Cannot download packages from private PyPi repository using HTTP basic auth with Poetry 1.1.0 + old v1.0.x PypiCloud w/ default settings #3041
Description
- I am on the latest Poetry version.
- I have searched the issues of this repo and believe that this is not a duplicate.
- If an exception occurs when executing a command, I executed it again in debug mode (
-vvvoption).
- OS version and name: Fedora 32
- Poetry version: Poetry 1.1.0
- Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/MasterNayru/0014ec89ae05d8f7651d18d8a107ec90
Issue
We have been using Poetry to pull down packages from a private PyPi repository and everything has been working fine until Poetry 1.1.0. We are configuring poetry to talk to our private PyPi installation by HTTP basic auth, and that auth works perfectly fine to resolve which versions of a package to install. The problem seems to be that that same auth is then used in the requests to download wheels from PyPi, which causes the following error to occur:
$ poetry config http-basic.myprivaterepo <username> <password>
$ poetry update -vvv
<snip>
2 ~/.pyenv/versions/3.8.5/lib/python3.8/site-packages/poetry/repositories/pypi_repository.py:454 in _download
452│
453│ def _download(self, url, dest): # type: (str, str) -> None
→ 454│ return download_file(url, dest, session=self.session)
455│
456│ def _log(self, msg, level="info"):
1 ~/.pyenv/versions/3.8.5/lib/python3.8/site-packages/poetry/utils/helpers.py:98 in download_file
96│
97│ with get(url, stream=True) as response:
→ 98│ response.raise_for_status()
99│
100│ with open(dest, "wb") as f:
HTTPError
400 Client Error: Bad Request for url: https://deckard-pip.s3.amazonaws.com/1234/my_broken_dependency/my_broken_dependency-0.1.3-py3-none-any.whl?AWSAccessKeyId=<key>&Signature=kz30gf304b%2F%2F93pQeUSPrto5MiE%3D&x-amz-security-token=<token>&Expires=1601690152
at ~/.pyenv/versions/3.8.5/lib/python3.8/site-packages/requests/models.py:941 in raise_for_status
937│ elif 500 <= self.status_code < 600:
938│ http_error_msg = u'%s Server Error: %s for url: %s' % (self.status_code, reason, self.url)
939│
940│ if http_error_msg:
→ 941│ raise HTTPError(http_error_msg, response=self)
942│
943│ def close(self):
944│
945│ called the underlying ``raw`` object must not be accessed again.
If I change the following lines in the poetry code:
2 ~/.pyenv/versions/3.8.5/lib/python3.8/site-packages/poetry/repositories/pypi_repository.py:454 in _download
453│ def _download(self, url, dest): # type: (str, str) -> None
→ 454│ return download_file(url, dest, session=self.session)
changes to:
2 ~/.pyenv/versions/3.8.5/lib/python3.8/site-packages/poetry/repositories/pypi_repository.py:454 in _download
453│ def _download(self, url, dest): # type: (str, str) -> None
→ 454│ return download_file(url, dest)
and re-run, everything works:
$ poetry update
Skipping virtualenv creation, as specified in config file.
Updating dependencies
Resolving dependencies... (41.8s)
No dependencies to install or update
It seems like the auth is needed to talk to the API for package version resolution but causes issues when it is also used for package downloads. If it makes any difference, I am using pypicloud as the backend for my private PyPi installation.
I am trying to be as brief as possible with my output as possible without dumping any keys or stuff like that. Please let me know if you need any more information or suggestions on what I should be changing in my configuration to get my stuff working again.