Path: blob/main/build/lib/test/policyConversion.test.ts
4772 views
/*---------------------------------------------------------------------------------------------1* Copyright (c) Microsoft Corporation. All rights reserved.2* Licensed under the MIT License. See License.txt in the project root for license information.3*--------------------------------------------------------------------------------------------*/45import assert from 'assert';6import { promises as fs } from 'fs';7import path from 'path';8import type { ExportedPolicyDataDto, CategoryDto } from '../policies/policyDto.ts';9import { BooleanPolicy } from '../policies/booleanPolicy.ts';10import { NumberPolicy } from '../policies/numberPolicy.ts';11import { ObjectPolicy } from '../policies/objectPolicy.ts';12import { StringEnumPolicy } from '../policies/stringEnumPolicy.ts';13import { StringPolicy } from '../policies/stringPolicy.ts';14import type { Policy, ProductJson } from '../policies/types.ts';15import { renderGP, renderMacOSPolicy, renderJsonPolicies } from '../policies/render.ts';1617const PolicyTypes = [18BooleanPolicy,19NumberPolicy,20StringEnumPolicy,21StringPolicy,22ObjectPolicy23];2425function parsePolicies(policyData: ExportedPolicyDataDto): Policy[] {26const categories = new Map<string, CategoryDto>();27for (const category of policyData.categories) {28categories.set(category.key, category);29}3031const policies: Policy[] = [];32for (const policy of policyData.policies) {33const category = categories.get(policy.category);34if (!category) {35throw new Error(`Unknown category: ${policy.category}`);36}3738let result: Policy | undefined;39for (const policyType of PolicyTypes) {40if (result = policyType.from(category, policy)) {41break;42}43}4445if (!result) {46throw new Error(`Unsupported policy type: ${policy.type} for policy ${policy.name}`);47}4849policies.push(result);50}5152// Sort policies first by category name, then by policy name53policies.sort((a, b) => {54const categoryCompare = a.category.name.value.localeCompare(b.category.name.value);55if (categoryCompare !== 0) {56return categoryCompare;57}58return a.name.localeCompare(b.name);59});6061return policies;62}6364/**65* This is a snapshot of the data taken on Oct. 20 2025 as part of the66* policy refactor effort. Let's make sure that nothing has regressed.67*/68const policies: ExportedPolicyDataDto = {69categories: [70{71key: 'Extensions',72name: {73key: 'extensionsConfigurationTitle',74value: 'Extensions'75}76},77{78key: 'IntegratedTerminal',79name: {80key: 'terminalIntegratedConfigurationTitle',81value: 'Integrated Terminal'82}83},84{85key: 'InteractiveSession',86name: {87key: 'interactiveSessionConfigurationTitle',88value: 'Chat'89}90},91{92key: 'Telemetry',93name: {94key: 'telemetryConfigurationTitle',95value: 'Telemetry'96}97},98{99key: 'Update',100name: {101key: 'updateConfigurationTitle',102value: 'Update'103}104}105],106policies: [107{108key: 'chat.mcp.gallery.serviceUrl',109name: 'McpGalleryServiceUrl',110category: 'InteractiveSession',111minimumVersion: '1.101',112localization: {113description: {114key: 'mcp.gallery.serviceUrl',115value: 'Configure the MCP Gallery service URL to connect to'116}117},118type: 'string',119default: ''120},121{122key: 'extensions.gallery.serviceUrl',123name: 'ExtensionGalleryServiceUrl',124category: 'Extensions',125minimumVersion: '1.99',126localization: {127description: {128key: 'extensions.gallery.serviceUrl',129value: 'Configure the Marketplace service URL to connect to'130}131},132type: 'string',133default: ''134},135{136key: 'extensions.allowed',137name: 'AllowedExtensions',138category: 'Extensions',139minimumVersion: '1.96',140localization: {141description: {142key: 'extensions.allowed.policy',143value: 'Specify a list of extensions that are allowed to use. This helps maintain a secure and consistent development environment by restricting the use of unauthorized extensions. More information: https://code.visualstudio.com/docs/setup/enterprise#_configure-allowed-extensions'144}145},146type: 'object',147default: '*'148},149{150key: 'chat.tools.global.autoApprove',151name: 'ChatToolsAutoApprove',152category: 'InteractiveSession',153minimumVersion: '1.99',154localization: {155description: {156key: 'autoApprove2.description',157value: 'Global auto approve also known as "YOLO mode" disables manual approval completely for all tools in all workspaces, allowing the agent to act fully autonomously. This is extremely dangerous and is *never* recommended, even containerized environments like Codespaces and Dev Containers have user keys forwarded into the container that could be compromised.