs/workbench/api/common/extHostAuthentication.ts @@ -74,7 +74,6 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape { } registerAuthenticationProvider(id: string, label: string, provider: vscode.AuthenticationProvider, options?: vscode.AuthenticationProviderOptions): vscode.Disposable { - console.log(`>>> extHostAuthentication :: registerAuthenticationProvider id [${id}], label [${label}]`); if (this._authenticationProviders.get(id)) { throw new Error(`An authentication provider with id '${id}' is already registered.`); } diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts index 6683cf25918..565821fcb50 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationAccessService.ts @@ -46,29 +46,18 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti } isAccessAllowed(providerId: string, accountName: string, extensionId: string): boolean | undefined { - console.log(`>> isAccessAllowed. providerId [${providerId}], accountName [${accountName}] extensionId [${extensionId}]`); const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess; - console.log(`> got trustedExtensionAuthAccess: ${trustedExtensionAuthAccess}`); - if (Array.isArray(trustedExtensionAuthAccess)) { - console.log(' > productService.trustedExtensionAuthAccess is ARRAY'); - console.log(` > array [${trustedExtensionAuthAccess.toString()}]`); - if (trustedExtensionAuthAccess.includes(extensionId)) { - console.log(' > return TRUE'); return true; } } else if (trustedExtensionAuthAccess?.[providerId]?.includes(extensionId)) { - console.log(' > productService.trustedExtensionAuthAccess is OBJECT'); - - console.log(' > return TRUE [2]'); return true; } const allowList = this.readAllowedExtensions(providerId, accountName); const extensionData = allowList.find(extension => extension.id === extensionId); if (!extensionData) { - console.log(' > return UNDEFINED'); return undefined; } // This property didn't exist on this data previously, inclusion in the list at all indicates allowance diff --git a/code/src/vs/workbench/services/authentication/browser/authenticationService.ts b/code/src/vs/workbench/services/authentication/browser/authenticationService.ts index c21a6402fc6..6c22b70cd63 100644 --- a/code/src/vs/workbench/services/authentication/browser/authenticationService.ts +++ b/code/src/vs/workbench/services/authentication/browser/authenticationService.ts @@ -113,8 +113,6 @@ export class AuthenticationService extends Disposable implements IAuthentication } registerAuthenticationProvider(id: string, authenticationProvider: IAuthenticationProvider): void { - console.log(`>>> authenticationService :: registerAuthenticationProvider id [${id}], provider.label [${authenticationProvider.label}]`); - this._authenticationProviders.set(id, authenticationProvider); const disposableStore = new DisposableStore(); disposableStore.add(authenticationProvider.onDidChangeSessions(e => this._onDidChangeSessions.fire({ diff --git a/launcher/src/product-json.ts b/launcher/src/product-json.ts index 5185f70d32a..c02191be04a 100644 --- a/launcher/src/product-json.ts +++ b/launcher/src/product-json.ts @@ -12,7 +12,7 @@ import * as fs from './fs-extra'; const PRODUCT_JSON = 'product.json'; -export interface AuthAccessRecord { +export interface Record { [key: string]: string[]; } @@ -94,11 +94,11 @@ export class ProductJSON { gallery.itemUrl = url; } - getTrustedExtensionAuthAccess(): string[] | AuthAccessRecord | undefined { + getTrustedExtensionAuthAccess(): string[] | Record | undefined { return this.json.trustedExtensionAuthAccess; } - setTrustedExtensionAuthAccess(trustedExtensionAuthAccess: string[] | AuthAccessRecord | undefined) { + setTrustedExtensionAuthAccess(trustedExtensionAuthAccess: string[] | Record | undefined) { this.json.trustedExtensionAuthAccess = trustedExtensionAuthAccess; } } From d5234594e1a6730c22a86f0acdc4eedee41c7eb1 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 25 Mar 2024 21:21:39 +0000 Subject: [PATCH 18/26] update --- .../src/vs/platform/product/common/product.ts.json | 10 ++++++++++ code/src/vs/platform/product/common/che/product.ts | 2 +- launcher/src/trusted-extensions.ts | 2 +- launcher/tests/trusted-extensions.spec.ts | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 .rebase/replace/code/src/vs/platform/product/common/product.ts.json diff --git a/.rebase/replace/code/src/vs/platform/product/common/product.ts.json b/.rebase/replace/code/src/vs/platform/product/common/product.ts.json new file mode 100644 index 00000000000..c8979d271e5 --- /dev/null +++ b/.rebase/replace/code/src/vs/platform/product/common/product.ts.json @@ -0,0 +1,10 @@ +[ + { + "from": "import { ISandboxConfiguration } from 'vs/base/parts/sandbox/common/sandboxTypes';", + "by": "import { ISandboxConfiguration } from 'vs/base/parts/sandbox/common/sandboxTypes';\\\nimport { loadFromFileSystem } from 'vs/platform/product/common/che/product';" + }, + { + "from": "product = { /\\*BUILD->INSERT_PRODUCT_CONFIGURATION\\*/ } as IProductConfiguration;", + "by": "product = { /\\*BUILD->INSERT_PRODUCT_CONFIGURATION\\*/ } as IProductConfiguration;\\\n\\\tproduct = loadFromFileSystem();" + } +] diff --git a/code/src/vs/platform/product/common/che/product.ts b/code/src/vs/platform/product/common/che/product.ts index 9e3750bbefd..cdce1d79dbb 100644 --- a/code/src/vs/platform/product/common/che/product.ts +++ b/code/src/vs/platform/product/common/che/product.ts @@ -1,5 +1,5 @@ /********************************************************************** - * Copyright (c) 2023 Red Hat, Inc. + * Copyright (c) 2024 Red Hat, Inc. * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index 9f859d4161d..a4dab3b378e 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -1,5 +1,5 @@ /********************************************************************** - * Copyright (c) 2023 Red Hat, Inc. + * Copyright (c) 2024 Red Hat, Inc. * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 diff --git a/launcher/tests/trusted-extensions.spec.ts b/launcher/tests/trusted-extensions.spec.ts index ff59d1b34e3..233969eb3c8 100644 --- a/launcher/tests/trusted-extensions.spec.ts +++ b/launcher/tests/trusted-extensions.spec.ts @@ -1,5 +1,5 @@ /********************************************************************** - * Copyright (c) 2023 Red Hat, Inc. + * Copyright (c) 2024 Red Hat, Inc. * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 From dc3d35186b957a03705d931d26a2f7da95ce7208 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Tue, 26 Mar 2024 09:07:57 +0000 Subject: [PATCH 19/26] update Signed-off-by: vitaliy-guliy --- .../pr-check-build-che-code-image.yaml | 21 +++-- ...yaml.disabled => smoke-test-pr-check.yaml} | 0 build/dockerfiles/assembly.Dockerfile | 8 +- build/dockerfiles/linux-libc-ubi8.Dockerfile | 86 +++++++++---------- launcher/src/trusted-extensions.ts | 56 ++---------- launcher/tests/trusted-extensions.spec.ts | 61 +++++++------ 6 files changed, 96 insertions(+), 136 deletions(-) rename .github/workflows/{smoke-test-pr-check.yaml.disabled => smoke-test-pr-check.yaml} (100%) diff --git a/.github/workflows/pr-check-build-che-code-image.yaml b/.github/workflows/pr-check-build-che-code-image.yaml index 0f3f5f83a2e..2ad19ac819e 100644 --- a/.github/workflows/pr-check-build-che-code-image.yaml +++ b/.github/workflows/pr-check-build-che-code-image.yaml @@ -22,8 +22,7 @@ jobs: strategy: fail-fast: false matrix: - # dist: [ 'musl', 'libc-ubi8', 'libc-ubi9' ] - dist: [ 'libc-ubi8' ] + dist: [ 'musl', 'libc-ubi8', 'libc-ubi9' ] arch: ['amd64'] steps: @@ -61,15 +60,15 @@ jobs: with: image: "linux-libc-ubi8-amd64" - # - name: Download linux-libc-ubi9-amd64 image - # uses: ishworkh/docker-image-artifact-download@v1 - # with: - # image: "linux-libc-ubi9-amd64" - - # - name: Download linux-musl-amd64 image - # uses: ishworkh/docker-image-artifact-download@v1 - # with: - # image: "linux-musl-amd64" + - name: Download linux-libc-ubi9-amd64 image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "linux-libc-ubi9-amd64" + + - name: Download linux-musl-amd64 image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "linux-musl-amd64" - name: Login to Quay.io uses: docker/login-action@v2 diff --git a/.github/workflows/smoke-test-pr-check.yaml.disabled b/.github/workflows/smoke-test-pr-check.yaml similarity index 100% rename