Remove public internet features and fix upstream source UI (#107)

- Remove is_public field from upstream sources (all sources are internal) - Remove allow_public_internet setting from cache settings - Remove seeding of public registry URLs - Fix connectivity test to not follow redirects (fixes Artifactory error) - Add dedicated Test column with OK/Error status badges - Auto-test sources after save - Add error modal for viewing full error details - Fix table layout (no-wrap on source name) - Add ORCHARD_PURGE_SEED_DATA to stage helm values
2026-01-29 12:50:23 -06:00
parent e93e7e7021
commit 1f18bb4383
12 changed files with 188 additions and 171 deletions
--- a/backend/app/upstream.py
+++ b/backend/app/upstream.py
@@ -57,10 +57,6 @@ class UpstreamSSLError(UpstreamError):
    pass


-class AirGapError(UpstreamError):
-    """Request blocked due to air-gap mode."""
-
-    pass


 class FileSizeExceededError(UpstreamError):
@@ -156,12 +152,6 @@ class UpstreamClient:
        # Sort sources by priority (lower = higher priority)
        self.sources = sorted(self.sources, key=lambda s: s.priority)

-    def _get_allow_public_internet(self) -> bool:
-        """Get the allow_public_internet setting."""
-        if self.cache_settings is None:
-            return True  # Default to allowing if no settings provided
-        return self.cache_settings.allow_public_internet
-
    def _match_source(self, url: str) -> Optional[UpstreamSource]:
        """
        Find the upstream source that matches the given URL.
@@ -301,19 +291,6 @@ class UpstreamClient:
        # Match URL to source
        source = self._match_source(url)

-        # Check air-gap mode
-        allow_public = self._get_allow_public_internet()
-
-        if not allow_public:
-            if source is None:
-                raise AirGapError(
-                    f"Air-gap mode enabled: URL does not match any configured upstream source: {url}"
-                )
-            if source.is_public:
-                raise AirGapError(
-                    f"Air-gap mode enabled: Cannot fetch from public source '{source.name}'"
-                )
-
        # Check if source is enabled (if we have a match)
        if source is not None and not source.enabled:
            raise SourceDisabledError(
@@ -536,7 +513,8 @@ class UpstreamClient:
        Test connectivity to an upstream source.

        Performs a HEAD request to the source URL to verify connectivity
-        and authentication.
+        and authentication. Does not follow redirects - a 3xx response
+        is considered successful since it proves the server is reachable.

        Args:
            source: The upstream source to test.
@@ -564,7 +542,7 @@ class UpstreamClient:
                    source.url,
                    headers=headers,
                    auth=auth,
-                    follow_redirects=True,
+                    follow_redirects=False,
                )
                # Consider 2xx and 3xx as success, also 405 (Method Not Allowed)
                # since some servers don't support HEAD
@@ -582,5 +560,7 @@ class UpstreamClient:
            return (False, f"Connection timed out: {e}", None)
        except httpx.ReadTimeout as e:
            return (False, f"Read timed out: {e}", None)
+        except httpx.TooManyRedirects as e:
+            return (False, f"Too many redirects: {e}", None)
        except Exception as e:
            return (False, f"Error: {e}", None)