Skip to content

A PyPI implementation for closed groups with authentication only

License

Notifications You must be signed in to change notification settings

eruvanos/warehouse14

Repository files navigation

Coverage Status Updates Unit Tests Integration Tests

The project currently on hold. Right now I focus my free time on other projects like Arcade.

Due to some issues with integration test and general outdated deps, it requires more work to remove the dust from this project. In addition the css library just got an alpha release so it makes sense to postpone any update to a later point in time.

Warehouse14

While the PyPI (Warehouse) provides a global package index for all Python users, companies and closed groups do have the need for a non-global Python package index.

While existing projects provide different options for a private package index, Warehouse14 provides an implementation that requires authentication by default, but provides the option for a decentralized access management on individual project level.

Features

  • Authentication via OIDC provider by default
  • User manageable API keys for download/upload
  • Project
    • Project page
    • Package metadata
    • User access management
      • Admin is able to modify package content and upload new versions. They also manage users.
      • Member read access to private repositories.
    • Project Types: Public (still require authentication) / Private (Access only for defined users)

Deployment

TODO 🙈

Deploy on AWS Lambda

# Requirements: warehouse[aws], apig_wsgi

import boto3
from warehouse14 import OIDCAuthenticator, create_app
from warehouse14.repos_dynamo import DynamoDBBackend, create_table
from warehouse14.storage import S3Storage

# requires apig_wsgi
from apig_wsgi import make_lambda_handler

auth = OIDCAuthenticator(
    client_id="<your oidc client id>",
    client_secret="<your oidc client secret>",
    user_id_field="email",
    server_metadata_url="https://<idp>/.well-known/openid-configuration",
)

dynamodb = boto3.resource("dynamodb")
table = create_table(dynamodb, "table")
db = DynamoDBBackend(table)

bucket = boto3.resource("s3").Bucket("<bucket name>")
storage = S3Storage(bucket)

app = create_app(db, storage, auth, session_secret="{{ LONG_RANDOM_STRING }}")
lambda_handler = make_lambda_handler(app, binary_support=True)

Glossary

To use common Python terms we take over the glossary of Warehouse

Term Definition
Project A collection of releases and files, and information about them. Projects on Warehouse are made and shared by members of the Python community so others can use them.
Release A specific version of a project. For example, the requests project has many releases, like requests 2.10 and requests 1.2.1. A release consists of one or more files.
File Something that you can download and install. Because of different hardware, operating systems, and file formats, a release may have several files, like an archive containing source code or a binary wheel.
Package A synonym for a file.
User A person who has registered an account on Warehouse.
Account An object representing a logged in user.
Maintainer An user who has permissions to manage a project on Warehouse.
Owner An user who has permissions to manage a project on Warehouse, and has additional permission to add and remove other maintainers and owners to a project.
Author A free-form piece of information associated with a project. This information could be a name of a person, an organization, or something else altogether. This information is not linked to a user on Warehouse.

Related Projects

  • warehouse
  • pypiserver
    • Backends:
      • Filesystem
    • upload supported
    • different auth options
  • pywharf
    • Backends:
      • Filesystem
      • Github
    • server or github pages
    • NO UPLOAD
  • PyPICloud
    • Backends:
      • Filesystem
      • S3
    • Cache via Redis, Dynamo, ...
    • Upload supported
    • Extendable
  • lapypi
    • almost fully PEP 503
    • Backends:
      • S3
    • Uses Chalice
  • plambdapi
    • Uses Terraform
    • Backends:
      • S3
    • Uses Chalice
  • pypiprivate
    • static generator
    • Backends:
      • S3
  • elasticpypi
    • Backends:
      • S3/ Dynamodb
    • serverless framework
    • 10MB limit
    • supports upload (strange /simple/post method)
    • uses s3 trigger to update dynamodb entries
  • devpypi

About

A PyPI implementation for closed groups with authentication only

Resources

License

Stars

Watchers

Forks

Packages

No packages published