Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 0.1.19 breaks AWS CodeArtifact authentication #2444

Closed
tom-engineering opened this issue Mar 14, 2024 · 11 comments · Fixed by #2446
Closed

Version 0.1.19 breaks AWS CodeArtifact authentication #2444

tom-engineering opened this issue Mar 14, 2024 · 11 comments · Fixed by #2446
Assignees
@charliermarsh
Labels
bug Something isn't working registry Related to package indexes and registries

Comments

@tom-engineering
Copy link

tom-engineering commented Mar 14, 2024
edited
Loading

uv version 0.1.19 gives a 401 error when connecting to a CodeArtifact repo, where 0.1.18 works fine.

uv version: 0.1.19
platform: macOS 14.4 (23E214)

Example:
uv pip install -r requirements.txt --index-url https://aws:<redacted-key>@<redacted-subdomain>.codeartifact.us-east-1.amazonaws.com/pypi/eng/simple/

error: Failed to download: tenacity==8.1.0
  Caused by: HTTP status client error (401 Unauthorized) for url (https://<redacted-subdomain>.codeartifact.us-east-1.amazonaws.com/pypi/eng/simple/tenacity/8.1.0/tenacity-8.1.0[...])

Can't give a repro but it does track with the changes to authentication between 0.1.18 and 0.1.19. The module that fails changes each time, so not specific to the module.
@charliermarsh
Copy link
Member

Did you try with --native-tls?

@charliermarsh
Copy link
Member

\cc @zanieb - my guess is this is related to the authentication store in some way?

@tom-engineering
Copy link
Author

Did you try with --native-tls?

Just ran and same result ($UV_INDEX_URL is set as the --index-url flag was before):

uv pip install --native-tls -r requirements.txt
error: Failed to download and build: strict-rfc3339==0.7
  Caused by: HTTP status client error (401 Unauthorized) for url (https://<redacted-subdomain>.codeartifact.us-east-1.amazonaws.com/pypi/eng/simple/[...])

@charliermarsh
Copy link
Member

Okay, thanks!

@charliermarsh charliermarsh self-assigned this Mar 14, 2024
@charliermarsh charliermarsh added bug Something isn't working registry Related to package indexes and registries labels Mar 14, 2024
@charliermarsh charliermarsh mentioned this issue Mar 14, 2024
Merged
@zanieb zanieb mentioned this issue Mar 14, 2024
Closed
charliermarsh added a commit that referenced this issue Mar 14, 2024
@charliermarsh
Add in-URL credentials to store prior to creating requests (#2446)
f1aec3e 
## Summary

The authentication middleware extracts in-URL credentials from URLs that
pass through it; however, by the time a request reaches the store, the
credentials will have already been removed, and relocated to the header.
So we were never propagating in-URL credentials.

This PR adds an explicit pass wherein we pass in-URL credentials to the
store prior to doing any work.

Closes #2444.

## Test Plan

`cargo run pip install` against an authenticated AWS registry.
@zanieb
Copy link
Member

zanieb commented Mar 14, 2024

Thanks for the report! We should have a fix released shortly

@ealap
Copy link

ealap commented Mar 20, 2024

Hi @charliermarsh, I can confirm that this issue was fixed on v0.1.20 (#2446) but the issue came back after v0.1.22 (probably due to #2449?)

@charliermarsh
Copy link
Member

Oh strange! Will take a look.

@charliermarsh
Copy link
Member

Unfortunately I'm not able to reproduce this when running against an authenticated CodeArtifact index. Are you certain that this is the issue you're running into? And certain that you're on the right uv version, etc.?

@ealap
Copy link

ealap commented Mar 20, 2024

I'm certain because I have specified the uv versions on a requirements.txt file I used for a project. The only versions where it doesn't worked are "uv==0.1.19" and "uv==0.1.22".

The index url I am trying to use points to a private JFrog artifactory PyPI repository.

@zanieb
Copy link
Member

zanieb commented Mar 20, 2024

@ealap can you open a new issue please and provide verbose logs (-v) with your password omitted?

This issue is for AWS CodeArtifact.

@ealap
Copy link

ealap commented Mar 20, 2024

Sorry, I thought the root issue was generally for basic HTTP authentication / in-URL credentials.

I will create a separate issue.

@ealap ealap mentioned this issue Mar 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@charliermarsh charliermarsh

Labels
bug Something isn't working registry Related to package indexes and registries
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add in-URL credentials to store prior to creating requests astral-sh/uv
4 participants
@charliermarsh @tom-engineering @zanieb @ealap