PyPI - keyrings.codeartifact - Versions diffs - 2.0.0__tar.gz → 2.1.0__tar.gz - Mend

keyrings.codeartifact 2.0.0tar.gz → 2.1.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

keyrings_codeartifact-2.1.0/.github/dependabot.yml ADDED Viewed

@@ -0,0 +1,11 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

keyrings_codeartifact-2.1.0/.github/workflows/release.yml ADDED Viewed

@@ -0,0 +1,93 @@
+# .github/workflows/release.yml
+name: 📦 Release 'keyrings.codeartifact' package.
+on: push
+jobs:
+  build:
+    name: 📦 Build package.
+    runs-on: ubuntu-latest
+    steps:
+    - name: 🛒 Checkout repository source code.
+      uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+        fetch-depth: 0
+    - name: ✨ Setup Python 3.x environment.
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.x"
+        cache: 'pip'
+    - name: 🔬 Execute all unit tests.
+      run: |
+        python3 -m pip install .[testing]
+        python3 -m pytest
+    - name: 🛠️ Build package and source distribution.
+      run: |
+        python3 -m pip install --user build
+        python3 -m build
+    - name: 💾 Store the built package distributions.
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+  publish-to-testpypi:
+    name: 🚀 Publish distributions to test PyPI index.
+    runs-on: ubuntu-latest
+    needs:
+    - build
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/keyrings.codeartifact
+    permissions:
+      # IMPORTANT: mandatory for trusted publishing
+      id-token: write
+    steps:
+    - name: 📥 Download the built package distributions.
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: 🚀 Publish distributions to TestPyPI.
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        repository-url: https://test.pypi.org/legacy/
+        skip-existing: true
+  publish-to-pypi:
+    name: 🚀 Publish distributions to main PyPI index.
+    if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes
+    runs-on: ubuntu-latest
+    needs:
+    - build
+    environment:
+      name: pypi
+      url: https://pypi.org/p/keyrings.codeartifact
+    permissions:
+      # IMPORTANT: mandatory for trusted publishing
+      id-token: write
+    steps:
+    - name: 📥 Download the built package distributions.
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: 🚀 Publish package to main PyPI index.
+      uses: pypa/gh-action-pypi-publish@release/v1

{keyrings_codeartifact-2.0.0/keyrings.codeartifact.egg-info → keyrings_codeartifact-2.1.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: keyrings.codeartifact
-Version: 2.0.0
+Version: 2.1.0
 Summary: Automatically retrieve credentials for AWS CodeArtifact.
 Author-email: "Joshua M. Keyes" <joshua.michael.keyes@gmail.com>
 License: MIT License
@@ -45,6 +45,7 @@ Requires-Dist: black; extra == "devel"
 Provides-Extra: testing
 Requires-Dist: pytest>=6; extra == "testing"
 Requires-Dist: pytest-cov; extra == "testing"
+Dynamic: license-file
 AWS CodeArtifact Keyring Backend
 ================================
@@ -103,7 +104,6 @@ profile_name=default
 # Use the following access keys.
 aws_access_key_id=xxxxxxxxx
 aws_secret_access_key=xxxxxxxxx
 ```
 ### Multiple Section Configuration (EXPERIMENTAL)

{keyrings_codeartifact-2.0.0 → keyrings_codeartifact-2.1.0}/README.md RENAMED Viewed

@@ -55,7 +55,6 @@ profile_name=default
 # Use the following access keys.
 aws_access_key_id=xxxxxxxxx
 aws_secret_access_key=xxxxxxxxx
 ```
 ### Multiple Section Configuration (EXPERIMENTAL)

{keyrings_codeartifact-2.0.0 → keyrings_codeartifact-2.1.0}/keyrings/codeartifact.py RENAMED Viewed

@@ -1,9 +1,11 @@
 # codeartifact.py -- keyring backend
 import re
-import boto3
 import logging
+import boto3
+import boto3.session
 from datetime import datetime
 from urllib.parse import urlparse
@@ -45,7 +47,8 @@ class CodeArtifactKeyringConfig:
         config_parser.default_section = self.DEFAULT_SECTION
         # Load the configuration file.
-        config_parser.read(config_file)
+        if not config_parser.read(config_file):
+            logging.warning(f"{config_file} does not exist!")
         # Collect the defaults before we go further.
         self.defaults = config_parser.defaults()
@@ -103,19 +106,37 @@ class CodeArtifactKeyringConfig:
         return self.config.get(found_key)
+def make_codeartifact_client(options):
+    # Build a session with the provided options.
+    session = boto3.session.Session(
+        # NOTE: Only the session accepts 'profile_name'.
+        profile_name=options.pop("profile_name", None),
+        region_name=options.get("region_name"),
+    )
+    # Create a client for this new session.
+    return session.client("codeartifact", **options)
 class CodeArtifactBackend(backend.KeyringBackend):
     HOST_REGEX = r"^(.+)-(\d{12})\.d\.codeartifact\.([^\.]+)\.amazonaws\.com$"
     PATH_REGEX = r"^/pypi/([^/]+)/?"
     priority = 9.9
-    def __init__(self, config_file=None):
+    def __init__(self, /, config=None, make_client=make_codeartifact_client):
         super().__init__()
-        if not config_file:
+        if config:
+            # Use the provided configuration.
+            self.config = config
+        else:
+            # Use the global configuration file.
             config_file = config_root() / "keyringrc.cfg"
+            self.config = CodeArtifactKeyringConfig(config_file)
-        self.config = CodeArtifactKeyringConfig(config_file)
+        # Use our default built-in CodeArtifact client producer.
+        self.make_client = make_client
     def get_credential(self, service, username):
         authorization_token = self.get_password(service, username)
@@ -134,7 +155,7 @@ class CodeArtifactBackend(backend.KeyringBackend):
         # If it didn't match the regex, it doesn't apply to us.
         if not host_match:
-            logging.warning("Not an AWS CodeArtifact repository URL!")
+            logging.warning(f"Not an AWS CodeArtifact repository URL: {service}")
             return
         # Extract the domain, account and region for this repository.
@@ -148,7 +169,7 @@ class CodeArtifactBackend(backend.KeyringBackend):
         repository_name = path_match.group(1)
-        # Load our configuration file.
+        # Lookup configuration options.
         config = self.config.lookup(
             domain=domain,
             account=account,
@@ -156,16 +177,43 @@ class CodeArtifactBackend(backend.KeyringBackend):
             name=repository_name,
         )
-        # Create session with any supplied configuration.
-        session = boto3.Session(
-            region_name=region,
-            profile_name=config.get("profile_name"),
-            aws_access_key_id=config.get("aws_access_key_id"),
-            aws_secret_access_key=config.get("aws_secret_access_key"),
-        )
+        # Options for the client callback.
+        options = {
+            # Pass in the region name.
+            "region_name": region,
+        }
+        # Extract any AWS profile name we should use.
+        profile_name = config.get("profile_name")
+        if profile_name:
+            options.update({"profile_name": profile_name})
+        # Provide option to disable SSL/TLS verification.
+        verify = config.get("verify")
+        if verify:
+            if verify.lower() in {"1", "yes", "on", "true"}:
+                # Enable SSL/TLS verification explicitly.
+                options.update({"verify": True})
+            elif verify.lower() in {"0", "no", "off", "false"}:
+                # Disable SSL/TLS verification entirely.
+                options.update({"verify": False})
+            else:
+                # The SSL/TLS certificate to verify against.
+                options.update({"verify": verify.strip('"')})
+        # If static access/secret keys were provided, use them.
+        aws_access_key_id = config.get("aws_access_key_id")
+        aws_secret_access_key = config.get("aws_secret_access_key")
+        if aws_access_key_id and aws_secret_access_key:
+            options.update(
+                {
+                    "aws_access_key_id": aws_access_key_id,
+                    "aws_secret_access_key": aws_secret_access_key,
+                }
+            )
-        # Create a CodeArtifact client for this repository's region.
-        client = session.client("codeartifact", region_name=region)
+        # Generate a CodeArtifact client using the callback.
+        client = self.make_client(options)
         # Authorization tokens should be good for an hour by default.
         token_duration = int(config.get("token_duration", 3600))

