RHOAIENG-14518: feat(codeserver): disable the VSCode workspace trust mechanism and the trust prompt

[jiridanek]

https://issues.redhat.com/browse/RHOAIENG-14518

Description

Trust the authors popup appears the first time user opens code-server (VSCode) workbench. It is super scary and confuses users. What is this folder /opt/app-root/src? Is a security risk for my company if I authorize this?

We are taking the decision to spare our users such considerations by removing the VSCode workspace trust completely. Therefore the workspace will be automatically trusted and user will not be prompted about no trust whatsoever.

Alternatively, same thing could've been implemented by running code-server --disable-workspace-trust instead of modifying settings.

I looked into the Workspace Trust Editor, https://github.com/microsoft/vscode/blob/56b535f40900080fac8202c77914c5ce49fa4aae/src/vs/workbench/contrib/workspace/browser/workspaceTrustEditor.ts, trying to find where it stores trusted paths, since then maybe we could preconfigure /opt/app-root/src to be already trusted, but I did not find this.

How Has This Been Tested?

• 3.9 image: quay.io/opendatahub/workbench-images:codeserver-ubi9-python-3.9-pr-754
• 3.11 image: quay.io/opendatahub/workbench-images:codeserver-ubi9-python-3.11-pr-754

I've loaded images into rhoai 2.13, checked that I don't see scary modal anymore at startup, and checked settings to see that they look like what I expected.

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[jiridanek]

error: build error: Failed to push image: trying to reuse blob sha256:40049f9dc50417693bf704b63a02d64347b23867b33ac7776be3fae4a2d178b0 at destination: unable to retrieve auth token: invalid username/password: authentication required

ocp-ci pr build broken again

[atheo89]

Tested locally podman run -it -p 8787:8787 quay.io/opendatahub/workbench-images:codeserver-ubi9-python-3.11-pr-754
No pop-up anymore! Less clicks around
/lgtm

[daniellutz]

I also did run with podman, like @atheo89 did and no more popups, looks great!

$ podman run -it --rm -p 8787:8787 quay.io/opendatahub/workbench-images:codeserver-ubi9-python-3.11-pr-754

/lgtm

[jiridanek]

/approve

thanks for the review!

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jiridanek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jiridanek]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jiridanek]

/override ci/prow/images

timeouts on rocm images, known ci issue

[openshift-ci]

@jiridanek: Overrode contexts on behalf of jiridanek: ci/prow/images

In response to this:

/override ci/prow/images

timeouts on rocm images, known ci issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jiridanek]

Test rerun thread

[jiridanek]

/test codeserver-notebook-e2e-tests

[jiridanek]

/override ci/prow/codeserver-notebook-e2e-tests

[jstourac]

too late, but yeah

/lgtm

[jiridanek]

cI failed on Build image rocm-ubi9-python-3.11 from the repository, let's override

[openshift-ci]

@jiridanek: Overrode contexts on behalf of jiridanek: ci/prow/codeserver-notebook-e2e-tests

In response to this:

/override ci/prow/codeserver-notebook-e2e-tests

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.