Enable VS Code Extension Gallery to be proxied via Sonatype Nexus RM (#…

…4188)

CHANGELOG.md

@@ -22,6 +22,7 @@ ENHANCEMENTS:
 * Move Github PR bot commands into main documentation ([#4167](https://github.com/microsoft/AzureTRE/pull/4167))
 * Block Authentication with keys to CosmosDB SQL account ([#4175](https://github.com/microsoft/AzureTRE/pull/4175))
 * Add support for customer-managed keys encryption in base workspace ([#4161](https://github.com/microsoft/AzureTRE/pull/4161))
+* Add ability to download VSCode Extensions ([[#4187](https://github.com/microsoft/AzureTRE/issues/4187)])
 * Update Windows VM Images ([#4198](https://github.com/microsoft/AzureTRE/pull/4198))
 
 BUG FIXES:

docs/tre-templates/shared-services/nexus.md

@@ -93,6 +93,7 @@ Nexus Shared Service requires access to resources outside of the Azure TRE VNET.
 | Microsoft Keys | raw | [https://packages.microsoft.com/keys/] | `https://nexus-{TRE_ID}.{LOCATION}.cloudapp.azure.com/repository/microsoft-keys` | Provide access to Microsoft keys |
 | Microsoft Yum | yum | [https://packages.microsoft.com/yumrepos] | `https://nexus-{TRE_ID}.{LOCATION}.cloudapp.azure.com/repository/microsoft-yum` | Provide access to Microsoft Yum packages |
 | Microsoft Download | raw | [https://download.microsoft.com/download] | `https://nexus-{TRE_ID}.{LOCATION}.cloudapp.azure.com/repository/microsoft-download` | Provide access to Microsoft Downloads |
+| VS Code Extensions | raw | [https://marketplace.visualstudio.com/_apis/public/gallery/publishers/] | `https://nexus-{TRE_ID}.{LOCATION}.cloudapp.azure.com/repository/vscode-extensions/` | Provide access to VS Code extensions |
 
 ### Migrate from an existing V1 Nexus service (hosted on App Service)
 
@@ -130,3 +131,73 @@ sudo docker pull {NEXUS_URL}:8083/hello-world
 the default port out of the box is 8083
 
 Nexus will also need "Anonymous Access" set to "Enable". This can be done by logging into the Nexus Portal with the Admin user and following the prompts.
+
+## Using the VS Code Extensions
+
+To fetch and install VS Code extensions, use the following commands:
+
+```bash
+curl -o {publisher}-{extension}-{version}.vsix https://nexus-{TRE_ID}.{LOCATION}.cloudapp.azure.com/repository/vscode-extensions/{publisher}/vsextensions/{extension}/{version}/vspackage
+
+code --install-extension {publisher}-{extension}-{version}.vsix
+```
+
+The extensions which are  available to users can be restricted by configuring content selectors using the package `path` via the SonatypeNexus RM web interface.
+
+If extensions want to be intalled in bulk, a script such as the following can be used:
+
+```bash
+#!/bin/bash
+
+# Function to display usage
+usage() {
+    echo "Usage: $0 -t TRE_ID -l LOCATION [--install]"
+    exit 1
+}
+
+# Parse command line arguments
+INSTALL=false
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        -t|--tre-id) TRE_ID="$2"; shift ;;
+        -l|--location) LOCATION="$2"; shift ;;
+        --install) INSTALL=true ;;
+        *) usage ;;
+    esac
+    shift
+done
+
+# Check if TRE_ID and LOCATION are provided
+if [ -z "$TRE_ID" ] || [ -z "$LOCATION" ]; then
+    usage
+fi
+
+# Define the list of extensions
+extensions=(
+    "ms-python.debugpy@2024.14.0"
+    "ms-python.python@2024.22.0"
+    "ms-python.vscode-pylance@2024.12.1"
+    "ms-toolsai.datawrangler@1.14.0"
+    "ms-toolsai.jupyter@2024.10.0"
+    "ms-toolsai.jupyter-keymap@1.1.2"
+    "ms-toolsai.jupyter-renderers@1.0.21"
+    "ms-toolsai.vscode-jupyter-cell-tags@0.1.9"
+    "ms-toolsai.vscode-jupyter-slideshow@0.1.6"
+)
+
+# Define the base URL
+base_url="https://nexus-${TRE_ID}.${LOCATION}.cloudapp.azure.com/repository/vscode-extensions"
+
+# Loop through each extension and download it
+for ext in "${extensions[@]}"; do
+    IFS='@' read -r publisher_extension version <<< "$ext"
+    IFS='.' read -r publisher extension <<< "$publisher_extension"
+    vsix_file="${publisher}-${extension}-${version}.vsix"
+    curl -o "$vsix_file" "${base_url}/${publisher}/vsextensions/${extension}/${version}/vspackage"
+    
+    # Install the extension if --install flag is set
+    if [ "$INSTALL" = true ]; then
+        code --install-extension "$vsix_file"
+    fi
+done
+```

templates/shared_services/sonatype-nexus-vm/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-sonatype-nexus
-version: 3.1.1
+version: 3.2.1
 description: "A Sonatype Nexus shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

templates/shared_services/sonatype-nexus-vm/scripts/configure_nexus_repos.sh

@@ -59,3 +59,13 @@ status_code=$(curl -iu admin:"$1" -XPUT \
   -d @"$(dirname "${BASH_SOURCE[0]}")"/nexus_realms_config.json \
   -k -s -w "%{http_code}" -o /dev/null)
 echo "Response received from Nexus: $status_code"
+
+# Add a new section to handle the VS Code extensions configuration
+echo 'Configuring VS Code extensions proxy...'
+status_code=$(curl -iu admin:"$1" -XPOST \
+  'http://localhost/service/rest/v1/repositories/raw/proxy' \
+  -H 'accept: application/json' \
+  -H 'Content-Type: application/json' \
+  -d @"$(dirname "${BASH_SOURCE[0]}")"/nexus_repos_config/vscode_extensions_proxy_conf.json \
+  -k -s -w "%{http_code}" -o /dev/null)
+echo "Response received from Nexus: $status_code"

templates/shared_services/sonatype-nexus-vm/scripts/nexus_repos_config/vscode_extensions_proxy_conf.json

@@ -0,0 +1,32 @@
+{
+  "name": "vscode-extensions",
+  "online": true,
+  "storage": {
+    "blobStoreName": "default",
+    "strictContentTypeValidation": true,
+    "write_policy": "ALLOW"
+  },
+  "proxy": {
+    "remoteUrl": "https://marketplace.visualstudio.com/_apis/public/gallery/publishers/",
+    "contentMaxAge": 1440,
+    "metadataMaxAge": 1440
+  },
+  "negativeCache": {
+    "enabled": true,
+    "timeToLive": 1440
+  },
+  "httpClient": {
+    "blocked": false,
+    "autoBlock": false,
+    "connection": {
+      "retries": 0,
+      "userAgentSuffix": "string",
+      "timeout": 60,
+      "enableCircularRedirects": false,
+      "enableCookies": false,
+      "useTrustStore": false
+    }
+  },
+  "baseType": "raw",
+  "repoType": "proxy"
+}

templates/shared_services/sonatype-nexus-vm/terraform/locals.tf

@@ -1,7 +1,7 @@
 locals {
   core_vnet                       = "vnet-${var.tre_id}"
   core_resource_group_name        = "rg-${var.tre_id}"
-  nexus_allowed_fqdns             = "pypi.org,*.pypi.org,files.pythonhosted.org,security.ubuntu.com,archive.ubuntu.com,keyserver.ubuntu.com,repo.anaconda.com,*.docker.com,*.docker.io,conda.anaconda.org,azure.archive.ubuntu.com,packages.microsoft.com,repo.almalinux.org,download-ib01.fedoraproject.org,cran.r-project.org,cloud.r-project.org,download1.rstudio.org,*.snapcraftcontent.com,download.microsoft.com"
+  nexus_allowed_fqdns             = "pypi.org,*.pypi.org,files.pythonhosted.org,security.ubuntu.com,archive.ubuntu.com,keyserver.ubuntu.com,repo.anaconda.com,*.docker.com,*.docker.io,conda.anaconda.org,azure.archive.ubuntu.com,packages.microsoft.com,repo.almalinux.org,download-ib01.fedoraproject.org,cran.r-project.org,cloud.r-project.org,download1.rstudio.org,*.snapcraftcontent.com,download.microsoft.com,marketplace.visualstudio.com"
   nexus_allowed_fqdns_list        = distinct(compact(split(",", replace(local.nexus_allowed_fqdns, " ", ""))))
   workspace_vm_allowed_fqdns      = "r3.o.lencr.org,x1.c.lencr.org"
   workspace_vm_allowed_fqdns_list = distinct(compact(split(",", replace(local.workspace_vm_allowed_fqdns, " ", ""))))