{keyrings_codeartifact-2.0.0 → keyrings_codeartifact-2.1.0/keyrings.codeartifact.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: keyrings.codeartifact
-Version: 2.0.0
+Version: 2.1.0
 Summary: Automatically retrieve credentials for AWS CodeArtifact.
 Author-email: "Joshua M. Keyes" <joshua.michael.keyes@gmail.com>
 License: MIT License
@@ -45,6 +45,7 @@ Requires-Dist: black; extra == "devel"
 Provides-Extra: testing
 Requires-Dist: pytest>=6; extra == "testing"
 Requires-Dist: pytest-cov; extra == "testing"
+Dynamic: license-file
 AWS CodeArtifact Keyring Backend
 ================================
@@ -103,7 +104,6 @@ profile_name=default
 # Use the following access keys.
 aws_access_key_id=xxxxxxxxx
 aws_secret_access_key=xxxxxxxxx
 ```
 ### Multiple Section Configuration (EXPERIMENTAL)

{keyrings_codeartifact-2.0.0 → keyrings_codeartifact-2.1.0}/keyrings.codeartifact.egg-info/SOURCES.txt RENAMED Viewed

@@ -5,6 +5,7 @@ pyproject.toml
 requirements-dev.txt
 requirements-test.txt
 requirements.txt
+.github/dependabot.yml
 .github/workflows/release.yml
 keyrings/__init__.py
 keyrings/codeartifact.py

{keyrings_codeartifact-2.0.0 → keyrings_codeartifact-2.1.0}/tests/config/multiple_sections_with_default.cfg RENAMED Viewed

@@ -8,7 +8,7 @@ token_duration = 1800
 [codeartifact account="000000000000"]
 token_duration = 600 # Much secure.
 aws_access_key_id = not_access_key
-aws_secret_key_id = not_secret_key
+aws_secret_access_key = not_secret_key
 # A section specific to a domain.
 [codeartifact domain="specific"]

keyrings_codeartifact-2.1.0/tests/config/single_section.cfg ADDED Viewed

@@ -0,0 +1,5 @@
+[codeartifact]
+token_duration = 1800
+profile_name = default_profile
+aws_access_key_id = default_access_key_id
+aws_secret_access_key = default_access_secret_key

keyrings_codeartifact-2.1.0/tests/test_backend.py ADDED Viewed

@@ -0,0 +1,225 @@
+# test_backend.py -- backend tests
+import pytest
+import os
+import boto3
+import botocore.stub
+import keyring
+from io import StringIO
+from pathlib import Path
+from urllib.parse import urlunparse
+from datetime import datetime, timedelta
+from contextlib import contextmanager
+from tempfile import NamedTemporaryFile
+from keyrings.codeartifact import CodeArtifactBackend, CodeArtifactKeyringConfig
+REGION_NAME = "ca-central-1"
+CONFIG_DIR = Path(__file__).parent / "config"
+def current_time():
+    # Compute time zone information to calculate offset.
+    tzinfo = datetime.now().astimezone().tzinfo
+    return datetime.now(tz=tzinfo)
+def codeartifact_url(domain, owner, region, path):
+    netloc = f"{domain}-{owner}.d.codeartifact.{region}.amazonaws.com"
+    return urlunparse(("https", netloc, path, "", "", ""))
+def codeartifact_pypi_url(domain, owner, region, name):
+    return codeartifact_url(domain, owner, region, f"/pypi/{name}/")
+@contextmanager
+def config_from_string(content: str):
+    """
+    Generates a temporary configuration file from a string.
+    """
+    with NamedTemporaryFile(mode="w+") as cfg:
+        cfg.write(content)
+        cfg.flush()
+        yield cfg
+@pytest.fixture
+def default_backend():
+    backend = CodeArtifactBackend()
+    original = keyring.get_keyring()
+    keyring.set_keyring(backend)
+    yield backend
+    keyring.set_keyring(original)
+def test_set_password_raises(default_backend):
+    with pytest.raises(NotImplementedError):
+        keyring.set_password("service", "username", "password")
+def test_delete_password_raises(default_backend):
+    with pytest.raises(NotImplementedError):
+        keyring.delete_password("service", "username")
+@pytest.mark.parametrize(
+    "service",
+    [
+        "https://example.com/",
+        "https://unknown.amazonaws.com/",
+        codeartifact_url("domain", "owner", "region", "/maven/repo/"),
+    ],
+)
+def test_get_credential_unsupported_host(default_backend, service):
+    assert not keyring.get_credential(service, None)
+@pytest.mark.parametrize(
+    "service",
+    [
+        codeartifact_url("domain", "000000000000", "region", "/pkg"),
+        codeartifact_url("domain", "000000000000", "region", "/pypi/"),
+        codeartifact_url("domain", "000000000000", "region", "/pkg/simple/"),
+    ],
+)
+def test_get_credential_invalid_path(default_backend, service):
+    assert not keyring.get_credential(service, None)
+def test_get_credential_supported_host():
+    def make_client(options):
+        session = boto3.session.Session(
+            profile_name=options.pop("profile_name", None),
+            region_name=options.get("region_name"),
+        )
+        client = session.client("codeartifact", **options)
+        stubber = botocore.stub.Stubber(client)
+        parameters = {
+            "domain": "domain",
+            "domainOwner": "000000000000",
+            "durationSeconds": 3600,
+        }
+        # The response we expect from the API.
+        response = {
+            "authorizationToken": "TOKEN",
+            # Compute the expiration based on the current timestamp.
+            "expiration": current_time() + timedelta(seconds=3600),
+        }
+        stubber.add_response("get_authorization_token", response, parameters)
+        stubber.activate()
+        return client
+    config = CodeArtifactKeyringConfig(config_file=StringIO())
+    backend = CodeArtifactBackend(config=config, make_client=make_client)
+    url = codeartifact_pypi_url("domain", "000000000000", "region", "name")
+    credentials = backend.get_credential(url, None)
+    assert credentials.username == "aws"
+    assert credentials.password == "TOKEN"
+@pytest.mark.parametrize(
+    ("configuration", "assertions"),
+    [
+        # The effective default options.
+        (
+            """
+            # Empty configuration file.
+            """,
+            {
+                "region_name": "region",
+                "profile_name": None,
+                "aws_access_key_id": None,
+                "aws_secret_access_key": None,
+            },
+        ),
+        # Overriding profile and providing access/secret keys.
+        (
+            """
+            [codeartifact]
+            profile_name = PROFILE-NAME
+            aws_access_key_id = ACCESS-KEY-ID
+            aws_secret_access_key = SECRET-ACCESS-KEY
+            """,
+            {
+                "profile_name": "PROFILE-NAME",
+                "aws_access_key_id": "ACCESS-KEY-ID",
+                "aws_secret_access_key": "SECRET-ACCESS-KEY",
+            },
+        ),
+        # Only accepting both access/secret keys together.
+        (
+            """
+            [codeartifact]
+            aws_access_key_id = ACCESS-KEY-ID
+            """,
+            {
+                "aws_access_key_id": None,
+                "aws_secret_access_key": None,
+            },
+        ),
+        # Overriding profile name in multi-block configuration.
+        (
+            """
+            [codeartifact]
+            profile_name = DEFAULT-PROFILE
+            [codeartifact name="name"]
+            profile_name = PROFILE-OVERRIDDEN
+            """,
+            {
+                "profile_name": "PROFILE-OVERRIDDEN",
+            },
+        ),
+        # Turning off SSL verification by default.
+        (
+            """
+            [codeartifact]
+            verify = off
+            """,
+            {
+                "verify": False,
+            },
+        ),
+        # Turning on SSL verification using a custom certificate.
+        (
+            """
+            [codeartifact]
+            verify = ./path/to/certificate.pem
+            """,
+            {
+                "verify": "./path/to/certificate.pem",
+            },
+        ),
+    ],
+)
+def test_backend_default_options(configuration, assertions):
+    class DummyClient:
+        def get_authorization_token(self, *args, **kwargs):
+            return {}
+    def make_client(options):
+        # Assert that we received specific options.
+        for key, value in assertions.items():
+            assert value == options.get(key)
+        # Ignore the rest.
+        return DummyClient()
+    with config_from_string(configuration) as config_file:
+        config = CodeArtifactKeyringConfig(config_file=config_file.name)
+        backend = CodeArtifactBackend(config=config, make_client=make_client)
+        url = codeartifact_pypi_url("domain", "000000000000", "region", "name")
+        credentials = backend.get_credential(url, None)

{keyrings_codeartifact-2.0.0 → keyrings_codeartifact-2.1.0}/tests/test_config.py RENAMED Viewed

@@ -34,8 +34,8 @@ def test_parse_single_section_only(config_file, parameters):
     assert values.get("token_duration") == "1800"
     assert values.get("profile_name") == "default_profile"
-    assert values.get("aws_access_key_id") == "default_access_key"
-    assert values.get("aws_secret_key_id") == "default_secret_key"
+    assert values.get("aws_access_key_id") == "default_access_key_id"
+    assert values.get("aws_secret_access_key") == "default_access_secret_key"
 @pytest.mark.parametrize(
@@ -68,7 +68,7 @@ def test_bogus_config_returns_empty_configuration(config_data):
             {
                 "token_duration": "600",
                 "aws_access_key_id": "not_access_key",
-                "aws_secret_key_id": "not_secret_key",
+                "aws_secret_access_key": "not_secret_key",
             },
         ),
         (

keyrings_codeartifact-2.0.0/.github/workflows/release.yml DELETED Viewed

@@ -1,47 +0,0 @@
-# .github/workflows/release.yml
-name: 📦 Release 'keyrings.codeartifact' package.
-on: push
-jobs:
-  release:
-    name: 📦 Build and publish package.
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-    steps:
-    - name: 🛒 Checkout repository source code.
-      uses: actions/checkout@v4
-      with:
-        # Always fetch the full repository.
-        fetch-depth: 0
-    - name: ✨ Setup Python 3.x environment.
-      uses: actions/setup-python@v5
-      with:
-        python-version: "3.x"
-        cache: 'pip'
-    - name: 🔬 Execute all unit tests.
-      run: |
-        python3 -m pip install .[testing]
-        python3 -m pytest
-    - name: 🛠️ Build package and source distribution.
-      run: |
-        python3 -m pip install --user build
-        python3 -m build --sdist --wheel --outdir dist/
-    - name: 🚀 Publish package to test PyPI index.
-      uses: pypa/gh-action-pypi-publish@release/v1.8
-      with:
-        repository-url: https://test.pypi.org/legacy/
-        skip-existing: true
-    - name: 🚀 Publish package to main PyPI index.
-      uses: pypa/gh-action-pypi-publish@release/v1.8
-      if: startsWith(github.ref, 'refs/tags')

keyrings_codeartifact-2.0.0/tests/config/single_section.cfg DELETED Viewed

@@ -1,5 +0,0 @@
-[codeartifact]
-token_duration = 1800
-profile_name = default_profile
-aws_access_key_id = default_access_key
-aws_secret_key_id = default_secret_key

keyrings_codeartifact-2.0.0/tests/test_backend.py DELETED Viewed

@@ -1,96 +0,0 @@
-# test_backend.py -- backend tests
-import pytest
-import keyring
-from io import StringIO
-from urllib.parse import urlunparse
-from botocore.client import BaseClient
-from datetime import datetime, timedelta
-from keyrings.codeartifact import CodeArtifactBackend
-@pytest.fixture
-def backend():
-    # Find the system-wide keyring.
-    original = keyring.get_keyring()
-    # Use our keyring backend with an empty configuration.
-    backend = CodeArtifactBackend(config_file=StringIO())
-    keyring.set_keyring(backend)
-    yield backend
-    keyring.set_keyring(original)
-def codeartifact_url(domain, owner, region, path):
-    netloc = f"{domain}-{owner}.d.codeartifact.{region}.amazonaws.com"
-    return urlunparse(("https", netloc, path, "", "", ""))
-def codeartifact_pypi_url(domain, owner, region, name):
-    return codeartifact_url(domain, owner, region, f"/pypi/{name}/")
-def test_set_password_raises(backend):
-    with pytest.raises(NotImplementedError):
-        keyring.set_password("service", "username", "password")
-def test_delete_password_raises(backend):
-    with pytest.raises(NotImplementedError):
-        keyring.delete_password("service", "username")
-@pytest.mark.parametrize(
-    "service",
-    [
-        "https://example.com/",
-        "https://unknown.amazonaws.com/",
-        codeartifact_url("domain", "owner", "region", "/maven/repo/"),
-    ],
-)
-def test_get_credential_unsupported_host(backend, service):
-    assert not keyring.get_credential(service, None)
-@pytest.mark.parametrize(
-    "service",
-    [
-        codeartifact_url("domain", "000000000000", "region", "/pkg"),
-        codeartifact_url("domain", "000000000000", "region", "/pypi/"),
-        codeartifact_url("domain", "000000000000", "region", "/pkg/simple/"),
-    ],
-)
-def test_get_credential_invalid_path(backend, service):
-    assert not keyring.get_credential(service, None)
-def test_get_credential_supported_host(backend, monkeypatch):
-    def _make_api_call(client, *args, **kwargs):
-        # We should only ever call GetAuthorizationToken
-        assert args[0] == "GetAuthorizationToken"
-        # We should only ever supply these parameters.
-        assert args[1]["domain"] == "domain"
-        assert args[1]["domainOwner"] == "000000000000"
-        assert args[1]["durationSeconds"] == 3600
-        tzinfo = datetime.now().astimezone().tzinfo
-        current_time = datetime.now(tz=tzinfo)
-        # Compute the expiration based on the current timestamp.
-        expiration = timedelta(seconds=args[1]["durationSeconds"])
-        return {
-            "authorizationToken": "TOKEN",
-            "expiration": current_time + expiration,
-        }
-    monkeypatch.setattr(BaseClient, "_make_api_call", _make_api_call)
-    url = codeartifact_pypi_url("domain", "000000000000", "region", "name")
-    credentials = backend.get_credential(url, None)
-    assert credentials.username == "aws"
-    assert credentials.password == "TOKEN"