Feature: Remove the need for elevated permissions

[Eneuman]

@elenavillamil @hsubramanianaks

I have been thinking of ways to remove the need for running as administrator and wanted to run my idea by you before going futher.
As I understand it, VS needs to run as administrator to be able to change the HOSTS file when setting up the connection to K8.

In .Net Core 3.0 they changed the HttpClient to respect the proxy settings from environment variables.

So maby this will work now:

1. When debugging starts, B2K sets a default proxy for the running process. This can posssible be done in the launcher profile by setting ENV "ALL_PROXY" to something like "http://127.0.0.1:40000" and maby the "NO_PROXY" to the running service .
2. The endpoint manager starts a YARP proxy with rules to route traffic to specifik IPs if the domain name is correct. It uses the same logic for setting up the rules as it does today when changing the HOSTS file.

What do you think?

[hsubramanianaks]

@Eneuman sounds like a good idea. Endpoint manager does other things like allocate IP's, free ports, kill processes which might need admin access still but to start with instead of editing the host files you are proposing to replace it with reverse proxy. If I understand correctly endpoint manager would spin up a YARP with rules (dns names, ports, ip's) but I didn't understand the part why would we need the launcher profile? Thank you for bringing up this idea :)

[Eneuman]

@hsubramanianaks yes, use YARP as a reverse proxy to route traffic.

The environment variable controlling the proxy settings need to be limited to the process being debugged. The only way I know of (so far :) ) is by setting it using code or set it in the launcher profile.

I think it should be possible to work around the other use cases where elevated permissions are needed by allowing the user to override certain settings using the config file, like ports to be used. Is allocation of IP-addresses needed if we use a revers proxy? I'm thinking about sending everything to the local host IP on a specific port and having YARP sort it out by host name :)

These are just ideas and I don't have enough knowledge yet to know if this will work or not so any insight you have regarding this is highly appreciated.

[hsubramanianaks]

@Eneuman I was thinking about this and what if we do allocateIP's, freeIP's, edit host files, etc. that requires admin access in a container which locally running in user's machine so that admins access is not required and as well we can combine your YARP proxy idea in this container to redirect the traffic using the rules or we can also use iptables rules. basically, service in local talks to --> local agent running in a docker container --> which talks to remote agent running in k8's cluster and vice versa. what do you think about this? I am thinking to do a POC on this and share the results. Please let me know. Thanks.

[Eneuman]

@hsubramanianaks Interesting idea :) Are you thinking about using docker to run the local container? Can docker be run without elevated privileges? My knowledge in running docker locally is limited :(.

[Eneuman]

One limitation I have found so far in my suggestion is that YARP only supports routing for Http/Https and Grpc, but maybe that's enough.

[hsubramanianaks]

@Eneuman are you still interested in implementing this feature ? Please let us know. Thank you.