Skip to content

Poetry export fails to export credentials into requirements file #591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
michalszelagsonos opened this issue Mar 2, 2021 · 2 comments
Closed

Poetry export fails to export credentials into requirements file #591

michalszelagsonos opened this issue Mar 2, 2021 · 2 comments

Comments

@michalszelagsonos
Copy link

michalszelagsonos commented Mar 2, 2021
edited
Loading

Using currently latest version 5.1. I am using poetry support to package lambda and running into a problem with the requirements file being generated from pyproject.toml. My file looks as follows, note the repository entry which is a private, authenticated PyPi server that hosts mypackage:

[tool.poetry]
name = "myproject"
version = "0.1.0"
description = "My package"
authors = ["Foo <[email protected]>"]

packages = [
    { include = "bar" }
]

[tool.poetry.dependencies]
python = "^3.6"
boto3 = "^1.17.12"
PyGithub = "^1.54.1"
mypackage = "0.1.0.dev1"

[[tool.poetry.source]]
name = "privatepypi"
url = "https://artifactory.bar.com/artifactory/api/pypi/local-pypi/simple"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

To configure authentication for the private PyPi, run the following commands:

poetry config repositories.privatepypi https://artifactory.bar.com/artifactory/api/pypi/local-pypi/simple
poetry config http-basic.privatepypi donald.duck hasBadAttitude

When I run advertised poetry export command manually, generated requirements.txt file has the correct --extra-index-url option set at the top. This proves tha my config is correct and poetry is behaving properly:

$ poetry export --without-hashes -f requirements.txt -o requirements.txt --with-credentials
$ cat requirements.txt 
--extra-index-url https://donald.duck:[email protected]/artifactory/api/pypi/local-pypi/simple
...

The problem is, when I run serverless package command, the credentials are missing and packaging fails since my private package is not accessible without proper authentication. All I get is:

--extra-index-url https://artifactory.bar.com/artifactory/api/pypi/local-pypi/simple

Setting additional options for pip in my serverless file does not work since the option in the file overrides this. Not sure if this is on purpose to strip creds for security reasons or a bug. If this is a bug, this is a blocker for authenticated, private repositories. If this is on purpose, please expose a configuration setting to allow including credentials.
@LironEr
Copy link

LironEr commented Mar 8, 2021

This is likely caused by an issue with the poetry export command in the current released version not using the --with-credentials parameter when it generates your requirements.txt file from the pyproject.toml file. This is fixed in master but since there hasn't been a release since February you likely aren't running with this update. You have a few options to resolve your issue.
Options:

  1. change to reference GitHub when you install serverless-python-requirements in your package.json
  2. generate the requirements.txt file yourself before running serverless and change your serverless config so usePoetry = false. The command to generate the requirements file is poetry export -f requirements.txt -o requirements.txt --without-hashes --with-credentials.

#563 (comment)

@michalszelagsonos
Copy link
Author

Confirmed that this is fixed on master. I installed using commit ab1bbbc3 and the plugin behaves correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LironEr @michalszelagsonos