impl: introduce signature fallback setting

We are going to ask the user only once during the initial login screen if he wants to
fallback on releases.coder.com when signatures are not present in the coder deployment.
However, we still want to leave him the option to later change his mind the in Settings page.

Author: fioan89

src/main/kotlin/com/coder/toolbox/cli/CoderCLIManager.kt

@@ -14,6 +14,7 @@ import com.coder.toolbox.cli.gpg.VerificationResult.Failed
 import com.coder.toolbox.cli.gpg.VerificationResult.Invalid
 import com.coder.toolbox.sdk.v2.models.Workspace
 import com.coder.toolbox.sdk.v2.models.WorkspaceAgent
+import com.coder.toolbox.settings.SignatureFallbackStrategy.ALLOW
 import com.coder.toolbox.util.CoderHostnameVerifier
 import com.coder.toolbox.util.InvalidVersionException
 import com.coder.toolbox.util.SemVer
@@ -188,10 +189,10 @@ class CoderCLIManager(
                 }
             }
 
-            // if we could not find any signature and the user wants to explicitly
+            // if we could not find any signature (404 or error) and the user wants to explicitly
             // confirm whether we run an unsigned cli
             if (signatureResult.isNotDownloaded()) {
-                if (context.settingsStore.allowUnsignedBinaryWithoutPrompt) {
+                if (context.settingsStore.fallbackOnCoderForSignatures == ALLOW) {
                     context.logger.warn("Running unsigned CLI from ${cliResult.source}")
                     downloader.commit()
                     return true

src/main/kotlin/com/coder/toolbox/settings/ReadOnlyCoderSettings.kt

@@ -2,6 +2,7 @@ package com.coder.toolbox.settings
 
 import java.net.URL
 import java.nio.file.Path
+import java.util.Locale.getDefault
 
 /**
  * Read-only interface for accessing Coder settings
@@ -28,10 +29,9 @@ interface ReadOnlyCoderSettings {
     val binaryDirectory: String?
 
     /**
-     * Controls whether we run the unsigned binary or we prompt
-     * the user for input.
+     * Controls whether we fall back release.coder.com
      */
-    val allowUnsignedBinaryWithoutPrompt: Boolean
+    val fallbackOnCoderForSignatures: SignatureFallbackStrategy
 
     /**
      * Default CLI binary name based on OS and architecture
@@ -178,4 +178,32 @@ interface ReadOnlyTLSSettings {
      * Coder service does not match the hostname in the TLS certificate.
      */
     val altHostname: String?
+}
+
+enum class SignatureFallbackStrategy {
+    /**
+     * User has not yet decided whether he wants to fallback on releases.coder.com for signatures
+     */
+    NOT_CONFIGURED,
+
+    /**
+     * Can fall back on releases.coder.com for signatures.
+     */
+    ALLOW,
+
+    /**
+     * Can't fall back on releases.coder.com for signatures.
+     */
+    FORBIDDEN;
+
+    fun isAllowed(): Boolean = this == ALLOW
+
+    companion object {
+        fun fromValue(value: String?): SignatureFallbackStrategy = when (value?.lowercase(getDefault())) {
+            "not_configured" -> NOT_CONFIGURED
+            "allow" -> ALLOW
+            "forbidden" -> FORBIDDEN
+            else -> NOT_CONFIGURED
+        }
+    }
 }

src/main/kotlin/com/coder/toolbox/store/CoderSettingsStore.kt

@@ -3,6 +3,7 @@ package com.coder.toolbox.store
 import com.coder.toolbox.settings.Environment
 import com.coder.toolbox.settings.ReadOnlyCoderSettings
 import com.coder.toolbox.settings.ReadOnlyTLSSettings
+import com.coder.toolbox.settings.SignatureFallbackStrategy
 import com.coder.toolbox.util.Arch
 import com.coder.toolbox.util.OS
 import com.coder.toolbox.util.expand
@@ -37,8 +38,8 @@ class CoderSettingsStore(
     override val defaultURL: String get() = store[DEFAULT_URL] ?: "https://dev.coder.com"
     override val binarySource: String? get() = store[BINARY_SOURCE]
     override val binaryDirectory: String? get() = store[BINARY_DIRECTORY]
-    override val allowUnsignedBinaryWithoutPrompt: Boolean
-        get() = store[ALLOW_UNSIGNED_BINARY_EXEC]?.toBooleanStrictOrNull() ?: false
+    override val fallbackOnCoderForSignatures: SignatureFallbackStrategy
+        get() = SignatureFallbackStrategy.fromValue(store[FALLBACK_ON_CODER_FOR_SIGNATURES])
     override val defaultCliBinaryNameByOsAndArch: String get() = getCoderCLIForOS(getOS(), getArch())
     override val binaryName: String get() = store[BINARY_NAME] ?: getCoderCLIForOS(getOS(), getArch())
     override val defaultSignatureNameByOsAndArch: String get() = getCoderSignatureForOS(getOS(), getArch())
@@ -161,8 +162,11 @@ class CoderSettingsStore(
         store[ENABLE_DOWNLOADS] = shouldEnableDownloads.toString()
     }
 
