resolvers: support nesting and exec server (microsoft#185169)

This adds support for nesting remote authorities via passing through
ExecServers.

- An authority like `wsl+Ubuntu@tunnel+my-pc` is parsed into
  the chain `tunnel+my-pc` -> `wsl+Ubuntu`
- An extension for the `tunnel` prefixed is resolved. We expect the
  resolver to implement the new `resolveExecServer` method.
- Resolution continues. `wsl+Ubuntu` is the last resolver, so the
  `resolve()` method is called and the exec server is passed in its
  `RemoteAuthorityResolverContext`

Currently the ExecServer is typed as `unknown` in the API. _Maybe_ we
want to make it real API in the future, but I don't want to do this
until it's generalized beyond a single consumer (WSL).

This also has adds utility method `getRemoteExecServer` to get an exec
server for a given remote. This is used by WSL to probe information
about a tunneled machine even when WSL isn't opened (e.g. to get the
list of distros to shop.)

The new `@` handling should not break remotes. WSL doesn't use `@` in
its remotes, SSH and containers both hex-encode information contained
in authorities. Codespaces does put the codespace name in the remote
authority, but it doesn't seem like it's possible to get `@` in those
names, since they're generated either randomly when opening a template
or from a repo name (where @ is not allowed).

Author: connor4312

src/vs/workbench/api/common/extHost.api.impl.ts

@@ -1042,6 +1042,10 @@ export function createApiFactoryAndRegisterActors(accessor: ServicesAccessor): I
 				checkProposedApiEnabled(extension, 'resolvers');
 				return extHostLabelService.$registerResourceLabelFormatter(formatter);
 			},
+			getRemoteExecServer: (authority: string) => {
+				checkProposedApiEnabled(extension, 'resolvers');
+				return extensionService.getRemoteExecServer(authority);
+			},
 			onDidCreateFiles: (listener, thisArg, disposables) => {
 				return extHostFileSystemEvent.onDidCreateFile(listener, thisArg, disposables);
 			},

src/vs/workbench/api/common/extHostExtensionService.ts

@@ -783,6 +783,11 @@ export abstract class AbstractExtHostExtensionService extends Disposable impleme
 		});
 	}
 
+	public async getRemoteExecServer(remoteAuthority: string): Promise<vscode.ExecServer | undefined> {
+		const { resolver } = await this._activateAndGetResolver(remoteAuthority);
+		return resolver?.resolveExecServer?.(remoteAuthority, { resolveAttempt: 0 });
+	}
+
 	// -- called by main thread
 
 	private async _activateAndGetResolver(remoteAuthority: string): Promise<{ authorityPrefix: string; resolver: vscode.RemoteAuthorityResolver | undefined }> {
@@ -798,99 +803,122 @@ export abstract class AbstractExtHostExtensionService extends Disposable impleme
 		return { authorityPrefix, resolver: this._resolvers[authorityPrefix] };
 	}
 
-	public async $resolveAuthority(remoteAuthority: string, resolveAttempt: number): Promise<Dto<IResolveAuthorityResult>> {
+	public async $resolveAuthority(remoteAuthorityChain: string, resolveAttempt: number): Promise<Dto<IResolveAuthorityResult>> {
 		const sw = StopWatch.create(false);
-		const prefix = () => `[resolveAuthority(${getRemoteAuthorityPrefix(remoteAuthority)},${resolveAttempt})][${sw.elapsed()}ms] `;
+		const prefix = () => `[resolveAuthority(${getRemoteAuthorityPrefix(remoteAuthorityChain)},${resolveAttempt})][${sw.elapsed()}ms] `;
 		const logInfo = (msg: string) => this._logService.info(`${prefix()}${msg}`);
 		const logError = (msg: string, err: any = undefined) => this._logService.error(`${prefix()}${msg}`, err);
+		const normalizeError = (err: unknown) => {
+			if (err instanceof RemoteAuthorityResolverError) {
+				return {
+					type: 'error' as const,
+					error: {
+						code: err._code,
+						message: err._message,
+						detail: err._detail
+					}
+				};
+			}
+			throw err;
+		};
 
-		logInfo(`activating resolver...`);
-		const { authorityPrefix, resolver } = await this._activateAndGetResolver(remoteAuthority);
-		if (!resolver) {
-			logError(`no resolver`);
-			return {
-				type: 'error',
-				error: {
-					code: RemoteAuthorityResolverErrorCode.NoResolverFound,
-					message: `No remote extension installed to resolve ${authorityPrefix}.`,
-					detail: undefined
+		const chain = remoteAuthorityChain.split(/@|%40/g).reverse();
+		logInfo(`activating remote resolvers ${chain.join(' -> ')}`);
+
+		let resolvers;
+		try {
+			resolvers = await Promise.all(chain.map(async remoteAuthority => {
+				logInfo(`activating resolver...`);
+				const { resolver, authorityPrefix } = await this._activateAndGetResolver(remoteAuthority);
+				if (!resolver) {
+					logError(`no resolver`);
+					throw new RemoteAuthorityResolverError(`No remote extension installed to resolve ${authorityPrefix}.`, RemoteAuthorityResolverErrorCode.NoResolverFound);
 				}
-			};
+				return { resolver, authorityPrefix, remoteAuthority };
+			}));
+		} catch (e) {
+			return normalizeError(e);
 		}
 
