feat: add passwordFile and hashedPasswordFile options

Author: DanielleMaywood

src/code-server/README.md

@@ -29,9 +29,11 @@ VS Code in the browser
 | disableWorkspaceTrust | Disable Workspace Trust feature. This only affects the current session. | boolean | false |
 | enableProposedAPI | Comma-separated list of VS Code extension IDs to enable proposed API features for. | string | - |
 | extensions | Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker'). | string | - |
+| hashedPasswordFile | Path to a file containing the hashed password used for authentication. The password should be hashed with argon2 and be in the encoded form. This takes priority over `passwordFile`. | string | - |
 | host | The address to bind to for the code-server. Use '0.0.0.0' to listen on all interfaces. | string | 127.0.0.1 |
 | locale | Set VS Code display language and language shown on the login page. Format should be an IETF language tag (e.g., 'en', 'fr', 'zh-CN'). | string | - |
 | logFile | Path to a file to send stdout and stderr logs to from code-server. | string | /tmp/code-server.log |
+| passwordFile | Path to a file containing the password used for authentication. | string | - |
 | port | The port to bind to for the code-server. | string | 8080 |
 | proxyDomain | Domain used for proxying ports. | string | - |
 | socket | Path to a socket. When specified, host and port will be ignored. | string | - |

src/code-server/devcontainer-feature.json

@@ -75,6 +75,11 @@
             "default": "",
             "description": "Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker')."
         },
+        "hashedPasswordFile": {
+            "type": "string",
+            "default": "",
+            "description": "Path to a file containing the hashed password used for authentication. The password should be hashed with argon2 and be in the encoded form. This takes priority over `passwordFile`."
+        },
         "host": {
             "type": "string",
             "default": "127.0.0.1",
@@ -90,6 +95,11 @@
             "default": "/tmp/code-server.log",
             "description": "Path to a file to send stdout and stderr logs to from code-server."
         },
+        "passwordFile": {
+            "type": "string",
+            "default": "",
+            "description": "Path to a file containing the password used for authentication."
+        },
         "port": {
             "type": "string",
             "default": "8080",

src/code-server/install.sh

@@ -116,6 +116,14 @@ fi
 
 $(declare -p FLAGS)
 
+if [[ -f "$PASSWORDFILE" ]]; then
+	export PASSWORD="\$(cat '$PASSWORDFILE')"
+fi
+
+if [[ -f "$HASHEDPASSWORDFILE" ]]; then
+	export HASHED_PASSWORD="\$(cat '$HASHEDPASSWORDFILE')"
+fi
+
 code-server "\${FLAGS[@]}" "$CODE_SERVER_WORKSPACE" >"$LOGFILE" 2>&1
 EOF
 

test/code-server/code-server-hashed-password-file.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+# Optional: Import test library bundled with the devcontainer CLI
+source dev-container-features-test-lib
+
+# Feature-specific tests
+check "code-server version" code-server --version
+check "code-server running" pgrep -f 'code-server/lib/node.*/code-server'
+check "code-server listening" lsof -i "@127.0.0.1:8080"
+
+check "code-server hashed-password-file" grep $'export HASHED_PASSWORD="$(cat \'/tmp/code-server-hashed-password\')"' < /usr/local/bin/code-server-entrypoint
+check "code-server hashed-password" grep 'Using password from $HASHED_PASSWORD' < /tmp/code-server.log
+
+# Report results
+reportResults

test/code-server/code-server-hashed-password-file/Dockerfile

@@ -0,0 +1,3 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu
+
+RUN su vscode -c 'echo "\$argon2id\$v=19\$m=16,t=2,p=1\$c2FtcGxlc2FsdA\$YBn10Qizrh/i2jf/rPOCCA" > /tmp/code-server-hashed-password'

test/code-server/code-server-password-file.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+# Optional: Import test library bundled with the devcontainer CLI
+source dev-container-features-test-lib
+
+# Feature-specific tests
+check "code-server version" code-server --version
+check "code-server running" pgrep -f 'code-server/lib/node.*/code-server'
+check "code-server listening" lsof -i "@127.0.0.1:8080"
+
+check "code-server password-file" grep $'export PASSWORD="$(cat \'/tmp/code-server-password\')"' < /usr/local/bin/code-server-entrypoint
+check "code-server password" grep 'Using password from $PASSWORD' < /tmp/code-server.log
+
+# Report results
+reportResults

test/code-server/code-server-password-file/Dockerfile

@@ -0,0 +1,3 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu
+
+RUN su vscode -c "echo 'some sample password' > /tmp/code-server-password"

test/code-server/scenarios.json

@@ -227,5 +227,25 @@
                 "proxyDomain": "dev.coder.com"
             }
         }
+    },
+    "code-server-password-file": {
+        "build": {
+            "dockerfile": "Dockerfile"
+        },
+        "features": {
+            "code-server": {
+                "passwordFile": "/tmp/code-server-password"
+            }
+        }
+    },
+    "code-server-hashed-password-file": {
+        "build": {
+            "dockerfile": "Dockerfile"
+        },
+        "features": {
+            "code-server": {
+                "hashedPasswordFile": "/tmp/code-server-hashed-password"
+            }
+        }
     }
 }