Feature: Dynamic port forwarding allow+deny list

[gtaylor]

The /proc-based automatic port forwarding is working well for us, but there are cases where the open-ended and unfiltered nature of the forwarding causes user confusion.

For example: we use the sidecar pattern to break language-agnostic platform functionality out of each language framework that we provide. These sidecars often listen on a port over TCP/UDP and are thus auto-forwarded. There are cases where this can cause confusing behavior on the user's laptop, or unexpected reuse of the sidecar outside of the dev environment that it's contained in.

Unexpected forwarding could be solved via allow+deny list settings in the Coder IDE plugins. Here are some starting point requirements to kickstart the discussion:

1. The Coder IDE plugins should have an allow+deny list construct to allow our users to manage their port forwarding behaviors.
2. The allow+deny lists should support a list of single ports or port ranges. For example: [8080, 9000-9100]
3. To allow our users to iterate with their port forwarding allow+deny lists without having to restart their IDEs or their Coder workspaces, we should be able to either push a settings change to the IDE from the Coder workspace, or the Coder IDE plugin should watch an external config file and update its internal IDE settings as it changes. I think we'd also be OK with sending a SIGHUP to reload the file that we write, if that simplifies things.

With these requirements satisfied, we'd envision exposing the allow+deny lists to our users via the repo's devcontainer.json file alongside all of our other dev environment settings. A daemon of our creation would watch the devcontainer.json for changes and create/over-write a file that the Coder IDE plugin would update its settings from. I don't think we are too caught up on these specifics so long as we can signal the IDE to reload its settings from values that we provide.

While I raise this possibility as being useful for port forwarding allow+deny lists, this construct may be useful for other Coder IDE plugin settings in the future.

[aaronlehmann]

Hi @bcpeinhardt, I'm interested in working on this. Do you think that creating a file with a list of ports to avoid automatically forwarding would be a good way to pass this info to the backend, or do you have any better ideas for this? If we go with a file, do you have any preferences on the file format (JSON, etc...)? Also, any preferences on file path (maybe under ~/.idea or ~/.config/coder)?

[aaronlehmann]

Better idea: Add a setting with a path to a devcontainer.json file. Then if the file exists at this location, the backend will parse portAttributes and otherPortAttributes from it and act on those settings.

[aaronlehmann]

Gave this a shot here: #49