move dynamic security settings contrib to after restore (microsoft#203947) (microsoft#204111)

Author: bpasero

src/vs/workbench/browser/workbench.contribution.ts

@@ -7,10 +7,9 @@ import { Registry } from 'vs/platform/registry/common/platform';
 import { localize } from 'vs/nls';
 import { IConfigurationRegistry, Extensions as ConfigurationExtensions, ConfigurationScope } from 'vs/platform/configuration/common/configurationRegistry';
 import { isMacintosh, isWindows, isLinux, isWeb, isNative } from 'vs/base/common/platform';
-import { ConfigurationMigrationWorkbenchContribution, DynamicWorkbenchConfigurationWorkbenchContribution, IConfigurationMigrationRegistry, workbenchConfigurationNodeBase, Extensions, ConfigurationKeyValuePairs, problemsConfigurationNodeBase } from 'vs/workbench/common/configuration';
+import { ConfigurationMigrationWorkbenchContribution, DynamicWorkbenchSecurityConfiguration, IConfigurationMigrationRegistry, workbenchConfigurationNodeBase, Extensions, ConfigurationKeyValuePairs, problemsConfigurationNodeBase } from 'vs/workbench/common/configuration';
 import { isStandalone } from 'vs/base/browser/browser';
-import { IWorkbenchContributionsRegistry, WorkbenchContributionInstantiation, Extensions as WorkbenchExtensions, registerWorkbenchContribution2 } from 'vs/workbench/common/contributions';
-import { LifecyclePhase } from 'vs/workbench/services/lifecycle/common/lifecycle';
+import { WorkbenchContributionInstantiation, registerWorkbenchContribution2 } from 'vs/workbench/common/contributions';
 import { ActivityBarPosition, EditorActionsLocation, EditorTabsMode, LayoutSettings } from 'vs/workbench/services/layout/browser/layoutService';
 
 const registry = Registry.as<IConfigurationRegistry>(ConfigurationExtensions.Configuration);
@@ -19,10 +18,10 @@ const registry = Registry.as<IConfigurationRegistry>(ConfigurationExtensions.Con
 (function registerConfiguration(): void {
 
 	// Migration support
-	Registry.as<IWorkbenchContributionsRegistry>(WorkbenchExtensions.Workbench).registerWorkbenchContribution(ConfigurationMigrationWorkbenchContribution, LifecyclePhase.Eventually);
+	registerWorkbenchContribution2(ConfigurationMigrationWorkbenchContribution.ID, ConfigurationMigrationWorkbenchContribution, WorkbenchContributionInstantiation.Eventually);
 
 	// Dynamic Configuration
-	registerWorkbenchContribution2(DynamicWorkbenchConfigurationWorkbenchContribution.ID, DynamicWorkbenchConfigurationWorkbenchContribution, WorkbenchContributionInstantiation.BlockRestore);
+	registerWorkbenchContribution2(DynamicWorkbenchSecurityConfiguration.ID, DynamicWorkbenchSecurityConfiguration, WorkbenchContributionInstantiation.AfterRestored);
 
 	// Workbench
 	registry.registerConfiguration({

src/vs/workbench/common/configuration.ts

@@ -15,6 +15,7 @@ import { IRemoteAgentService } from 'vs/workbench/services/remote/common/remoteA
 import { OperatingSystem, isWindows } from 'vs/base/common/platform';
 import { URI } from 'vs/base/common/uri';
 import { equals } from 'vs/base/common/objects';
+import { DeferredPromise } from 'vs/base/common/async';
 
 export const applicationConfigurationNodeBase = Object.freeze<IConfigurationNode>({
 	'id': 'application',
@@ -76,6 +77,8 @@ Registry.add(Extensions.ConfigurationMigration, configurationMigrationRegistry);
 
 export class ConfigurationMigrationWorkbenchContribution extends Disposable implements IWorkbenchContribution {
 
+	static readonly ID = 'workbench.contrib.configurationMigration';
+
 	constructor(
 		@IConfigurationService private readonly configurationService: IConfigurationService,
 		@IWorkspaceContextService private readonly workspaceService: IWorkspaceContextService,
@@ -165,47 +168,60 @@ export class ConfigurationMigrationWorkbenchContribution extends Disposable impl
 	}
 }
 
-export class DynamicWorkbenchConfigurationWorkbenchContribution extends Disposable implements IWorkbenchContribution {
+export class DynamicWorkbenchSecurityConfiguration extends Disposable implements IWorkbenchContribution {
+
+	static readonly ID = 'workbench.contrib.dynamicWorkbenchSecurityConfiguration';
 
-	static readonly ID = 'workbench.contrib.dynamicWorkbenchConfiguration';
+	private readonly _ready = new DeferredPromise<void>();
+	readonly ready = this._ready.p;
 
 	constructor(
-		@IRemoteAgentService remoteAgentService: IRemoteAgentService
+		@IRemoteAgentService private readonly remoteAgentService: IRemoteAgentService
 	) {
 		super();
 
