Use index URL instead of package URL for keyring credential lookups (#12651)

Some registries (like Azure Artifact) can require you to authenticate separately for every package URL if you do not authenticate for the /simple endpoint. These changes make the auth middleware aware of index URL endpoints and attempts to fetch keyring credentials for such an index URL when making a request to any URL it's a prefix of. The current uv behavior is to cache credentials either at the request URL or realm level. But with these changes, we also need to cache credentials at the index level. Note that when uv does not detect an index URL for a request URL, it will continue to apply the old behavior. Addresses part of #4056 Closes #4583 Closes #11236 Closes #11391 Closes #11507
2025-07-07 21:35:00 +00:00 · 2025-04-29 12:54:07 -05:00 · 2025-04-29 12:54:07 -05:00 · de1479c4ef
commit de1479c4ef
parent 514a7ea6df
26 changed files with 571 additions and 203 deletions
--- a/scripts/packages/keyring_test_plugin/keyrings/test_keyring.py
+++ b/scripts/packages/keyring_test_plugin/keyrings/test_keyring.py
@ -9,7 +9,7 @@ class KeyringTest(backend.KeyringBackend):
    priority = 9

    def get_password(self, service, username):
-        print(f"Request for {username}@{service}", file=sys.stderr)
+        print(f"Keyring request for {username}@{service}", file=sys.stderr)
        entries = json.loads(os.environ.get("KEYRING_TEST_CREDENTIALS", "{}"))
        return entries.get(service, {}).get(username)

@ -20,7 +20,7 @@ class KeyringTest(backend.KeyringBackend):
        raise NotImplementedError()

    def get_credential(self, service, username):
-        print(f"Request for {service}", file=sys.stderr)
+        print(f"Keyring request for {service}", file=sys.stderr)
        entries = json.loads(os.environ.get("KEYRING_TEST_CREDENTIALS", "{}"))
        service_entries = entries.get(service, {})
        if not service_entries: