libgit2: decommission unmanaged transport

Decommission libgit2 unmanaged transport and remove the related feature
gate, making managed transport the default.

Signed-off-by: Sanskar Jaiswal <[email protected]>

api/v1beta2/condition_types.go

@@ -100,4 +100,7 @@ const (
 
  // CacheOperationFailedReason signals a failure in cache operation.
  CacheOperationFailedReason string = "CacheOperationFailed"
+
+ // ControllerUndefinedBehaviorReason signals an undefined behavior by the controller.
+ ControllerUndefinedBehaviorReason string = "ControllerUndefinedBehavior"
 )

controllers/gitrepository_controller.go

@@ -164,6 +164,12 @@ func (r *GitRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Reques
  // Sets a reconcile ID to correlate logs from all suboperations.
  WithValues("reconcileID", uuid.NewUUID())
 
+ if !managed.Enabled() {
+ return ctrl.Result{}, &serror.Stalling{
+ Reason: sourcev1.ControllerUndefinedBehaviorReason,
+ Err: errors.New("libgit2 managed transport not initialized"),
+ }
+ }
  // logger will be associated to the new context that is
  // returned from ctrl.LoggerInto.
  ctx = ctrl.LoggerInto(ctx, log)
@@ -745,8 +751,8 @@ func (r *GitRepositoryReconciler) gitCheckout(ctx context.Context,
  return nil, e
  }
 
- // managed GIT transport only affects the libgit2 implementation
- if managed.Enabled() && obj.Spec.GitImplementation == sourcev1.LibGit2Implementation {
+ // this is needed only for libgit2, due to managed transport.
+ if obj.Spec.GitImplementation == sourcev1.LibGit2Implementation {
  // We set the TransportOptionsURL of this set of authentication options here by constructing
  // a unique URL that won't clash in a multi tenant environment. This unique URL is used by
  // libgit2 managed transports. This enables us to bypass the inbuilt credentials callback in

controllers/suite_test.go

@@ -37,7 +37,6 @@ import (
  ctrl "sigs.k8s.io/controller-runtime"
 
  "github.com/fluxcd/pkg/runtime/controller"
- feathelper "github.com/fluxcd/pkg/runtime/features"
  "github.com/fluxcd/pkg/runtime/testenv"
  "github.com/fluxcd/pkg/testserver"
  "github.com/phayes/freeport"
@@ -206,8 +205,6 @@ func TestMain(m *testing.M) {
  panic(fmt.Sprintf("Failed to create a test registry server: %v", err))
  }
 
- fg := feathelper.FeatureGates{}
- fg.SupportedFeatures(features.FeatureGates())
  managed.InitManagedTransport()
 
  if err := (&GitRepositoryReconciler{

internal/features/features.go

@@ -30,25 +30,12 @@ const (
  // the last revision is still the same at the target repository,
  // and if that is so, skips the reconciliation.
  OptimizedGitClones = "OptimizedGitClones"
-
- // GitManagedTransport implements a managed transport for GitRepository
- // objects that use the libgit2 implementation.
- //
- // When enabled, improves the reliability of libgit2 reconciliations,
- // by enforcing timeouts and ensuring libgit2 cannot hijack the process
- // and hang it indefinitely.
- GitManagedTransport = "GitManagedTransport"
 )
 
 var features = map[string]bool{
  // OptimizedGitClones
  // opt-out from v0.25
  OptimizedGitClones: true,
-
- // GitManagedTransport
- // opt-in from v0.22 (via environment variable)
- // opt-out from v0.25
- GitManagedTransport: true,
 }
 
 // DefaultFeatureGates contains a list of all supported feature gates and

main.go

@@ -310,15 +310,9 @@ func main() {
  startFileServer(storage.BasePath, storageAddr, setupLog)
  }()
 
- if enabled, _ := features.Enabled(features.GitManagedTransport); enabled {
- managed.InitManagedTransport()
- } else {
- if optimize, _ := feathelper.Enabled(features.OptimizedGitClones); optimize {
- features.Disable(features.OptimizedGitClones)
- setupLog.Info(
- "disabling optimized git clones; git clones can only be optimized when using managed transport",
- )
- }
+ if err = managed.InitManagedTransport(); err != nil {
+ // Log the error, but don't exit so as to not block reconcilers that are healthy.
+ setupLog.Error(err, "unable to initialize libgit2 managed transport")
  }
 
  setupLog.Info("starting manager")