This message was deleted.
# opals
Slackbot
09/11/2023, 6:03 PMThis message was deleted.
s
Shuvy Ankor
09/11/2023, 6:29 PMHi @Steven Daniels! Let me check with the team and get back to you
Shuvy Ankor
09/11/2023, 6:43 PMcc: @Ori Shavit @Or Weis
a
Asaf Cohen
09/11/2023, 6:59 PMHi @Steven Daniels, for git policy source, it should work with git tags as well.
s
Steven Daniels
09/12/2023, 5:16 PMThat’s not what I’m seeing in my testing.
Using the v0.7.3 opal-server container, I get the following error when trying to use a tag:
Steven Daniels
09/12/2023, 5:17 PMRunning the git clone and git checkout commands in a shell works.
Steven Daniels
09/12/2023, 5:19 PMI also tried using using git Sha for setting the policy branch, but it didn’t work:
Copy code
opal_server| 2023-09-12T17:13:49.760339+0000 | git.cmd |DEBUG | Popen(['git', 'clone', '-v', '--branch=08924c5c24f6b1b146ca00965ae7249bc1c35b93', '--', 'https://*****:*****@github.com/my-repo/policies.git', '/opal/regoclone/opal_repo_clone'], cwd=/opal, universal_newlines=True, shell=None, istream=None)
opal_server| 2023-09-12T17:13:50.388386+0000 | git.repo.base |DEBUG | Cmd(['git', 'clone', '-v', '--branch=08924c5c24f6b1b146ca00965ae7249bc1c35b93', '--', 'https://*****:*****@github.com/my-repo/policies.git', '/opal/regoclone/opal_repo_clone'])'s unused stdout:
opal_server| 2023-09-12T17:13:50.388620+0000 | git.cmd |DEBUG | AutoInterrupt wait stderr: b"Cloning into '/opal/regoclone/opal_repo_clone'...\nPOST git-upload-pack (557 bytes)\nfatal: Remote branch 08924c5c24f6b1b146ca00965ae7249bc1c35b93 not found in upstream origin\n"
opal_server| 2023-09-12T17:13:50.388814+0000 | opal_common.git.repo_cloner |ERROR | cannot clone policy repo: Cmd('git') failed due to: exit code(128)
opal_server| cmdline: git clone -v --branch=08924c5c24f6b1b146ca00965ae7249bc1c35b93 -- https://*****:*****@github.com/my-repo/policies.git /opal/regoclone/opal_repo_clone
opal_server| stderr: 'Cloning into '/opal/regoclone/opal_repo_clone'...
opal_server| POST git-upload-pack (557 bytes)
opal_server| fatal: Remote branch 08924c5c24f6b1b146ca00965ae7249bc1c35b93 not found in upstream origin
opal_server| 'Steven Daniels
09/12/2023, 5:21 PMI also understand that setting that ENV to a tag or sha goes against the idea of updating policies, but in our setup, we made the decision to restart the OPAL server on policy changes because the OPAL server won’t update policies in some scenarios (e.g. force push to a branch).
a
Asaf Cohen
09/12/2023, 6:07 PMHi @Steven Daniels , will try to reproduce on my end and get back to you!
Asaf Cohen
09/12/2023, 7:45 PMHi @Steven Daniels it looks like a bug in git python, it does the right git command where a tag can be referred to as a branch (that's why it's working in the shell).
But then it does not parse back the object correctly, and that's why it throws as exception.
Unfortunately it means that until we bypass this (maybe by transitioning away from git python) we actually don't support cloning from git tags.
s
Steven Daniels
09/13/2023, 3:05 PMOk.