\n\nThis feature disables critical security protections and makes it much easier for an attacker to compromise the machine.'158}159},160type: 'boolean',161default: false162},163{164key: 'chat.mcp.access',165name: 'ChatMCP',166category: 'InteractiveSession',167minimumVersion: '1.99',168localization: {169description: {170key: 'chat.mcp.access',171value: 'Controls access to installed Model Context Protocol servers.'172},173enumDescriptions: [174{175key: 'chat.mcp.access.none',176value: 'No access to MCP servers.'177},178{179key: 'chat.mcp.access.registry',180value: 'Allows access to MCP servers installed from the registry that VS Code is connected to.'181},182{183key: 'chat.mcp.access.any',184value: 'Allow access to any installed MCP server.'185}186]187},188type: 'string',189default: 'all',190enum: [191'none',192'registry',193'all'194]195},196{197key: 'chat.extensionTools.enabled',198name: 'ChatAgentExtensionTools',199category: 'InteractiveSession',200minimumVersion: '1.99',201localization: {202description: {203key: 'chat.extensionToolsEnabled',204value: 'Enable using tools contributed by third-party extensions.'205}206},207type: 'boolean',208default: true209},210{211key: 'chat.agent.enabled',212name: 'ChatAgentMode',213category: 'InteractiveSession',214minimumVersion: '1.99',215localization: {216description: {217key: 'chat.agent.enabled.description',218value: 'Enable agent mode for chat. When this is enabled, agent mode can be activated via the dropdown in the view.'219}220},221type: 'boolean',222default: true223},224{225key: 'chat.promptFiles',226name: 'ChatPromptFiles',227category: 'InteractiveSession',228minimumVersion: '1.99',229localization: {230description: {231key: 'chat.promptFiles.policy',232value: 'Enables reusable prompt and instruction files in Chat sessions.'233}234},235type: 'boolean',236default: true237},238{239key: 'chat.tools.terminal.enableAutoApprove',240name: 'ChatToolsTerminalEnableAutoApprove',241category: 'IntegratedTerminal',242minimumVersion: '1.104',243localization: {244description: {245key: 'autoApproveMode.description',246value: 'Controls whether to allow auto approval in the run in terminal tool.'247}248},249type: 'boolean',250default: true251},252{253key: 'update.mode',254name: 'UpdateMode',255category: 'Update',256minimumVersion: '1.67',257localization: {258description: {259key: 'updateMode',260value: 'Configure whether you receive automatic updates. Requires a restart after change. The updates are fetched from a Microsoft online service.'261},262enumDescriptions: [263{264key: 'none',265value: 'Disable updates.'266},267{268key: 'manual',269value: 'Disable automatic background update checks. Updates will be available if you manually check for updates.'270},271{272key: 'start',273value: 'Check for updates only on startup. Disable automatic background update checks.'274},275{276key: 'default',277value: 'Enable automatic update checks. Code will check for updates automatically and periodically.'278}279]280},281type: 'string',282default: 'default',283enum: [284'none',285'manual',286'start',287'default'288]289},290{291key: 'telemetry.telemetryLevel',292name: 'TelemetryLevel',293category: 'Telemetry',294minimumVersion: '1.99',295localization: {296description: {297key: 'telemetry.telemetryLevel.policyDescription',298value: 'Controls the level of telemetry.'299},300enumDescriptions: [301{302key: 'telemetry.telemetryLevel.default',303value: 'Sends usage data, errors, and crash reports.'304},305{306key: 'telemetry.telemetryLevel.error',307value: 'Sends general error telemetry and crash reports.'308},309{310key: 'telemetry.telemetryLevel.crash',311value: 'Sends OS level crash reports.'312},313{314key: 'telemetry.telemetryLevel.off',315value: 'Disables all product telemetry.'316}317]318},319type: 'string',320default: 'all',321enum: [322'all',323'error',324'crash',325'off'326]327},328{329key: 'telemetry.feedback.enabled',330name: 'EnableFeedback',331category: 'Telemetry',332minimumVersion: '1.99',333localization: {334description: {335key: 'telemetry.feedback.enabled',336value: 'Enable feedback mechanisms such as the issue reporter, surveys, and other feedback options.'337}338},339type: 'boolean',340default: true341}342]343};344345const mockProduct: ProductJson = {346nameLong: 'Code - OSS',347darwinBundleIdentifier: 'com.visualstudio.code.oss',348darwinProfilePayloadUUID: 'CF808BE7-53F3-46C6-A7E2-7EDB98A5E959',349darwinProfileUUID: '47827DD9-4734-49A0-AF80-7E19B11495CC',350win32RegValueName: 'CodeOSS'351};352353const frenchTranslations = [354{355languageId: 'fr-fr',356languageTranslations: {357'': {358'interactiveSessionConfigurationTitle': 'Session interactive',359'extensionsConfigurationTitle': 'Extensions',360'terminalIntegratedConfigurationTitle': 'Terminal intégré',361'telemetryConfigurationTitle': 'Télémétrie',362'updateConfigurationTitle': 'Mettre à jour',363'chat.extensionToolsEnabled': 'Autorisez l’utilisation d’outils fournis par des extensions tierces.',364'chat.agent.enabled.description': 'Activez le mode Assistant pour la conversation. Lorsque cette option est activée, le mode Assistant peut être activé via la liste déroulante de la vue.',365'chat.mcp.access': 'Contrôle l’accès aux serveurs de protocole de contexte du modèle.',366'chat.mcp.access.none': 'Aucun accès aux serveurs MCP.',367'chat.mcp.access.registry': `Autorise l’accès aux serveurs MCP installés à partir du registre auquel VS Code est connecté.`,368'chat.mcp.access.any': 'Autorisez l’accès à tout serveur MCP installé.',369'chat.promptFiles.policy': 'Active les fichiers d’instruction et de requête réutilisables dans les sessions Conversation.',370'autoApprove2.description': `L’approbation automatique globale, également appelée « mode YOLO », désactive complètement l’approbation manuelle pour tous les outils dans tous les espaces de travail, permettant à l’agent d’agir de manière totalement autonome. Ceci est extrêmement dangereux et est *jamais* recommandé, même dans des environnements conteneurisés comme [Codespaces](https://github.com/features/codespaces) et [Dev Containers](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers), où des clés utilisateur sont transférées dans le conteneur et pourraient être compromises.371372Cette fonctionnalité désactive [les protections de sécurité critiques](https://code.visualstudio.com/docs/copilot/security) et facilite considérablement la compromission de la machine par un attaquant.`,373'mcp.gallery.serviceUrl': 'Configurer l’URL du service de la galerie MCP à laquelle se connecter',374'extensions.allowed.policy': 'Spécifiez une liste d’extensions autorisées. Cela permet de maintenir un environnement de développement sécurisé et cohérent en limitant l’utilisation d’extensions non autorisées. Plus d’informations : https://code.visualstudio.com/docs/setup/enterprise#_configure-allowed-extensions',375'extensions.gallery.serviceUrl': 'Configurer l’URL du service Place de marché à laquelle se connecter',376'autoApproveMode.description': 'Contrôle s’il faut autoriser l’approbation automatique lors de l’exécution dans l’outil terminal.',377'telemetry.feedback.enabled': 'Activez les mécanismes de commentaires tels que le système de rapport de problèmes, les sondages et autres options de commentaires.',378'telemetry.telemetryLevel.policyDescription': 'Contrôle le niveau de télémétrie.',379'telemetry.telemetryLevel.default': `Envoie les données d'utilisation, les erreurs et les rapports d'erreur.`,380'telemetry.telemetryLevel.error': `Envoie la télémétrie d'erreur générale et les rapports de plantage.`,381'telemetry.telemetryLevel.crash': `Envoie des rapports de plantage au niveau du système d'exploitation.`,382'telemetry.telemetryLevel.off': 'Désactive toutes les données de télémétrie du produit.',383'updateMode': `Choisissez si vous voulez recevoir des mises à jour automatiques. Nécessite un redémarrage après le changement. Les mises à jour sont récupérées auprès d'un service en ligne Microsoft.`,384'none': 'Aucun',385'manual': 'Désactivez la recherche de mises à jour automatique en arrière-plan. Les mises à jour sont disponibles si vous les rechercher manuellement.',386'start': 'Démarrer',387'default': 'Système'388}389}390}391];392393suite('Policy E2E conversion', () => {394395test('should render macOS policy profile from policies list', async () => {396const parsedPolicies = parsePolicies(policies);397const result = renderMacOSPolicy(mockProduct, parsedPolicies, []);398399// Load the expected fixture file400const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'darwin', 'com.visualstudio.code.oss.mobileconfig');401const expectedContent = await fs.readFile(fixturePath, 'utf-8');402403// Compare the rendered profile with the fixture404assert.strictEqual(result.profile, expectedContent, 'macOS policy profile should match the fixture');405});406407test('should render macOS manifest