 		const intervalLogger = new IntervalTimer();
-		try {
-			logInfo(`setting tunnel factory...`);
-			this._register(await this._extHostTunnelService.setTunnelFactory(resolver));
-
-			intervalLogger.cancelAndSet(() => logInfo('waiting...'), 1000);
-			logInfo(`invoking resolve()...`);
-			performance.mark(`code/extHost/willResolveAuthority/${authorityPrefix}`);
-			const result = await resolver.resolve(remoteAuthority, { resolveAttempt });
-			performance.mark(`code/extHost/didResolveAuthorityOK/${authorityPrefix}`);
-			intervalLogger.dispose();
-
-			const tunnelInformation: TunnelInformation = {
-				environmentTunnels: result.environmentTunnels,
-				features: result.tunnelFeatures
-			};
+		intervalLogger.cancelAndSet(() => logInfo('waiting...'), 1000);
 
-			// Split merged API result into separate authority/options
-			const options: ResolvedOptions = {
-				extensionHostEnv: result.extensionHostEnv,
-				isTrusted: result.isTrusted,
-				authenticationSession: result.authenticationSessionForInitializingExtensions ? { id: result.authenticationSessionForInitializingExtensions.id, providerId: result.authenticationSessionForInitializingExtensions.providerId } : undefined
-			};
+		let result!: vscode.ResolverResult;
+		let execServer: vscode.ExecServer | undefined;
+		for (const [i, { authorityPrefix, resolver, remoteAuthority }] of resolvers.entries()) {
+			try {
+				if (i === resolvers.length - 1) {
+					logInfo(`invoking final resolve()...`);
+					performance.mark(`code/extHost/willResolveAuthority/${authorityPrefix}`);
+					result = await resolver.resolve(remoteAuthority, { resolveAttempt, execServer });
+					performance.mark(`code/extHost/didResolveAuthorityOK/${authorityPrefix}`);
+					// todo@connor4312: we probably need to chain tunnels too, how does this work with 'public' tunnels?
+					logInfo(`setting tunnel factory...`);
+					this._register(await this._extHostTunnelService.setTunnelFactory(resolver));
+				} else {
+					logInfo(`invoking resolveExecServer() for ${remoteAuthority}`);
+					performance.mark(`code/extHost/willResolveExecServer/${authorityPrefix}`);
+					execServer = await resolver.resolveExecServer?.(remoteAuthority, { resolveAttempt, execServer });
+					if (!execServer) {
+						throw new RemoteAuthorityResolverError(`Exec server was not available for ${remoteAuthority}`, RemoteAuthorityResolverErrorCode.NoResolverFound); // we did, in fact, break the chain :(
+					}
+					performance.mark(`code/extHost/didResolveExecServerOK/${authorityPrefix}`);
+				}
+			} catch (e) {
+				performance.mark(`code/extHost/didResolveAuthorityError/${authorityPrefix}`);
+				logError(`returned an error`, e);
+				intervalLogger.dispose();
+				return normalizeError(e);
+			}
+		}
 
-			// extension are not required to return an instance of ResolvedAuthority or ManagedResolvedAuthority, so don't use `instanceof`
-			logInfo(`returned ${ExtHostManagedResolvedAuthority.isManagedResolvedAuthority(result) ? 'managed authority' : `${result.host}:${result.port}`}`);
+		intervalLogger.dispose();
 
-			let authority: ResolvedAuthority;
-			if (ExtHostManagedResolvedAuthority.isManagedResolvedAuthority(result)) {
-				// The socket factory is identified by the `resolveAttempt`, since that is a number which
-				// always increments and is unique over all resolve() calls in a workbench session.
-				const socketFactoryId = resolveAttempt;
+		const tunnelInformation: TunnelInformation = {
+			environmentTunnels: result.environmentTunnels,
+			features: result.tunnelFeatures
+		};
 
-				// There is only on managed socket factory at a time, so we can just overwrite the old one.
-				this._extHostManagedSockets.setFactory(socketFactoryId, result.makeConnection);
+		// Split merged API result into separate authority/options
+		const options: ResolvedOptions = {
+			extensionHostEnv: result.extensionHostEnv,
+			isTrusted: result.isTrusted,
+			authenticationSession: result.authenticationSessionForInitializingExtensions ? { id: result.authenticationSessionForInitializingExtensions.id, providerId: result.authenticationSessionForInitializingExtensions.providerId } : undefined
+		};
 
