Hi, I am trying to integrate git to fetch policy in the sidecar but getting the following error

logger":"cerbos.git.store","message":"Failed to initialize git store","dir":"//tmp/work/policies","error":"failed to clone from <http://github.xyz/xyz/apo.git|github.xyz/xyz/apo.git> to //tmp/work/policies: exec: \"git\": executable file not found in $PATH"}
{"log.level":"error","@timestamp":"2024-05-23T11:24:52.171Z","log.logger":"cerbos.server","message":"Failed to start server","error":"failed to create store: failed to clone from <http://github.xyz/xyz/apo.git|github.xyz/xyz/apo.git> to //tmp/work/policies: exec: \"git\": executable file not found in $PATH"}
{"log.level":"info","@timestamp":"2024-05-23T11:24:52.171Z","log.logger":"cerbos.server","message":"maxprocs: Resetting GOMAXPROCS to 8"}
cerbos: error: failed to create store: failed to clone from <http://github.xyz/xyz/apo.git|github.xyz/xyz/apo.git> to //tmp/work/policies: exec: "git": executable file not found in $PATH

and this is my config map

apiVersion: v1
kind: ConfigMap
metadata:
  name: cerbos-sidecar-demo
data:
  ".cerbos.yaml": |-
    server:
      # Configure Cerbos to listen on a Unix domain socket.
      httpListenAddr: "unix:/sock/cerbos.sock"
    storage:
      driver: "git"
      git:
        protocol: https
        url: <http://github.xyz/xyz/apo.git|github.xyz/xyz/apo.git>
        branch: main
        subDir: policies
        checkoutDir: ${HOME}/tmp/work/policies
        updatePollInterval: 60s
        operationTimeout: 30s
        https:
          username: xyz
          password: *******

Hi @Razi Ahmad,

exec: "git": executable file not found in $PATH

I think the image you’re using doesn’t have

git

available.

I took the following sidecar example from cerbos docs

##################
        # Cerbos sidecar #
        ##################
        - name: cerbos
          image: "<http://ghcr.io/cerbos/cerbos:0.36.0|ghcr.io/cerbos/cerbos:0.36.0>"
          imagePullPolicy: IfNotPresent
          args:
            - "server"
            - "--config=/config/.cerbos.yaml"
            - "--log-level=INFO"
          volumeMounts:
            # Mount the shared volume containing the socket
            - name: sock
              mountPath: /sock
            - name: cerbos-config
              mountPath: /config
              readOnly: true

Let me check and will get back to you

Okay, thanks

I think your

storage.git.url

might be the problem. Does it work if you change it to

<https://github.xyz/xyz/apo.git>

?

Let me try with it

Fab! I will file a bug to improve the config validation so that it fails in a more sensible fashion if the URL scheme is missing.

I removed it because, when I saw this property

protocol: https

Exactly, that seems redundant to me. We should just infer the protocol from the URL scheme.

yes

I've raised https://github.com/cerbos/cerbos/issues/2162. Thanks for reporting this issue, and sorry you ran into it!