-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Experimental managed transport for libgit2 operations #606
Conversation
ddf5af9
to
dec736e
Compare
Happy with the direction this is headed at for experimental introduction. Couple of things I would like to see:
On an additional note, and as already mentioned on Slack. The introduction of this opens up the discussion if we do want to leverage the same trick for |
82d1638
to
229b116
Compare
229b116
to
31e28bf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me for experimental introduction, thanks a bunch @pjbgf 🥇 💯
bf6cb1c
to
e98bd36
Compare
libgit2 network operations are blocking and do not provide timeout nor context capabilities, leading for several reports by users of the controllers hanging indefinitely. By using managed transport, golang primitives such as http.Transport and net.Dial can be used to ensure timeouts are enforced. Co-Authored-by: Sunny <darkowlzz@protonmail.com> Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
The initial implementation was based off upstream, which cause an initial request to fail, and only then the credentials would be added into the request. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
For backwards compatibility, support for HTTP redirection is enabled when targeting the same host, and no TLS downgrade took place. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
c841a07
to
115040e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Very interesting work on securing the redirects. 🥇
libgit2
network operations are blocking and do not provide timeout nor context capabilities, leading to users reporting that source-controller can hang indefinitely.By using managed transport, golang primitives such as http.Transport and net.Dial can be used to ensure timeouts are enforced.
This will initially be guarded behind a feature switch via environment variable
EXPERIMENTAL_GIT_TRANSPORT
.Fixes: #402
This has been also tested against IAC and should fix fluxcd/image-automation-controller#286 and fluxcd/image-automation-controller#282. The tested were based off fluxcd/image-automation-controller#325 - thanks @darkowlzz.
This work should be followed-up by fluxcd/pkg#245, to consolidate the git implementation code and have it extracted away from the controllers.