Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable user-level management of index credentials via uv (& keyring) #9920

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

stoney95
Copy link

@stoney95 stoney95 commented Dec 15, 2024

Summary

Currently reading credentials from keyring is only supported when a username is provided in the URL of the index. This prohibits to define indexes - in pyproject.toml - that are shared within a team. See these two issues for further details:

In general this PR provides two things:

Setting credentials for an index via CLI

With this MR you can run uv index credentials add --name <name-of-the-index> [--username <username>]
This will ask for the password of the user. A keyring entry will be made with the url of the index, the username and the password. The username and the index will be appended to "<uv_cache_dir>/auth.toml". "auth.toml" has the following structure

[indexes.index1]
username = "my_user1"

[indexes.index2]
username = "my_other_user"

Using credentials

When reading the credentials in uv_distribution_types::index::Index.credentials it's now additionally checked if credentials have been configured via "<uv_cache_dir>/auth.toml" and keyring. The current implementation of reading the credentials from the environment variables UV_INDEX_XXX has priority over keyring authentication.

Test Plan

I have added unit tests to the newly defined uv_auth::keyring_config which takes care of loading, storing and modifying the auth configuration.

I also want to add a test for uv_auth::credentials::Credentials.from_keyring. But am currently struggling with mocking keyring and config file.

I manually tested the new command uv index credentials add --name <name-of-the-index> as I could not find examples for testing commands.

Further remarks

I am a noobie in this context

  • I am new to rust
  • I am new to uv

=> I am curious about your opinion and suggestions for improvements

Not completely ready

The current version of the PR is a draft. Especially in regards of error handling and logging. Also testing can be improved.
I open this PR to discuss the direction in which the implementation is heading. As I am new to rust & uv I would also like to receive your guideance upfront 🙂

@stoney95 stoney95 marked this pull request as draft December 16, 2024 07:32
@bschoenmaeckers
Copy link
Contributor

It would be nice to add a --password <password> option and store/retrieve it using the keyring crate. It should still fall back to the subprocess method for dynamic passwords.

@zanieb zanieb self-assigned this Dec 16, 2024
@stoney95
Copy link
Author

@bschoenmaeckers, I think adding --password <password> can be seen independently of the keyring crate (https://docs.rs/keyring/latest/keyring/?).

One part is implementing an import keyring-provider. This would rely on the keyring crate. Also, it should be implemented independently of this topic, if it is required.

The other part is providing a --password option. Which could be processed with any implemented keyring-provider - currently only subprocess. I can add this part to this PR.

@farndt
Copy link

farndt commented Dec 17, 2024

@stoney95 Thx for starting integration of kering-rs into uv!

How to use credentials already defined in credential store?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants