Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowed Extension policy not working as expected #236429

Closed
rtpub88 opened this issue Dec 18, 2024 · 11 comments · Fixed by #237479
Closed

Allowed Extension policy not working as expected #236429

rtpub88 opened this issue Dec 18, 2024 · 11 comments · Fixed by #237479
Assignees
@sandy081
Labels
bug Issue identified by VS Code Team member as probable bug candidate Issue identified as probable candidate for fixing in the next release extensions Issues concerning extensions verified Verification succeeded
Milestone
November 2024 Rec...

Comments

@rtpub88
Copy link

rtpub88 commented Dec 18, 2024

Does this issue occur when all extensions are disabled?: Yes/No

  • VS Code Version: 1.96.0
  • OS Version: Windows 10 LTSC 1809

Steps to Reproduce:
1. Set up a group policy with AllowedExtensions enabled

In Computer Configuration > Administrative Templates > Visual Stuudio Code > Extensions set
AllowedExtensions = '{ "ms-vscode.powershell": "stable", "ms-vscode.hexeditor": "stable" }'

2. Apply policy to the PC
Run "gpupdate /force" on the PC and confirmed that the enabled extensions are applied in VS Code

3 - Edit user's settings.json using VS Code
In the user's settings.json file, add the following section:
"extensions.allowed": {
"ms-vscode.PowerShell": true,
"ms-vscode.hexeditor": [ "1.11.1", "1.11.0" ],
"redhat": "stable:",
}
After the changes, verify that the added section is dimmed in VS Code (when hovering the mouse pointer over the added section the popup message should read "This setting cannot be applied because it is configured in the system policy. ..."

4. Search extensions and check results
Search for "redhat" in VS Code extension UI and in this example setup, all extensions by Red Hat can be installed
@rtpub88
Copy link
Author

rtpub88 commented Dec 18, 2024

@isidorn I have created a new issue, I tried to add screenshots but failed, hope you guys understand the steps to reproduce the problem!

@rtpub88
Copy link
Author

rtpub88 commented Dec 18, 2024

Just found out that if the settings.json file contains extensions.allowed section, the entire content will be wiped when the policy is being applied!!

@isidorn
Copy link
Contributor

isidorn commented Dec 18, 2024
edited
Loading

@rtpub88 thanks for filling this issue

Just found out that if the settings.json file contains extensions.allowed section, the entire content will be wiped when the policy is being applied!!

Well that is expected. The policy has priority. And should be documented @ntrogh

But from your initial comment it looks like this is a real issue, that users can enhance the policy by adding additional extensions via settings.json allowed list. This should not be allowed. This contradicts with your last comment - are you sure that the policy is indeed getting applied in your case?

@isidorn isidorn added the extensions Issues concerning extensions label Dec 18, 2024
@rtpub88
Copy link
Author

rtpub88 commented Dec 18, 2024
edited
Loading

@isidorn I don't know why I cannot upload images in here, but I have screenshots to prove that user can indeed enhance the policy by adding extensions in settings.json; if you follow through the repo steps, you should see that:

  1. the extensions allowed via group policy are shown in the VSCode settings UI (i.e. policy has been applied)
  2. search for the extensions defined in settings.json and they are all allowed to install

I think the settings will remain active until the next user logon where the settings.json will be wiped clean!! (not just the extension settings)

@sandy081
Copy link
Member

sandy081 commented Dec 18, 2024
edited by isidorn
Loading

Can you please share the following logs

  • F1 > Open Log File... > Main
  • F1 > Open Log File... > Window

@sandy081 sandy081 added the info-needed Issue requires more information from poster label Dec 18, 2024
@rtpub88
Copy link
Author

rtpub88 commented Dec 19, 2024

@sandy081 I have tried the following:

  1. Reproducing the issue (add extensions.allow section into settings.json, saved it and verify that the Red Hat extensions can be installed (using example I provided in the original post)

Here is the Main log

2024-12-19 08:52:43.889 [info] update#setState disabled
2024-12-19 08:52:43.889 [info] update#ctor - updates are disabled by user preference
2024-12-19 08:56:12.382 [error] ptyHost terminated unexpectedly with code 1073807364
2024-12-19 08:56:12.383 [warning] [UtilityProcess type: ptyHost, pid: 5376]: unable to kill the process
2024-12-19 08:56:12.392 [error] [UtilityProcessWorker]: terminated unexpectedly with code 1073807364, signal: unknown
2024-12-19 08:56:12.393 [error] [UtilityProcess id: 1, type: fileWatcher, pid: 8876]: crashed with code 1073807364 and reason 'killed'

and Windows log

2024-12-19 08:52:44.602 [warning] Via 'product.json#extensionEnabledApiProposals' extension 'ms-vscode.vscode-selfhost-test-provider' wants API proposal 'attributableCoverage' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2024-12-19 08:52:44.603 [warning] Via 'product.json#extensionEnabledApiProposals' extension 'ms-python.python' wants API proposal 'contribIssueReporter' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2024-12-19 08:52:44.603 [warning] Via 'product.json#extensionEnabledApiProposals' extension 'ms-python.debugpy' wants API proposal 'contribIssueReporter' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2024-12-19 08:52:45.231 [info] Started local extension host with pid 13680.
2024-12-19 08:52:46.299 [info] Settings Sync: Account status changed from uninitialized to unavailable
2024-12-19 08:52:47.894 [info] [perf] Render performance baseline is 28ms
  1. Then I logout my PC and log back in (so group policy runs) and verify that my settings.json has been reset (i.e. 0 byte)

