Plugin for poetry that simplifies using AWS CodeArtifact for publishing and downloading dependencies..
Project description
Poetry Plugin: (AWS) Code Artifact
This package is a plugin that attempts to give improved integration of AWS CodeArtifact repositories with poetry.
Installation
The easiest way to install the code-artifact plugin is via the self add command of Poetry.
poetry self add poetry-plugin-code-artifact
If you used pipx to install Poetry you can add the plugin via the pipx inject command.
pipx inject poetry poetry-plugin-code-artifact
Otherwise, if you used pip to install Poetry you can add the plugin packages via the pip install command.
pip install poetry-plugin-code-artifact
Prerequisites
It is assumed there are one or more AWS CodeArtifact repositories set up and that you have a set of credentials that have permissions to available either, to search and download, and/or, publish packages.
Identity policies
In order to grant access to a repository for read access, the following policy will need to be applied to the AWS identity for which credentials will be used to access the repository.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:GetServiceBearerToken"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"codeartifact:DescribeDomain",
"codeartifact:GetAuthorizationToken",
"codeartifact:ListRepositoriesInDomain"
],
"Resource": "arn:aws:codeartifact:us-east-1:345125489763:domain/my-domain"
},
{
"Effect": "Allow",
"Action": [
"codeartifact:Describe*",
"codeartifact:List*",
"codeartifact:GetPackageVersionReadme",
"codeartifact:GetRepositoryEndpoint",
"codeartifact:ReadFromRepository"
],
"Resource": [
"arn:aws:codeartifact:us-east-1:345125489763:repository/my-domain/my-repo",
"arn:aws:codeartifact:us-east-1:345125489763:repository/my-domain/my-repo/*",
"arn:aws:codeartifact:us-east-1:345125489763:package/my-domain/my-repo/*"
]
}
]
}
In order to grant access to a repository for write access, the following policy will need to be applied to the AWS identity for which credentials will be used to access the repository.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codeartifact:GetRepositoryEndpoint",
"codeartifact:PublishPackageVersion",
"codeartifact:PutPackageMetadata"
],
"Resource": [
"arn:aws:codeartifact:us-east-1:345125489763:repository/my-domain/my-repo",
"arn:aws:codeartifact:us-east-1:345125489763:repository/my-domain/my-repo/*",
"arn:aws:codeartifact:us-east-1:345125489763:package/my-domain/my-repo/*"
]
}
]
}
Cross-account policies
For cross-account access to the AWS CodeArtifact domain, the domain must have the resource policy,
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "arn:aws:iam::345125489763:root"
},
"Effect": "Allow",
"Action": [
"codeartifact:DescribeDomain",
"codeartifact:GetAuthorizationToken",
"codeartifact:ListRepositoriesInDomain"
],
"Resource": "*"
}
]
}
For cross-account read access to a repository, the repository will require the following resource policy,
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "arn:aws:iam::345125489763:root"
},
"Effect": "Allow",
"Action": [
"codeartifact:DescribePackageVersion",
"codeartifact:DescribeRepository",
"codeartifact:Get*",
"codeartifact:List*",
"codeartifact:ReadFromRepository"
],
"Resource": "*"
}
]
}
For cross-account write access, the repository will require the following resource policy,
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "arn:aws:iam::345125489763:root"
},
"Effect": "Allow",
"Action": [
"codeartifact:GetRepositoryEndpoint",
"codeartifact:PublishPackageVersion",
"codeartifact:PutPackageMetadata"
],
"Resource": "*"
}
]
}
Usage
Other than configuration, usage is the same as adding any other repository to poetry.
The plugin is configured in the pyproject.toml file, below is an example of adding three AWS CodeArtifact repositories..
[[tool.poetry-plugin-code-artifact.sources]]
name="dev" # The name of the repositroy in poetry
aws-codeartefact-domain="my-domain" # The AWS CodeArtifact domain.
aws-codeartefact-owner="564131876131" # The AWS CodeArtifact domain owner.
aws-codeartefact-region="us-east-1" # The AWS CodeArtifact region.
aws-codeartefact-repository="dev" # The AWS CodeArtifact repository name.
[[tool.poetry-plugin-code-artifact.sources]]
name="qa"
aws-codeartefact-domain="my-domain"
aws-codeartefact-owner="564131876131"
aws-codeartefact-region="us-east-1"
aws-codeartefact-repository="dev"
[[tool.poetry-plugin-code-artifact.sources]]
name="prod"
aws-codeartefact-domain="my-domain"
aws-codeartefact-owner="564131876131"
aws-codeartefact-region="eus-east-1"
aws-codeartefact-repository="dev"
To use the above repositories via poetry, just use the normal commands,
Note: You must first be logged into AWS with an identity that has the correct permissions as given in the prerequisites section above. For more information on configuring credentials, see https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html
# To add a dependency,
poetry add my-lib # Searches all repositories
# or
poetry add my-lib --source dev # Prioritizes dev repository then searches all repositories.
# To publish a dependency,
poetry publish -r dev
Related Projects
- website: The official Poetry website and blog
- poetry-plugin-export: Export Poetry projects/lock files to foreign formats like requirements.txt (Used some test code from this project)
- poetry-plugin-package-info: Poetry Plugin for including project and git information in your distributable files. (Shameless plug to one of my other poetry plugins)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file poetry_plugin_code_artifact-0.0.1.tar.gz.
File metadata
- Download URL: poetry_plugin_code_artifact-0.0.1.tar.gz
- Upload date:
- Size: 7.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | de42ae2bc3b13bcda0c02307606b793168e8336c2a4f2e25ee3b1a54c0162a48 |
|
| MD5 | 9f965370390ecfb54f74e7c787dc81ad |
|
| BLAKE2b-256 | 6994b8c92cdd27a25c8cf8e62c8cf3a8f50bef9471d84f7fcff498e67f958d96 |
File details
Details for the file poetry_plugin_code_artifact-0.0.1-py3-none-any.whl.
File metadata
- Download URL: poetry_plugin_code_artifact-0.0.1-py3-none-any.whl
- Upload date:
- Size: 7.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8dbfb386027128c7f7321071773629ca2c0c306de1f8429fe925247fd745d8ba |
|
| MD5 | 2a35c95ebfed678b48ff606965eecd77 |
|
| BLAKE2b-256 | 0f2bb844098768fa56bf80207356f421dc1ce3d708c484a887712c8d35eef798 |
