Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Workspace Trust #16126

Closed
lszomoru opened this issue May 4, 2021 · 2 comments · Fixed by #16143 or #17998
Closed

Support Workspace Trust #16126

lszomoru opened this issue May 4, 2021 · 2 comments · Fixed by #16143 or #17998
Assignees
@karrtikr
Labels
area-editor-* User-facing catch-all partner ask

Comments

@lszomoru
Copy link
Member

lszomoru commented May 4, 2021

Hello 👋 I'm from the VS Code team.

Recently, we have been exploring a security feature we refer to as Workspace Trust. This feature is intended to centralize and unify a security conscious decision required by a variety of VS Code features. With workspace trust, the user will be able to declare whether or not they trust the folder that is opened in VS Code before these features are executed.

Why you should care

Your extension is incredibly popular with VS Code users! We want to make sure that those users have a delightful experience with workspace trust and that includes extension authors deciding how much of their extension is supported in an untrusted workspace.

Workspace Trust experience

You can enable the feature with the following setting security.workspace.trust.enabled. Once enabled, you will see the following dialog when opening folders in VS Code.

Workspace Trust Startup Dialog

This dialog is important for allowing the user to make a decision early and understand the impact of their decision. Once you understand the feature, you may want to customize when to display the dialog using the setting security.workspace.trust.startupPrompt.

You can follow the development of Workspace Trust and provide feedback in issue #106488.

Workspace trust API

First off, all of what I am about to say can be found in issue #120251. That issue will include discussion of the feature and any updates to the feature.

The Workspace Trust extension API is now in stable. This allowed us to release the first cut of our guide for onboarding your extension to Workspace Trust. The API is small, so here is a quick look.

You can declare your extension to provide complete, partial or no support in untrusted workspaces using the untrustedWorkspaces capability in package.json.

The following example declares that the extension is supported completely in untrusted workspaces. In this case, the extension is enabled in untrusted workspaces.

"capabilities": {
  "untrustedWorkspaces": {
    "supported": true
  }
}

The next example declares that the extension is not supported in untrusted workspaces. In this case, the extension is disabled in untrusted workspaces.

"capabilities": {
  "untrustedWorkspaces": {
    "supported": false
  }
}

The third option is to declared limited support. There are three tools provided to you when you select the limited option.

First, if you have a setting that can be configured in the workspace but requires the workspace to be trusted in order to apply the workspace value, then you can include the setting using restrictedConfigurations array property in untrustedWorkspaces object. Doing so, VS Code will ignore the workspace value of these restricted settings when your extension reads these settings values using the VS Code Workspace Configuration API.

The following example declares the settings that are restricted in untrusted workspaces.

"capabilities": {
  "untrustedWorkspaces": {
    "supported": "limited",
    "restrictedConfigurations": [
      "markdown.styles"
    ]
  }
}

Next, you can also check and listen if the current workspace is trusted or not programmatically using the following API:

export namespace workspace {
  /**
   * When true, the user has explicitly trusted the contents of the workspace.
   */
  export const isTrusted: boolean;
  /**
   * Event that fires when the current workspace has been trusted.
   */
  export const onDidGrantWorkspaceTrust: Event<void>;
}

Lastly, you can hide commands or views declaratively with the isWorkspaceTrusted context key in your when clauses.

A far more detailed guide on how to onboard which will be updated as we receive feedback can be found in issue #120251.

Rollout plan

Workspace Trust will remain disabled for the month of May, but we are planning on enabling this by default in the future. To prepare for that day, we would love for you to try it out and provide feedback.

We'd love your feedback

Since this issue was created in an automated fashion, we won't be monitoring the responses in this issue (our notifications would explode!). Instead we ask you to drop questions, and feedback in issue #120251 as we've mentioned above.

We're excited to see what you do with workspace trust!
@github-actions github-actions bot added the triage-needed Needs assignment to the proper sub-team label May 4, 2021
@karthiknadig karthiknadig added area-editor-* User-facing catch-all needs PR important Issue identified as high-priority partner ask and removed triage-needed Needs assignment to the proper sub-team labels May 4, 2021
@DonJayamanne DonJayamanne mentioned this issue May 4, 2021
Closed
@brettcannon brettcannon mentioned this issue May 5, 2021
Merged
@brettcannon brettcannon removed important Issue identified as high-priority planned 📅 labels Aug 12, 2021
@brettcannon
Copy link
Member

Reopening as Pylance is working towards functioning appropriately in an untrusted workspace.

@brettcannon brettcannon reopened this Aug 12, 2021
@github-actions github-actions bot added the triage-needed Needs assignment to the proper sub-team label Aug 12, 2021
@brettcannon
Copy link
Member

Public docs: https://code.visualstudio.com/docs/editor/workspace-trust

Guide for extensions: https://code.visualstudio.com/api/extension-guides/workspace-trust

@karthiknadig karthiknadig removed the triage-needed Needs assignment to the proper sub-team label Aug 12, 2021
@kieferrm kieferrm mentioned this issue Aug 16, 2021
Closed
91 tasks
@egamma egamma mentioned this issue Sep 6, 2021
Closed
99 tasks
@karrtikr karrtikr self-assigned this Sep 24, 2021
@karrtikr karrtikr mentioned this issue Nov 19, 2021
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@karrtikr karrtikr

Labels
area-editor-* User-facing catch-all partner ask
Projects
None yet
Milestone
No milestone
4 participants
@brettcannon @lszomoru @karthiknadig @karrtikr