Metadata-Version: 2.1
Name: warehouse14
Version: 0.1.5
Summary: A PyPI implementation for closed groups with authentication only
Home-page: https://github.com/eruvanos/warehouse14
License: MIT
Keywords: pypi
Author: Maic Siemering
Author-email: maic@siemering.tech
Requires-Python: >=3.8,<4.0
Classifier: Development Status :: 3 - Alpha
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Topic :: Software Development
Classifier: Topic :: System :: Software Distribution
Provides-Extra: aws
Requires-Dist: Authlib (>=0.15.4,<0.16.0)
Requires-Dist: Flask (>=2.0.1,<3.0.0)
Requires-Dist: Flask-HTTPAuth (>=4.4.0,<5.0.0)
Requires-Dist: Flask-Login (>=0.5.0,<0.6.0)
Requires-Dist: Flask-Markdown (>=0.3,<0.4)
Requires-Dist: Flask-WTF (>=0.15.1,<0.16.0)
Requires-Dist: pydantic (>=1.8.2,<2.0.0)
Requires-Dist: pypitoken (>=3.0.2,<4.0.0)
Requires-Dist: readme-renderer[md] (>=29.0,<30.0)
Requires-Dist: requests (>=2.25.1,<3.0.0)
Project-URL: Issue Tracker, https://github.com/eruvanos/warehouse14/issues
Project-URL: Repository, https://github.com/eruvanos/warehouse14
Project-URL: Roadmap, https://github.com/eruvanos/warehouse14/projects/1
Description-Content-Type: text/markdown

# Warehouse14

While the PyPI (Warehouse) provides a global package index for all Python users, companies and closed groups do have the
need for a non-global Python package index.

While [existing projects](#related-projects) provide different options for a private package index, Warehouse14 provides
an implementation that requires authentication by default, but provides the option for a decentralized access management
on individual project level.

## Features

* Authentication via OIDC provider by default
* User manageable API keys for download/upload
* Project
    * Project page
    * Package metadata
    * User access management
        * **Admin** is able to modify package content and upload new versions. They also manage users.
        * **Member** read access to private repositories.
    * Project Types: Public (still require authentication) / Private (Access only for defined users)

## Deployment

> TODO 🙈

```python
import boto3
from warehouse14 import OIDCAuthenticator, create_app
from warehouse14.repos_dynamo import DynamoDBBackend, create_table
from warehouse14.storage import S3Storage

# requires apig_wsgi
from apig_wsgi import make_lambda_handler

config = {}
config["SECRET_KEY"] = "{{ LONG_RANDOM_STRING }}"
config["OIDC_USER_ID_FIELD"] = "email"
config["OIDC_CLIENT_ID"] = "<your oidc client id>"
config["OIDC_CLIENT_SECRET"] = "<your oidc client secret>"
config["OIDC_SERVER_METADATA_URL"] = "https://<idp>/.well-known/openid-configuration"
auth = OIDCAuthenticator()

dynamodb = boto3.resource("dynamodb")
table = create_table(dynamodb, "table")
db = DynamoDBBackend(table)

bucket = boto3.resource("s3").Bucket("<bucket name>")
storage = S3Storage(bucket)

app = create_app(db, storage, auth, config=config)
lambda_handler = make_lambda_handler(app)
```

## Glossary

To use common Python terms we take over the glossary
of [Warehouse](https://warehouse.readthedocs.io/ui-principles.html#write-clearly-with-consistent-style-and-terminology)

| Term         | Definition                                                                                                                                                                                                        |
| :----------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
| Project      | A collection of releases and files, and information about them. Projects on Warehouse are made and shared by members of the Python community so others can use them.                                              |
| Release      | A specific version of a project. For example, the requests project has many releases, like requests 2.10 and requests 1.2.1. A release consists of one or more files.                                             |
| File         | Something that you can download and install. Because of different hardware, operating systems, and file formats, a release may have several files, like an archive containing source code or a binary wheel.      |
| Package      | A synonym for a file.                                                                                                                                                                                             |
| User         | A person who has registered an account on Warehouse.                                                                                                                                                              |
| Account      | An object representing a logged in user.                                                                                                                                                                          |
| Maintainer   | An user who has permissions to manage a project on Warehouse.                                                                                                                                                     |
| Owner        | An user who has permissions to manage a project on Warehouse, and has additional permission to add and remove other maintainers and owners to a project.                                                          |
| Author       | A free-form piece of information associated with a project. This information could be a name of a person, an organization, or something else altogether. This information is not linked to a user on Warehouse.   |

## Related Projects

* [warehouse](https://github.com/pypa/warehouse)
* [pypiserver](https://pypi.org/project/pypiserver/)
    * Backends:
        * Filesystem
    * upload supported
    * different auth options
* [pywharf](https://github.com/pywharf/pywharf)
    * Backends:
        * Filesystem
        * Github
    * server or github pages
    * NO UPLOAD
* [PyPICloud](https://pypicloud.readthedocs.io/en/latest/)
    * Backends:
        * Filesystem
        * S3
    * Cache via Redis, Dynamo, ...
    * Upload supported
    * Extendable
* [lapypi](https://github.com/amureki/lapypi)
    * almost fully PEP 503
    * Backends:
        * S3
    * Uses Chalice
* [plambdapi](https://github.com/berislavlopac/plambdapi)
    * Uses Terraform
    * Backends:
        * S3
    * Uses Chalice
* [pypiprivate](https://github.com/helpshift/pypiprivate)
    * static generator
    * Backends:
        * S3
* [elasticpypi](https://github.com/khornberg/elasticpypi)
    * Backends:
        * S3/ Dynamodb
    * serverless framework
    * 10MB limit
    * supports upload (strange /simple/post method)
    * uses s3 trigger to update dynamodb entries
* [devpypi](https://devpi.net/docs/devpi/devpi/stable/%2Bd/index.html)

