Stop when authentication fails for private repository

[joostmeulenbeld]

Issue Kind

Change in current behaviour

Description

We use a private PyPI server hosted on Gitlab, which requires authentication. If Gitlab's API token was expired or misconfigured, installing an already locked poetry project (also with poetry install -vvv) gives a misleading error: Unable to find installation candidates for <package-name> (0.1.2). This is misleading and drives people to search what is wrong with, for example, the lockfile. Instead of pointing to the direct cause (wrong credentials).

Interestingly, when running poetry install with no lockfile present, dependency resolution does fail with the log message: Source (gitlab): Authorization error accessing https://gitlab.com/api/v4/groups/<group>/-/packages/pypi/simple/<private-package>/, stopping with error message Because mwe-poetry depends on <private-package> (*) which doesn't match any versions, version solving failed.

A minimum working example for which this behavior shows:

[tool.poetry]
name = "mwe-poetry"
version = "1.0.0"
description = "MWE"
authors = ["Joost Meulenbeld"]
package-mode = false

[tool.poetry.dependencies]
python = "^3.10,<3.11"
<private-package> = {version="*", source="gitlab"}

[[tool.poetry.source]]
name = 'gitlab'
url = "https://gitlab.com/api/v4/groups/<group-name>/-/packages/pypi/simple"
priority = "explicit"

Authentication is configured using poetry config http-basic.gitlab <username>

Impact

In combination with the fact that the GNOME keyring is somewhat opaque, missing this error message often makes it hard to determine what is the source of an installation error (keyring is still locked, package (version) is not available or credentials are incorrect).

Workarounds

No

Version info

• poetry: 1.8.3
• python: 3.10.12
• Pop!OS 22.04