BitBucket servers don't accept a username with an empty password, so a
secret with no http auth creds will result in a 401, since we
fall back to "git" for the username and used to set basic auth with that
username without a password.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Known hosts can be a difficult problem to troubleshoot.
To make it easier for end users, the generic message has
now been changed with a much more user friendly one.
Now if a known_host is not set, an error message will be
returned, instead of it simply being ignored.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
The connection type was created to group the connection related fields
and use mutex to prevent race conditions. Since that's no longer the
case, this puts back those fields in sshSmartSubtransport.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Race detection is not working properly in our arm64 runners.
It has been tested against both M1 and linux arm64 machines
and in both cases the results were aligned with the other
platforms.
By disabling this we can ensure race detection is being
enforced on the other platforms, and we can later review
this position.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Since the transport reuse is dependent on the garbage collection, the
result is inconsistent. It fails frequently when running the tests with
the go race detector. Remove the test.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
The variable used to store the information about proxied request was
being written to in the proxy server request handler and read for
assertion at the end of the test.
Replace the boolean variable with an atomic counter to count the number
of requests proxied, preventing the race condition.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
GitRepository introduced correlation ID to improve
transport level logging. This change aligns the other
reconcilers to the same approach.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Debugging connection issues can be extremely difficult, even more so at scale or when
concurrent connections are required to trigger specific issues.
Changes:
- Add a correlation identifier for each reconciliation, which allows for greater traceability when
going through all the reconciliation operations - including at transport level.
- Add transportType to segregate HTTP and SSH transport logging.
- SSH operations are now enriched with addr containing server address, and HTTP url.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Refactors libgit2 checkout tests to test managed and unmanaged
transport by making sure the tests requiring unmanaged transport are run
before, any tests that require managed transport (since disabling
managed transport isn't possible). This is done via arranging the tests
carefully in alphabetically sorted names, i.e. the tests with unmanaged
transport go in `checkout_test.go`, which forces golang to run the tests
in that file before any other tests.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
The average SubTransport lifecycle encompass two Actions calls. Previously,
it was attempted to share the same connection across both calls. That did
not work as some Git Servers do not support multiple sessions from the same
connection. The implementation was not fully transitioned into the
"one connection per action" model, which led to connection being leaked.
The transition to RW mutex was to avoid the unnecessary blocking in the
goroutine at the start of the second action call.
It is worth mentioning that now when the context is done, the client level
resources (connection) will also be freed. This ensures that SSH connections
will not outlive the subtransport.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
- github.com/fluxcd/pkg/apis/meta to version 0.14.2.
- github.com/fluxcd/pkg/runtime to version 0.16.2.
- google.golang.org/api to version 0.83.0.
- k8s.io/api to version 0.24.1.
- github.com/fluxcd/pkg/apis/meta to version 0.14.2.
- k8s.io/apimachinery to version 0.24.1.
- github.com/fluxcd/pkg/helmtestserver to version 0.7.4.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Git repositories may be redirected to different URLs
when they are accessed via HTTP. The two most obvious
scenarios are from HTTP to HTTPS and when the .git suffix
is missing.
By improving the logging on this process users can identify
changes required to their GitRepository objects.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Earlier, host key verification could potentially fail if there were
multiple entries in the known_hosts file and if the intended encryption
algorithm wasn't the first entry. This happened because we used the same
hasher object to compute the sum of all the public keys present in the
known_hosts file, which led to invalid hashes, resulting in a mismatch
when compared with the hash of the advertised public key. This is fixed,
by not creating the hasher ourselves and instead delegating that to the
function actually doing the matching, ensuring that a new hasher is used
for each comparison.
Regression introduced in v0.25.0 and reported in
https://github.com/fluxcd/image-automation-controller/issues/378
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
If implemented this fix the issue where we previously did a string
ordering of matching semver versions when retrieving a list of tags from
an OCI registry.
Signed-off-by: Soule BA <soule@weave.works>
- github.com/distribution/distribution/v3 to version 3.0.0-20220526142353-ffbd94cbe269.
- github.com/docker/cli to version 20.10.17+incompatible.
- github.com/elazarl/goproxy to version 0.0.0-20220529153421-8ea89ba92021.
- github.com/fluxcd/pkg/gittestserver to version 0.5.4.
- github.com/fluxcd/pkg/helmtestserver to version 0.7.3.
- github.com/fluxcd/pkg/ssh to version 0.4.1.
- github.com/minio/minio-go/v7 to version 7.0.27.
- golang.org/x/crypto to version 0.0.0-20220525230936-793ad666bf5e.
- golang.org/x/net to version 0.0.0-20220607020251-c690dde0001d.
- golang.org/x/sync to version 0.0.0-20220601150217-0de741cfad7f.
- google.golang.org/api to version 0.82.0.
- github.com/containerd/containerd to version v1.6.6.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Gitlab only supports HTTP redirection for GET operations,
and fails POST operations targeting a repository without
the .git suffix.
Fixes: https://github.com/fluxcd/image-automation-controller/issues/379
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Somtochi Onyekwere
Sunny
Sanskar Jaiswal
Stefan Prodan
Hidde Beydals
Paulo Gomes
Hidde Beydals
Soule BA