refactor: change authentication order and seperate out existing crede…#296
refactor: change authentication order and seperate out existing crede…#296BartoszBlizniak wants to merge 9 commits into
Conversation
|
@copilot resolve the merge conflicts in this pull request |
Co-authored-by: BartoszBlizniak <55028730+BartoszBlizniak@users.noreply.github.com>
Resolved in merge commit |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
|
@claude review once |
There was a problem hiding this comment.
Pull request overview
Refactors credential resolution in the CLI to enforce an explicit priority order across multiple credential sources (CLI flag, env var, credentials.ini, then keyring SSO), and adds provider-level + chain-level tests to validate the precedence.
Changes:
- Adds
EnvVarProviderandCredentialsFileProvider, and expands the default provider chain order toCLIFlag → EnvVar → CredentialsFile → Keyring. - Splits
CredentialContext.api_keyinto per-source fields (api_key_from_flag,api_key_from_env,api_key_from_file) and wires these through CLI option/config loading. - Adds unit tests for each provider and integration tests covering all priority combinations.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| cloudsmith_cli/core/credentials/providers/env_var.py | New provider for resolving API keys from env-derived context. |
| cloudsmith_cli/core/credentials/providers/credentials_file.py | New provider for resolving API keys from credentials-file-derived context. |
| cloudsmith_cli/core/credentials/providers/cli_flag.py | Updates CLI flag provider to read api_key_from_flag and improves source detail. |
| cloudsmith_cli/core/credentials/providers/init.py | Exposes the new providers via package exports. |
| cloudsmith_cli/core/credentials/models.py | Splits credential context into per-source fields. |
| cloudsmith_cli/core/credentials/chain.py | Updates default provider chain order and imports new providers. |
| cloudsmith_cli/cli/decorators.py | Captures per-source API keys (flag/env/file) and passes them into CredentialContext. |
| cloudsmith_cli/cli/config.py | Adds Options accessors for per-source API key fields. |
| cloudsmith_cli/core/tests/test_cli_flag_provider.py | Updates tests for new CLI-flag-only context field. |
| cloudsmith_cli/core/tests/test_env_var_provider.py | Adds unit tests for EnvVarProvider. |
| cloudsmith_cli/core/tests/test_credentials_file_provider.py | Adds unit tests for CredentialsFileProvider. |
| cloudsmith_cli/core/tests/test_credential_provider_chain.py | Updates default-chain ordering expectations. |
| cloudsmith_cli/core/tests/test_credential_context.py | Adds tests for new per-source context fields. |
| cloudsmith_cli/core/tests/test_credential_chain_priority.py | Adds integration tests to validate precedence across all sources. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Description
Establishes explicit credential resolution priority for the CLI:
--api-keyflag >CLOUDSMITH_API_KEYenv var >credentials.ini> keyring SSOIntroduces two new providers (
EnvVarProvider,CredentialsFileProvider) and splits the singleapi_keyfield inCredentialContextinto per-source fields (api_key_from_flag,api_key_from_env,api_key_from_file), allowing the chain to evaluate each source independently and in the correct order.Type of Change
Additional Notes
Keyring → CLIFlagtoCLIFlag → EnvVar → CredentialsFile → Keyringapi_key_from_filecapture moved tocommon_cli_config_options(co-located withload_creds_file) to remove implicit cross-decorator ordering dependency