Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: stabilize credential-process and registry-auth #12649

Merged
merged 1 commit into from
Sep 18, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 14 additions & 3 deletions credential/cargo-credential-1password/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,18 @@
# cargo-credential-1password

This is the implementation for the Cargo credential helper for [1password].
See the [credential-process] documentation for how to use this.
A Cargo [credential provider] for [1password].

`cargo-credential-1password` uses the 1password `op` CLI to store the token. You must
install the `op` CLI from the [1password
website](https://1password.com/downloads/command-line/). You must run `op signin`
at least once with the appropriate arguments (such as `op signin my.1password.com user@example.com`),
unless you provide the sign-in-address and email arguments. The master password will be required on each request
unless the appropriate `OP_SESSION` environment variable is set. It supports
the following command-line arguments:
* `--account`: The account shorthand name to use.
* `--vault`: The vault name to use.
* `--sign-in-address`: The sign-in-address, which is a web address such as `my.1password.com`.
* `--email`: The email address to sign in with.

[1password]: https://1password.com/
[credential-process]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process
[credential provider]: https://doc.rust-lang.org/nightly/cargo/reference/registry-authentication.html
6 changes: 4 additions & 2 deletions credential/cargo-credential-libsecret/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# cargo-credential-libsecret

This is the implementation for the Cargo credential helper for [GNOME libsecret].
See the [credential-process] documentation for how to use this.
See the [credential-provider] documentation for how to use this.

This credential provider is built-in to cargo as `cargo:libsecret`.

[GNOME libsecret]: https://wiki.gnome.org/Projects/Libsecret
[credential-process]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process
[credential-provider]: https://doc.rust-lang.org/nightly/cargo/reference/registry-authentication.html
2 changes: 1 addition & 1 deletion credential/cargo-credential-macos-keychain/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cargo-credential-macos-keychain"
version = "0.3.0"
version = "0.3.1"
edition.workspace = true
license.workspace = true
repository = "https://github.com/rust-lang/cargo"
Expand Down
7 changes: 5 additions & 2 deletions credential/cargo-credential-macos-keychain/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
# cargo-credential-macos-keychain

This is the implementation for the Cargo credential helper for [macOS Keychain].
See the [credential-process] documentation for how to use this.
See the [credential-provider] documentation for how to use this.

This credential provider is built-in to cargo as `cargo:macos-keychain`.

[macOS Keychain]: https://support.apple.com/guide/keychain-access/welcome/mac
[credential-process]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process
[credential-provider]: https://doc.rust-lang.org/nightly/cargo/reference/registry-authentication.html

6 changes: 4 additions & 2 deletions credential/cargo-credential-wincred/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# cargo-credential-wincred

This is the implementation for the Cargo credential helper for [Windows Credential Manager].
See the [credential-process] documentation for how to use this.
See the [credential-provider] documentation for how to use this.

This credential provider is built-in to cargo as `cargo:wincred`.

[Windows Credential Manager]: https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0
[credential-process]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process
[credential-provider]: https://doc.rust-lang.org/nightly/cargo/reference/registry-authentication.html
2 changes: 1 addition & 1 deletion credential/cargo-credential/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ provides an interface to store tokens for authorizing access to a registry
such as https://crates.io/.

Documentation about credential processes may be found at
https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process
https://doc.rust-lang.org/nightly/cargo/reference/credential-provider-protocol.html

Example implementations may be found at
https://github.com/rust-lang/cargo/tree/master/credential
Expand Down
5 changes: 5 additions & 0 deletions publish.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@


