From 81ad19dc296badd5c6310d442f9870cce893a049 Mon Sep 17 00:00:00 2001 From: Vitaliy Gulyy Date: Wed, 10 Apr 2024 10:44:48 +0300 Subject: [PATCH] Trusted extensions (#2717) * docs: explain how to define VS Code trusted extensions Signed-off-by: Vitaliy Gulyy * docs: explain how to define VS Code trusted extensions Signed-off-by: Vitaliy Gulyy * Update modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc Co-authored-by: Jana Vrbkova * Update modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc --------- Signed-off-by: Vitaliy Gulyy Co-authored-by: Jana Vrbkova --- devfile.yaml | 2 - modules/administration-guide/nav.adoc | 1 + ...ions-for-microsoft-visual-studio-code.adoc | 68 +++++++++++++++++++ 3 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc diff --git a/devfile.yaml b/devfile.yaml index d0ec24e828..a7f423264c 100644 --- a/devfile.yaml +++ b/devfile.yaml @@ -9,8 +9,6 @@ schemaVersion: 2.2.2 metadata: name: che-docs -attributes: - controller.devfile.io/storage-type: ephemeral components: - name: tools container: diff --git a/modules/administration-guide/nav.adoc b/modules/administration-guide/nav.adoc index 6c01ed685c..ba719cbbcd 100644 --- a/modules/administration-guide/nav.adoc +++ b/modules/administration-guide/nav.adoc @@ -84,6 +84,7 @@ ** xref:configuring-fuse.adoc[] * xref:managing-ide-extensions.adoc[] ** xref:extensions-for-microsoft-visual-studio-code-open-source.adoc[] +** xref:trusted-extensions-for-microsoft-visual-studio-code.adoc[] * xref:managing-workloads-using-the-che-server-api.adoc[] * xref:upgrading-che.adoc[] ** xref:upgrading-the-chectl-management-tool.adoc[] diff --git a/modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc b/modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc new file mode 100644 index 0000000000..af6c22ae7b --- /dev/null +++ b/modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc @@ -0,0 +1,68 @@ +:_content-type: PROCEDURE +:description: Configure trusted extensions for Microsoft Visual Studio Code +:keywords: extensions, vs-code, vsx, open-vsx, marketplace +:navtitle: Configure trusted extensions for Microsoft Visual Studio Code + +[id="visual-studio-code-trusted-extensions"] += Configure trusted extensions for Microsoft Visual Studio Code + + +You can use the `trustedExtensionAuthAccess` field in the `product.json` file of Microsoft Visual Studio Code to specify which extensions are trusted to access authentication tokens. +[source,json] +---- + "trustedExtensionAuthAccess": [ + ".", + "." + ] +---- + +This is particularly useful when you have extensions that require access to services such as GitHub, Microsoft, or any other service that requires OAuth. By adding the extension IDs to this field, you are granting them the permission to access these tokens. + +You can define the variable in the devfile or in the ConfigMap. Pick the option that better suits your needs. +With a ConfigMap, the variable will be propagated on all your workspaces and you do not need to add the variable to each the devfile you are using. +[WARNING] +==== +Use the `trustedExtensionAuthAccess` field with caution as it could potentially lead to security risks if misused. Give access only to trusted extensions. +==== + +.Procedure +[IMPORTANT] +==== +Since the Microsoft Visual Studio Code editor is bundled within `che-code` image, you can only change the `product.json` file when the workspace is started up. +==== + + +. Define the __VSCODE_TRUSTED_EXTENSIONS__ environment variable. Choose between defining the variable in devfile.yaml or mounting a ConfigMap with the variable instead. +.. Define the __VSCODE_TRUSTED_EXTENSIONS__ environment variable in devfile.yaml: ++ +==== +[source,yaml] +---- + env: + - name: VSCODE_TRUSTED_EXTENSIONS + value: ".,." +---- +==== + +.. Mount a ConfigMap with __VSCODE_TRUSTED_EXTENSIONS__ environment variable: ++ +==== +[source,yaml] +---- + kind: ConfigMap + apiVersion: v1 + metadata: + name: trusted-extensions + labels: + controller.devfile.io/mount-to-devworkspace: 'true' + controller.devfile.io/watch-configmap: 'true' + annotations: + controller.devfile.io/mount-as: env + data: + VSCODE_TRUSTED_EXTENSIONS: '.,.' +---- +==== + +.Verification + +* The value of the variable will be parsed on the workspace startup and the corresponding `trustedExtensionAuthAccess` section will be added to the `product.json`.