Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Different behavior when --extra-index-url is specified in the command line and requirements file #8640

Closed
ivanst0 opened this issue Jul 28, 2020 · 5 comments

Comments

@ivanst0
Copy link

ivanst0 commented Jul 28, 2020

Environment

  • pip version: 20.1.1
  • Python version: 3.8
  • OS: Windows 10
  • artifacts-keyring version: 0.2.9

Description
--extra-index-url option is treated slightly differently when specified in command line and when included in a requirements file. This prevents normal usage of artifacts-keyring on Windows.

requirements.txt:

--extra-index-url https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple
mypackage

(A) --extra-index-url in requirements.txt

python -m pip install -r requirements.txt
Looking in indexes: https://pypi.org/simple, https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple
User for microsoft.pkgs.visualstudio.com:

pip asks for username/password instead of retrieving credentials from keyring.

(B) --extra-index-url in command line

python -m pip install --extra-index-url https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple mypackage
Looking in indexes: https://pypi.org/simple, https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple
Collecting mypackage
...
Successfully installed mypackage-1.0.0

Expected behavior
Both of the commands above should produce the same result (installation of the package without pip prompting for credentials).

Preliminary analysis
The different behavior seems to be caused by not passing all index_urls to MultiDomainBasicAuth in the first case:

(A) --extra-index-url in requirements.txt
MultiDomainBasicAuth(index_urls=['https://pypi.org/simple'])

(B) --extra-index-url in command line
MultiDomainBasicAuth(index_urls=['https://pypi.org/simple', 'https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple'])

In case (A) this prevents MultiDomainBasicAuth._get_index_url() from retrieving the correct index_url for a given package url. Eventually, keyring is queried with "myorg.pkgs.visualstudio.com" instead of "https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple", which it doesn't support.

@triage-new-issues triage-new-issues bot added the S: needs triage Issues/PRs that need to be triaged label Jul 28, 2020
@uranusjr uranusjr changed the title Can't use artifacts-keyring when --extra-index-url is specified in the requirements file Different behavior when --extra-index-url is specified in the command line and requirements file Jul 29, 2020
@uranusjr
Copy link
Member

I’ve modified the title to describe the underlying issue instead of the result. This would be more indicative for contributors when they browse the tracker. Issues that only affect one package are usually of low priority.

@ivanst0
Copy link
Author

ivanst0 commented Jul 30, 2020

Thank you @uranusjr, the new title is indeed a better description of the underlying issue.

@ivanst0
Copy link
Author

ivanst0 commented Jul 30, 2020

@NoahGorny, I now discovered your pull request #8522 and it turns out to fix this issue. Would you be able to proceed with that PR?

@NoahGorny
Copy link
Contributor

I would love to!
I am glad to see my PR indeed fix the issue. @uranusjr maybe you can take a look at #8522?

@uranusjr
Copy link
Member

I think this has been fixed?

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 25, 2021
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Mar 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants