Azure Artifacts - Python Manual Configuration Settings

[AjkayAlan]

I am attempting to follow https://docs.microsoft.com/en-us/azure/devops/artifacts/quickstarts/python-packages?view=azure-devops#option-2-manually-configure-authentication, as artifacts-keyring doesn't work for me (making a separate issue for that). Per https://docs.microsoft.com/en-us/azure/devops/artifacts/quickstarts/python-packages?view=azure-devops#connect-to-your-feed, I should be able to set up via a PAT. However, the instructions for manual configuration just state to add your feed as an extra-index-url in your pip.conf, with no mention on how you should setup credentials. These steps by themselves don't work.

The docs feel unclear - can they include an example with using PAT's? For reference, the following configuration examples did not work for me:

# This is the version the docs recommend, which just results in my artifact not being found
[global]
extra-index-url=https://pkgs.dev.azure.com/myorg/myproject/_packaging/myfeed/pypi/simple/

[global]
extra-index-url=https://mypat@pkgs.dev.azure.com/myorg/myproject/_packaging/myfeed/pypi/simple/

[global]
extra-index-url=https://myusername@pkgs.dev.azure.com/myorg/myproject/_packaging/myfeed/pypi/simple/

[global]
extra-index-url=https://myusername:mypassword@pkgs.dev.azure.com/myorg/myproject/_packaging/myfeed/pypi/simple/

The ONLY mechanism I have found that works (when doing manual auth) is:

[global]
extra-index-url=https://anythinghere:myPAT@pkgs.dev.azure.com/myorg/myproject/_packaging/myfeed/pypi/simple/

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: c6cca7b9-7fe5-bc14-c7da-08983e920f81
• Version Independent ID: 7d8cf191-b229-0e2e-8cb3-01a80c4842fd
• Content: Get started with Python packages - Azure Artifacts
• Content Source: docs/artifacts/quickstarts/python-packages.md
• Product: devops
• Technology: devops-artifacts
• GitHub Login: @chasewilson
• Microsoft Alias: phwilson

[msebolt]

@AjkayAlan Thank you for the feedback, assigning this to the author for review.

[chasewilson]

Hey @AjkayAlan , Thanks for the feedback! I'm sorry about the issues and I'll be reviewing to see where we can improve the documentation.

[andreacassioli]

Totally agree with @AjkayAlan!

The keyring is still in preview and I honestly prefer using some more stable tooling. PAT is OK, but there is basically no docs on that!

[fralik]

I very much agree here. If I try to use

https://anythinghere:myPAT@pkgs.dev.azure.com/myorg/myproject/_packaging/myfeed/pypi/simple/

then I am being asked for user and password on the command prompt. If I omit PAT, then there is an option to authenticate through web browser.

[gantih]

It is affecting us too. Surprisingly the steps that were mentioned worked till last week without a need to send the PAT token. Now it's expecting a PAT token in the pip.conf file like @AjkayAlan mentioned.

[ficocesari]

I am also having this problem. @chasewilson any updates on this?
I am trying to use a private pip artifact in an Azure ML pipeline and I have no way to use it as a pip requirement in the conda environment.yaml file

[fralik]

The trick, which worked for me: be sure to select all accessible organizations under Organization field when you create your PAT.

[saikatsarker]

We are having the issue of automation. As you are saying its automatic (https://docs.microsoft.com/en-us/azure/devops/artifacts/quickstarts/python-packages?view=azure-devops#option-1-use-python-credential-provider-preview-to-automate-authentication) and at the end you are asking for user name and password. How this can be an automatic system.
We were supposed to use the keyring along with PAT. We tested it few days ago and it was working and not even asking for user name and password at the end. Now it's asking for the same each time I use a new token (testing ongoing).
You also revoked the "Generate Token" button which used to be showed after we "Connect to feed". That might have been resolve the automation issue a bit.

Guys look at this seriously as many of us are stuck at development and production.

[jeffthink]

Hey folks,
I also found myself muddying through this issue. It was easy to get the web-based keyring flow working, but the automated PAT option was a huge pain to figure out given very little docs. The solution from #7320 mostly worked, but I had to include the project name to get it to work. The resulting how-to looks like:

1. Go to the Personal Access Tokens screen in Devops => User (icon in top right)
2. Generate a new token, with at least Packages/Read permissions selected
3. Create a pip.conf (mac/linux) or pip.ini (windows) file.
4. Paste the snippet below into that file, and save it.
5. Run pip install {myPackage}, and it should work without a prompt

[global]
extra-index-url=https://{feed_name}:{PAT}@pkgs.dev.azure.com/{org_name}/{project_name}/_packaging/{feed_name}/pypi/simple/

[nateraw]

@ramiMSFT Is there any movement on this issue?

I'm trying to install an Azure Artifacts hosted Python package from within an AzureML experiment compute cluster, and it seems to be very unclear how to do this in an automated way.

I'm sure a combination of @jeffthink's answer and a custom Dockerfile Environment object would do the trick, but that seems like a lot of unnecessary work. Also, I'll still have to update the PAT periodically.

As noted by other commenters, this is something that is inhibiting me from creating enterprise AzureML pipelines for production use cases, so it would be really helpful if we could find a more elegant solution.

[nateraw]

As a quick additional note for those using AzureML...you can follow Jeff's answer and then include the extra index in your requirements.txt to avoid having to go through Docker.

You add the extra index on the first line. Second line is the name of your Python package (your_custom_package) hosted on the feed.

--extra-index-url https://{feed_name}:{PAT}@pkgs.dev.azure.com/{org_name}/{project_name}/_packaging/{feed_name}/pypi/simple/
your_custom_package

[ahmedbr]

Hey folks,
I also found myself muddying through this issue. It was easy to get the web-based keyring flow working, but the automated PAT option was a huge pain to figure out given very little docs. The solution from #7320 mostly worked, but I had to include the project name to get it to work. The resulting how-to looks like:

1. Go to the Personal Access Tokens screen in Devops => User (icon in top right)
2. Generate a new token, with at least Packages/Read permissions selected
3. Create a pip.conf (mac/linux) or pip.ini (windows) file.
4. Paste the snippet below into that file, and save it.
5. Run pip install {myPackage}, and it should work without a prompt

[global]
extra-index-url=https://{feed_name}:{PAT}@pkgs.dev.azure.com/{org_name}/{project_name}/_packaging/{feed_name}/pypi/simple/

You're a life saver. Your solution worked for me. Thanks :)

[anilkrs09]

hi,

What is process to Create a pip.conf (mac/linux) ?

thanks
Anil

[OfekCyberX]

Hi,
I also ran into this issue.
the answer from @jeffthink also helped me, tnx a lot!

I am now faced with the same issue when trying to upload a whl package to the pypi azure devops artifactory.

in the docs they don't show how to do it with the PAT.

when I try to run the command they provide:
twine upload --repository-url https://pkgs.dev.azure.com/<your-organization-name>/_packaging/<your-feed-name>/pypi/upload
I get prompted to insert username & password.

Was anyone able to publish whl package with the PAT? passed as an argument or in the ~/.pypirc file?

thanks a lot

[ramiMSFT]

@AjkayAlan My apologies for the delayed response. When you connect to Azure DevOps for the first time, you will be prompted for credentials. You can then enter your userName and PAT in the appropriate fields (ex: pip install). This is an expected behavior. The credentials will be cached locally and used to automatically log you in the next time you use the service.
Thank you for your contribution, the updated content will go live soon.