Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to configure http/s managed transport #870

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

darkowlzz
Copy link
Contributor

This change introduces NewRegisterSmartTransportWithOptions() to help
configure the smart transport with SmartSubtransportOptions. If the
default smart subtransport client needs to be configured, a newly
configured smart transport can be registered and used.
The SmartSubtransportOptions includes CABundle only for now.

This enables creating and using new transport with secrets that can be
deleted and not shared with subsequent operations.

The http client in httpSmartSubtransport is now shared with the
underlying httpSmartSubtransportStream, reusing the client and its
configurations.

It also fixes the error during cloning:

unable to clone: Post "http://test-user:***@127.0.0.1:40463/bar/test-reponame/git-upload-pack": io: read/write on closed pipe

by using credentials if available and avoiding failure due to
unauthorized request.

A user of the smart transport who needs to add a CA bundle in the
http client can do the following to setup the smart transport before
cloning:

stOpts := &git2go.SmartSubtransportOptions{CABundle: opts.CAFile}
rst, err := git2go.NewRegisterSmartTransportWithOptions("https", stOpts)
if err != nil {
	return err
}
if rst != nil {
	defer rst.Free()
}

NOTE: This is a rewrite of the fix in #858 to avoid creating a global cert pool. Similar to #858, I would like to have some guidance in understanding if this implementation is the right approach and addressing any possible issues due to this change.

Refer #858 for background and more information about this change.

This change introduces NewRegisterSmartTransportWithOptions() to help
configure the smart transport with SmartSubtransportOptions. If the
default smart subtransport client needs to be configured, a newly
configured smart transport can be registered and used.
The SmartSubtransportOptions includes CABundle only for now.

This enables creating and using new transport with secrets that can be
deleted and not shared with subsequent operations.

The http client from httpSmartSubtransport is now shared with the
underlying httpSmartSubtransportStream, reusing the client and its
configurations.

It also fixes the error during cloning:
```
unable to clone: Post "http://test-user:***@127.0.0.1:40463/bar/test-reponame/git-upload-pack": io: read/write on closed pipe
```
by using credentials if available and avoiding failure due to
unauthorized request.

A user of the smart transport who needs to add a CA bundle in the
http client can do the following to setup the smart transport before
cloning:

```
stOpts := &git2go.SmartSubtransportOptions{CABundle: opts.CAFile}
rst, err := git2go.NewRegisterSmartTransportWithOptions("https", stOpts)
if err != nil {
	return err
}
if rst != nil {
	defer rst.Free()
}
```
@jasperem
Copy link

@darkowlzz if you replace req, err = http.NewRequest("POST", url+"/info/refs?service=git-receive-pack", nil) with req, err = http.NewRequest("POST", url+"/git-receive-pack", nil) everything works for me. Thank you very much for your work!

Similar to SmartServiceActionUploadpack, SmartServiceActionReceivepack
is not an info endpoint. Fix the path for git-receive-pack.
@tylerphelan
Copy link

tylerphelan commented Dec 2, 2021

we're getting Post ...: io: read/write on closed pipe when fetching over https with basic auth, does this PR suggest it is not currently supported?

fwiw it was working on version v31.4.14

@darkowlzz
Copy link
Contributor Author

darkowlzz commented Dec 2, 2021

we're getting Post ...: io: read/write on closed pipe when fetching over https with basic auth, does this PR suggest it is not currently supported?

@tylerphelan I experienced the same and this PR is an attempt to fix that. It's documented in #858 how I attempted to fix the closed pipe error.
Do you get the same error with this fix? I thought I did test it with basic auth.

@tylerphelan
Copy link

@darkowlzz worked for me, thanks for this PR!

@pfremm
Copy link

pfremm commented May 17, 2022

Curious if this is going to be merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants