Update README.md #4
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,7 +20,11 @@ It supports AWS SSO login (via `aws-vault`) to fetch the CodeArtifact authentica | |
| pip3 install git+ssh://[email protected]/cultureamp/poetry-codeartifact-auth.git | ||
| ``` | ||
|
|
||
| (you will need [Github SSH Authentication](https://docs.github.com/en/authentication/connecting-to-github-with-ssh) set up already. Alternatively you can probably set up HTTPS authentication use the `https` URL). See notes below about package publication status. | ||
|
|
||
| [*For venv users*] The intent is to install this globally (but if you have global dependency conflicts you could create a custom virtual environment and set up a command alias to run in the virtual environment. This is likely not needed though). | ||
|
|
||
| [*For conda users*] Install in base (or any other clean) env. Create new virtual environments off of base (or your clean env with `poetry-ca-auth` installed) by running `conda create --clone base --name my-virtual-env-name` , then activate your virtual env `conda activate my-virtual-env-name`. | ||
|
|
||
| 2. If not already added, add the CodeArtifact repository URL to your `pyproject.toml`. The URL will look something like `https://yourorg-python-ci-12346789012.d.codeartifact.us-west-2.amazonaws.com/pypi/some-named-private-python-repo/simple`. Follow Poetry's [instructions](https://python-poetry.org/docs/repositories/#secondary-package-sources) for adding this. The CodeArtifact `domain`, `domainOwner` (AWS account ID) and `region` are inferred from the repository URL when fetching auth credentials. | ||
|
|
||
|
|
@@ -73,7 +77,8 @@ you can simply run `docker compose build yourapp` and it will automatically pick | |
|
|
||
| #### `aws-vault` (recommended) | ||
|
|
||
| If using `aws-vault`, ensure that you have a profile available which has permissions to fetch CodeArtifact authentication tokens (e.g. assume the `CiUserRole` in the `cultureamp-continuous-integration` account). You can configure the profile using an environment variable `POETRY_CA_DEFAULT_AWS_PROFILE` (probably in your login shell profile – eg `.bashrc` or `.zshrc`) or pass to the `refresh` subcommand using the `--profile-default` argument. More info on profile configuation for AWS vault [here](https://cultureamp.atlassian.net/wiki/spaces/SEC/pages/2744649490/AWS+SSO+Okta+-+User+Guides#Generating-a-CultureAmp-configuration-file) | ||
| e.g. usage `aws-vault --debug login $POETRY_CA_DEFAULT_AWS_PROFILE` | ||
|
There was a problem hiding this comment. what is this? did you want a pre-amble like "if this doesn't work you can check that (to be clear you never need to invoke aws-vault directly in normal usage – maybe the docs should note this?) |
||
|
|
||
| ### AWS credentials from the environment | ||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to keep CA-specific info out of here so we can open-source it (pending legal approval)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh that complicates things - and explains why I found fortuitously found related confluence pages with alternative info for this repo. Ideally, it would be great for CA people to have the info they need to get set up and running with this quickly (without needing to scroll though several length confluence pages and reading between the lines). Let's discuss on screen share later today.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure, that can be solved by updating the wiki