Add an optional authentication policy to [index] configuration #11896
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
Member
|
(My review only considered the implementation. I defer to @zanieb on the user-facing API.) |
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
zanieb
reviewed
Mar 3, 2025
Member
I think you'd need to do this, yeah. You can just use |
Member
|
We should also talk about this in |
Member
|
I wonder if we can do something smart if a user has |
zanieb
reviewed
Mar 3, 2025
Comment on lines
+10298
to
+10335
| .env("UV_INDEX_MY_INDEX_USERNAME", "public") | ||
| .env("UV_INDEX_MY_INDEX_PASSWORD", "heron"), @r" |
Member
There was a problem hiding this comment.
We should probably warn if these are set and never is used, right?
zanieb
reviewed
Mar 3, 2025
Contributor
Author
We often only have an |
zanieb
reviewed
Mar 4, 2025
zanieb
approved these changes
Mar 10, 2025
Member
zanieb
left a comment
There was a problem hiding this comment.
Thanks for your patience on all the back and forth here!
zanieb
added a commit
that referenced
this pull request
Mar 11, 2025
Follow-up to #11896 Reframes the documentation a bit. Looking into why the `[index]` child fields aren't generate in the reference correctly too.
zanieb
added a commit
that referenced
this pull request
Mar 19, 2025
Previously, we required a username to perform a fetch from the keyring because the `keyring` CLI only supported fetching password for a given service and username. Unfortunately, this is different from the keyring Python API which supported fetching a username _and_ password for a given service. We can't (easily) use the Python API because we don't expect `keyring` to be installed in a specific environment during network requests. This means that we did not have parity with `pip`. Way back in jaraco/keyring#678 we got a `--mode creds` flag added to `keyring`'s CLI which supports parity with the Python API. Since `keyring` is expensive to invoke and we cannot be certain that users are on the latest version of keyring, we've not added support for invoking keyring with this flag. However, now that we have a mode that says authentication is _required_ for an index (#11896), we might as well _try_ to invoke keyring with `--mode creds` when there is no username. This will address use-cases where the username is non-constant and move us closer to `pip` parity.
This was referenced Mar 20, 2025
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Mar 24, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.6.5` -> `0.6.9` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.6.9`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#069) [Compare Source](astral-sh/uv@0.6.8...0.6.9) ##### Enhancements - Use `keyring --mode creds` when `authenticate = "always"` ([#​12316](astral-sh/uv#12316)) - Fail with specific error message when no password is present and `authenticate = "always"` ([#​12313](astral-sh/uv#12313)) ##### Bug fixes - Add boolish value parser for `UV_MANAGED_PYTHON` flags ([#​12345](astral-sh/uv#12345)) - Make deserialization non-fatal when assessing source tree revisions ([#​12319](astral-sh/uv#12319)) - Use resolver-returned wheel over alternate cached wheel ([#​12301](astral-sh/uv#12301)) ##### Documentation - Add experimental `--torch-backend` to the PyTorch guide ([#​12317](astral-sh/uv#12317)) - Fix `#keyring-provider` references in alternative index docs ([#​12315](astral-sh/uv#12315)) - Fix `--directory` path in examples ([#​12165](astral-sh/uv#12165)) ##### Preview changes - Automatically infer the PyTorch index via `--torch-backend=auto` ([#​12070](astral-sh/uv#12070)) ### [`v0.6.8`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#068) [Compare Source](astral-sh/uv@0.6.7...0.6.8) ##### Enhancements - Add support for enabling all groups by default with `default-groups = "all"` ([#​12289](astral-sh/uv#12289)) - Add simpler `--managed-python` and `--no-managed-python` flags for toggling Python preferences ([#​12246](astral-sh/uv#12246)) ##### Performance - Avoid allocations for default cache keys ([#​12063](astral-sh/uv#12063)) ##### Bug fixes - Allow local version mismatches when validating lockfile ([#​12285](astral-sh/uv#12285)) - Allow owned string when deserializing `requires-python` ([#​12278](astral-sh/uv#12278)) - Make cache errors non-fatal in `Planner::build` ([#​12281](astral-sh/uv#12281)) ### [`v0.6.7`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#067) [Compare Source](astral-sh/uv@0.6.6...0.6.7) ##### Python - Add CPython 3.14.0a6 - Fix regression where extension modules would use wrong `CXX` compiler on Linux - Enable FTS3 enhanced query syntax for SQLite See the [`python-build-standalone` release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250317) for more details. ##### Enhancements - Add support for `-c` constraints in `uv add` ([#​12209](astral-sh/uv#12209)) - Add support for `--global` default version in `uv python pin` ([#​12115](astral-sh/uv#12115)) - Always reinstall local source trees passed to `uv pip install` ([#​12176](astral-sh/uv#12176)) - Render token claims on publish permission error ([#​12135](astral-sh/uv#12135)) - Add pip-compatible `--group` flag to `uv pip install` and `uv pip compile` ([#​11686](astral-sh/uv#11686)) ##### Preview features - Avoid creating duplicate directory entries in built wheels ([#​12206](astral-sh/uv#12206)) - Allow overriding module names for editable builds ([#​12137](astral-sh/uv#12137)) ##### Performance - Avoid replicating core-metadata field on `File` struct ([#​12159](astral-sh/uv#12159)) ##### Bug fixes - Add `src` to default cache keys ([#​12062](astral-sh/uv#12062)) - Discard insufficient fork markers ([#​10682](astral-sh/uv#10682)) - Ensure `python pin --global` creates parent directories if missing ([#​12180](astral-sh/uv#12180)) - Fix GraalPy abi tag parsing and discovery ([#​12154](astral-sh/uv#12154)) - Remove extraneous script packages in `uv sync --script` ([#​12158](astral-sh/uv#12158)) - Remove redundant `activate.bat` output ([#​12160](astral-sh/uv#12160)) - Avoid subsequent index hint when no versions are available on the first index ([#​9332](astral-sh/uv#9332)) - Error on lockfiles with incoherent wheel versions ([#​12235](astral-sh/uv#12235)) ##### Rust API - Update `BaseClientBuild` to accept custom proxies ([#​12232](astral-sh/uv#12232)) ##### Documentation - Make testpypi index explicit in example snippet ([#​12148](astral-sh/uv#12148)) - Reverse and format the archived changelogs ([#​12099](astral-sh/uv#12099)) - Use consistent commas around i.e. and e.g. ([#​12157](astral-sh/uv#12157)) - Fix typos in MRE docs ([#​12198](astral-sh/uv#12198)) - Fix double space typo ([#​12171](astral-sh/uv#12171)) ### [`v0.6.6`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#066) [Compare Source](astral-sh/uv@0.6.5...0.6.6) ##### Python - Add support for dynamic musl Python distributions on x86-64 Linux ([#​12121](astral-sh/uv#12121)) - Allow the experimental JIT to be enabled at runtime on Python 3.13 and 3.14 on Linux - Upgrade the build toolchain to LLVM 20, improving performance See the [`python-build-standalone` release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250311) for more details. ##### Enhancements - Add `--marker` flag to `uv add` ([#​12012](astral-sh/uv#12012)) - Allow overriding module name for uv build backend ([#​11884](astral-sh/uv#11884)) - Sync latest Python releases ([#​12120](astral-sh/uv#12120)) - Use 'Upload' instead of 'Download' in publish reporter ([#​12029](astral-sh/uv#12029)) - Add `[index].authenticate` allowing authentication to be required on an index ([#​11896](astral-sh/uv#11896)) - Add support for Windows legacy scripts in `uv tool run` ([#​12079](astral-sh/uv#12079)) - Propagate conflicting dependency groups when using `include-group` ([#​12005](astral-sh/uv#12005)) - Show ambiguous requirements when `uv add` failed ([#​12106](astral-sh/uv#12106)) ##### Performance - Cache workspace discovery ([#​12096](astral-sh/uv#12096)) - Insert dependencies into fork state prior to fetching metadata ([#​12057](astral-sh/uv#12057)) - Remove some allocations from `uv-auth` ([#​12077](astral-sh/uv#12077)) ##### Bug fixes - Avoid considering `PATH` updated when the `export` is commented in the shellrc ([#​12043](astral-sh/uv#12043)) - Fix `uv publish` retry on network failures ([#​12041](astral-sh/uv#12041)) - Use a sized stream in `uv publish` to comply with WSGI PyPI server constraints ([#​12111](astral-sh/uv#12111)) - Fix `uv python install --reinstall` when the version was not previously installed ([#​12124](astral-sh/uv#12124)) ##### Preview features - Fix `uv_build` invocation ([#​12058](astral-sh/uv#12058)) ##### Documentation - Quote versions string in `python-versions.md` ([#​12112](astral-sh/uv#12112)) - Fix tool concept page headings ([#​12053](astral-sh/uv#12053)) - Update the `[index].authenticate` docs ([#​12102](astral-sh/uv#12102)) - Update versioning policy ([#​11666](astral-sh/uv#11666)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIwOS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a new optional key
auth-policyto[tool.uv.index]that sets the authentication policy for the index URL.The default is
"auto", which attempts to authenticate when necessary."always"always attempts to authenticate and fails if the endpoint is unauthenticated."never"never attempts to authenticate.These policy address two kinds of cases:
Closes #11600