From 8f400da10709348142b077b8f6717e6b2fa7fc43 Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Thu, 24 Oct 2024 21:26:55 -0400 Subject: [PATCH] Implement combine --- crates/uv-cli/src/options.rs | 1 - crates/uv-settings/src/settings.rs | 16 ---------- crates/uv/src/lib.rs | 10 +++---- crates/uv/src/settings.rs | 48 ++++++++++++++---------------- docs/reference/settings.md | 33 -------------------- uv.schema.json | 10 ------- 6 files changed, 27 insertions(+), 91 deletions(-) diff --git a/crates/uv-cli/src/options.rs b/crates/uv-cli/src/options.rs index 43c36a2bebe0..771585990835 100644 --- a/crates/uv-cli/src/options.rs +++ b/crates/uv-cli/src/options.rs @@ -144,7 +144,6 @@ impl From for PipOptions { reinstall_package: Some(reinstall_package), index_strategy, keyring_provider, - allow_insecure_host: None, resolution, prerelease: if pre { Some(PrereleaseMode::Allow) diff --git a/crates/uv-settings/src/settings.rs b/crates/uv-settings/src/settings.rs index cd765c3c34c0..997e7fdc5492 100644 --- a/crates/uv-settings/src/settings.rs +++ b/crates/uv-settings/src/settings.rs @@ -823,22 +823,6 @@ pub struct PipOptions { "# )] pub keyring_provider: Option, - /// Allow insecure connections to host. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[option( - default = "[]", - value_type = "list[str]", - example = r#" - allow-insecure-host = ["localhost:8080"] - "# - )] - pub allow_insecure_host: Option>, /// Don't build source distributions. /// /// When enabled, resolving will not run arbitrary Python code. The cached wheels of diff --git a/crates/uv/src/lib.rs b/crates/uv/src/lib.rs index b12a4a795cf0..198936c0e9a6 100644 --- a/crates/uv/src/lib.rs +++ b/crates/uv/src/lib.rs @@ -353,7 +353,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - &args.settings.allow_insecure_host, + &globals.allow_insecure_host, args.settings.config_setting, globals.connectivity, args.settings.no_build_isolation, @@ -439,7 +439,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.sources, globals.concurrency, globals.native_tls, - &args.settings.allow_insecure_host, + &globals.allow_insecure_host, cache, args.dry_run, printer, @@ -527,7 +527,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.prefix, globals.concurrency, globals.native_tls, - &args.settings.allow_insecure_host, + &globals.allow_insecure_host, cache, args.dry_run, printer, @@ -565,7 +565,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.native_tls, args.settings.keyring_provider, - &args.settings.allow_insecure_host, + &globals.allow_insecure_host, printer, ) .await @@ -772,7 +772,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - &args.settings.allow_insecure_host, + &globals.allow_insecure_host, uv_virtualenv::Prompt::from_args(prompt), args.system_site_packages, globals.connectivity, diff --git a/crates/uv/src/settings.rs b/crates/uv/src/settings.rs index a311e111ee90..9b892446c18c 100644 --- a/crates/uv/src/settings.rs +++ b/crates/uv/src/settings.rs @@ -66,22 +66,6 @@ pub(crate) struct GlobalSettings { impl GlobalSettings { /// Resolve the [`GlobalSettings`] from the CLI and filesystem configuration. pub(crate) fn resolve(args: &GlobalArgs, workspace: Option<&FilesystemOptions>) -> Self { - let preview = PreviewMode::from( - flag(args.preview, args.no_preview) - .combine(workspace.and_then(|workspace| workspace.globals.preview)) - .unwrap_or(false), - ); - - let allow_insecure_host = if let Some(allow_insecure_host) = &args.allow_insecure_host { - allow_insecure_host - .iter() - .filter_map(|value| value.clone().into_option()) - .collect() - } else { - workspace - .and_then(|workspace| workspace.globals.allow_insecure_host.clone()) - .unwrap_or_default() - }; Self { quiet: args.quiet, verbose: args.verbose, @@ -127,9 +111,29 @@ impl GlobalSettings { } else { Connectivity::Online }, - allow_insecure_host, + allow_insecure_host: args + .allow_insecure_host + .as_ref() + .map(|allow_insecure_host| { + allow_insecure_host + .iter() + .filter_map(|value| value.clone().into_option()) + }) + .into_iter() + .flatten() + .chain( + workspace + .and_then(|workspace| workspace.globals.allow_insecure_host.clone()) + .into_iter() + .flatten(), + ) + .collect(), show_settings: args.show_settings, - preview, + preview: PreviewMode::from( + flag(args.preview, args.no_preview) + .combine(workspace.and_then(|workspace| workspace.globals.preview)) + .unwrap_or(false), + ), python_preference: args .python_preference .combine(workspace.and_then(|workspace| workspace.globals.python_preference)) @@ -2173,7 +2177,6 @@ pub(crate) struct PipSettings { pub(crate) prefix: Option, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) no_build_isolation: bool, pub(crate) no_build_isolation_package: Vec, pub(crate) build_options: BuildOptions, @@ -2230,7 +2233,6 @@ impl PipSettings { find_links, index_strategy, keyring_provider, - allow_insecure_host, no_build, no_binary, only_binary, @@ -2282,7 +2284,6 @@ impl PipSettings { find_links: top_level_find_links, index_strategy: top_level_index_strategy, keyring_provider: top_level_keyring_provider, - allow_insecure_host: top_level_allow_insecure_host, resolution: top_level_resolution, prerelease: top_level_prerelease, dependency_metadata: top_level_dependency_metadata, @@ -2314,7 +2315,6 @@ impl PipSettings { let find_links = find_links.combine(top_level_find_links); let index_strategy = index_strategy.combine(top_level_index_strategy); let keyring_provider = keyring_provider.combine(top_level_keyring_provider); - let allow_insecure_host = allow_insecure_host.combine(top_level_allow_insecure_host); let resolution = resolution.combine(top_level_resolution); let prerelease = prerelease.combine(top_level_prerelease); let dependency_metadata = dependency_metadata.combine(top_level_dependency_metadata); @@ -2390,10 +2390,6 @@ impl PipSettings { .keyring_provider .combine(keyring_provider) .unwrap_or_default(), - allow_insecure_host: args - .allow_insecure_host - .combine(allow_insecure_host) - .unwrap_or_default(), generate_hashes: args .generate_hashes .combine(generate_hashes) diff --git a/docs/reference/settings.md b/docs/reference/settings.md index cad97ebb243f..c57a53fcf498 100644 --- a/docs/reference/settings.md +++ b/docs/reference/settings.md @@ -1481,39 +1481,6 @@ packages. --- -#### [`allow-insecure-host`](#pip_allow-insecure-host) {: #pip_allow-insecure-host } - - -Allow insecure connections to host. - -Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., -`localhost:8080`), or a URL (e.g., `https://localhost`). - -WARNING: Hosts included in this list will not be verified against the system's certificate -store. Only use `--allow-insecure-host` in a secure network with verified sources, as it -bypasses SSL verification and could expose you to MITM attacks. - -**Default value**: `[]` - -**Type**: `list[str]` - -**Example usage**: - -=== "pyproject.toml" - - ```toml - [tool.uv.pip] - allow-insecure-host = ["localhost:8080"] - ``` -=== "uv.toml" - - ```toml - [pip] - allow-insecure-host = ["localhost:8080"] - ``` - ---- - #### [`annotation-style`](#pip_annotation-style) {: #pip_annotation-style } diff --git a/uv.schema.json b/uv.schema.json index 9891e21733c2..e3be6b3a51f9 100644 --- a/uv.schema.json +++ b/uv.schema.json @@ -731,16 +731,6 @@ "null" ] }, - "allow-insecure-host": { - "description": "Allow insecure connections to host.\n\nExpects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., `localhost:8080`), or a URL (e.g., `https://localhost`).\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store. Only use `--allow-insecure-host` in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.", - "type": [ - "array", - "null" - ], - "items": { - "$ref": "#/definitions/TrustedHost" - } - }, "annotation-style": { "description": "The style of the annotation comments included in the output file, used to indicate the source of each package.", "anyOf": [