Added GitAuthError
#6493
Added GitAuthError
#6493
Conversation
|
It doesn't have to be an SSH URL in every case though. The SSH requirement is specifically for pushing (writing) to a remote git server that requires authentication (meaning pushing to github/gitlab). And yes, read operations that require authentication (pull/list for private github/gitlab repos) would require using SSH. |
Not sure if there is a way of synthesizing those cases for the CLI help or if we should just say |
|
IMO the CLI help text should just use |
|
@pmrowla, is it possible to catch the exception and provide the hint (maybe with the link to the proper documentation)? |
Yes, in the dulwich backend we need to check for these exceptions when we do a GitClient operation |
So I just added a minor change here including the word
This would be a good improvement |
|
Agree that giving a hint seems much more useful. Seems like we can just add another exception handler for dvc/dvc/scm/git/backend/dulwich.py Line 429 in 4ee9829 Even better would be to prompt for username and password and try again. Is there a reason we wouldn't want to do that? |
Using prompts won't work in automated contexts (like the CML auto-push feature) but it would be possible for us to support it. The main issue will just be implementing proper support for git HTTP auth (see dulwich tests for examples: https://github.com/dulwich/dulwich/blob/76dd8356f9d8870f44226e4232c24fbc1e573e93/dulwich/tests/test_client.py#L565) But it should be noted that even if we add the prompts and username/password HTTP support for git operations, it won't work for pushing to github (https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/) |
Right, if we make it easier in non-automated scenarios, there could be confusion if people try to migrate to something like CML. Hopefully they would realize any manual steps would need to be automated? Is it better to give flexibility or require the preferred workflow? It seems like generally we try to let users make these decisions themselves. On the other hand, we don't prompt for remote credentials, but that may be because it would get too complex to handle.
Can we do this:
Does dvc need to worry about the details of http auth beyond asking for username and password?
From a quick test, it looks like users should be able to push to github with http if they replace their passwords with their tokens. |
This would be prompted on each command run (i.e. Not sure if that would be a good user experience or if it would be more helpful to just raise an exception with a link to the docs. |
It could be annoying, but is it any more annoying than doing We could start with the warning and keep the HTTP authorization open as a separate issue to see if users do encounter it (or wait to see if someone opens that issue themselves). Edit: I meant we can start with raising an exception for unauthorized http for now. |
|
For autopush, we may need some kind of memoization like the way we do for http(s) filesystems. Lines 12 to 18 in 6b582bd |
Is "any valid URL" correct? It seems more like it's "any supported URL" since I think the HTTP URL is also valid according to Git. I also think we could probably summarize behavior as not supporting HTTP authentication. Cc @jorgeorpinel |
Good points @dberenbaum. I updated my suggestions βοΈ |
Co-authored-by: Jorge Orpinel <jorgeorpinel@users.noreply.github.com>
|
Need to add tests catching the exception |
|
Pending discussion in iterative/dvc.org#2731 (comment). |
|
So when is it ready? Still a draft one? |
I guess that we can now consider this ready (docs PR was also approved iterative/dvc.org#2731 (comment)) and have #6586 as a follow-up. |
β I have followed the Contributing to DVC checklist.
π If this PR requires documentation updates, I have created a separate PR (or issue, at least) in dvc.org and linked it here.
Thank you for the contribution - we'll try to review it as soon as possible. π
To match updates in docs. From iterative/dvc.org#2731 (review)