Add support for getting username from keyring

[lordmauve]

Flit uses keyring.get_password() to load a password for authentication to the package index.

However, keyring also provides an API to get a username also, keyring.get_credential().

Twine already has support for this and will not prompt for a username if get_credential() returns a credential. However flit always prompts if the username is not set in .pypirc.

This is particularly useful where the username is not particularly meaningful and therefore should not be typed by the user - for example, Google Artifact Registry has a keyring plugin that returns a username of oauth2token where the OAuth token is the password.

[takluyver]

Thanks, I think this makes sense. I also want to add support for per-project tokens, which might mean looking them up using the project name as part of the 'username'. So we might need to take some care over what order different possibilities are tried.

[z3dev]

@takluyver This enhancement is probably required now, especially when using keyring with the Google keyring provider. There's really no way to authenticate without some fixes.

I was able to use twine to publish to Google Artifactory. Here's the pypirc.

[distutils]
index-servers =
    hi-int-prd-shared-applications

[hi-int-prd-shared-windows-applications]
repository = https://us-central1-python.pkg.dev/hi-internal-prod-b0da/hi-int-prd-shared-applications/

[global]
index-url = https://us-central1-python.pkg.dev/hi-something-9999/hi-int-prd-shared-applications/simple/

As you can see, twine does not expect username or password in the configuration.

[z3dev]

And here's a link to the Google documentation on publishing python packages to Artifact Registry.

https://cloud.google.com/artifact-registry/docs/python/manage-packages