Documentation
¶
Overview ¶
Package transport implements the HTTP layer the helper protocol speaks against: a Proxy that talks to one or more Entire data-plane replicas, applies failover on connection errors and 5xx responses, and bridges the warm/cold paths driven by X-Entire-Replicas.
The Proxy is decoupled from authentication via a SetAuthFunc — the caller (cmd/entire's runRemoteHelper) wires the scoped-token mint in there. checkRedirect enforces the same-cluster Authorization carry rule so credentials never leak across hosts.
Index ¶
- func HTTPErrorMessage(statusCode int, serverMsg, baseURL string) error
- type Config
- type Proxy
- func (p *Proxy) ErrorBaseURL() string
- func (p *Proxy) InfoRefs(ctx context.Context, service string) (io.ReadCloser, error)
- func (p *Proxy) InfoRefsV2(ctx context.Context) (io.ReadCloser, error)
- func (p *Proxy) ServiceRPC(ctx context.Context, service string, body io.ReadSeeker, ...) (io.ReadCloser, error)
- type SetAuthFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HTTPErrorMessage ¶
HTTPErrorMessage returns a user-friendly error for non-200 HTTP responses. Exposed so handlers outside the transport package can produce the same shape.
Types ¶
type Config ¶
type Config struct {
Nodes replicas.NodeConfig
Path string
SkipTLS bool
SetAuth SetAuthFunc
OnNodeFailed func(failedNode string)
}
Config bundles the inputs needed to build a Proxy. Path is the URL path on each node (e.g. "/et/project/repo") and is appended to the node base for every request.
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy is the HTTP transport the helper protocol uses to talk to the data plane. Methods are not safe for concurrent use — Git's helper protocol is strictly serial.
func New ¶
New builds a Proxy from the given configuration. The HTTP client is constructed here so that its CheckRedirect can reference the proxy (otherwise the cross-host Authorization-stripping policy would need duplicate state).
func (*Proxy) ErrorBaseURL ¶
ErrorBaseURL returns a URL string suitable for embedding in error messages, guarding against empty node lists.
func (*Proxy) InfoRefs ¶
InfoRefs fetches the ref advertisement from the server. This is also the discovery entry point: the response's X-Entire-Replicas header refreshes the proxy's cached replica set, and every subsequent request in this invocation hits one of those replicas directly.
Warm path: when the cache has replicas, they're tried with failover. If every cached replica fails we fall back to the cold path rather than surfacing the error — the cached set may be entirely stale (cluster resized, replicas moved) and the entry domain's LB will still route us to a live node.
Cold path: probe the entry domain without auto-following 3xx. If it returns 307 + X-Entire-Replicas we adopt those replicas as the working set and run the warm-path failover instead of letting Go's HTTP client dial the redirect target — that matters when the redirect target's DNS or TCP is broken: failover rolls to the next replica instead of returning the dial error. When the redirect carries no replica header we fall back to following the redirect once. A direct 2xx is handled in place.
func (*Proxy) InfoRefsV2 ¶
InfoRefsV2 is InfoRefs with Git-Protocol: version=2 added — same replica-failover / cold-path / discovery logic, but the server's v2 capability advertisement is what gets returned instead of the v0/v1 ref list.
func (*Proxy) ServiceRPC ¶
func (p *Proxy) ServiceRPC(ctx context.Context, service string, body io.ReadSeeker, extraHeaders ...func(*http.Request)) (io.ReadCloser, error)
ServiceRPC sends data to a Git service endpoint and returns the response. The extraHeaders callbacks are invoked on each request to set additional headers (e.g. Git-Protocol, X-Entire-Push-Size).
type SetAuthFunc ¶
SetAuthFunc attaches authentication headers to an outbound request. Errors are surfaced verbatim — they short-circuit failover because they originate at the auth provider, not the data-plane node.
Source Files