Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to install packages from Azure DevOps private repo, 401 unauthorized

See original GitHub issue

I am trying to install from an Azure DevOps Artifacts Python feed. I can publish to the feed if I use the following:

poetry publish \
  --repository 'azure' \
  --username 'orgname' \
  --password "$(cat ~/azdo_pat.txt)" \
  --build

Which I set up by doing:

poetry config \
  --local \
  repostiory.azure \
  https://pkgs.dev.azure.com/${ORG_NAME}/${PROJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/

So then my poetry.toml has:

[repositories]
[repositories.azure]
url = "https://pkgs.dev.azure.com/${ORG_NAME}/${PROJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/"

My pyproject.toml has this section added to it.

[[tool.poetry.source]]
name = "azure"
url = "https://pkgs.dev.azure.com/${ORG_NAME}/${ROFJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/"
secondary = true

Now, when ever I attempt to do anything with a package, I get 401 unauthorized errors. I had issues before with publishing to the feed when configuring the http-basic.azure before.

poetry add azdo                                                                                           2 ↵

RepositoryError

401 Client Error:  for url: https://pkgs.dev.azure.com/${ORG_NAME}/${PROJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/azdo/

at ~/.poetry/lib/poetry/repositories/legacy_repository.py:393 in _get
389│             if response.status_code == 404:
390│                 return
391│             response.raise_for_status()
392│         except requests.HTTPError as e:
→ 393│             raise RepositoryError(e)
394│
395│         if response.status_code in (401, 403):
396│             self._log(
397│                 "Authorization error accessing {url}".format(url=url), level="warn"

What do I need to do to make the add or install portion work now?

My pyproject.toml

[tool.poetry]
name = "developer.dudley.terraform_stuff"
version = "0.1.0"
description = "Python Tasks for the project"
authors = ["Phillip Dudley <Predatorian3@gmail.com>"]
license = "MIT"

[[tool.poetry.source]]
name = "azure"
url = "https://pkgs.dev.azure.com/${ORG_NAME}/${ROFJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/"
secondary = true

[tool.poetry.dependencies]
python = "^3.8"
invoke = "^1.4.1"

[tool.poetry.dev-dependencies]
keyring = "^21.5.0"
artifacts-keyring = "^0.2.10"

[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

Poetry Version

poetry -V
Poetry version 1.1.4

Issue Analytics

State:
Created 3 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

10reactions

martinVyoocommented, Nov 26, 2020

It worked by configuring poetry with poetry config repositories.<repository name> <repository url> and poetry config http-basic.<repository name> user pass, In this case, the user is my username before the @ (for example, if your username on Azure artifacts is john@doe.com, then the username to put is john), and the password is the generated PAT token

Looks like poetry is not using keyring correctly for authentication, or artifacts-keyring is not compatible in some way

2reactions

Darsstarcommented, Jun 3, 2021

I created a new PR that could solve this issue, it doesn’t any new caching since the Authenticator does that already.

Plus I want to mention a different potential workaround: creating a keyring poetry bridge keyring implementation. A new keyring backend that detects poetry lookups and then retrieves the repo url and do a recursive pip style keyring lookup based on the full url and netloc. I have not created that, so I can’t say with complete confidence it will work because I don’t know recursive keyring lookups are supported or not.

I should probably mention the azure-devops-artifacts-helpers package as well for people finding this issue while trying to figure out how to use artifacts-keyring with poetry or pipenv since it provides a virtualenv seeder that installs artifacts-keyring in new virtualenv since I came across it very late during my own googling. For pipenv that package would help a lot, for poetry not as much.