fix(providers): allow git clone/fetch via default GitHub provider#2317
fix(providers): allow git clone/fetch via default GitHub provider#2317russellb wants to merge 1 commit into
Conversation
The github.com:443 git-transport endpoint used the read-only access preset, which expands to GET/HEAD/OPTIONS only. Git smart HTTP requires a POST to */git-upload-pack for clone and fetch, so the L7 proxy denied those operations and `gh repo clone` / `git clone https://...` failed. Replace the preset with explicit rules that permit the read-only methods plus POST */git-upload-pack, so clone/fetch work while push (git-receive-pack) stays blocked. Enabling push still requires an explicit policy proposal. Why allowing this POST is still read-only: in git's smart HTTP protocol POST is an RPC transport, not a write. A clone/fetch does GET */info/refs (ref discovery) followed by POST */git-upload-pack, whose body is only the client's want/have negotiation; the server responds with a packfile and nothing on the server is modified (data flows server -> client). The service names are from the server's perspective: git-upload-pack = the server uploads a pack to the client (a read/ download), while git-receive-pack = the server receives a pack from the client (the actual write/push). The new rule is scoped to */git-upload-pack only, so push (git-receive-pack) and arbitrary POSTs to github.com remain denied. Add a provider-profile regression test and a rego enforcement test covering ref discovery, upload-pack (allowed), and receive-pack (denied). Closes NVIDIA#1769 Signed-off-by: Russell Bryant <rbryant@redhat.com>
|
Thanks @russellb lgtm at first glance. Having Gator do its thing anyway. |
PR Review StatusValidation: This PR directly implements confirmed bug #1769 with a concentrated Provider V2/L7 policy change. The proposed Head SHA: Thanks @johntmyers. I checked the implementation beyond your first-glance LGTM, including canonical path handling, OPA matching, provider-policy composition, and the existing Fern guidance. Three author changes remain:
Docs: Missing for this direct user-visible default-provider behavior change. Next state: |
Summary
The default GitHub provider blocked
gh repo clone/git clone https://…inside sandboxes. This makes clone/fetch work while keeping push blocked by default.Related Issue
Closes #1769
Changes
providers/github.yaml: replace theaccess: read-onlypreset on thegithub.com:443git-transport endpoint with explicit rules —GET/HEAD/OPTIONS **plusPOST /**/git-upload-pack. The read-only preset only expands toGET/HEAD/OPTIONS, but git smart HTTP needsPOSTto*/git-upload-packfor clone/fetch.git-receive-pack) stays denied; enabling it still requires an explicit policy proposal. The twoapi.github.comREST/GraphQL endpoints remainread-only.openshell-providers) and a rego enforcement test (openshell-supervisor-network) covering ref discovery,git-upload-pack(allowed), andgit-receive-pack(denied); update the two existing tests that asserted "all github endpoints read-only".Why allowing this POST is still read-only
In git's smart HTTP protocol,
POSTis an RPC transport, not a write. A clone/fetch isGET */info/refs(ref discovery) followed byPOST */git-upload-pack, whose body is only the client's want/have negotiation; the server replies with a packfile and nothing on the server is modified (data flows server → client). The service names are from the server's perspective:git-upload-pack= the server uploads a pack to the client (a read/download), whilegit-receive-pack= the server receives a pack from the client (the actual write/push). The new rule is scoped to*/git-upload-packonly, so push and arbitrary POSTs togithub.comremain denied.Testing
openshell-providers,openshell-supervisor-network, andopenshell-servertargeted tests pass (new + updated regression tests green)Checklist