-				authority = {
-					authority: remoteAuthority,
-					connectTo: new ManagedRemoteConnection(socketFactoryId),
-					connectionToken: result.connectionToken
-				};
-			} else {
-				authority = {
-					authority: remoteAuthority,
-					connectTo: new WebSocketRemoteConnection(result.host, result.port),
-					connectionToken: result.connectionToken
-				};
-			}
+		// extension are not required to return an instance of ResolvedAuthority or ManagedResolvedAuthority, so don't use `instanceof`
+		logInfo(`returned ${ExtHostManagedResolvedAuthority.isManagedResolvedAuthority(result) ? 'managed authority' : `${result.host}:${result.port}`}`);
 
-			return {
-				type: 'ok',
-				value: {
-					authority: authority as Dto<ResolvedAuthority>,
-					options,
-					tunnelInformation,
-				}
+		let authority: ResolvedAuthority;
+		if (ExtHostManagedResolvedAuthority.isManagedResolvedAuthority(result)) {
+			// The socket factory is identified by the `resolveAttempt`, since that is a number which
+			// always increments and is unique over all resolve() calls in a workbench session.
+			const socketFactoryId = resolveAttempt;
+
+			// There is only on managed socket factory at a time, so we can just overwrite the old one.
+			this._extHostManagedSockets.setFactory(socketFactoryId, result.makeConnection);
+
+			authority = {
+				authority: remoteAuthorityChain,
+				connectTo: new ManagedRemoteConnection(socketFactoryId),
+				connectionToken: result.connectionToken
+			};
+		} else {
+			authority = {
+				authority: remoteAuthorityChain,
+				connectTo: new WebSocketRemoteConnection(result.host, result.port),
+				connectionToken: result.connectionToken
 			};
-		} catch (err) {
-			performance.mark(`code/extHost/didResolveAuthorityError/${authorityPrefix}`);
-			intervalLogger.dispose();
-			logError(`returned an error`, err);
-			if (err instanceof RemoteAuthorityResolverError) {
-				return {
-					type: 'error',
-					error: {
-						code: err._code,
-						message: err._message,
-						detail: err._detail
-					}
-				};
-			}
-			throw err;
 		}
+
+		return {
+			type: 'ok',
+			value: {
+				authority: authority as Dto<ResolvedAuthority>,
+				options,
+				tunnelInformation,
+			}
+		};
 	}
 
 	public async $getCanonicalURI(remoteAuthority: string, uriComponents: UriComponents): Promise<UriComponents | null> {
@@ -1047,6 +1075,7 @@ export interface IExtHostExtensionService extends AbstractExtHostExtensionServic
 	getExtensionRegistry(): Promise<ExtensionDescriptionRegistry>;
 	getExtensionPathIndex(): Promise<ExtensionPaths>;
 	registerRemoteAuthorityResolver(authorityPrefix: string, resolver: vscode.RemoteAuthorityResolver): vscode.Disposable;
+	getRemoteExecServer(authority: string): Promise<vscode.ExecServer | undefined>;
 
 	onDidChangeRemoteConnectionData: Event<void>;
 	getRemoteConnectionData(): IRemoteConnectionData | null;

src/vscode-dts/vscode.proposed.resolvers.d.ts

@@ -16,6 +16,13 @@ declare module 'vscode' {
 
 	export interface RemoteAuthorityResolverContext {
 		resolveAttempt: number;
+		/**
+		 * Exec server from a recursively-resolved remote authority. If the
+		 * remote authority includes nested authorities delimited by `@`, it is
+		 * resolved from outer to inner authorities with ExecServer passed down
+		 * to each resolver in the chain.
+		 */
+		execServer?: ExecServer;
 	}
 
 	export class ResolvedAuthority {
@@ -142,6 +149,12 @@ declare module 'vscode' {
 		constructor(message?: string);
 	}
 
+	/**
+	 * Exec server used for nested resolvers. The type is currently not maintained
+	 * in these types, and is a contract between extensions.
+	 */
+	export type ExecServer = unknown;
+
 	export interface RemoteAuthorityResolver {
 		/**
 		 * Resolve the authority part of the current opened `vscode-remote://` URI.
@@ -154,6 +167,15 @@ declare module 'vscode' {
 		 */
 		resolve(authority: string, context: RemoteAuthorityResolverContext): ResolverResult | Thenable<ResolverResult>;
 
+		/**
+		 * Resolves an exec server interface for the authority. Called if an
+		 * authority is a midpoint in a transit to the desired remote.
+		 *
+		 * @param authority The authority part of the current opened `vscode-remote://` URI.
+		 * @returns The exec server interface, as defined in a contract between extensions.
+		 */
+		resolveExecServer?(remoteAuthority: string, context: RemoteAuthorityResolverContext): ExecServer | Thenable<ExecServer>;
+
 		/**
 		 * Get the canonical URI (if applicable) for a `vscode-remote://` URI.
 		 *
@@ -210,6 +232,7 @@ declare module 'vscode' {
 	export namespace workspace {
 		export function registerRemoteAuthorityResolver(authorityPrefix: string, resolver: RemoteAuthorityResolver): Disposable;
 		export function registerResourceLabelFormatter(formatter: ResourceLabelFormatter): Disposable;
+		export function getRemoteExecServer(authority: string): Thenable<ExecServer | undefined>;
 	}
 
 	export namespace env {