poetry
poetry copied to clipboard
python-poetry
Add a warning if credentials are written in lock file
Pull Request Check List
Resolves: #3567
- [x] Added tests for changed code.
- [ ] Updated documentation for changed code.
This PR adds a logging.warning() if some credentials are written in the lock file. It's based on this comment.
I wonder if changing the attribute (Locker.contains_credential) to a method would be better (or not). The message could probably be improved but I did not find the better sentence.
Hi, @sblondon are you still interested in bringing this to Poetry? If so, please sync changes from the master branch and resolve conflicts. That would allow for review.
@Secrus I still think it would be better to add the warning. I rebased the patch (and resolve the conflicts).
All environments fail in CI failed because there is an error when poetry run mypymypy' in src/poetry/utils/env.py. I don't think it's linked to the patch. I will search if it exists on master too.
Additionally, we need to get CI passing so we can merge this.
Yes, I have to understand why it fails since the rebase.
@neersighted The error in CI is not the tests of poetry ('Run pytest' and 'Run test (integration suite)' are green) but the tests in poetry-plugin-export step fail ('Run pytest (poetry-plugin-export)').
tests.helpers.TestLocker class exists in python-poetry and poetry-plugin-export repositories. In poetry-plugin-export repository, tests.helpers.TestLocker class does not mock _contains_credential attribute . _contains_credential attribute is added in this PR so it has never been necessary in TestLocker mock in poetry-plugin-export. So the tests raise AttributeError: 'TestLocker' object has no attribute '_contains_credential'.
To fix the error, I can do a PR to add the attribute in the tests.helpers.TestLocker.__init__ method in poetry-plugin-export repository.
What do you think about it?
@neersighted The error in CI is not the tests of poetry ('Run pytest' and 'Run test (integration suite)' are green) but the tests in poetry-plugin-export step fail ('Run pytest (poetry-plugin-export)').
tests.helpers.TestLockerclass exists in python-poetry and poetry-plugin-export repositories. In poetry-plugin-export repository,tests.helpers.TestLockerclass does not mock_contains_credentialattribute ._contains_credentialattribute is added in this PR so it has never been necessary inTestLockermock in poetry-plugin-export. So the tests raiseAttributeError: 'TestLocker' object has no attribute '_contains_credential'.To fix the error, I can do a PR to add the attribute in the
tests.helpers.TestLocker.__init__method in poetry-plugin-export repository.What do you think about it?
Sorry I never saw this/got back to you, @sblondon... Feel free to make a PR against that repo and link to it here. However, I suspect that we'll simply try and decouple the testing of the two repos in the near future ala #5980.
I created a PR in https://github.com/python-poetry/poetry-plugin-export/pull/93 to add the TestLocker._contains_credential attribute in the library.
I agree it would be good to fix such dependency between the two repositories. The changes in TestLocker.__init__ classes from poetry and poetry-plugin-export are identical so the refactoring will not be harder.
The patch in poetry-plugin-extra is merged. When a new release will be available, I will update the dependency in pyproject.toml in order to fix the tests.