-		(async () => {
-			if (!isWindows) {
-				const remoteEnvironment = await remoteAgentService.getEnvironment();
-				if (remoteEnvironment?.os !== OperatingSystem.Windows) {
-					return;
-				}
+		this.create();
+	}
+
+	private async create(): Promise<void> {
+		try {
+			await this.doCreate();
+		} finally {
+			this._ready.complete();
+		}
+	}
+
+	private async doCreate(): Promise<void> {
+		if (!isWindows) {
+			const remoteEnvironment = await this.remoteAgentService.getEnvironment();
+			if (remoteEnvironment?.os !== OperatingSystem.Windows) {
+				return;
 			}
+		}
 
-			// Windows: UNC allow list security configuration
-			const registry = Registry.as<IConfigurationRegistry>(ConfigurationExtensions.Configuration);
-			registry.registerConfiguration({
-				...securityConfigurationNodeBase,
-				'properties': {
-					'security.allowedUNCHosts': {
-						'type': 'array',
-						'items': {
-							'type': 'string',
-							'pattern': '^[^\\\\]+$',
-							'patternErrorMessage': localize('security.allowedUNCHosts.patternErrorMessage', 'UNC host names must not contain backslashes.')
-						},
-						'default': [],
-						'markdownDescription': localize('security.allowedUNCHosts', 'A set of UNC host names (without leading or trailing backslash, for example `192.168.0.1` or `my-server`) to allow without user confirmation. If a UNC host is being accessed that is not allowed via this setting or has not been acknowledged via user confirmation, an error will occur and the operation stopped. A restart is required when changing this setting. Find out more about this setting at https://aka.ms/vscode-windows-unc.'),
-						'scope': ConfigurationScope.MACHINE
+		// Windows: UNC allow list security configuration
+		const registry = Registry.as<IConfigurationRegistry>(ConfigurationExtensions.Configuration);
+		registry.registerConfiguration({
+			...securityConfigurationNodeBase,
+			'properties': {
+				'security.allowedUNCHosts': {
+					'type': 'array',
+					'items': {
+						'type': 'string',
+						'pattern': '^[^\\\\]+$',
+						'patternErrorMessage': localize('security.allowedUNCHosts.patternErrorMessage', 'UNC host names must not contain backslashes.')
 					},
-					'security.restrictUNCAccess': {
-						'type': 'boolean',
-						'default': true,
-						'markdownDescription': localize('security.restrictUNCAccess', 'If enabled, only allows access to UNC host names that are allowed by the `#security.allowedUNCHosts#` setting or after user confirmation. Find out more about this setting at https://aka.ms/vscode-windows-unc.'),
-						'scope': ConfigurationScope.MACHINE
-					}
+					'default': [],
+					'markdownDescription': localize('security.allowedUNCHosts', 'A set of UNC host names (without leading or trailing backslash, for example `192.168.0.1` or `my-server`) to allow without user confirmation. If a UNC host is being accessed that is not allowed via this setting or has not been acknowledged via user confirmation, an error will occur and the operation stopped. A restart is required when changing this setting. Find out more about this setting at https://aka.ms/vscode-windows-unc.'),
+					'scope': ConfigurationScope.MACHINE
+				},
+				'security.restrictUNCAccess': {
+					'type': 'boolean',
+					'default': true,
+					'markdownDescription': localize('security.restrictUNCAccess', 'If enabled, only allows access to UNC host names that are allowed by the `#security.allowedUNCHosts#` setting or after user confirmation. Find out more about this setting at https://aka.ms/vscode-windows-unc.'),
+					'scope': ConfigurationScope.MACHINE
 				}
-			});
-		})();
+			}
+		});
 	}
 }

src/vs/workbench/electron-sandbox/window.ts

@@ -77,6 +77,8 @@ import { IHostService } from 'vs/workbench/services/host/browser/host';
 import { IStatusbarService, ShowTooltipCommand, StatusbarAlignment } from 'vs/workbench/services/statusbar/browser/statusbar';
 import { ActionBar } from 'vs/base/browser/ui/actionbar/actionbar';
 import { ThemeIcon } from 'vs/base/common/themables';
+import { getWorkbenchContribution } from 'vs/workbench/common/contributions';
+import { DynamicWorkbenchSecurityConfiguration } from 'vs/workbench/common/configuration';
 
 export class NativeWindow extends BaseWindow {
 
@@ -301,7 +303,7 @@ export class NativeWindow extends BaseWindow {
 		});
 
 		// Allow to update security settings around allowed UNC Host
-		ipcRenderer.on('vscode:configureAllowedUNCHost', (event: unknown, host: string) => {
+		ipcRenderer.on('vscode:configureAllowedUNCHost', async (event: unknown, host: string) => {
 			if (!isWindows) {
 				return; // only supported on Windows
 			}
@@ -320,6 +322,7 @@ export class NativeWindow extends BaseWindow {
 			if (!allowedUncHosts.has(host)) {
 				allowedUncHosts.add(host);
 
+				await getWorkbenchContribution<DynamicWorkbenchSecurityConfiguration>(DynamicWorkbenchSecurityConfiguration.ID).ready; // ensure this setting is registered
 				this.configurationService.updateValue('security.allowedUNCHosts', [...allowedUncHosts.values()], ConfigurationTarget.USER);
 			}
 		});