from .github/workflows/smoke-test-pr-check.yaml.disabled rename to .github/workflows/smoke-test-pr-check.yaml diff --git a/build/dockerfiles/assembly.Dockerfile b/build/dockerfiles/assembly.Dockerfile index 0a56189cea3..448b368e37a 100644 --- a/build/dockerfiles/assembly.Dockerfile +++ b/build/dockerfiles/assembly.Dockerfile @@ -8,8 +8,8 @@ # Grab content from previously build images FROM linux-libc-ubi8-amd64 as linux-libc-ubi8-content -# FROM linux-libc-ubi9-amd64 as linux-libc-ubi9-content -# FROM linux-musl-amd64 as linux-musl-content +FROM linux-libc-ubi9-amd64 as linux-libc-ubi9-content +FROM linux-musl-amd64 as linux-musl-content # https://quay.io/eclipse/che-machine-exec#^7\. FROM quay.io/eclipse/che-machine-exec:7.56.0 as machine-exec @@ -22,9 +22,9 @@ RUN rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/ WORKDIR /mnt/rootfs -# COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl +COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl COPY --from=linux-libc-ubi8-content --chown=0:0 /checode-linux-libc/ubi8 /mnt/rootfs/checode-linux-libc/ubi8 -# COPY --from=linux-libc-ubi9-content --chown=0:0 /checode-linux-libc/ubi9 /mnt/rootfs/checode-linux-libc/ubi9 +COPY --from=linux-libc-ubi9-content --chown=0:0 /checode-linux-libc/ubi9 /mnt/rootfs/checode-linux-libc/ubi9 RUN mkdir -p /mnt/rootfs/projects && mkdir -p /mnt/rootfs/home/che && mkdir -p /mnt/rootfs/bin/ RUN cat /mnt/rootfs/etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > /mnt/rootfs/home/che/.passwd.template \ diff --git a/build/dockerfiles/linux-libc-ubi8.Dockerfile b/build/dockerfiles/linux-libc-ubi8.Dockerfile index cfc37855d36..87d4ae1bd7f 100644 --- a/build/dockerfiles/linux-libc-ubi8.Dockerfile +++ b/build/dockerfiles/linux-libc-ubi8.Dockerfile @@ -85,49 +85,49 @@ RUN chmod a+x /checode/out/server-main.js \ ### Beginning of tests # Do not change line above! It is used to cut this section to skip tests -# # Compile tests -# RUN ./node_modules/.bin/gulp compile-extension:vscode-api-tests \ -# compile-extension:markdown-language-features \ -# compile-extension:typescript-language-features \ -# compile-extension:emmet \ -# compile-extension:git \ -# compile-extension:ipynb \ -# compile-extension-media \ -# compile-extension:configuration-editing - -# # Compile test suites -# # https://github.com/microsoft/vscode/blob/cdde5bedbf3ed88f93b5090bb3ed9ef2deb7a1b4/test/integration/browser/README.md#compile -# RUN [[ $(uname -m) == "x86_64" ]] && yarn --cwd test/smoke compile && yarn --cwd test/integration/browser compile - -# # install test dependencies -# ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=0 -# RUN [[ $(uname -m) == "x86_64" ]] && yarn playwright-install -# # Install procps to manage to kill processes and centos stream repository -# RUN [[ $(uname -m) == "x86_64" ]] && \ -# ARCH=$(uname -m) && \ -# yum install --nobest -y procps \ -# http://mirror.centos.org/centos/8/extras/${ARCH}/os/Packages/epel-release-8-11.el8.noarch.rpm \ -# http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-gpg-keys-8-3.el8.noarch.rpm \ -# http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-stream-repos-8-3.el8.noarch.rpm - -# RUN [[ $(uname -m) == "x86_64" ]] && yum install -y chromium && \ -# PLAYWRIGHT_CHROMIUM_PATH=$(echo /opt/app-root/src/.cache/ms-playwright/chromium-*/) && \ -# rm "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" && \ -# ln -s /usr/bin/chromium-browser "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" - -# # use of retry and timeout -# COPY /build/scripts/helper/retry.sh /opt/app-root/src/retry.sh -# RUN chmod u+x /opt/app-root/src/retry.sh - -# # Run integration tests (Browser) -# RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ -# VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ -# /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m ./scripts/test-web-integration.sh --browser chromium - -# # Run smoke tests (Browser) -# RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ -# VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ -# /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m yarn smoketest-no-compile --web --headless --electronArgs="--disable-dev-shm-usage --use-gl=swiftshader" +# Compile tests +RUN ./node_modules/.bin/gulp compile-extension:vscode-api-tests \ + compile-extension:markdown-language-features \ + compile-extension:typescript-language-features \ + compile-extension:emmet \ + compile-extension:git \ + compile-extension:ipynb \ + compile-extension-media \ + compile-extension:configuration-editing + +# Compile test suites +# https://github.com/microsoft/vscode/blob/cdde5bedbf3ed88f93b5090bb3ed9ef2deb7a1b4/test/integration/browser/README.md#compile +RUN [[ $(uname -m) == "x86_64" ]] && yarn --cwd test/smoke compile && yarn --cwd test/integration/browser compile + +# install test dependencies +ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=0 +RUN [[ $(uname -m) == "x86_64" ]] && yarn playwright-install +# Install procps to manage to kill processes and centos stream repository +RUN [[ $(uname -m) == "x86_64" ]] && \ + ARCH=$(uname -m) && \ + yum install --nobest -y procps \ + http://mirror.centos.org/centos/8/extras/${ARCH}/os/Packages/epel-release-8-11.el8.noarch.rpm \ + http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-gpg-keys-8-3.el8.noarch.rpm \ + http://mirror.centos.org/centos/8-stream/BaseOS/${ARCH}/os/Packages/centos-stream-repos-8-3.el8.noarch.rpm + +RUN [[ $(uname -m) == "x86_64" ]] && yum install -y chromium && \ + PLAYWRIGHT_CHROMIUM_PATH=$(echo /opt/app-root/src/.cache/ms-playwright/chromium-*/) && \ + rm "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" && \ + ln -s /usr/bin/chromium-browser "${PLAYWRIGHT_CHROMIUM_PATH}/chrome-linux/chrome" + +# use of retry and timeout +COPY /build/scripts/helper/retry.sh /opt/app-root/src/retry.sh +RUN chmod u+x /opt/app-root/src/retry.sh + +# Run integration tests (Browser) +RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ + VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ + /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m ./scripts/test-web-integration.sh --browser chromium + +# Run smoke tests (Browser) +RUN [[ $(uname -m) == "x86_64" ]] && NODE_ARCH=$(echo "console.log(process.arch)" | node) \ + VSCODE_REMOTE_SERVER_PATH="$(pwd)/../vscode-reh-web-linux-${NODE_ARCH}" \ + /opt/app-root/src/retry.sh -v -t 3 -s 2 -- timeout -v 5m yarn smoketest-no-compile --web --headless --electronArgs="--disable-dev-shm-usage --use-gl=swiftshader" # Do not change line below! It is used to cut this section to skip tests ### Ending of tests diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index a4dab3b378e..db25dd99a98 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -15,22 +15,20 @@ export class TrustedExtensions { async configure(): Promise { console.log('# Configuring Trusted Extensions...'); - if (env.TRUSTED_EXTENSIONS === undefined) { - console.log(' > env.TRUSTED_EXTENSIONS is not set, skip this step'); + if (!env.VSCODE_TRUSTED_EXTENSIONS) { + console.log(' > env.VSCODE_TRUSTED_EXTENSIONS is not defined, skip this step'); return; } try { - const extensions = env.TRUSTED_EXTENSIONS.split(','); - console.log(`> extensions: ${extensions.length}`); - + const extensions = env.VSCODE_TRUSTED_EXTENSIONS.split(','); if (!extensions.length) { - console.log(' > env.TRUSTED_EXTENSIONS is empty, skip this step'); + console.log(' > env.VSCODE_TRUSTED_EXTENSIONS is empty, skip this step'); return; } for (const e of extensions) { - console.log(` > extension ${e}`); + console.log(` > add ${e}`); } const productJSON = await new ProductJSON().load(); @@ -38,61 +36,25 @@ export class TrustedExtensions { let access = productJSON.getTrustedExtensionAuthAccess(); if (access === undefined) { - console.log('> access is UNDEFINED'); - access = []; - access.push(...extensions); - console.log(`> result [${access.toString()}]`); - productJSON.setTrustedExtensionAuthAccess(access); + productJSON.setTrustedExtensionAuthAccess([...extensions]); productJSONChanged = true; } else if (Array.isArray(access)) { - console.log('>> access is ARRAY'); - for (const e of extensions) { if (!access.includes(e)) { access.push(e); productJSONChanged = true; } } - - console.log(`> result [${access.toString()}]`); } else { - console.log(`>> access