Add option to configure http/s managed transport #870

Open

darkowlzz wants to merge 2 commits from darkowlzz/http-go-transport-fix-2 into main

pull from: darkowlzz/http-go-transport-fix-2

merge into: jcarr:main

jcarr:main

jcarr:devel

jcarr:cherry-pick-3186582408-release-1.1

jcarr:cherry-pick-3186582408-release-0.27

jcarr:cherry-pick-3186582408-release-0.28

jcarr:cherry-pick-3186582408-release-1.2

jcarr:cherry-pick-3186582408-release-1.0

jcarr:cherry-pick-2663196279-release-1.1

jcarr:cherry-pick-2663196279-release-0.27

jcarr:cherry-pick-2663196279-release-1.0

jcarr:cherry-pick-2663196279-release-1.2

jcarr:cherry-pick-2663196279-release-0.28

jcarr:release-0.28

jcarr:release-1.2

jcarr:release-1.1

jcarr:release-1.0

jcarr:release-0.27

jcarr:release-0.99

jcarr:release-0.24

jcarr:release-0.23

jcarr:release-0.22

jcarr:v28

jcarr:v27

jcarr:release-0.26

jcarr:v26

jcarr:cmn/tree-parse-go

jcarr:cmn/go-http

jcarr:cmn/tls-stream

jcarr:release-0.25

jcarr:v25

jcarr:next

jcarr:v24

jcarr:v23

jcarr:winfix

jcarr:v22

jcarr:cmn/pointer-indirection

jcarr:cmn/config-snapshot

jcarr:cmn/remotes-ng

jcarr:cmn/remote-callbacks

jcarr:cmn/oid-copies

jcarr:remotes

jcarr:revwalk

Conversation 5 Commits 2 Files Changed 2 +85 -46

darkowlzz commented 2021-11-22 08:28:27 -06:00 (Migrated from github.com)

Copy Link

This change introduces NewRegisterSmartTransportWithOptions() to help
configure the smart transport with SmartSubtransportOptions. If the
default smart subtransport client needs to be configured, a newly
configured smart transport can be registered and used.
The SmartSubtransportOptions includes CABundle only for now.

This enables creating and using new transport with secrets that can be
deleted and not shared with subsequent operations.

The http client in httpSmartSubtransport is now shared with the
underlying httpSmartSubtransportStream, reusing the client and its
configurations.

It also fixes the error during cloning:

unable to clone: Post "http://test-user:***@127.0.0.1:40463/bar/test-reponame/git-upload-pack": io: read/write on closed pipe

by using credentials if available and avoiding failure due to
unauthorized request.

A user of the smart transport who needs to add a CA bundle in the
http client can do the following to setup the smart transport before
cloning:

stOpts := &git2go.SmartSubtransportOptions{CABundle: opts.CAFile}
rst, err := git2go.NewRegisterSmartTransportWithOptions("https", stOpts)
if err != nil {
	return err
}
if rst != nil {
	defer rst.Free()
}

NOTE: This is a rewrite of the fix in #858 to avoid creating a global cert pool. Similar to #858, I would like to have some guidance in understanding if this implementation is the right approach and addressing any possible issues due to this change.

Refer #858 for background and more information about this change.

This change introduces `NewRegisterSmartTransportWithOptions()` to help configure the smart transport with `SmartSubtransportOptions`. If the default smart subtransport client needs to be configured, a newly configured smart transport can be registered and used. The SmartSubtransportOptions includes `CABundle` only for now. This enables creating and using new transport with secrets that can be deleted and not shared with subsequent operations. The http client in `httpSmartSubtransport` is now shared with the underlying `httpSmartSubtransportStream`, reusing the client and its configurations. It also fixes the error during cloning: ``` unable to clone: Post "http://test-user:***@127.0.0.1:40463/bar/test-reponame/git-upload-pack": io: read/write on closed pipe ``` by using credentials if available and avoiding failure due to unauthorized request. A user of the smart transport who needs to add a CA bundle in the http client can do the following to setup the smart transport before cloning: ```go stOpts := &git2go.SmartSubtransportOptions{CABundle: opts.CAFile} rst, err := git2go.NewRegisterSmartTransportWithOptions("https", stOpts) if err != nil { return err } if rst != nil { defer rst.Free() } ``` __NOTE__: This is a rewrite of the fix in #858 to avoid creating a global cert pool. Similar to #858, I would like to have some guidance in understanding if this implementation is the right approach and addressing any possible issues due to this change. Refer #858 for background and more information about this change.

👍 3

jasperem commented 2021-11-23 05:54:38 -06:00 (Migrated from github.com)

Copy Link

@darkowlzz if you replace req, err = http.NewRequest("POST", url+"/info/refs?service=git-receive-pack", nil) with req, err = http.NewRequest("POST", url+"/git-receive-pack", nil) everything works for me. Thank you very much for your work!

@darkowlzz if you replace [`req, err = http.NewRequest("POST", url+"/info/refs?service=git-receive-pack", nil)`](https://github.com/libgit2/git2go/blob/3d4b9b97d15e4d0d7366e2382a9c17450275cc65/http.go#L113) with `req, err = http.NewRequest("POST", url+"/git-receive-pack", nil)` everything works for me. Thank you very much for your work!

👍 1

tylerphelan commented 2021-12-02 15:39:19 -06:00 (Migrated from github.com)

Copy Link

we're getting Post ...: io: read/write on closed pipe when fetching over https with basic auth, does this PR suggest it is not currently supported?

fwiw it was working on version v31.4.14

we're getting `Post ...: io: read/write on closed pipe` when fetching over https with basic auth, does this PR suggest it is not currently supported? fwiw it was working on version v31.4.14

darkowlzz commented 2021-12-02 15:45:05 -06:00 (Migrated from github.com)

Copy Link

we're getting Post ...: io: read/write on closed pipe when fetching over https with basic auth, does this PR suggest it is not currently supported?

@tylerphelan I experienced the same and this PR is an attempt to fix that. It's documented in https://github.com/libgit2/git2go/pull/858 how I attempted to fix the closed pipe error.
Do you get the same error with this fix? I thought I did test it with basic auth.

> we're getting `Post ...: io: read/write on closed pipe` when fetching over https with basic auth, does this PR suggest it is not currently supported? @tylerphelan I experienced the same and this PR is an attempt to fix that. It's documented in https://github.com/libgit2/git2go/pull/858 how I attempted to fix the closed pipe error. Do you get the same error with this fix? I thought I did test it with basic auth.

tylerphelan commented 2021-12-02 16:37:38 -06:00 (Migrated from github.com)

Copy Link

@darkowlzz worked for me, thanks for this PR!

@darkowlzz worked for me, thanks for this PR!

👍 1

pfremm commented 2022-05-17 10:09:38 -05:00 (Migrated from github.com)

Copy Link

Curious if this is going to be merged?

Curious if this is going to be merged?

This pull request has changes conflicting with the target branch.

• http.go

You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.

git checkout -b darkowlzz/http-go-transport-fix-2 main

git pull origin darkowlzz/http-go-transport-fix-2

Step 2:

Merge the changes and update on Gitea.

git checkout main

git merge --no-ff darkowlzz/http-go-transport-fix-2

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

invalid

  

question

  

up for grabs

  

wontfix

No Label

bug

duplicate

enhancement

invalid

question

up for grabs

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: jcarr/git2go#870

No description provided.