Implement light-weight Workspace Trust API for plugins #10473
Conversation
|
@colin-grant-work I hope you had a great start into the new year and thank you very much for your extensive review! It took me some time to come back to this but I updated the PR as you suggested and everything should now be working as expected. |
There was a problem hiding this comment.
Something seems to be malfunctioning. I modified my frontend config to enable workspace trust (see comment below), confirmed that, on startup, workspace trust was not resolved, and then ran the Add remote... command.
When I selected the Add remote from GitHub option, I got this notice:
That looks like a problem with the authentication API, not the workspace trust API (probably).
When I just put in the URL of the Theia repo, I was prompted to name the remote, and the process concluded. I was never prompted to confirm workspace trust, but I think I should have been? Or should the request only have come when using GitHub as an authentication provider?
| [WORKSPACE_TRUST_ENABLED]: { | ||
| description: nls.localize('theia/workspace/trustEnabled', 'Controls whether or not workspace trust is enabled. If disabled, all workspaces are trusted.'), | ||
| type: 'boolean', | ||
| defaultValue: false |
There was a problem hiding this comment.
Is it your intent to make this disabled by default (i.e. make all workspaces trusted?)
There was a problem hiding this comment.
Yes, that was the intent. I believe VS Code does it similarly, see https://github.com/microsoft/vscode/blob/f7bfe5ca6682f27bc0ef19b412a4888078265ecc/src/vs/workbench/services/workspaces/common/workspaceTrust.ts#L291
There was a problem hiding this comment.
In VSCode, the workspace trust feature is definitely enabled by default. You are correct, though, that if workspace trust is not enabled, all workspaces are trusted.
I don't have a strong opinion about whether to enable the feature by default. Perhaps @JonasHelming can weigh in there, from the perspective of known adopters?
|
@colin-grant-work That behavior is expected now that we no longer explicitly call (Background: The vscode git plugin actually queries the workspace API, if you also install the github and github-authentication plugin from VSCode the dropdown should show you a little bit more but you'll still end up with a missing authentication provider since the activation event for github-authentication is not yet supported by Theia.) |
|
@martin-fleck-at, that all sounds reasonable, and it explains why, the first time I ran through the test steps with workspace trust automatically enabled, I got an additional prompt asking me if I wanted to do automatic fetches, which is the feature that's checking workspace trust. So as you say, the question is when to prompt, I guess. I find VSCode's prompt-on-start pretty annoying, so maybe your original idea of requesting trust when anyone checks for it is the best idea. The GitHub plugin immediately creates a listener if it finds the workspace is untrusted, and that seems like the only good way for a plugin to handle finding |
|
I've implemented a tiny VSCode plugin here with commands to exercise the workspace API. |
|
@colin-grant-work Thank you very much for the plugin, it was very useful to test the different scenarios! As you suggested, we now request the workspace trust whenever the trust is queried. In addition to that, we report any workspace trust state back to the plugin ( Thank you for your review and effort! |
| [WORKSPACE_TRUST_ENABLED]: { | ||
| description: nls.localize('theia/workspace/trustEnabled', 'Controls whether or not workspace trust is enabled. If disabled, all workspaces are trusted.'), | ||
| type: 'boolean', | ||
| defaultValue: false |
There was a problem hiding this comment.
In VSCode, the workspace trust feature is definitely enabled by default. You are correct, though, that if workspace trust is not enabled, all workspaces are trusted.
I don't have a strong opinion about whether to enable the feature by default. Perhaps @JonasHelming can weigh in there, from the perspective of known adopters?
|
I think we should enable the feature by default as it provides a more defensive strategy when it comes to security. Adopters can still choose to disable the feature in their application default preferences if they accept any risk that may come with it. However, if they do not do that it is probably better to inform the user that a plugin requests workspace trust. |
|
@JonasHelming @colin-grant-work Thank you for your feedback! Thinking about it a bit more, I fully agree with Jonas that if no plugin requests the trust, the user is not bothered anyway but if a plugin needs it, it may be better to inform the user unless some adopters explicitly choose not to do so. As such, I changed the default enablement preference to |
|
@colin-grant-work : I would merge this now, OK? |
- Add trust-relevant methods and interfaces to the plugin workspace API - Implement dedicated workspace trust service to manage trust - Add trust-specific settings to 'Security' category in preferences -- Enable/Disable trust feature: enabled by default -- Show trust prompot on startup: always by default -- Auto-trust empty workspaces: true by default -- Inform user about required application restart on preference change - Calculate trust the first time it is requested from a plugin
There was a problem hiding this comment.
@colin-grant-work I don't really have a strong opinion on that. I think both would be fine, but I'm slightly leaning towards not enabling it by default.
In the end, downstream users of Theia can always choose to have it enabled by default in their product.
|
Just to mention, I also do not have a strong opinion about it. So @colin-grant-work Your vote will decide on this, no option is "wrong" |
|
@msujew, @JonasHelming, @martin-fleck-at, thanks for your input. As annoying as I find VSCode's modal at start up, I think enabling security by default is better than disabling it by default - adopters and users are free to follow whatever policies their risk managers will let them get away with :-). So default on sounds good to me, and I'll merge. |
What it does
#10472
Note: I share this PR to showcase how the issue might be solved as I tried to double-check the issue I was facing. While it is working and hopefully not doing any harm, further discussions and improvements might be needed for a real support of the workspace trust API.
How to test
(working Remote query)
(user trust query)
Review checklist
Reminder for reviewers