is not an ARRAY. Type is: ${typeof access}`); - - const newList: string[] = []; - - for (const key of Object.keys(access)) { - console.log(`>>> key [${key}]`); - for (const e of access[key]) { - console.log(` > extension [${e}]`); - if (!newList.includes(e)) { - newList.push(e); - } - } - } - - console.log('> combined extensions'); - for (const e of newList) { - console.log(` > extension [${e}]`); - } - - // add missing - for (const e of extensions) { - if (!newList.includes(e)) { - newList.push(e); - productJSONChanged = true; - } - } - - if (productJSONChanged) { - productJSON.setTrustedExtensionAuthAccess(newList); - } + console.log(' > Unexpected type of trustedExtensionAuthAccess in product.json. Skip this step'); + return; } if (productJSONChanged) { await productJSON.save(); } } catch (err) { - console.error(`${err.message} Failure to configure OpenVSIX registry.`); + console.error(`${err.message} Failure to configure truested extensions in produt.json.`); } } } diff --git a/launcher/tests/trusted-extensions.spec.ts b/launcher/tests/trusted-extensions.spec.ts index 233969eb3c8..62c760093f1 100644 --- a/launcher/tests/trusted-extensions.spec.ts +++ b/launcher/tests/trusted-extensions.spec.ts @@ -42,28 +42,17 @@ const PRODUCT_JSON_WITH_EXTENSIONS_ALTERNATIVE = `{ ], "gitlab": [ "redhat.yaml", - "redhat.openshift", - "devfile.vscode-devfile" + "redhat.openshift" ] } }`; -const PRODUCT_JSON_WITH_FOUR_EXTENSIONS = `{ - "version": "1.0.0", - "trustedExtensionAuthAccess": [ - "redhat.yaml", - "redhat.openshift", - "devfile.vscode-devfile", - "redhat.vscode-xml" - ] -}`; - describe('Test Configuring of Trusted Extensions Auth Access:', () => { const originalReadFile = fs.readFile; const originalWriteFile = fs.writeFile; beforeEach(() => { - delete env.TRUSTED_EXTENSIONS_AUTH_ACCESS; + delete env.VSCODE_TRUSTED_EXTENSIONS; Object.assign(fs, { readFile: originalReadFile, @@ -71,7 +60,7 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { }); }); - test('should skip if TRUSTED_EXTENSIONS is not set', async () => { + test('should skip if VSCODE_TRUSTED_EXTENSIONS is not set', async () => { const readFileMock = jest.fn(); Object.assign(fs, { readFile: readFileMock, @@ -81,11 +70,26 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { const trust = new TrustedExtensions(); await trust.configure(); - expect(readFileMock).toBeCalledTimes(0); + expect(readFileMock).not.toHaveBeenCalled(); }); - test('should add new trustedExtensionAuthAccess:array section', async () => { - env.TRUSTED_EXTENSIONS = 'redhat.yaml,redhat.openshift'; + test('should skip if VSCODE_TRUSTED_EXTENSIONS is empty', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = ''; + + const readFileMock = jest.fn(); + Object.assign(fs, { + readFile: readFileMock, + writeFile: jest.fn(), + }); + + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(readFileMock).not.toHaveBeenCalled(); + }); + + test('should add new trustedExtensionAuthAccess section', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = 'redhat.yaml,redhat.openshift'; let savedProductJson; @@ -110,8 +114,8 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(savedProductJson).toBe(PRODUCT_JSON_TWO_EXTENSIONS); }); - test('should add extensions to existing trustedExtensionAuthAccess:array section', async () => { - env.TRUSTED_EXTENSIONS = 'devfile.vscode-devfile'; + test('should add extensions to existing trustedExtensionAuthAccess section', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = 'devfile.vscode-devfile'; let savedProductJson; @@ -136,8 +140,8 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(savedProductJson).toBe(PRODUCT_JSON_THREE_EXTENSIONS); }); - test('should NOT add extensions to trustedExtensionAuthAccess:array section if extensions is already in the list', async () => { - env.TRUSTED_EXTENSIONS = 'redhat.openshift'; + test('should NOT add extensions to trustedExtensionAuthAccess section if extensions is already in the list', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = 'redhat.openshift'; const writeFileMock = jest.fn(); Object.assign(fs, { @@ -157,11 +161,10 