Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement auth stripping for private PyPi packages #470

Merged
merged 3 commits into from
Jul 17, 2023
Merged

Implement auth stripping for private PyPi packages #470

merged 3 commits into from
Jul 17, 2023

Conversation

jacksmith15
Copy link
Contributor

@jacksmith15 jacksmith15 commented Jul 17, 2023
edited
Loading

Description

Related issue: #461
Related PRs: #323

#323 aimed to implement --strip-auth support for private PyPi packages, however it only targeted --kind explicit lockfiles.

This PR adds support for --kind lock lockfiles (the default, unified kind).

To achieve this, I pass the --strip-auth flag through to the resolver, and strip HTTP Basic auth from the URLs. This avoids the need for first writing a temporary lockfile containing the credentials, and then fixing them after the fact. It also avoids edge cases where users may have requested multiple types of lockfiles.

Currently only HTTP Basic auth is supported for private PyPi repositories, so this should catch all cases.

@jacksmith15 jacksmith15 requested a review from a team as a code owner July 17, 2023 13:19
@netlify
Copy link

netlify bot commented Jul 17, 2023
edited
Loading

Deploy Preview for conda-lock ready!

Name Link
🔨 Latest commit 5ffc30b
🔍 Latest deploy log https://app.netlify.com/sites/conda-lock/deploys/64b5805e7f0e9c0008c8a82a
😎 Deploy Preview https://deploy-preview-470--conda-lock.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

jacksmith15
jacksmith15 commented Jul 17, 2023
View reviewed changes
conda_lock/conda_lock.py
Comment on lines +1328 to +1330
lockfile_content = read_file(os.path.join(tempdir, file))
lockfile_content = _strip_auth_from_lockfile(lockfile_content)
write_file(lockfile_content, os.path.join(filename_template_dir, file))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A small readability improvement, lockfile refers to a file-path earlier in this function's scope.

@jacksmith15 jacksmith15 force-pushed the feat/461/private-pypi-strip-auth branch from 7f5867f to 84c8702 Compare July 17, 2023 13:25
@jacksmith15 jacksmith15 force-pushed the feat/461/private-pypi-strip-auth branch from 84c8702 to cf5dcb4 Compare July 17, 2023 13:28
maresb
maresb reviewed Jul 17, 2023
View reviewed changes
conda_lock/pypi_solver.py Outdated Show resolved Hide resolved
@jacksmith15 @maresb
Update conda_lock/pypi_solver.py
5ffc30b 
Co-authored-by: Ben Mares <services-git-throwaway1@tensorial.com>
@maresb maresb merged commit f6aab6f into conda:main Jul 17, 2023
@jacksmith15 jacksmith15 deleted the feat/461/private-pypi-strip-auth branch July 18, 2023 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maresb maresb maresb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jacksmith15 @maresb