Skip to main content

A Github-based access backend for pypicloud.

Project description

pypicloud-access-github

ci-badge version-badge

This package provides a Github-based authentication backend for pypicloud.

The package binds the PyPICloud instance to a GitHub Organization, and uses GitHub users, teams, and permissions to provide authentication and access control.

Usage

Installation

You can install the package directly from pypi, alongside your pypicloud installation.

poetry add outcome-pypicloud-access-github

Or, if you want to use memcache for caching.

poetry add outcome-pypicloud-access-github[memcache]

Configuration

You need to configure PyPICloud to use the auth backend, in the server.ini:

pypi.auth = outcome.pypicloud_access_github.Poetry

auth.otc.github.organization = <INSERT YOUR ORGANIZATION NAME HERE>
auth.otc.github.token = <INSERT YOUR TOKEN HERE>

You can see a sample here.

Caching

Retrieving the authentication information from GitHub can be a relatively slow process, depending on the size of your organization. The plugin implements an internal TTL cache using dogpile.cache to avoid hitting GitHub on each request.

By default the cache backend is an in-memory cache, that is not shared across threads or processes. You can configure the cache to use a memcache instance that will be shared amongst threads/processes.

auth.otc.github.cache.backend = memory  # Use the memory backend
auth.otc.github.cache.expiration = 300  # Expire the cache items after 300s

For memcache:

auth.otc.github.cache.backend = memcache  # Use the memcache backend
auth.otc.github.cache.expiration = 300  # Expire the cache items after 300s
auth.otc.github.cache.memcache.url = 127.0.0.1:11211  # The server:port of your memcache instance

Options

The full list of configuration options:

Option  Default Description
auth.otc.github.token None  The Github Token used to query Github for the auth information
auth.otc.github.organization None The Github Organization name to use as a directory
auth.otc.github.repo_pattern .* A pattern that will be interpreted as a regular expression to filter repository names
auth.otc.github.repo_include_list [] A list of repository names to include. Names not in the list will be excluded
auth.otc.github.repo_exclude_list [] A list of repository names to exclude. Names in the list will be excluded
auth.otc.github.cache.backend memory The cache backend to use, can be memory or memcache
auth.otc.github.cache.expiration  300 The TTL for each cache key
auth.otc.github.cache.memcache.url 127.0.0.1:11211 The url of the memcache server

Github Token

You can create a Personal Access Token from your Developer Settings. The token must have repo, admin:org, and read:user permissions.

Publishing & Pulling Packages

You can use your standard tools to publish to the repository (see here for Poetry). The username will be the GitHub username of the user, and the token will be a Personal Access Token assigned to that user. The token only requires read:user scopes as it is only used to verify the identity of the user.

How GitHub concepts are mapped to PyPICloud

Authorization & Authentication

The GitHub ACL elements are mapped pretty intuitively onto PyPICloud ACL elements.

  • Users login with their username and PAT (the backend ensures that the username matches the token)
  • Permissions are defined by the GitHub roles applied either on the Team, Repository, or Organization levels

The permissions are mapped as follows:

GitHub Role  PyPI Permissions
admin read, write
maintain read, write
triage read
read read
write read, write

Packages

The backend considers each repository to be a potential package (the backend isn't designed for monorepos). The backend will attempt to retrieve package information from the repository. Currently, the backend only supports Poetry packages, using pyproject.toml, but it is easy to support other file formats by creating a new subclass of the outcome.pypicloud_access_github.access.Access class (see poetry.py as an example.)

For example, the repository for this library contains a pyproject.toml with the following:

[tool.poetry]
name = "outcome-pypicloud-access-github"
version = "0.1.0"
description = "An Github-based access backend for pypicloud."

The backend will read this file and determine that the package is named outcome-pypicloud-access-github.

Development

Remember to run ./pre-commit.sh when you clone the repository.

Testing

The testing is mainly made up of integration tests, read the testing README for more details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

outcome-pypicloud-access-github-1.2.9.tar.gz (16.2 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file outcome-pypicloud-access-github-1.2.9.tar.gz.

File metadata

File hashes

Hashes for outcome-pypicloud-access-github-1.2.9.tar.gz
Algorithm Hash digest
SHA256 ba41224c580b650e03a7ad4778cc9b680e8cfa3f0ea0444aa24c3b3840082e5c
MD5 adca9a267c4723be4a3768594c2612e4
BLAKE2b-256 620ce68ae4891d5cc9165e40dfddb08390bc24293f34839f132c0d5e76f607bd

See more details on using hashes here.

File details

Details for the file outcome_pypicloud_access_github-1.2.9-py3-none-any.whl.

File metadata

File hashes

Hashes for outcome_pypicloud_access_github-1.2.9-py3-none-any.whl
Algorithm Hash digest
SHA256 024ac01e5aab5acd9b9477200453c71b662123716f21c6954734dffc87dbc77a
MD5 d6ba5cf8f4bf0a2ad9bffc52b8e4fe1b
BLAKE2b-256 5a55add778c1f062bf77197fc4d6af2268c80b5fde441c912e009afc16535245

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page