artifacts-keyring icon indicating copy to clipboard operation
artifacts-keyring copied to clipboard
verified publisher icon microsoft

Ask for minimal output. And update documentation.

Open Darsstar opened this issue 2 years ago • 4 comments

I implemented the --keyring-provider flag for Pip, after Pip was given the ability to query a keyring executable. https://pip.pypa.io/en/stable/topics/authentication/#using-keyring-as-a-command-line-application So I also wrote some documentation since it requires VssSessionToken to be used as the username component of the index url to work, which I currently only documented in github issues and our internal wiki.

Pip uses the entire output as the password. So currently when there is no PAT/JWT in the cache Pip will try a request with a password that starts with informative output stating which ADAL/MSAL provider is used. Requesting minimal output solves this.

~I'll have to rebase after #61 gets merged, but I just subscribed to it, so that shouldn't take long.~

Darsstar avatar Jul 12 '23 11:07 Darsstar

I rebased it now that #61 is merged.

Darsstar avatar Jul 12 '23 16:07 Darsstar

@embetten @JohnSchmeichel It has been over 6 months and you were involved in the only merged PRs on this repository. Is there some other route I should take to get improvements applied and released?

Darsstar avatar Jan 23 '24 15:01 Darsstar

@Darsstar While some of the refactoring here seems useful and we would consider, can you please split this to have the refactoring and the "minimal verbosity" implementations in different PRs. This would allow us to vet and test the changes more effectively and potentially get the verbosity change merged quicker.

Additionally, we should not hard code the verbosity to minimal, instead let the user pass it, and ensure this does not block the device code flow login.

embetten avatar Jan 23 '24 18:01 embetten

Additionally, we should not hard code the verbosity to minimal, instead let the user pass it, and ensure this does not block the device code flow login.

If you are going to insist on that I can make if configurable via environment variable I guess... But to me it seems the artifacts-credprovider repository should is a beter place to ensure this code block doesn't switch to Informational via a test. https://github.com/microsoft/artifacts-credprovider/blob/d6aba72dd317a31f9d041268919fd148a2be6155/CredentialProvider.Microsoft/CredentialProviders/Vsts/VstsCredentialProvider.cs#L113-L119

Want me to do that, make it configurable, both or neither?

Anyway, this PR now only contains the minimal output and documentation commits.

Darsstar avatar Jan 23 '24 20:01 Darsstar

Additionally, we should not hard code the verbosity to minimal, instead let the user pass it, and ensure this does not block the device code flow login.

If you are going to insist on that I can make if configurable via environment variable I guess... But to me it seems the artifacts-credprovider repository should is a beter place to ensure this code block doesn't switch to Informational via a test. https://github.com/microsoft/artifacts-credprovider/blob/d6aba72dd317a31f9d041268919fd148a2be6155/CredentialProvider.Microsoft/CredentialProviders/Vsts/VstsCredentialProvider.cs#L113-L119

Want me to do that, make it configurable, both or neither?

Anyway, this PR now only contains the minimal output and documentation commits.

Anyone want to either a) respond to the above? b) take a look at the competing PR https://github.com/microsoft/artifacts-keyring/pull/73?

Darsstar avatar May 30 '24 13:05 Darsstar

#73 works

Darsstar avatar Aug 01 '24 14:08 Darsstar