Add trusted_domains variable to code-server module for link protection

[Foorack]

Description

This PR adds support for configuring trusted domains in the code-server module through a new trusted_domains variable.

This allows users to specify domains that should be trusted for link protection using code-server's --link-protection-trusted-domains option.

Type of Change

• New module
• Bug fix
• Feature/enhancement
• Documentation
• Other

Module Information

Path: registry/coder/modules/code-server
New version: N/A
Breaking change: [ ] Yes [X] No

Related Issues

microsoft/vscode#82794

coder/coder#19995

[Copilot]

Pull Request Overview

This PR adds support for configuring trusted domains in the code-server module to enable link protection functionality. Users can now specify a list of domains that should be trusted when code-server validates external links.

• Adds a new trusted_domains variable to accept a list of trusted domain strings
• Updates the run script to process the domains and pass them to code-server via --link-protection-trusted-domains flags
• Integrates the trusted domains configuration into the coder_script resource environment

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
main.tf	Adds trusted_domains variable definition and passes it to the script environment
run.sh	Implements domain processing logic and adds trusted domains arguments to code-server command

[Foorack]

If I understand these logs correctly, the error has nothing to do with this change?

registry/coder/modules/agentapi/main.test.ts:

registry/thezoker/modules/nodejs/main.test.ts:

7 tests failed:
(fail) jfrog-oauth > can run apply with required variables
(fail) jfrog-token > can run apply with required variables
(fail) github-upload-public-key > creates new key if one does not exist [15002.08ms]
  ^ this test timed out after 15000ms.
(fail) github-upload-public-key > does nothing if one already exists [5001.03ms]
  ^ this test timed out after 5000ms.
(fail) code-server > required variables [135.00ms]
(fail) code-server > use_cached and offline can not be used together [133.00ms]
(fail) code-server > offline and extensions can not be used together [136.00ms]

 376 pass
 7 fail
 2 errors
 1083 expect() calls
Ran 383 tests across 50 files. [453.11s]

[Foorack]

Will look into testing more this week, as well as adding tests specifically for this new feature.

[DevelopmentCats]

@Foorack Just want to check and see if there is any update?

[DevelopmentCats]

Closing because no response

[Foorack]

@DevelopmentCats Apologies with the delay, been busy with work. Can we please re-open the merge request?

I do think it is very hasty to close a Pull Request that is less than a few weeks old. Your update check was also only 20 hours ago. The urgency to get this merged into main reduced once we had a very stable workaround, but I still want to upstream this for the benefit of the greater Coder community.

locals {
  <snip>
  # Trusted domains for code-server link protection
  trusted_domains = [
    "https://open-vsx.org",
    "https://github.com",
    "*.foorack.com",
  ]
}

resource "coder_agent" "main" {
  arch = data.coder_provisioner.me.arch
  os   = "linux"
  dir  = "/home/coder/${local.folder_name}"
  # Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
  startup_script = <<-EOT
    # Update code-server trusted domains
    echo "🔧 Updating code-server trusted domains..."
    mkdir -p /tmp/code-server/lib
    while [ ! -f "$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)" ]; do :; done
    CODE_SERVER_PROFILE_JSON="$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)"
    cat $CODE_SERVER_PROFILE_JSON | jq '.linkProtectionTrustedDomains = ${jsonencode(local.trusted_domains)}' > /tmp/product-modified.json
    mv /tmp/product-modified.json $CODE_SERVER_PROFILE_JSON

    # Rest of setup...
    <snip>
    EOT

  <snip>
}

[DevelopmentCats]

Yeah I can sorry about that!

I generally try to close out PR's that haven't had a response in a few weeks but I'm never against reopening them 😃

I will keep your words in mind though.

[Copilot]

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

[DevelopmentCats]

I just wanted to check and see if there was any update on this @Foorack

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

[Foorack]

@DevelopmentCats Apologies for delay. Difficult to prioritize this when I have a stable workaround, but trying to upstream it nonetheless. This PR should be ready for review by someone now, when time is available.

[DevelopmentCats]

@DevelopmentCats Apologies for delay. Difficult to prioritize this when I have a stable workaround, but trying to upstream it nonetheless. This PR should be ready for review by someone now, when time is available.

Okay I will take a look at this and hopefully we can get this knocked out. I apologize for the delay here! 😸

[DevelopmentCats]

@Foorack Looks good to me but can you bump the version here? It would be a minor version bump. I will tag it here so you can get the instructions for bumping the version easily.

Nvm it wont comment on a fork but if you bump the versions in the readme we should be good here.