Commit graph

40 commits

Author SHA1 Message Date
Ed Page
e4e10f2393 chore: Fix typos
This is a repeat of #11561
2023-09-19 15:28:48 -05:00
Arlo Siemsen
d345ca212f feat: stabilize credential-process and registry-auth 2023-09-16 22:40:45 -05:00
Arlo Siemsen
8f18f2bdc8 fix: emit a warning when a credential provider alias shadows a built-in provider 2023-09-14 14:33:59 -05:00
Arlo Siemsen
803fd6909c fix: don't print _TOKEN suggestion when not applicable
Cargo should not suggest the _TOKEN environment variable
when the cargo:token provider isn't available
2023-09-07 21:14:50 -05:00
Arlo Siemsen
3f004c613c fix: improve error for token & provider 2023-09-06 10:10:02 -05:00
Arlo Siemsen
e58b84d35e breaking change(cargo-credential)
Changes the JSON format for cache:expires
2023-09-05 15:22:27 -05:00
Arlo Siemsen
b8099be284 fix: make more credential JSON fields skip_serializing if None 2023-09-05 13:31:23 -05:00
Arlo Siemsen
39db61e26e fix: add error for unsupported credential provider version 2023-08-29 21:22:29 -05:00
Arlo Siemsen
8c13e9ae3f Create dedicated unstable flag for asymmetric-token 2023-08-24 00:12:50 -05:00
Arlo Siemsen
6d7531a163 Add error message for when no credential providers are available 2023-08-18 16:15:30 -05:00
bors
37a0514c75 Auto merge of #12499 - arlosi:cred-args, r=Eh2406
login: allow passing additional args to provider

As part of moving asymmetric token support to a credential provider in #12334, support for passing `--key-subject` to `cargo login` was removed.

This change allows passing additional arguments to credential providers when running `cargo login`. For example:
`cargo login -- --key-subject foo`.

The asymmetric token provider (`cargo:paseto`) is updated to take advantage of this and re-enables setting `--key-subject` from `cargo login`.

r? `@Eh2406`

cc #8933
2023-08-17 19:10:24 +00:00
Arlo Siemsen
1065f213e3 credential: rename cargo:basic to cargo:token-from-stdout 2023-08-15 23:56:11 -05:00
Arlo Siemsen
589a111893 login: allow passing additional args to provider 2023-08-14 15:24:09 -05:00
Arlo Siemsen
a81d558941 Use thiserror for credential provider errors 2023-07-31 13:45:08 -05:00
Arlo Siemsen
6151a4152b Send all headers to cred provider 2023-07-21 17:30:01 -05:00
Arlo Siemsen
2b39792aef Credential provider implementation 2023-07-21 16:02:24 -05:00
Eric Huss
a70c108961 Stabilize cargo logout 2023-04-12 09:56:43 -07:00
Eric Huss
f393f96d7f Add a note to cargo logout that it does not revoke the token. 2023-03-31 08:03:51 -07:00
Eric Huss
f60666ca6e Reword published/completed to uploaded/published 2023-03-15 08:15:00 -07:00
Eric Huss
7e4764a56b Add more information to wait-for-publish 2023-03-15 08:15:00 -07:00
hi-rustin
04d592c7ad Make some blocking tests non-blocking by using API server 2023-02-23 09:11:52 +08:00
Jacob Finkelman
b6adac1a6b count calls to credential process 2022-12-22 21:53:45 +00:00
Jacob Finkelman
2ac15086fb end-to-end tests 2022-12-12 21:50:08 +00:00
Arlo Siemsen
9827412fee Implement RFC 3139: alternative registry authentication support 2022-11-16 14:36:19 -06:00
Anton Lazarev
d70a4ee93c
update stderr in tests for unrelated functionality 2022-10-28 17:13:25 -07:00
bors
7e484fc1a7 Auto merge of #11062 - epage:wait, r=weihanglo
fix(publish): Block until it is in index

Originally, crates.io would block on publish requests until the publish
was complete, giving `cargo publish` this behavior by extension.  When
crates.io switched to asynchronous publishing, this intermittently broke
people's workflows when publishing multiple crates.  I say interittent
because it usually works until it doesn't and it is unclear why to the
end user because it will be published by the time they check.  In the
end, callers tend to either put in timeouts (and pray), poll the
server's API, or use `crates-index` crate to poll the index.

This isn't sufficient because
- For any new interested party, this is a pit of failure they'll fall
  into
- crates-index has re-implemented index support incorrectly in the past,
  currently doesn't handle auth, doesn't support `git-cli`, etc.
- None of these previous options work if we were to implement
  workspace-publish support (#1169)
- The new sparse registry might increase the publish times, making the
  delay easier to hit manually
- The new sparse registry goes through CDNs so checking the server's API
  might not be sufficient
- Once the sparse registry is available, crates-index users will find
  out when the package is ready in git but it might not be ready through
  the sparse registry because of CDNs

So now `cargo` will block until it sees the package in the index.
- This is checking via the index instead of server APIs in case there
  are propagation delays.  This has the side effect of being noisy
  because of all of the "Updating index" messages.
- This blocks by default but there is an unstable `publish.timeout` config field that will disable blocking when set to 0.  See #11222 for stablization

Blocking is opt-out as that is the less error prone case for casual users while those doing larger integrations are also likely to do the testing needed to make more complicated scenarios work where blocking is disabled.

Right now we block after the publish.  An alternative would be to block until all dependencies are in the index which makes the blocking only happen when needed
- Blocking on dependencies can be imprecise to detect when to block vs propagate an error up
- This is the less error prone case for users.  For example I recently publish a crate in one tab and immediately switched to another tab to use it and this only worked because `cargo-release` blocked until it was ready to use

In reviewing this change, be sure to look at the individual commits
- The first makes it possible to write the tests for this
- The second adds a test that shows the current behavior
- The third updates the test to the expected behavior, showing all of this works

In addition to the publish tests:
- We want to maximize the nightly-to-stable time to collect feedback
- We will put this in TWiR's testing section to raise visibility

Fixes #9507
2022-10-27 15:20:57 +00:00
Rageking8
61813d9d72 fix dupe word typos 2022-10-26 12:15:45 +08:00
Ed Page
f2fc5ca86d fix(publish): Block until it is in index
Originally, crates.io would block on publish requests until the publish
was complete, giving `cargo publish` this behavior by extension.  When
crates.io switched to asynchronous publishing, this intermittently broke
people's workflows when publishing multiple crates.  I say interittent
because it usually works until it doesn't and it is unclear why to the
end user because it will be published by the time they check.  In the
end, callers tend to either put in timeouts (and pray), poll the
server's API, or use `crates-index` crate to poll the index.

This isn't sufficient because
- For any new interested party, this is a pit of failure they'll fall
  into
- crates-index has re-implemented index support incorrectly in the past,
  currently doesn't handle auth, doesn't support `git-cli`, etc.
- None of these previous options work if we were to implement
  workspace-publish support (#1169)
- The new sparse registry might increase the publish times, making the
  delay easier to hit manually
- The new sparse registry goes through CDNs so checking the server's API
  might not be sufficient
- Once the sparse registry is available, crates-index users will find
  out when the package is ready in git but it might not be ready through
  the sparse registry because of CDNs

So now `cargo` will block until it sees the package in the index.
- This is checking via the index instead of server APIs in case there
  are propagation delays.  This has the side effect of being noisy
  because of all of the "Updating index" messages.
- This is done unconditionally because cargo used to block and that
  didn't seem to be a problem, blocking by default is the less error
  prone case, and there doesn't seem to be enough justification for a
  "don't block" flag.

The timeout was 5min but I dropped it to 1m.  Unfortunately, I don't
have data from `cargo-release` to know what a reasonable timeout is, so
going ahead and dropping to 60s and assuming anything more is an outage.

Fixes #9507
2022-10-13 12:56:40 -05:00
Ed Page
33ba607783 refactor(tests): Hack publish to balance testing/wait_for_publish 2022-10-10 13:10:29 -05:00
Arlo Siemsen
dd5134c7a5 Implement RFC 3289: source replacement ambiguity 2022-10-07 22:30:59 -05:00
Scott Schafer
c239e407e7 add a reason to masquerade_as_nightly_cargo so it is searchable 2022-07-15 21:32:23 -05:00
Arlo Siemsen
24dac452c5 Improve testing framework for http registries
Improve integration of the http server introduced by the http-registry feature.
Now the same HTTP server is used for serving downloads, the index, and
the API.

This makes it easier to write tests that deal with authentication and
http registries.
2022-06-10 16:51:35 -05:00
Ed Page
cdec3838a8 Extend pkgid syntax with @ support
In addition to `foo:1.2.3`, we now support `foo@1.2.3` for pkgids.  We
are also making it the default way of rendering pkgid's for the user.

With cargo-add in #10472, we've decided to only use `@` in it and to add
it as an alternative to `:` in the rest of cargo.  `cargo-add`
originally used `@`.  When preparing it for merge, I switched to `:` to
be consistent with pkgids. When discussing this, it was felt `@` has
precedence in too many tools to switch to `:` but that we should instead
switch pkgid's to use `@`, in a backwards compatible way.

See also https://internals.rust-lang.org/t/feedback-on-cargo-add-before-its-merged/16024/26?u=epage
2022-04-19 16:00:15 -05:00
Ed Page
2313edd4b2 fix(yank): Use '--version' like install
During the design conversations on cargo-add, we noticed that
`cargo-install` has a public flag `--version` and an invisible alias
`--vers` while `cargo-yank` has a public flag `--vers`.  This switches
`cargo-yank` to publicly use `--version` and have an invisible alias
`--vers`, making them consistent.

Completions are a best guess.
2022-04-19 16:45:13 -05:00
Chris Denton
93bcd97fc1
Match any error when failing to find executables
For Windows targets, Rust now uses a custom resolver to find `process::Command` programs. This has caused some error messages to change.

To allow it to be merged, some tests have been adjusted to match any error.
2021-11-17 11:09:52 +00:00
Eric Huss
1dae5acb7d Move paths to cargo-util. 2021-03-20 17:42:41 -07:00
Eric Huss
340656e29d Add RegistryBuilder to help initializing test registries.
The intent here is to make it more flexible to create different registry
setups, and to reuse code a little more easily.
2021-02-02 15:48:48 -08:00
Eric Huss
395edf2f8f Change behavior when both token and credential-process is specified.
Change it so that if both are specified, it is an error just to be safer
for now.

If token is specified for a registry, ignore the global
credential-process.

I'm still uncertain if this is the best behavior, but I think we can
tweak it later if needed.
2020-12-08 08:36:49 -08:00
Eric Huss
bdbc8da5b4 Validate that the credential process only outputs a single line (token). 2020-12-06 11:41:12 -08:00
Eric Huss
cc6df1d7a5 Implement credential-process. 2020-12-02 19:09:54 -08:00