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(writeFileMock).not.toHaveBeenCalled(); }); - test('should replace trustedExtensionAuthAccess object on array and add extensions', async () => { - env.TRUSTED_EXTENSIONS = 'devfile.vscode-devfile,redhat.vscode-xml'; - - let savedProductJson; + test('should do nothing if trustedExtensionAuthAccess is object', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = 'devfile.vscode-devfile,redhat.vscode-xml'; + const writeFileMock = jest.fn(); Object.assign(fs, { readFile: async (file: string) => { if ('product.json' === file) { @@ -169,17 +172,13 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { } }, - writeFile: async (file: string, data: string) => { - if ('product.json' === file) { - savedProductJson = data; - } - }, + writeFile: writeFileMock, }); // test const trust = new TrustedExtensions(); await trust.configure(); - expect(savedProductJson).toBe(PRODUCT_JSON_WITH_FOUR_EXTENSIONS); + expect(writeFileMock).not.toHaveBeenCalled(); }); }); From c92f56cccfc5aec206fa749888cf6a0958ea685f Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Tue, 26 Mar 2024 10:18:22 +0000 Subject: [PATCH 20/26] update Signed-off-by: vitaliy-guliy --- code/src/vs/platform/product/common/che/product.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/code/src/vs/platform/product/common/che/product.ts b/code/src/vs/platform/product/common/che/product.ts index cdce1d79dbb..7483983d3ef 100644 --- a/code/src/vs/platform/product/common/che/product.ts +++ b/code/src/vs/platform/product/common/che/product.ts @@ -12,9 +12,9 @@ import { IProductConfiguration } from 'vs/base/common/product'; export function loadFromFileSystem(): IProductConfiguration { - const href = `./oss-dev/static/product.json`; + const href = `./oss-dev/static/product.json`; - try { + try { var xmlhttp = new XMLHttpRequest(); xmlhttp.open("GET", href, false); xmlhttp.send(); @@ -23,10 +23,10 @@ export function loadFromFileSystem(): IProductConfiguration { return JSON.parse(xmlhttp.responseText); } - console.log(`Request failed with status: ${xmlhttp.status}, readyState: ${xmlhttp.readyState}`); + console.log(`Request failed with status: ${xmlhttp.status}, readyState: ${xmlhttp.readyState}`); } catch (err) { console.error(err); } - throw new Error(`Unable to load product.json from ${href}.`); + throw new Error(`Unable to load product.json from ${href}.`); } From a7c1af58e3f2fb29d0be694715a4127b965fb006 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Tue, 26 Mar 2024 11:37:17 +0000 Subject: [PATCH 21/26] update Signed-off-by: vitaliy-guliy --- .rebase/CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.rebase/CHANGELOG.md b/.rebase/CHANGELOG.md index 4fa7e8630cf..60e9b3b178f 100644 --- a/.rebase/CHANGELOG.md +++ b/.rebase/CHANGELOG.md @@ -2,6 +2,12 @@ The file to keep a list of changed files which will potentionaly help to resolve rebase conflicts. +#### @vitaliy-guliy +https://github.com/che-incubator/che-code/pull/339 + +- code/src/vs/platform/product/common/product.ts +--- + #### @vitaliy-guliy https://github.com/che-incubator/che-code/pull/331 @@ -27,7 +33,6 @@ https://github.com/che-incubator/che-code/pull/337/commits/875893566c2acd0bb7031 - code/src/vs/base/common/network.ts --- - #### @benoitf https://github.com/che-incubator/che-code/commit/eed0a5213ba1b29b810d53f6365aaa2294165845#diff-2735bf66f14ee64b9ce6fdc30355a5e3085ae96a791cd01d65843a8dcef7c166 From ed1841beb9d9eeb0bc5d1c923d79728d2fe5c784 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 28 Mar 2024 16:53:40 +0000 Subject: [PATCH 22/26] update Signed-off-by: vitaliy-guliy --- launcher/src/trusted-extensions.ts | 12 ++++++++-- launcher/tests/trusted-extensions.spec.ts | 28 +++++++++++++++++++++-- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index db25dd99a98..000b9a6fbe8 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -21,9 +21,17 @@ export class TrustedExtensions { } try { - const extensions = env.VSCODE_TRUSTED_EXTENSIONS.split(','); + const extensions: string[] = []; + + const tmp = env.VSCODE_TRUSTED_EXTENSIONS.split(','); + for (const e of tmp) { + if (e) { + extensions.push(e); + } + } + if (!extensions.length) { - console.log(' > env.VSCODE_TRUSTED_EXTENSIONS is empty, skip this step'); + console.log(' > env.VSCODE_TRUSTED_EXTENSIONS does not specify any extension'); return; } diff --git a/launcher/tests/trusted-extensions.spec.ts b/launcher/tests/trusted-extensions.spec.ts index 62c760093f1..a4669dbd866 100644 --- a/launcher/tests/trusted-extensions.spec.ts +++ b/launcher/tests/trusted-extensions.spec.ts @@ -50,6 +50,7 @@ const PRODUCT_JSON_WITH_EXTENSIONS_ALTERNATIVE = `{ describe('Test Configuring of Trusted Extensions Auth Access:', () => { const originalReadFile = fs.readFile; const originalWriteFile = fs.writeFile; + const originalConsoleLog = console.log; beforeEach(() => { delete env.VSCODE_TRUSTED_EXTENSIONS; @@ -58,6 +59,10 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { readFile: originalReadFile, writeFile: originalWriteFile, }); + + Object.assign(console, { + log: originalConsoleLog, + }); }); test('should skip if VSCODE_TRUSTED_EXTENSIONS is not set', async () => { @@ -88,8 +93,27 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(readFileMock).not.toHaveBeenCalled(); }); + test('should skip if VSCODE_TRUSTED_EXTENSIONS has wrong value', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = ',,,'; + + const readFileMock = jest.fn(); + Object.assign(fs, { + readFile: readFileMock, + writeFile: jest.fn(), + }); + + const spy = jest.spyOn(console, 'log'); + + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(readFileMock).not.toHaveBeenCalled(); + expect(spy).toHaveBeenCalledWith('# Configuring Trusted Extensions...'); + expect(spy).toHaveBeenCalledWith(' > env.VSCODE_TRUSTED_EXTENSIONS does not specify any extension'); + }); + test('should add new trustedExtensionAuthAccess section', async () => { - env.VSCODE_TRUSTED_EXTENSIONS = 'redhat.yaml,redhat.openshift'; + env.VSCODE_TRUSTED_EXTENSIONS = ',,redhat.yaml,redhat.openshift'; let savedProductJson; @@ -115,7 +139,7 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { }); test('should add extensions to existing trustedExtensionAuthAccess section', async () => { - env.VSCODE_TRUSTED_EXTENSIONS = 'devfile.vscode-devfile'; + env.VSCODE_TRUSTED_EXTENSIONS = 'devfile.vscode-devfile,,'; let savedProductJson; From bacface94a57d838d2b19fffa07a1632070ebcb8 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 28 Mar 2024 16:56:42 +0000 Subject: [PATCH 23/26] update Signed-off-by: vitaliy-guliy --- launcher/src/trusted-extensions.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index 000b9a6fbe8..ca020b8e695 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -62,7 +62,7 @@ export class TrustedExtensions { await productJSON.save(); } } catch (err) { - console.error(`${err.message} Failure to configure truested extensions in produt.json.`); + console.error(`${err.message} Failure to configure trusted extensions in produt.json.`); } } } From cf14e08faf7b8d992aa937d8149bfc6f9941f1d2 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 28 Mar 2024 16:59:05 +0000 Subject: [PATCH 24/26] update Signed-off-by: vitaliy-guliy --- launcher/src/trusted-extensions.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index ca020b8e695..15c10a0c152 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -62,7 +62,7 @@ export class TrustedExtensions { await productJSON.save(); } } catch (err) { - console.error(`${err.message} Failure to configure trusted extensions in produt.json.`); + console.error(`${err.message} Failure to configure trusted extensions in product.json.`); } } } From 8c6de556e701185104ca56b2ab6eb4d566a52f0b Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 28 Mar 2024 18:46:32 +0000 Subject: [PATCH 25/26] update Signed-off-by: vitaliy-guliy --- launcher/src/trusted-extensions.ts | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index 15c10a0c152..f2a86038cdb 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -23,10 +23,10 @@ export class TrustedExtensions { try { const extensions: string[] = []; - const tmp = env.VSCODE_TRUSTED_EXTENSIONS.split(','); - for (const e of tmp) { - if (e) { - extensions.push(e); + for (const extension of env.VSCODE_TRUSTED_EXTENSIONS.split(',')) { + if (extension) { + extensions.push(extension); + console.log(` > add ${extension}`); } } @@ -35,10 +35,6 @@ export class TrustedExtensions { return; } - for (const e of extensions) { - console.log(` > add ${e}`); - } - const productJSON = await new ProductJSON().load(); let productJSONChanged = false; @@ -47,9 +43,9 @@ export class TrustedExtensions { productJSON.setTrustedExtensionAuthAccess([...extensions]); productJSONChanged = true; } else if (Array.isArray(access)) { - for (const e of extensions) { - if (!access.includes(e)) { - access.push(e); + for (const extension of extensions) { + if (!access.includes(extension)) { + access.push(extension); productJSONChanged = true; } } From a924544b50cd89c2c4957ab9da9f8107f196ffb7 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Tue, 2 Apr 2024 22:32:42 +0000 Subject: [PATCH 26/26] update Signed-off-by: vitaliy-guliy --- launcher/src/trusted-extensions.ts | 14 ++++++-- launcher/tests/trusted-extensions.spec.ts | 41 ++++++++++++++++++++++- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/launcher/src/trusted-extensions.ts b/launcher/src/trusted-extensions.ts index f2a86038cdb..fa87b15329b 100644 --- a/launcher/src/trusted-extensions.ts +++ b/launcher/src/trusted-extensions.ts @@ -20,18 +20,26 @@ export class TrustedExtensions { return; } + console.log(` > env.VSCODE_TRUSTED_EXTENSIONS is set to [${env.VSCODE_TRUSTED_EXTENSIONS}]`); + try { const extensions: string[] = []; for (const extension of env.VSCODE_TRUSTED_EXTENSIONS.split(',')) { if (extension) { - extensions.push(extension); - console.log(` > add ${extension}`); + if (extension.match(/^[a-z0-9][a-z0-9-]*\.[a-z0-9][a-z0-9-.]*$/)) { + extensions.push(extension); + console.log(` > add ${extension}`); + } else { + console.log(` > failure to add [${extension}] because of wrong identifier`); + } } } if (!extensions.length) { - console.log(' > env.VSCODE_TRUSTED_EXTENSIONS does not specify any extension'); + console.log( + ' > ERROR: The variable provided most likely has wrong format. It should specify one or more extensions separated by comma.' + ); return; } diff --git a/launcher/tests/trusted-extensions.spec.ts b/launcher/tests/trusted-extensions.spec.ts index a4669dbd866..b9d15fda3a0 100644 --- a/launcher/tests/trusted-extensions.spec.ts +++ b/launcher/tests/trusted-extensions.spec.ts @@ -109,7 +109,10 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(readFileMock).not.toHaveBeenCalled(); expect(spy).toHaveBeenCalledWith('# Configuring Trusted Extensions...'); - expect(spy).toHaveBeenCalledWith(' > env.VSCODE_TRUSTED_EXTENSIONS does not specify any extension'); + expect(spy).toHaveBeenCalledWith(' > env.VSCODE_TRUSTED_EXTENSIONS is set to [,,,]'); + expect(spy).toHaveBeenCalledWith( + ' > ERROR: The variable provided most likely has wrong format. It should specify one or more extensions separated by comma.' + ); }); test('should add new trustedExtensionAuthAccess section', async () => { @@ -205,4 +208,40 @@ describe('Test Configuring of Trusted Extensions Auth Access:', () => { expect(writeFileMock).not.toHaveBeenCalled(); }); + + test('should add only two extenions matching the regexp', async () => { + env.VSCODE_TRUSTED_EXTENSIONS = 'redhat.yaml,redhat.openshift,red hat.java'; + + let savedProductJson; + + Object.assign(fs, { + readFile: async (file: string) => { + if ('product.json' === file) { + return PRODUCT_JSON_SIMPLE; + } + }, + + writeFile: async (file: string, data: string) => { + if ('product.json' === file) { + savedProductJson = data; + } + }, + }); + + const spy = jest.spyOn(console, 'log'); + + // test + const trust = new TrustedExtensions(); + await trust.configure(); + + expect(savedProductJson).toBe(PRODUCT_JSON_TWO_EXTENSIONS); + + expect(spy).toHaveBeenCalledWith('# Configuring Trusted Extensions...'); + expect(spy).toHaveBeenCalledWith( + ' > env.VSCODE_TRUSTED_EXTENSIONS is set to [redhat.yaml,redhat.openshift,red hat.java]' + ); + expect(spy).toHaveBeenCalledWith(' > add redhat.yaml'); + expect(spy).toHaveBeenCalledWith(' > add redhat.openshift'); + expect(spy).toHaveBeenCalledWith(' > failure to add [red hat.java] because of wrong identifier'); + }); });