from policies list', async () => {408const parsedPolicies = parsePolicies(policies);409const result = renderMacOSPolicy(mockProduct, parsedPolicies, []);410411// Load the expected fixture file412const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'darwin', 'en-us', 'com.visualstudio.code.oss.plist');413const expectedContent = await fs.readFile(fixturePath, 'utf-8');414415// Find the en-us manifest416const enUsManifest = result.manifests.find(m => m.languageId === 'en-us');417assert.ok(enUsManifest, 'en-us manifest should exist');418419// Compare the rendered manifest with the fixture, ignoring the timestamp420// The pfm_last_modified field contains a timestamp that will differ each time421const normalizeTimestamp = (content: string) => content.replace(/<date>.*?<\/date>/, '<date>TIMESTAMP</date>');422assert.strictEqual(423normalizeTimestamp(enUsManifest.contents),424normalizeTimestamp(expectedContent),425'macOS manifest should match the fixture (ignoring timestamp)'426);427});428429test('should render Windows ADMX from policies list', async () => {430const parsedPolicies = parsePolicies(policies);431const result = renderGP(mockProduct, parsedPolicies, []);432433// Load the expected fixture file434const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'win32', 'CodeOSS.admx');435const expectedContent = await fs.readFile(fixturePath, 'utf-8');436437// Compare the rendered ADMX with the fixture438assert.strictEqual(result.admx, expectedContent, 'Windows ADMX should match the fixture');439});440441test('should render Windows ADML from policies list', async () => {442const parsedPolicies = parsePolicies(policies);443const result = renderGP(mockProduct, parsedPolicies, []);444445// Load the expected fixture file446const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'win32', 'en-us', 'CodeOSS.adml');447const expectedContent = await fs.readFile(fixturePath, 'utf-8');448449// Find the en-us ADML450const enUsAdml = result.adml.find(a => a.languageId === 'en-us');451assert.ok(enUsAdml, 'en-us ADML should exist');452453// Compare the rendered ADML with the fixture454assert.strictEqual(enUsAdml.contents, expectedContent, 'Windows ADML should match the fixture');455});456457test('should render macOS manifest with fr-fr locale', async () => {458const parsedPolicies = parsePolicies(policies);459const result = renderMacOSPolicy(mockProduct, parsedPolicies, frenchTranslations);460461// Load the expected fixture file462const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'darwin', 'fr-fr', 'com.visualstudio.code.oss.plist');463const expectedContent = await fs.readFile(fixturePath, 'utf-8');464465// Find the fr-fr manifest466const frFrManifest = result.manifests.find(m => m.languageId === 'fr-fr');467assert.ok(frFrManifest, 'fr-fr manifest should exist');468469// Compare the rendered manifest with the fixture, ignoring the timestamp470const normalizeTimestamp = (content: string) => content.replace(/<date>.*?<\/date>/, '<date>TIMESTAMP</date>');471assert.strictEqual(472normalizeTimestamp(frFrManifest.contents),473normalizeTimestamp(expectedContent),474'macOS fr-fr manifest should match the fixture (ignoring timestamp)'475);476});477478test('should render Windows ADML with fr-fr locale', async () => {479const parsedPolicies = parsePolicies(policies);480const result = renderGP(mockProduct, parsedPolicies, frenchTranslations);481482// Load the expected fixture file483const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'win32', 'fr-fr', 'CodeOSS.adml');484const expectedContent = await fs.readFile(fixturePath, 'utf-8');485486// Find the fr-fr ADML487const frFrAdml = result.adml.find(a => a.languageId === 'fr-fr');488assert.ok(frFrAdml, 'fr-fr ADML should exist');489490// Compare the rendered ADML with the fixture491assert.strictEqual(frFrAdml.contents, expectedContent, 'Windows fr-fr ADML should match the fixture');492});493494test('should render Linux policy JSON from policies list', async () => {495const parsedPolicies = parsePolicies(policies);496const result = renderJsonPolicies(parsedPolicies);497498// Load the expected fixture file499const fixturePath = path.join(import.meta.dirname, 'fixtures', 'policies', 'linux', 'policy.json');500const expectedContent = await fs.readFile(fixturePath, 'utf-8');501const expectedJson = JSON.parse(expectedContent);502503// Compare the rendered JSON with the fixture504assert.deepStrictEqual(result, expectedJson, 'Linux policy JSON should match the fixture');505});506507});508509510