Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poetry 1.3.2 cannot obtain credentials via keyrings #7545

Open
dubravaj opened this issue Feb 23, 2023 · 7 comments
Open

Poetry 1.3.2 cannot obtain credentials via keyrings #7545

dubravaj opened this issue Feb 23, 2023 · 7 comments
Labels
kind/bug Something isn't working as expected status/triage This issue needs to be triaged

Comments

@dubravaj
Copy link

Hi,

Currently, I tried to publish my private package to Artifact Registry in GCP via poetry publish using keyrings. I always get an error HTTP Error 401: Unauthorized | b'The request does not have valid authentication credentials. \n'. I tried this a long time ago and it worked. So I checked the version of poetry and I found out that my current setup is poetry version 1.3.2 and the last time I tried this I had 1.2.2. So I downgraded the poetry version and tried the same process and this time it worked.
@dubravaj dubravaj added kind/bug Something isn't working as expected status/triage This issue needs to be triaged labels Feb 23, 2023
@dimbleby
Copy link
Contributor

Of course getting credentials from keyring works just fine.

You've misconfigured something, but there's no way of telling from what you've written what that might be.

@iprotsyuk
Copy link

iprotsyuk commented Mar 3, 2023
edited
Loading

I'm getting the same error with poetry v1.4.0 in a conda environment (py 3.8.16) when trying to publish my package in a private pip repo at a GCP project. Potentially, the same underlying issue results in an error Could not find a matching version of package xxx when I run poetry add xxx==1.0.0 to install a dependency published at the same private pip repo. Surprisingly, I can install it with pip install xxx==1.0.0, so the repo authentication works in principle, but I'm missing something with my poetry setup🤔

Here's my keyring backends:

$ keyring --list-backends
keyring.backends.macOS.Keyring (priority: 5)
keyring.backends.fail.Keyring (priority: 0)
keyring.backends.chainer.ChainerBackend (priority: 10)
keyrings.gauth.GooglePythonAuth (priority: 9)

Setting a security token for poetry doesn't return any errors:

$ poetry config repositories.<private-repo> https://europe-python.pkg.dev/<gcp-project>/<private-repo>
$ poetry config http-basic.<private-repo> oauth2accesstoken $(gcloud auth print-identity-token)

But then

$ poetry add xxx==1.0.0
Source (<private-repo>): Authorization error accessing https://europe-python.pkg.dev/<gcp-project>/<private-repo>/simple/xxx/

Could not find a matching version of package xxx

I can work around it by installing the package with pip and adding it to pyproject.toml, but then when I try to upload the built package to the private repo, I get a blocking error:

$ poetry publish --build -r <private-repo>
There are 2 files ready for publishing. Build anyway? (yes/no) [no] yes
Building xxx (0.1.0)
  - Building sdist
  - Built xxx-0.1.0.tar.gz
  - Building wheel
  - Built xxx-0.1.0-py3-none-any.whl

Publishing xxx (0.1.0) to <private-repo>
 - Uploading xxx-0.1.0-py3-none-any.whl FAILED

HTTP Error 401: Unauthorized | b'The request does not have valid authentication credentials.\n'

Would appreciate any ideas here🙏

@iprotsyuk
Copy link

Eventually, I've figured this out: I was inadvertently using $(gcloud auth print-identity-token) instead of $(gcloud auth print-access-token)😭

@cpapad
Copy link

cpapad commented Feb 2, 2024

@iprotsyuk tried the exactly steps as you with $(gcloud auth print-access-token) but I can't make it work.
Locally I use gcloud application login e.t.c but I need to authenticate with the access token for CIs docker builds e.t.c.
Did you do anything else additional to:

$ poetry config repositories. https://europe-python.pkg.dev//
$ poetry config http-basic. oauth2accesstoken $(gcloud auth print-identity-token)

@zambadruzaman
Copy link

i got the same error, my account has admin permission to the GCP artifactory, but still got auth error:

HTTP Error 401: Unauthorized | b'The request does not have valid authentication credentials.\n'

anyone has a proper solution for this?

@bitnahian
Copy link

I spent half a day solving this issue when switching to installing poetry using pipx instead of with the installer script. I was using poetry self add in the past. The poetry self add approach no longer works if you've installed poetry using pipx. In order to use the gauth keyrings module, it must be injected using pipx into poetry like so:

# instead of poetry self add "keyrings.google-artifactregistry-auth==1.0.0"
pipx inject poetry keyrings.google-artifactregistry-auth

At which point, your poetry binaries will be able to find the gauth keyrings module.

GoogleCloudPlatform/artifact-registry-python-tools#17 (comment)

@pupseba
Copy link

pupseba commented Sep 26, 2024

Is there any way of using a service account? This would be usefull for cicd tooling where no gcloud account is available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working as expected status/triage This issue needs to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dimbleby @iprotsyuk @bitnahian @dubravaj @cpapad @pupseba @zambadruzaman