Description
Environment
- pip version: 20.1.1
- Python version: 3.8
- OS: Windows 10
- artifacts-keyring version: 0.2.9
Description
--extra-index-url option is treated slightly differently when specified in command line and when included in a requirements file. This prevents normal usage of artifacts-keyring on Windows.
requirements.txt:
--extra-index-url https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple
mypackage
(A) --extra-index-url in requirements.txt
python -m pip install -r requirements.txt
Looking in indexes: https://pypi.org/simple, https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple
User for microsoft.pkgs.visualstudio.com:
pip asks for username/password instead of retrieving credentials from keyring.
(B) --extra-index-url in command line
python -m pip install --extra-index-url https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple mypackage
Looking in indexes: https://pypi.org/simple, https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple
Collecting mypackage
...
Successfully installed mypackage-1.0.0
Expected behavior
Both of the commands above should produce the same result (installation of the package without pip prompting for credentials).
Preliminary analysis
The different behavior seems to be caused by not passing all index_urls to MultiDomainBasicAuth in the first case:
(A) --extra-index-url in requirements.txt
MultiDomainBasicAuth(index_urls=['https://pypi.org/simple'])
(B) --extra-index-url in command line
MultiDomainBasicAuth(index_urls=['https://pypi.org/simple', 'https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple'])
In case (A) this prevents MultiDomainBasicAuth._get_index_url() from retrieving the correct index_url for a given package url. Eventually, keyring is queried with "myorg.pkgs.visualstudio.com" instead of "https://myorg.pkgs.visualstudio.com/myproject/_packaging/myfeed/pypi/simple", which it doesn't support.