Published
Keyring backend for Google Auth tokens
pip install keyrings-google-artifactregistry-auth
Package Downloads
Authors
Project URLs
Requires Python
>=3.6
Dependencies
- google-auth
- keyring
- pluggy
- requests
- pytest
(!=3.7.3,>=3.5) ; extra == 'testing' - pytest-checkdocs
(>=1.2.3) ; extra == 'testing' - pytest-cov
; extra == 'testing' - pytest-flake8
; extra == 'testing' - pytest-black
(>=0.3.7) ; (platform_python_implementation != "PyPy") and extra == 'testing' - pytest-mypy
; (platform_python_implementation != "PyPy") and extra == 'testing' - tox
; extra == 'tox'
Artifact Registry tools for Python
This repository contains an alternate keyring backend implementation to help with interacting with Python repositories hosted on Artifact Registry.
Authentication
keyrings.google-artifactregistry-auth is a Python package which allows you to configure keyring to interact with Python repositories stored in Artifact Registry.
The backend automatically searches for credentials from the environment and authenticates to Artifact Registry. It looks for credentials in the following order:
- Google Application Default Credentials.
- From the
gcloudSDK. (i.e., the access token printed viagcloud config config-helper --format='value(credential.access_token)')- Hint: You can see which account is active with the command
gcloud config config-helper --format='value(configuration.properties.core.account)'
- Hint: You can see which account is active with the command
- If neither of them exist, an error occurs.
To use the keyring backend:
-
Log in
Option 1: log in as a service account:
(1). Using a JSON file that contains a service account key:
$ export GOOGLE_APPLICATION_CREDENTIALS=[path/to/key.json](2). Or using
gcloud:$ gcloud auth application-default loginOption 2: log in as an end user via
gcloud:$ gcloud auth login -
Configure twine (
.pypirc) and pip (pip.conf) tools to connect to the repository. Use the output from the following command:$ gcloud artifacts print-settings pythonIn your
.pypircfile add:[disutils] index-servers = REPOSITORY_ID [REPOSITORY_ID] repository = https://LOCATION-python.pkg.dev/PROJECT_ID/REPOSITORY_ID/In your
pip.conffile add:[global] extra-index-url = https://LOCATION-python.pkg.dev/PROJECT_ID/REPOSITORY_ID/simple/ -
Install the
keyrings.google-artifactregistry-authpackage$ pip install keyrings.google-artifactregistry-authList backends to confirm the installation.
$ keyring --list-backendsThe list should include
keyrings.gauth.GooglePythonAuth (priority: 9)keyring.backends.chainer.ChainerBackend (priority: -1)keyring.backends.fail.Keyring (priority: 0)
Usage with other tools
Usage with tox
The tox tool is a testing and automation tool.
Because the credential helper needs to be installed before any private
dependencies are installed, it needs to be bootstrapped into the tox
environment via a plugin.
To do this, specify the keyrings.google-artifactregistry-auth package via the
requires
requirement in your tox.ini file:
[tox]
envlist = py
requires = keyrings.google-artifactregistry-auth
[testenv]
deps = -r requirements.txt
You can then configure your requirement.txt file to use the Artifact Registry repo as
an extra index, and specify both public and private dependencies:
--extra-index-url https://[REGION]-python.pkg.dev/[PROJECT_ID]/[REPOSITORY]/simple
# samplepackage will be installed directly from PyPI
samplepackage
# mypackage will be installed from the Artifact Registry repository
mypackage