iterative/scmrepo

Credentials not parsed when git configuration contains unexpanded file paths

Closed this issue · 1 comments

mgrbyte commented

Credentials not parsed correctly when credential.helper is configured as the store type in a users' git-config, when pointing to a path that contains a ~ .e.g:

...
[credential]
        helper = store --file ~/.git-credentials
....

The git repositories I'm working with are hosted on-prem w/gitlab, and must be accessed using credentials over https due toi nternal infrastructure reasons (thus using ssh keys is not an option).

The work-around is to use an absolute path in your git-config then the error above goes away.

I diagnosed by inserting import pdb;pdb.set_trace() here and inspecting the result of the return value of the subprocess.run invocation.

Which operating system and Python version are you using?

Both Python 3.10.6 (Host), Python 3.9.16 (Inside docker container) from mambaforge

Which version of this project are you using?

0.1.7 (pip) (In both python environments described above)

What did you do?

Ran dvc update and dvc pull against .dvc files containing url entries containing git urls using git credentialshelper configuration in place as described in this issue.

What did you expect to see?

The commands complete without authentication errors due to missing credentials.

What did you see instead?

This error (identical to that shown in "actual output" in as also reported here when running various dvc update and dvc pull commands .

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/···/site-packages/dulwich/porcelain.py", line 1618, in ls_remote
    return client.get_refs(host_path)
  File "/···/site-packages/dulwich/client.py", line 2089, in get_refs
    refs, _, _ = self._discover_references(b"git-upload-pack", url)
  File "/···/site-packages/dulwich/client.py", line 1906, in _discover_references
    resp, read = self._http_request(url, headers, allow_compression=True)
  File "/···/site-packages/dulwich/client.py", line 1875, in _http_request
    raise HTTPUnauthorized(resp.getheader("WWW-Authenticate"), url)
dulwich.client.HTTPUnauthorized: No valid credentials provided
pmrowla commented

Closing this as expected behavior. If you are setting helper to explicitly use store with --file, you need to pass the full path to --file. So in this case your git config needs something like

[credential]
        helper = store --file /home/<username>/.git-credentials

see https://github.com/iterative/scmrepo/pull/180/files#r1121062414 for more details

  • 👍1