diff --git a/registry/coder/modules/code-server/README.md b/registry/coder/modules/code-server/README.md index 3312f979d..4f0ab78bf 100644 --- a/registry/coder/modules/code-server/README.md +++ b/registry/coder/modules/code-server/README.md @@ -14,7 +14,7 @@ Automatically install [code-server](https://github.com/coder/code-server) in a w module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id } ``` @@ -29,7 +29,7 @@ module "code-server" { module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id install_version = "4.106.3" } @@ -43,7 +43,7 @@ Install the Dracula theme from [OpenVSX](https://open-vsx.org/): module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id extensions = [ "dracula-theme.theme-dracula" @@ -61,7 +61,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id extensions = ["dracula-theme.theme-dracula"] settings = { @@ -78,7 +78,7 @@ Just run code-server in the background, don't fetch it from GitHub: module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"] } @@ -92,7 +92,7 @@ You can pass additional command-line arguments to code-server using the `additio module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id additional_args = "--disable-workspace-trust" } @@ -108,7 +108,7 @@ Run an existing copy of code-server if found, otherwise download from GitHub: module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id use_cached = true extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"] @@ -121,7 +121,7 @@ Just run code-server in the background, don't fetch it from GitHub: module "code-server" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/code-server/coder" - version = "1.4.2" + version = "1.5.0" agent_id = coder_agent.example.id offline = true } diff --git a/registry/coder/modules/code-server/code-server.tftest.hcl b/registry/coder/modules/code-server/code-server.tftest.hcl index ebbb71755..113f134da 100644 --- a/registry/coder/modules/code-server/code-server.tftest.hcl +++ b/registry/coder/modules/code-server/code-server.tftest.hcl @@ -48,3 +48,45 @@ run "url_with_folder_query" { error_message = "coder_app URL must include encoded folder query param" } } + +run "trusted_domains_single" { + command = plan + + variables { + agent_id = "foo" + trusted_domains = ["example.com"] + } + + assert { + condition = can(regex("example.com", resource.coder_script.code-server.script)) + error_message = "Script must contain the trusted domain 'example.com'" + } +} + +run "trusted_domains_multiple" { + command = plan + + variables { + agent_id = "foo" + trusted_domains = ["example.com", "test.com", "trusted.domain.com"] + } + + assert { + condition = can(regex("example.com,test.com,trusted.domain.com", resource.coder_script.code-server.script)) + error_message = "Script must contain the comma-separated trusted domains 'example.com,test.com,trusted.domain.com'" + } +} + +run "trusted_domains_empty" { + command = plan + + variables { + agent_id = "foo" + trusted_domains = [] + } + + assert { + condition = can(regex("TRUSTED_DOMAINS_ARG=\"\"", resource.coder_script.code-server.script)) + error_message = "Script must set TRUSTED_DOMAINS_ARG to empty string when no domains are provided" + } +} diff --git a/registry/coder/modules/code-server/main.tf b/registry/coder/modules/code-server/main.tf index f56513533..ddc07a464 100644 --- a/registry/coder/modules/code-server/main.tf +++ b/registry/coder/modules/code-server/main.tf @@ -148,6 +148,12 @@ variable "open_in" { } } +variable "trusted_domains" { + type = list(string) + description = "A list of trusted domains for link protection. These domains will be added to the --link-protection-trusted-domains option." + default = [] +} + variable "additional_args" { type = string description = "Additional command-line arguments to pass to code-server (e.g., '--disable-workspace-trust')." @@ -174,6 +180,7 @@ resource "coder_script" "code-server" { EXTENSIONS_DIR : var.extensions_dir, FOLDER : var.folder, AUTO_INSTALL_EXTENSIONS : var.auto_install_extensions, + TRUSTED_DOMAINS : join(",", var.trusted_domains), ADDITIONAL_ARGS : var.additional_args, }) run_on_start = true diff --git a/registry/coder/modules/code-server/run.sh b/registry/coder/modules/code-server/run.sh index 33a6972a6..93e482641 100644 --- a/registry/coder/modules/code-server/run.sh +++ b/registry/coder/modules/code-server/run.sh @@ -13,10 +13,22 @@ if [ -n "${EXTENSIONS_DIR}" ]; then mkdir -p "${EXTENSIONS_DIR}" fi +# Set trusted domains argument +TRUSTED_DOMAINS_ARG="" +if [ -n "${TRUSTED_DOMAINS}" ]; then + # Split comma-separated domains and create multiple --link-protection-trusted-domains arguments + IFS=',' read -r -a DOMAIN_ARRAY <<< "${TRUSTED_DOMAINS}" + for domain in "$${DOMAIN_ARRAY[@]}"; do + if [ -n "$domain" ]; then + TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=$domain" + fi + done +fi + function run_code_server() { echo "👷 Running code-server in the background..." echo "Check logs at ${LOG_PATH}!" - $CODE_SERVER "$EXTENSION_ARG" --auth none --port "${PORT}" --app-name "${APP_NAME}" ${ADDITIONAL_ARGS} > "${LOG_PATH}" 2>&1 & + $CODE_SERVER "$EXTENSION_ARG" $TRUSTED_DOMAINS_ARG --auth none --port "${PORT}" --app-name "${APP_NAME}" ${ADDITIONAL_ARGS} > "${LOG_PATH}" 2>&1 & } # Check if the settings file exists...