TO_PUBLISH = [
'credential/cargo-credential',
'credential/cargo-credential-libsecret',
'credential/cargo-credential-wincred',
'credential/cargo-credential-1password',
'credential/cargo-credential-macos-keychain',
'crates/cargo-platform',
'crates/cargo-util',
'crates/crates-io',
Expand Down
2 changes: 1 addition & 1 deletion src/bin/cargo/commands/login.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ pub fn cli() -> Command {
.arg(opt("registry", "Registry to use").value_name("REGISTRY"))
.arg(
Arg::new("args")
.help("Arguments for the credential provider (unstable)")
.help("Additional arguments for the credential provider")
.num_args(0..)
.last(true),
)
Expand Down
12 changes: 8 additions & 4 deletions src/cargo/core/features.rs
Original file line number Diff line number Diff line change
Expand Up @@ -728,7 +728,6 @@ unstable_cli_options!(
check_cfg: Option<(/*features:*/ bool, /*well_known_names:*/ bool, /*well_known_values:*/ bool, /*output:*/ bool)> = ("Specify scope of compile-time checking of `cfg` names/values"),
codegen_backend: bool = ("Enable the `codegen-backend` option in profiles in .cargo/config.toml file"),
config_include: bool = ("Enable the `include` key in config files"),
credential_process: bool = ("Add a config setting to fetch registry authentication tokens by calling an external process"),
direct_minimal_versions: bool = ("Resolve minimal dependency versions instead of maximum (direct dependencies only)"),
doctest_xcompile: bool = ("Compile and run doctests for non-host target using runner config"),
dual_proc_macros: bool = ("Build proc-macros for both the host and the target"),
Expand All @@ -744,7 +743,6 @@ unstable_cli_options!(
panic_abort_tests: bool = ("Enable support to run tests with -Cpanic=abort"),
profile_rustflags: bool = ("Enable the `rustflags` option in profiles in .cargo/config.toml file"),
publish_timeout: bool = ("Enable the `publish.timeout` key in .cargo/config.toml file"),
registry_auth: bool = ("Authentication for alternative registries"),
rustdoc_map: bool = ("Allow passing external documentation mappings to rustdoc"),
rustdoc_scrape_examples: bool = ("Allows Rustdoc to scrape code examples from reverse-dependencies"),
script: bool = ("Enable support for single-file, `.rs` packages"),
Expand Down Expand Up @@ -818,6 +816,12 @@ const STABILIZED_TERMINAL_WIDTH: &str =

const STABILISED_SPARSE_REGISTRY: &str = "The sparse protocol is now the default for crates.io";

const STABILIZED_CREDENTIAL_PROCESS: &str =
"Authentication with a credential provider is always available.";

const STABILIZED_REGISTRY_AUTH: &str =
"Authenticated registries are available if a credential provider is configured.";

fn deserialize_build_std<'de, D>(deserializer: D) -> Result<Option<Vec<String>>, D::Error>
where
D: serde::Deserializer<'de>,
Expand Down Expand Up @@ -1081,6 +1085,8 @@ impl CliUnstable {
"sparse-registry" => stabilized_warn(k, "1.68", STABILISED_SPARSE_REGISTRY),
"terminal-width" => stabilized_warn(k, "1.68", STABILIZED_TERMINAL_WIDTH),
"doctest-in-workspace" => stabilized_warn(k, "1.72", STABILIZED_DOCTEST_IN_WORKSPACE),
"credential-process" => stabilized_warn(k, "1.74", STABILIZED_CREDENTIAL_PROCESS),
"registry-auth" => stabilized_warn(k, "1.74", STABILIZED_REGISTRY_AUTH),

