Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow command for tool.uv.index-url and tool.uv.pip.index-url #7660

Open
jpedrick opened this issue Sep 24, 2024 · 11 comments
Open

Allow command for tool.uv.index-url and tool.uv.pip.index-url #7660

jpedrick opened this issue Sep 24, 2024 · 11 comments
Labels
needs-decision Undecided if this should be done needs-design Needs discussion, investigation, or design

Comments

@jpedrick
Copy link

UV currently supports using a keyring for the credential provider. However, in my case it's not always practical. I would like to have a simple command line script: get_pip_credentials.sh that could invoke something like:

scripts/get-pip-credentials.sh

aws codeartifact login --tool pip --domain my_domain --repository python --dry-run --profile pip-read-access | cut -d " " -f 5

So, in my pyproject.toml:

[tool.uv]
index-url = { 'command' : [ './scripts/get-pip-credentials.sh' ] }

[tool.uv.pip]
index-url = { 'command' : [ './scripts/get-pip-credentials.sh' ] }

Likewise, if --index-url is specified on the command line, I would prefer that to override tool.uv.index-url.command and tool.uv.pip.index-url.command
@zanieb
Copy link
Member

zanieb commented Sep 24, 2024

How would this work with writing index URLs to the lockfile?

@jpedrick
Copy link
Author

How would this work with writing index URLs to the lockfile?

Currently, when I put CodeArtifact credentials in the index-url it strips the credentials and just puts the repository address. I would expect the same behavior.

@woutervh
Copy link

For many usecases, the private pypi-credentials are set as environment variables.

Would there be a reason to not support variable substitution?

For example:

[tool.uv]
index-url = "https://__token__:${PERSONAL_ACCESS_TOKEN}@gitlab.com/..."

@zanieb
Copy link
Member

zanieb commented Sep 24, 2024

@woutervh that is tracked in #5734

@jpedrick
Copy link
Author

@zanieb as I think about this more, it could be more general to have the configuration look like the following:

[tool.uv]
index-url = {
'url' = "https://aws:${ACCESS_TOKEN}@${DOMAIN}-${ACCOUNT_ID}.d.codeartifact.${REGION}.amazonaws.com/pypi/python/simple/"
'substitition_command' :  './scripts/get-codeartifact-url-with-credentials.sh'
}

./scripts/get-codeartifact-url-with-credentials.sh would return json like:

{
"ACCESS_TOKEN" : "ABCDEFG",
"REGION" : "eu-west-1",
"DOMAIN": "my_domain",
"ACCOUNT_ID" : "1234567890"
}

Ideally, the system call would use the location of the pyproject.toml as CWD, but absolute paths could be provided by users. However, I don't want to over specify.

@chrisrodrigue
Copy link

@zanieb as I think about this more, it could be more general to have the configuration look like the following:

[tool.uv]
index-url = {
'url' = "https://aws:${ACCESS_TOKEN}@${DOMAIN}-${ACCOUNT_ID}.d.codeartifact.${REGION}.amazonaws.com/pypi/python/simple/"
'substitition_command' :  './scripts/get-codeartifact-url-with-credentials.sh'
}

./scripts/get-codeartifact-url-with-credentials.sh would return json like:

{
"ACCESS_TOKEN" : "ABCDEFG",
"REGION" : "eu-west-1",
"DOMAIN": "my_domain",
"ACCOUNT_ID" : "1234567890"
}

Ideally, the system call would use the location of the pyproject.toml as CWD, but absolute paths could be provided by users. However, I don't want to over specify.

Could you just call that script and set the required environment variables prior to using uv, rather than specifying it in pyproject.toml?

@jpedrick
Copy link
Author

jpedrick commented Oct 2, 2024

Could you just call that script and set the required environment variables prior to using uv, rather than specifying it in pyproject.toml?

Sure, everything except the access token.

@zanieb
Copy link
Member

zanieb commented Oct 2, 2024

Why can't the access token be in the environment variable?

@zanieb zanieb added needs-design Needs discussion, investigation, or design needs-decision Undecided if this should be done labels Oct 2, 2024
@jpedrick
Copy link
Author

jpedrick commented Oct 2, 2024

Why can't the access token be in the environment variable?

In that case I can just put the entire url in the UV_INDEX_URL environment variable, but that doesn't allow dynamic keychain-like credentials

@zanieb
Copy link
Member

zanieb commented Oct 2, 2024
edited
Loading

I'm responding to

Could you just call that script and set the required environment variables prior to using uv, rather than specifying it in pyproject.toml?

Sure, everything except the access token.

In which you wrap uv with a script that sets the relevant variable with authentication.

@jpedrick
Copy link
Author

jpedrick commented Oct 3, 2024

In which you wrap uv with a script that sets the relevant variable with authentication.

Hi @zanieb, perhaps we have gotten away from the central idea of the feature request. Currently, I do pre-set the index-url/extra-index-url. I'm basically requesting something like https://pypi.org/project/keyrings.codeartifact/, but without requiring all the setup for the keyring.

credential_process for the AWS cli config would be an example of the kind of solution I'm hoping for: https://docs.aws.amazon.com/sdkref/latest/guide/feature-process-credentials.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-decision Undecided if this should be done needs-design Needs discussion, investigation, or design
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@woutervh @zanieb @jpedrick @chrisrodrigue