-    fun updateAllowUnsignedBinaryExec(allowUnsignedBinaryExec: Boolean) {
-        store[ALLOW_UNSIGNED_BINARY_EXEC] = allowUnsignedBinaryExec.toString()
+    fun updateSignatureFallbackStrategy(fallback: Boolean) {
+        store[FALLBACK_ON_CODER_FOR_SIGNATURES] = when (fallback) {
+            true -> SignatureFallbackStrategy.ALLOW.toString()
+            else -> SignatureFallbackStrategy.FORBIDDEN.toString()
+        }
     }
 
     fun updateBinaryDirectoryFallback(shouldEnableBinDirFallback: Boolean) {

src/main/kotlin/com/coder/toolbox/store/StoreKeys.kt

@@ -10,7 +10,7 @@ internal const val BINARY_SOURCE = "binarySource"
 
 internal const val BINARY_DIRECTORY = "binaryDirectory"
 
-internal const val ALLOW_UNSIGNED_BINARY_EXEC = "allowUnsignedBinaryExec"
+internal const val FALLBACK_ON_CODER_FOR_SIGNATURES = "signatureFallbackStrategy"
 
 internal const val BINARY_NAME = "binaryName"
 

src/main/kotlin/com/coder/toolbox/views/CoderSettingsPage.kt

@@ -32,10 +32,10 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
         TextField(context.i18n.ptrl("Data directory"), settings.dataDirectory ?: "", TextType.General)
     private val enableDownloadsField =
         CheckboxField(settings.enableDownloads, context.i18n.ptrl("Enable downloads"))
-    private val allowUnsignedBinaryExecField =
+    private val signatureFallbackStrategyField =
         CheckboxField(
-            settings.allowUnsignedBinaryWithoutPrompt,
-            context.i18n.ptrl("Allow unsigned binary execution without prompt")
+            settings.fallbackOnCoderForSignatures.isAllowed(),
+            context.i18n.ptrl("Fallback on releases.coder.com when CLI signatures can't be found")
         )
     private val enableBinaryDirectoryFallbackField =
         CheckboxField(
@@ -71,7 +71,7 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
             enableDownloadsField,
             binaryDirectoryField,
             enableBinaryDirectoryFallbackField,
-            allowUnsignedBinaryExecField,
+            signatureFallbackStrategyField,
             dataDirectoryField,
             headerCommandField,
             tlsCertPathField,
@@ -93,7 +93,7 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
                 context.settingsStore.updateBinaryDirectory(binaryDirectoryField.textState.value)
                 context.settingsStore.updateDataDirectory(dataDirectoryField.textState.value)
                 context.settingsStore.updateEnableDownloads(enableDownloadsField.checkedState.value)
-                context.settingsStore.updateAllowUnsignedBinaryExec(allowUnsignedBinaryExecField.checkedState.value)
+                context.settingsStore.updateSignatureFallbackStrategy(signatureFallbackStrategyField.checkedState.value)
                 context.settingsStore.updateBinaryDirectoryFallback(enableBinaryDirectoryFallbackField.checkedState.value)
                 context.settingsStore.updateHeaderCommand(headerCommandField.textState.value)
                 context.settingsStore.updateCertPath(tlsCertPathField.textState.value)

src/main/resources/localization/defaultMessages.po

@@ -79,7 +79,7 @@ msgstr ""
 msgid "Enable downloads"
 msgstr ""
 
