Add trusted_domains variable to code-server module for link protection#435
Add trusted_domains variable to code-server module for link protection#435Foorack wants to merge 15 commits intocoder:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for configuring trusted domains in the code-server module to enable link protection functionality. Users can now specify a list of domains that should be trusted when code-server validates external links.
- Adds a new
trusted_domainsvariable to accept a list of trusted domain strings - Updates the run script to process the domains and pass them to code-server via
--link-protection-trusted-domainsflags - Integrates the trusted domains configuration into the coder_script resource environment
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| main.tf | Adds trusted_domains variable definition and passes it to the script environment |
| run.sh | Implements domain processing logic and adds trusted domains arguments to code-server command |
|
If I understand these logs correctly, the error has nothing to do with this change? |
|
Will look into testing more this week, as well as adding tests specifically for this new feature. |
Foorack
force-pushed
the
link-protection-trusted-domains
branch
from
ccf5b22 to
52099ea
Compare
Foorack
changed the title
Foorack
changed the title
|
@Foorack Just want to check and see if there is any update? |
|
Closing because no response |
|
@DevelopmentCats Apologies with the delay, been busy with work. Can we please re-open the merge request? I do think it is very hasty to close a Pull Request that is less than a few weeks old. Your update check was also only 20 hours ago. The urgency to get this merged into main reduced once we had a very stable workaround, but I still want to upstream this for the benefit of the greater Coder community. locals {
<snip>
# Trusted domains for code-server link protection
trusted_domains = [
"https://open-vsx.org",
"https://github.com",
"*.foorack.com",
]
}
resource "coder_agent" "main" {
arch = data.coder_provisioner.me.arch
os = "linux"
dir = "/home/coder/${local.folder_name}"
# Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
startup_script = <<-EOT
# Update code-server trusted domains
echo "🔧 Updating code-server trusted domains..."
mkdir -p /tmp/code-server/lib
while [ ! -f "$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)" ]; do :; done
CODE_SERVER_PROFILE_JSON="$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)"
cat $CODE_SERVER_PROFILE_JSON | jq '.linkProtectionTrustedDomains = ${jsonencode(local.trusted_domains)}' > /tmp/product-modified.json
mv /tmp/product-modified.json $CODE_SERVER_PROFILE_JSON
# Rest of setup...
<snip>
EOT
<snip>
} |
|
Yeah I can sorry about that! I generally try to close out PR's that haven't had a response in a few weeks but I'm never against reopening them 😃 I will keep your words in mind though. |
#1) * Initial plan * Add trusted_domains variable to code-server module for link protection Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Remove temporary plan files from commit Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Refactor TRUSTED_DOMAINS_ARG to match EXTENSION_ARG pattern Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Remove trusted domains tests as requested Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Fix trusted domains to use multiple flag instances instead of comma-separated values Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Update registry/coder/modules/code-server/run.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update registry/coder/modules/code-server/run.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> Co-authored-by: Foorack / Max Faxälv <max@foorack.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: DevCats <chris@dualriver.com>
Foorack
force-pushed
the
link-protection-trusted-domains
branch
from
5e9cbe3 to
a6e4529
Compare
|
I just wanted to check and see if there was any update on this @Foorack |
Make TRUSTED_DOMAINS parsing consistent with EXTENSIONS parsing
…mains variable is properly handled (#3) * Initial plan * Add test cases for trusted_domains variable in code-server module Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Add assert statements to trusted_domains test cases Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>
|
@DevelopmentCats Apologies for delay. Difficult to prioritize this when I have a stable workaround, but trying to upstream it nonetheless. This PR should be ready for review by someone now, when time is available. |
Okay I will take a look at this and hopefully we can get this knocked out. I apologize for the delay here! 😸 |
|
@Foorack Looks good to me but can you bump the version here? It would be a minor version bump. I will tag it here so you can get the instructions for bumping the version easily. Nvm it wont comment on a fork but if you bump the versions in the readme we should be good here. |
DevelopmentCats
added
the
version:minor
|
@Foorack I just wanted to check in on this PR since all we are waiting on is the version bump before merging. |
|
@DevelopmentCats Apologies for the delay. I've now read versioning-guidelines, so is it just a matter of updating all the |
Yes that is all we need on here. I would do it myself if it wouldn't void my approval 😄 |
|
I apologize for just thinking about this, but in-between the birth of this PR and now. We have added the Ideally I think this would be the way you would want to go about this going forward with trusted links, and other additional args, and adding this variable is probably overkill now. If you think that there is value in calling out that this can be added as well through additional args, I would encourage you to make a PR updating this and I will promptly review it. Thank you for your work and Contribution! ❤️ |
|
@DevelopmentCats Awesome there's now Thank you for the code review/support, and my apologies for being slow to respond to this thread since the beginning!! |
Description
This PR adds support for configuring trusted domains in the code-server module through a new
trusted_domainsvariable.This allows users to specify domains that should be trusted for link protection using code-server's
--link-protection-trusted-domainsoption.Type of Change
Module Information
Path:
registry/coder/modules/code-serverNew version: N/A
Breaking change: [ ] Yes [X] No
Related Issues
microsoft/vscode#82794
coder/coder#19995