// Unstable features
// Sorted alphabetically:
Expand All @@ -1098,7 +1104,6 @@ impl CliUnstable {
}
"codegen-backend" => self.codegen_backend = parse_empty(k, v)?,
"config-include" => self.config_include = parse_empty(k, v)?,
"credential-process" => self.credential_process = parse_empty(k, v)?,
"direct-minimal-versions" => self.direct_minimal_versions = parse_empty(k, v)?,
"doctest-xcompile" => self.doctest_xcompile = parse_empty(k, v)?,
"dual-proc-macros" => self.dual_proc_macros = parse_empty(k, v)?,
Expand All @@ -1119,7 +1124,6 @@ impl CliUnstable {
"panic-abort-tests" => self.panic_abort_tests = parse_empty(k, v)?,
"profile-rustflags" => self.profile_rustflags = parse_empty(k, v)?,
"publish-timeout" => self.publish_timeout = parse_empty(k, v)?,
"registry-auth" => self.registry_auth = parse_empty(k, v)?,
"rustdoc-map" => self.rustdoc_map = parse_empty(k, v)?,
"rustdoc-scrape-examples" => self.rustdoc_scrape_examples = parse_empty(k, v)?,
"separate-nightlies" => self.separate_nightlies = parse_empty(k, v)?,
Expand Down
4 changes: 1 addition & 3 deletions src/cargo/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,7 @@
//! This is the `#[cargo_test]` proc-macro used by the test suite to define tests.
//! - [`credential`](https://github.com/rust-lang/cargo/tree/master/credential)
//! This subdirectory contains several packages for implementing the
//! experimental
//! [credential-process](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#credential-process)
//! feature.
//! [credential providers](https://doc.rust-lang.org/nightly/cargo/reference/registry-authentication.html).
//! - [`mdman`](https://github.com/rust-lang/cargo/tree/master/crates/mdman)
//! ([nightly docs](https://doc.rust-lang.org/nightly/nightly-rustc/mdman/index.html)):
//! This is a utility for generating cargo's man pages. See [Building the man
Expand Down
1 change: 1 addition & 0 deletions src/cargo/ops/registry/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ fn registry(
None,
operation,
vec![],
false,
)?)
} else {
None
Expand Down
1 change: 1 addition & 0 deletions src/cargo/ops/registry/publish.rs
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ pub fn publish(ws: &Workspace<'_>, opts: &PublishOpts<'_>) -> CargoResult<()> {
None,
operation,
vec![],
false,
)?));
}

Expand Down
1 change: 1 addition & 0 deletions src/cargo/sources/registry/download.rs
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ pub(super) fn download(
None,
Operation::Read,
vec![],
true,
)?)
} else {
None
Expand Down
14 changes: 3 additions & 11 deletions src/cargo/sources/registry/http_remote.rs
Original file line number Diff line number Diff line change
Expand Up @@ -547,9 +547,7 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
return Poll::Ready(Ok(LoadResponse::NotFound));
}
StatusCode::Unauthorized
if !self.auth_required
&& path == Path::new(RegistryConfig::NAME)
&& self.config.cli_unstable().registry_auth =>
if !self.auth_required && path == Path::new(RegistryConfig::NAME) =>
{
debug!(target: "network", "re-attempting request for config.json with authorization included.");
self.fresh.remove(path);
Expand Down Expand Up @@ -612,10 +610,6 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
}
}

if !self.config.cli_unstable().registry_auth {
self.auth_required = false;
}

// Looks like we're going to have to do a network request.
self.start_fetch()?;

Expand Down Expand Up @@ -654,6 +648,7 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
self.login_url.as_ref(),
Operation::Read,
self.auth_error_headers.clone(),
true,
)?;
headers.append(&format!("Authorization: {}", authorization))?;
trace!(target: "network", "including authorization for {}", full_url);
Expand Down Expand Up @@ -724,10 +719,7 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
}

fn config(&mut self) -> Poll<CargoResult<Option<RegistryConfig>>> {
let mut cfg = ready!(self.config()?).clone();
if !self.config.cli_unstable().registry_auth {
cfg.auth_required = false;
}
let cfg = ready!(self.config()?).clone();
Poll::Ready(Ok(Some(cfg)))
}

Expand Down
5 changes: 1 addition & 4 deletions src/cargo/sources/registry/remote.rs
Original file line number Diff line number Diff line change
Expand Up @@ -306,10 +306,7 @@ impl<'cfg> RegistryData for RemoteRegistry<'cfg> {
match ready!(self.load(Path::new(""), Path::new(RegistryConfig::NAME), None)?) {
LoadResponse::Data { raw_data, .. } => {
trace!("config loaded");
let mut cfg: RegistryConfig = serde_json::from_slice(&raw_data)?;
if !self.config.cli_unstable().registry_auth {
cfg.auth_required = false;
}
let cfg: RegistryConfig = serde_json::from_slice(&raw_data)?;
Poll::Ready(Ok(Some(cfg)))
}
_ => Poll::Ready(Ok(None)),
Expand Down
Loading