Here is the Main log

2024-12-19 08:59:51.428 [info] update#setState disabled
2024-12-19 08:59:51.428 [info] update#ctor - updates are disabled by user preference

and Windows log

2024-12-19 08:59:52.077 [warning] Via 'product.json#extensionEnabledApiProposals' extension 'ms-vscode.vscode-selfhost-test-provider' wants API proposal 'attributableCoverage' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2024-12-19 08:59:52.077 [warning] Via 'product.json#extensionEnabledApiProposals' extension 'ms-python.python' wants API proposal 'contribIssueReporter' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2024-12-19 08:59:52.077 [warning] Via 'product.json#extensionEnabledApiProposals' extension 'ms-python.debugpy' wants API proposal 'contribIssueReporter' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2024-12-19 08:59:53.085 [info] Started local extension host with pid 5696.
2024-12-19 08:59:54.001 [info] Settings Sync: Account status changed from uninitialized to unavailable
2024-12-19 08:59:55.268 [info] [perf] Render performance baseline is 28ms

@rtpub88
Copy link
Author

rtpub88 commented Dec 19, 2024

Please find the attached screenshots for reference:

Group policy applied to local machine:
Image

VSCode Extensions settings:
Image

VSCode Extensions page (redhat accessible) after extensions.allowed added into settings.json:
Image

@sandy081
Copy link
Member

@rtpub88 Thanks for the logs. Looks like we would need trace information. Sorry for not mentioning this earlier. Can you please enable log level to trace and share the logs again?

  • Start VS Code from CLI code --verbose
  • Reproduce the issue as above
  • Share the main and window logs again

@rtpub88
Copy link
Author

rtpub88 commented Dec 20, 2024

@sandy081 here are the logs for reference

Main log
main.log

Window log
renderer.log

@sandy081 sandy081 added bug Issue identified by VS Code Team member as probable bug candidate Issue identified as probable candidate for fixing in the next release and removed info-needed Issue requires more information from poster labels Jan 8, 2025
@sandy081 sandy081 added this to the November 2024 Recovery 3 milestone Jan 8, 2025
sandy081 added a commit that referenced this issue Jan 8, 2025
@sandy081
recovery fix for #236429
cf58178
@sandy081 sandy081 mentioned this issue Jan 8, 2025
Merged
sandy081 added a commit that referenced this issue Jan 8, 2025
@sandy081
real fix for #236429
68708ee
@sandy081 sandy081 mentioned this issue Jan 8, 2025
Merged
sandy081 added a commit that referenced this issue Jan 8, 2025
@sandy081
recovery fix (#237474)
33f3b65 
* recovery fix for #236429

* fix tests

* fix tests
sandy081 added a commit that referenced this issue Jan 8, 2025
@sandy081
recovery fix (#237474)
745ddc5 
* recovery fix for #236429

* fix tests

* fix tests
@sandy081 sandy081 mentioned this issue Jan 8, 2025
Merged
@taras-bl

This comment has been minimized.

Sign in to view
sandy081 added a commit that referenced this issue Jan 9, 2025
@sandy081
recovery fix (#237505)
0e0be46 
recovery fix (#237474)

* recovery fix for #236429

* fix tests

* fix tests
@ntrogh ntrogh added the verified Verification succeeded label Jan 9, 2025
@sandy081 sandy081 closed this as completed Jan 9, 2025
sandy081 added a commit that referenced this issue Jan 9, 2025
@sandy081
real fix for #236429 (#237479)
e8184ed
@isidorn
Copy link
Contributor

isidorn commented Jan 9, 2025

@rtpub88 thank you very much for reporting this issue and providing great details!
There will be a stable release with the fix in the next couple of days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sandy081 sandy081

Labels
bug Issue identified by VS Code Team member as probable bug candidate Issue identified as probable candidate for fixing in the next release extensions Issues concerning extensions verified Verification succeeded
Projects
None yet
Milestone
November 2024 Recovery 3
Development

Successfully merging a pull request may close this issue.

real fix for #236429 microsoft/vscode
5 participants
@ntrogh @isidorn @sandy081 @rtpub88 @taras-bl