Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth does not support caching a secret for a Proxy connection #21

Open
byjrack opened this issue Oct 20, 2023 · 1 comment
Open

Auth does not support caching a secret for a Proxy connection #21

byjrack opened this issue Oct 20, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@byjrack
Copy link

byjrack commented Oct 20, 2023

What happened?

conda auth login http://proxy.example.com --username theuser
Password: 
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', ConnectionResetError(54, 'Connection reset by peer'))': /

Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', ConnectionResetError(54, 'Connection reset by peer'))': /

Conda Info

~ conda info

     active environment : None
       user config file : /Users/theuser/.condarc
 populated config files : /Users/theuser/.condarc
          conda version : 23.9.0
    conda-build version : not installed
         python version : 3.11.4.final.0
       virtual packages : __archspec=1=arm64
                          __osx=13.5.1=0
                          __unix=0=0
       base environment : /opt/homebrew/Caskroom/miniconda/base  (writable)
      conda av data dir : /opt/homebrew/Caskroom/miniconda/base/etc/conda
  conda av metadata url : None
           channel URLs : https://repo.anaconda.com/pkgs/main/osx-arm64
                          https://repo.anaconda.com/pkgs/main/noarch
                          https://repo.anaconda.com/pkgs/r/osx-arm64
                          https://repo.anaconda.com/pkgs/r/noarch
          package cache : /opt/homebrew/Caskroom/miniconda/base/pkgs
                          /Users/theuser/.conda/pkgs
       envs directories : /opt/homebrew/Caskroom/miniconda/base/envs
                          /Users/theuser/.conda/envs
               platform : osx-arm64
             user-agent : conda/23.9.0 requests/2.29.0 CPython/3.11.4 Darwin/22.6.0 OSX/13.5.1
                UID:GID : 2003517882:20
             netrc file : None
           offline mode : False

Conda Config

ssl_verify: False

The above was in as a test given the proxy cert.  Feel like I have gotten certifi to work, but its been a while.

