Connect to feed in Azure Artifacts using poetry (or pipenv) with artifacts-keyring

1
votes

I'm a bit of a beginner to working with Azure, in particular my problem is related to publishing python packages. I have a package managed with poetry, i am posting it to the private repository with the help of twine. The commands I am using to post are as follows (in this part i have installed artifacts-keyring in the virtual environment)

poetry build
python -m twine upload -r ${ARTIFACT_FEED} --config-file /PYPIRC dist/*

Here, ARTIFACT_FEED is the name of the feed. I have no problems with those commands and the package is published without problems.

Now, to use a project managed also with poetry and that uses my other package already published, I would like to do

poetry add my_package_name

With the pyproject.toml as poetry's documentation

[[tool.poetry.source]]
name = "foo"
url = <MY_PRIVATE_COMPANY_REPO_URL>
secondary = true

With artifacts-keyring installed in the virtual env, i get this error 401 Client Error: Unauthorized for url: <MY_PRIVATE_COMPANY_REPO_URL>. Using pipenv i have the same problem. Ok, maybe poetry dosen't support this kind of auth. Related links:

  1. https://github.com/microsoft/artifacts-keyring/issues/37
  2. https://github.com/microsoft/artifacts-keyring/issues/8
  3. https://github.com/python-poetry/poetry/issues/2857

Is it possible for the administrator to change the authentication type? When i enter to Connect to feed page, I see this

enter image description here

So, seems to be mandatory use artifacts-keyrings. In a previous project, for another company, we used basic authentication, like this

poetry publish --repository <PRIVATE_REPO> --username <USERNAME> --password <PASSWORD> --build

And then to install the package I had no problem.

1
pythonazure

1 Answers

0
votes

You can use basic authentication, the username can be anything, the password MUST be a personal acces token.

Poetry currently does work with artifacts-keyring, see python-poetry#4086.

Pipenv does, but your virtual env needs to have artifacts-keyring installed, installing azure-devops-artifacts-helpers in your main install and configuring virtualenv to use the azdo-pip seeder it provides makes life easier.

#powershell
python -m pip install --user azure_devops_artifacts_helpers artifacts-keyring
[Environment]::SetEnvironmentVariable("VIRTUALENV_SEEDER", "azdo-pip", "Machine")
[Environment]::SetEnvironmentVariable("PIP_INDEX_URL", "https://pkgs.dev.azure.com/XXXXX/_packaging/YYYYY/pypi/simple/", "Machine")

Pipfile:

[[source]]
url =  "${PIP_INDEX_URL}"
name = "azdo"

In theory it might be possible to trick(?) poetry into using artifacts-keyring by creating your own keyring implementation that detects when poetry uses keyring based on the service value, deconstruct said value, lookup the url for the private repo and then do your own keyring lookup with the url followed by a lookup for the "netloc" (just the dns name) part of the url since that is what Pip does.

Good luck!