Unable to install packages from Azure DevOps private repo, 401 unauthorized

I am trying to install from an Azure DevOps Artifacts Python feed. I can publish to the feed if I use the following:

poetry publish \
  --repository 'azure' \
  --username 'orgname' \
  --password "$(cat ~/azdo_pat.txt)" \
  --build

Which I set up by doing:

poetry config \
  --local \
  repostiory.azure \
  https://pkgs.dev.azure.com/${ORG_NAME}/${PROJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/

So then my poetry.toml has:

[repositories]
[repositories.azure]
url = "https://pkgs.dev.azure.com/${ORG_NAME}/${PROJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/"

My pyproject.toml has this section added to it.

[[tool.poetry.source]]
name = "azure"
url = "https://pkgs.dev.azure.com/${ORG_NAME}/${ROFJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/"
secondary = true

Now, when ever I attempt to do anything with a package, I get 401 unauthorized errors. I had issues before with publishing to the feed when configuring the http-basic.azure before.

poetry add azdo                                                                                           2 ↵

RepositoryError

401 Client Error:  for url: https://pkgs.dev.azure.com/${ORG_NAME}/${PROJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/azdo/

at ~/.poetry/lib/poetry/repositories/legacy_repository.py:393 in _get
389│             if response.status_code == 404:
390│                 return
391│             response.raise_for_status()
392│         except requests.HTTPError as e:
→ 393│             raise RepositoryError(e)
394│
395│         if response.status_code in (401, 403):
396│             self._log(
397│                 "Authorization error accessing {url}".format(url=url), level="warn"

What do I need to do to make the add or install portion work now?

My pyproject.toml

[tool.poetry]
name = "developer.dudley.terraform_stuff"
version = "0.1.0"
description = "Python Tasks for the project"
authors = ["Phillip Dudley <Predatorian3@gmail.com>"]
license = "MIT"

[[tool.poetry.source]]
name = "azure"
url = "https://pkgs.dev.azure.com/${ORG_NAME}/${ROFJECT_NAME}/_packaging/python-azure-artifacts/pypi/simple/"
secondary = true

[tool.poetry.dependencies]
python = "^3.8"
invoke = "^1.4.1"

[tool.poetry.dev-dependencies]
keyring = "^21.5.0"
artifacts-keyring = "^0.2.10"

[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

Poetry Version

poetry -V
Poetry version 1.1.4

Issue Analytics

State:
Created 3 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

10reactions

martinVyoocommented, Nov 26, 2020

It worked by configuring poetry with poetry config repositories.<repository name> <repository url> and poetry config http-basic.<repository name> user pass, In this case, the user is my username before the @ (for example, if your username on Azure artifacts is john@doe.com, then the username to put is john), and the password is the generated PAT token

Looks like poetry is not using keyring correctly for authentication, or artifacts-keyring is not compatible in some way

2reactions

Darsstarcommented, Jun 3, 2021

I created a new PR that could solve this issue, it doesn’t any new caching since the Authenticator does that already.

Plus I want to mention a different potential workaround: creating a keyring poetry bridge keyring implementation. A new keyring backend that detects poetry lookups and then retrieves the repo url and do a recursive pip style keyring lookup based on the full url and netloc. I have not created that, so I can’t say with complete confidence it will work because I don’t know recursive keyring lookups are supported or not.

I should probably mention the azure-devops-artifacts-helpers package as well for people finding this issue while trying to figure out how to use artifacts-keyring with poetry or pipenv since it provides a virtualenv seeder that installs artifacts-keyring in new virtualenv since I came across it very late during my own googling. For pipenv that package would help a lot, for poetry not as much.