Conda list

conda list --show-channel-urls
# packages in environment at /opt/homebrew/Caskroom/miniconda/base:
#
# Name                    Version                   Build  Channel
boltons                   23.0.0          py311hca03da5_0    defaults
brotlipy                  0.7.0           py311h80987f9_1002    defaults
bzip2                     1.0.8                h620ffc9_4    defaults
c-ares                    1.19.0               h80987f9_0    defaults
ca-certificates           2023.7.22            hf0a4a13_0    conda-forge
certifi                   2023.7.22          pyhd8ed1ab_0    conda-forge
cffi                      1.15.1          py311h80987f9_3    defaults
charset-normalizer        2.0.4              pyhd3eb1b0_0    defaults
click                     8.1.7           unix_pyh707e725_0    conda-forge
conda                     23.9.0          py311hca03da5_0    defaults
conda-auth                0.1.0              pyhd8ed1ab_0    conda-forge
conda-content-trust       0.1.3           py311hca03da5_0    defaults
conda-libmamba-solver     23.7.0             pyhd8ed1ab_0    conda-forge
conda-package-handling    2.2.0              pyh38be061_0    conda-forge
conda-package-streaming   0.9.0              pyhd8ed1ab_0    conda-forge
cryptography              39.0.1          py311h834c97f_2    defaults
fmt                       9.1.0                h48ca7d4_0    defaults
icu                       68.1                 hc377ac9_0    defaults
idna                      3.4             py311hca03da5_0    defaults
importlib-metadata        6.8.0              pyha770c72_0    conda-forge
importlib_metadata        6.8.0                hd8ed1ab_0    conda-forge
jaraco.classes            3.3.0              pyhd8ed1ab_0    conda-forge
jsonpatch                 1.32               pyhd3eb1b0_0    defaults
jsonpointer               2.1                pyhd3eb1b0_0    defaults
keyring                   23.13.1         py311hca03da5_0    defaults
krb5                      1.20.1               hf3e1bf2_1    defaults
libarchive                3.6.2                h62fee54_2    defaults
libcurl                   8.1.1                h3e2b118_1    defaults
libcxx                    14.0.6               h848a8c0_0    defaults
libedit                   3.1.20221030         h80987f9_0    defaults
libev                     4.33                 h1a28f6b_1    defaults
libffi                    3.4.4                hca03da5_0    defaults
libiconv                  1.16                 h1a28f6b_2    defaults
libmamba                  1.4.1                h1c5506f_1    defaults
libmambapy                1.4.1           py311h1c5506f_1    defaults
libnghttp2                1.52.0               h62f6fdd_1    defaults
libsolv                   0.7.22               h98b2900_0    defaults
libssh2                   1.10.0               h02f6b3c_2    defaults
libxml2                   2.10.3               h372ba2a_0    defaults
lz4-c                     1.9.4                h313beb8_0    defaults
more-itertools            10.1.0             pyhd8ed1ab_0    conda-forge
ncurses                   6.4                  h313beb8_0    defaults
openssl                   3.1.3                h53f4e23_0    conda-forge
packaging                 23.0            py311hca03da5_0    defaults
pcre2                     10.37                h37e8eca_1    defaults
pip                       23.1.2          py311hca03da5_0    defaults
pluggy                    1.0.0           py311hca03da5_1    defaults
pybind11-abi              4                    hd3eb1b0_1    defaults
pycosat                   0.6.4           py311h80987f9_0    defaults
pycparser                 2.21               pyhd3eb1b0_0    defaults
pyopenssl                 23.0.0          py311hca03da5_0    defaults
pysocks                   1.7.1           py311hca03da5_0    defaults
python                    3.11.4               hb885b13_0    defaults
python.app                3               py311h80987f9_0    defaults
readline                  8.2                  h1a28f6b_0    defaults
reproc                    14.2.4               hc377ac9_1    defaults
reproc-cpp                14.2.4               hc377ac9_1    defaults
requests                  2.29.0          py311hca03da5_0    defaults
ruamel.yaml               0.17.21         py311h80987f9_0    defaults
setuptools                67.8.0          py311hca03da5_0    defaults
six                       1.16.0             pyhd3eb1b0_1    defaults
sqlite                    3.41.2               h80987f9_0    defaults
tk                        8.6.12               hb8d0fd4_0    defaults
toolz                     0.12.0          py311hca03da5_0    defaults
tqdm                      4.65.0          py311hb6e6a13_0    defaults
truststore                0.8.0              pyhd8ed1ab_0    conda-forge
tzdata                    2023c                h04d1e81_0    defaults
urllib3                   1.26.16         py311hca03da5_0    defaults
wheel                     0.38.4          py311hca03da5_0    defaults
xz                        5.4.2                h80987f9_0    defaults
yaml-cpp                  0.7.0                hc377ac9_1    defaults
zipp                      3.17.0             pyhd8ed1ab_0    conda-forge
zlib                      1.2.13               h5a0b063_0    defaults
zstandard                 0.19.0          py311h80987f9_0    defaults
zstd                      1.5.5                hd90d995_0    defaults

Additional Context

connecting back to conda/conda#12013

The package seems intended for channel auth and not for an arbitrary HTTP endpoint. So it seems to assume it will look for a repo.xml etc which wouldn't be there on a proxy.

If auth is intended to be the handler for 407s and not just avoiding 403s than guessing there needs to be a path similar to curl where you have a -u and a -U handler since you will have an auth for the destination and possibly something in the middle.
@travishathaway travishathaway added the bug Something isn't working label Oct 23, 2023
@travishathaway
Copy link
Collaborator

Thanks for filling this.

I can imagine us adding the the extra options like you suggested. My proposal would be something like --proxy-user and --proxy-password.

You also bring a up a good point about having an option to apply a particular authentication scheme to all channels and not only that but being able to apply multiple authentication schemes at once. Because these are ultimately just separate HTTP headers, this shouldn't be that difficult.

I will go back to the drawing board and see how we might elegantly support this 😌.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
conda-auth
Status: Available issues
Milestone
No milestone
Development

No branches or pull requests
2 participants
@travishathaway @byjrack