-msgid "Allow unsigned binary execution without prompt"
+msgid "Fallback on releases.coder.com when CLI signatures can't be found"
 msgstr ""
 
 msgid "Enable binary directory fallback"

src/test/kotlin/com/coder/toolbox/cli/CoderCLIManagerTest.kt

@@ -7,7 +7,6 @@ import com.coder.toolbox.cli.ex.SSHConfigFormatException
 import com.coder.toolbox.sdk.DataGen.Companion.workspace
 import com.coder.toolbox.sdk.v2.models.Workspace
 import com.coder.toolbox.settings.Environment
-import com.coder.toolbox.store.ALLOW_UNSIGNED_BINARY_EXEC
 import com.coder.toolbox.store.BINARY_DIRECTORY
 import com.coder.toolbox.store.BINARY_NAME
 import com.coder.toolbox.store.BINARY_SOURCE
@@ -18,6 +17,7 @@ import com.coder.toolbox.store.DATA_DIRECTORY
 import com.coder.toolbox.store.DISABLE_AUTOSTART
 import com.coder.toolbox.store.ENABLE_BINARY_DIR_FALLBACK
 import com.coder.toolbox.store.ENABLE_DOWNLOADS
+import com.coder.toolbox.store.FALLBACK_ON_CODER_FOR_SIGNATURES
 import com.coder.toolbox.store.HEADER_COMMAND
 import com.coder.toolbox.store.NETWORK_INFO_DIR
 import com.coder.toolbox.store.SSH_CONFIG_OPTIONS
@@ -226,7 +226,7 @@ internal class CoderCLIManagerTest {
                 settingsStore = CoderSettingsStore(
                     pluginTestSettingsStore(
                         DATA_DIRECTORY to tmpdir.resolve("real-cli").toString(),
-                        ALLOW_UNSIGNED_BINARY_EXEC to "true",
+                        FALLBACK_ON_CODER_FOR_SIGNATURES to "allow",
                     ),
                     Environment(),
                     context.logger
@@ -257,7 +257,7 @@ internal class CoderCLIManagerTest {
                     pluginTestSettingsStore(
                         BINARY_NAME to "coder.bat",
                         DATA_DIRECTORY to tmpdir.resolve("mock-cli").toString(),
-                        ALLOW_UNSIGNED_BINARY_EXEC to "true",
+                        FALLBACK_ON_CODER_FOR_SIGNATURES to "allow",
                     ),
                     Environment(),
                     context.logger,
@@ -279,7 +279,7 @@ internal class CoderCLIManagerTest {
                     pluginTestSettingsStore(
                         BINARY_SOURCE to "/bin/override",
                         DATA_DIRECTORY to tmpdir.resolve("mock-cli").toString(),
-                        ALLOW_UNSIGNED_BINARY_EXEC to "true",
+                        FALLBACK_ON_CODER_FOR_SIGNATURES to "allow",
                     ),
                     Environment(),
                     context.logger
@@ -322,7 +322,7 @@ internal class CoderCLIManagerTest {
             context.copy(
                 settingsStore = CoderSettingsStore(
                 pluginTestSettingsStore(
-                    ALLOW_UNSIGNED_BINARY_EXEC to "true",
+                    FALLBACK_ON_CODER_FOR_SIGNATURES to "allow",
                     DATA_DIRECTORY to tmpdir.resolve("overwrite-cli").toString(),
                 ),
                 Environment(),
@@ -356,7 +356,7 @@ internal class CoderCLIManagerTest {
         val settings = CoderSettingsStore(
             pluginTestSettingsStore(
                 DATA_DIRECTORY to tmpdir.resolve("clobber-cli").toString(),
-                ALLOW_UNSIGNED_BINARY_EXEC to "true"
+                FALLBACK_ON_CODER_FOR_SIGNATURES to "allow"
             ),
             Environment(),
             context.logger
@@ -869,7 +869,7 @@ internal class CoderCLIManagerTest {
                     ENABLE_BINARY_DIR_FALLBACK to it.enableFallback.toString(),
                     DATA_DIRECTORY to tmpdir.resolve("ensure-data-dir").toString(),
                     BINARY_DIRECTORY to tmpdir.resolve("ensure-bin-dir").toString(),
-                    ALLOW_UNSIGNED_BINARY_EXEC to "true"
+                    FALLBACK_ON_CODER_FOR_SIGNATURES to "allow"
                 ),
                 Environment(),
                 context.logger
@@ -970,7 +970,7 @@ internal class CoderCLIManagerTest {
                         pluginTestSettingsStore(
                             BINARY_NAME to "coder.bat",
                             DATA_DIRECTORY to tmpdir.resolve("features").toString(),
-                            ALLOW_UNSIGNED_BINARY_EXEC to "true"
+                            FALLBACK_ON_CODER_FOR_SIGNATURES to "allow"
                         ),
                         Environment(),
                         context.logger,