Skip to content

Commit

Permalink
Trusted extensions (#2717)
Browse files Browse the repository at this point in the history
* docs: explain how to define VS Code trusted extensions

Signed-off-by: Vitaliy Gulyy <[email protected]>

* docs: explain how to define VS Code trusted extensions

Signed-off-by: Vitaliy Gulyy <[email protected]>

* Update modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc

Co-authored-by: Jana Vrbkova <[email protected]>

* Update modules/administration-guide/pages/trusted-extensions-for-microsoft-visual-studio-code.adoc

---------

Signed-off-by: Vitaliy Gulyy <[email protected]>
Co-authored-by: Jana Vrbkova <[email protected]>
  • Loading branch information
vitaliy-guliy and deerskindoll committed Apr 15, 2024
1 parent 4794e5b commit ddf5622
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 2 deletions.
2 changes: 0 additions & 2 deletions devfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@
schemaVersion: 2.2.2
metadata:
name: che-docs
attributes:
controller.devfile.io/storage-type: ephemeral
components:
- name: tools
container:
Expand Down
1 change: 1 addition & 0 deletions modules/administration-guide/nav.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
** xref:configuring-fuse.adoc[]
* xref:managing-ide-extensions.adoc[]
** xref:extensions-for-microsoft-visual-studio-code-open-source.adoc[]
** xref:trusted-extensions-for-microsoft-visual-studio-code.adoc[]
* xref:managing-workloads-using-the-che-server-api.adoc[]
* xref:upgrading-che.adoc[]
** xref:upgrading-the-chectl-management-tool.adoc[]
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
:_content-type: PROCEDURE
:description: Configure trusted extensions for Microsoft Visual Studio Code
:keywords: extensions, vs-code, vsx, open-vsx, marketplace
:navtitle: Configure trusted extensions for Microsoft Visual Studio Code

[id="visual-studio-code-trusted-extensions"]
= Configure trusted extensions for Microsoft Visual Studio Code


You can use the `trustedExtensionAuthAccess` field in the `product.json` file of Microsoft Visual Studio Code to specify which extensions are trusted to access authentication tokens.
[source,json]
----
"trustedExtensionAuthAccess": [
"<publisher1>.<extension1>",
"<publisher2>.<extension2>"
]
----

This is particularly useful when you have extensions that require access to services such as GitHub, Microsoft, or any other service that requires OAuth. By adding the extension IDs to this field, you are granting them the permission to access these tokens.

You can define the variable in the devfile or in the ConfigMap. Pick the option that better suits your needs.
With a ConfigMap, the variable will be propagated on all your workspaces and you do not need to add the variable to each the devfile you are using.
[WARNING]
====
Use the `trustedExtensionAuthAccess` field with caution as it could potentially lead to security risks if misused. Give access only to trusted extensions.
====

.Procedure
[IMPORTANT]
====
Since the Microsoft Visual Studio Code editor is bundled within `che-code` image, you can only change the `product.json` file when the workspace is started up.
====


. Define the __VSCODE_TRUSTED_EXTENSIONS__ environment variable. Choose between defining the variable in devfile.yaml or mounting a ConfigMap with the variable instead.
.. Define the __VSCODE_TRUSTED_EXTENSIONS__ environment variable in devfile.yaml:
+
====
[source,yaml]
----
env:
- name: VSCODE_TRUSTED_EXTENSIONS
value: "<publisher1>.<extension1>,<publisher2>.<extension2>"
----
====

.. Mount a ConfigMap with __VSCODE_TRUSTED_EXTENSIONS__ environment variable:
+
====
[source,yaml]
----
kind: ConfigMap
apiVersion: v1
metadata:
name: trusted-extensions
labels:
controller.devfile.io/mount-to-devworkspace: 'true'
controller.devfile.io/watch-configmap: 'true'
annotations:
controller.devfile.io/mount-as: env
data:
VSCODE_TRUSTED_EXTENSIONS: '<publisher1>.<extension1>,<publisher2>.<extension2>'
----
====

.Verification

* The value of the variable will be parsed on the workspace startup and the corresponding `trustedExtensionAuthAccess` section will be added to the `product.json`.

0 comments on commit ddf5622

Please sign in to comment.