TLS Sync VS Code Extensions

[bmiddha]

Summary

Add new projects to support the TLS Sync VS Code Extensions.

Details

TLS Sync VSCode Extensions orchestrate @rushstack/debug-certificate-manager to create, trust, and sync certificates when using VSCode remotes (devcontainer, WSL, codespaces, tunnels, etc.).

sequenceDiagram
    UIExtension->>WorkspaceExtension: Ping
    WorkspaceExtension->>UIExtension: Pong {"version": "0.0.3"}
    UIExtension->>WorkspaceExtension: ICertificate

Loading

VSCode API

Activation triggers

The workspace extension is activated when a .tlssync file is found by VSCode in the workspace. The Workspace extension is activated by the UI extension when it send the "ping" command to match versions.

Commands

• tlssync.workspace.showLog - Open output window for workspace extension logs
• tlssync.ui.showLog - Open output window for UI extension logs
• tlssync.ui.sync - Sync certificates from local to remote
• tlssync.ui.showWalkthrough - Open walkthrough page for this sync extension
• tlssync.ui.showSettings - Open settings page for the extension
• tlssync.workspace.ping - Internal command used by the workspace extension to check the availability of the UI extension. This command is not surfaced to the user. THis
• tlssync.ui.ensureCertificate - Calls CertficiateManager.ensureCertificate. This can create and trust certificates as necessary
• tlssync.ui.untrustCertificate - Remove and un-trust certificates

Walkthroughs

Settings

Package changes

tls-sync-vscode-extension-pack tls-sync-vscode-workspace-extension tls-sync-vscode-ui-extension

• Add extension pack which installs the UI and Workspace extensions
• Add UI and workspace extensions which work together to manage and sync certificates.

@rushstack/heft-vscode-extension-plugin @rushstack/heft-vscode-extension-rig

• Heft plugin to package files into vsix using @vscode/vsce
• Add rig to build and package vscode extensions

CertificateStore

• Add params to support custom paths and filenames

CertificateManger

• Forward custom paths and filenames to CertificateStore
• Update untrustCertificateAsync to clear caCertificateData
• Update trust and untrust mechanisms for macOS. Instead of using sudo package. It now uses osascript (applescript) to run the elevated command. This enables the use of this package where the process STDIO is not surfaced to the user.

tls-sync-vscode-workspace-extension, tls-sync-vscode-ui-extension, tls-sync-vscode-shared

• VSCode extensions and shared code to run CertificateManager on the local and remote machines and sync certificates between the stores.

Repo changes

• Add new version policy to bump the TLS sync extensions in lockstep.
• Update VS Code extension publish pipeline. Added new extensions.

How it was tested

Tested in GitHub Codespaces, WSL, DevContainer, Tunnels with a mix of Linux and Windows hosts.
Tested with Windows and macOS host machines.

Impacted documentation

[dmichon-msft]

Still mid-review, but some things to fix

[D4N14L]

Also, why are there 2 separate extensions? Can this not be just one?

[bmiddha]

Also, why are there 2 separate extensions? Can this not be just one?

The UI extension runs code on the local machine. This creates and trusts the certificates on the local machine.
The workspace extension runs on the remote extension host (where vs code server runs). This gets the cert info from the UI extension and updates the remote file system with the certs.
We need to have 2 to run code on both the local and remote machines.

[D4N14L]

Only a few remaining open items from me. You may also want to wait for another signoff, maybe from Ian, given the changes to the build flows that I'm less familar with.