Skip to content

fix: marketplace add authenticates for private repos#688

Open
jacobokeeffe-ow wants to merge 1 commit intomicrosoft:mainfrom
jacobokeeffe-ow:fix/marketplace-add-private-repo-auth
Open

fix: marketplace add authenticates for private repos#688
jacobokeeffe-ow wants to merge 1 commit intomicrosoft:mainfrom
jacobokeeffe-ow:fix/marketplace-add-private-repo-auth

Conversation

@jacobokeeffe-ow
Copy link
Copy Markdown

@jacobokeeffe-ow jacobokeeffe-ow commented Apr 13, 2026

Description

Fix apm marketplace add failing to fetch marketplace.json from private repositories, even when valid authentication tokens are available.

Fixes #669

Type of change

  • Bug fix
  • New feature
  • Documentation
  • Maintenance / refactor

Root cause

_do_fetch() in client.py returned None on HTTP 404 regardless of whether a token was present. Since try_with_fallback(unauth_first=True) only escalates to authenticated retry on exceptions (not None returns), the auth fallback never fired for private repos. GitHub returns 404 (not 403) for private repos to avoid leaking existence, making the unauthenticated 404 indistinguishable from "file not found."

Fix

When _do_fetch() receives a 404 without a token, it now raises via resp.raise_for_status() so that try_with_fallback catches the exception and retries with authentication. When a 404 is received with a token, it still returns None (the file genuinely doesn't exist).

This preserves the rate-limit optimization for public repos (unauthenticated requests succeed on first try) while correctly handling private repos.

Testing

  • Tested locally
  • All existing tests pass (3827 passed)
  • Added tests for new functionality (if applicable)

4 new tests in TestPrivateRepoAuth:

  • test_private_repo_unauthenticated_404_retries_with_token — core regression test
  • test_authenticated_404_returns_none — genuinely missing files still return None
  • test_public_repo_unauthenticated_success — no regression for public repos
  • test_auto_detect_private_repo_finds_marketplace_json — end-to-end through _auto_detect_path

Also verified against a real private marketplace repo — the fix correctly resolves marketplace.json and returns both plugins.

@jacobokeeffe-ow
fix: marketplace add authenticates for private repos (microsoft#669)
a25b049 
_do_fetch() returned None on unauthenticated 404, preventing
try_with_fallback from retrying with a token. GitHub returns 404
(not 403) for private repos to hide existence, so the auth
escalation never fired.

Now raise on 404 when no token is present so the fallback retries
authenticated. Authenticated 404 still returns None (file genuinely
missing). Public repos are unaffected.
@jacobokeeffe-ow
Copy link
Copy Markdown
Author

jacobokeeffe-ow commented Apr 13, 2026

@microsoft-github-policy-service agree company="Oliver Wyman"

@jacobokeeffe-ow jacobokeeffe-ow mentioned this pull request Apr 13, 2026
Open
@jacobokeeffe-ow
Copy link
Copy Markdown
Author

jacobokeeffe-ow commented Apr 13, 2026

@sergio-sisternes-epam apologies for the formatting changes but when I run uv run black . I end up with 308 files reformatted. I followed the instructions in the contributing guide and don't see anything obvious I'm doing wrong.

I might be mistaken but I don't see black being run as part of CI so I'm wondering if the whole repo genuinely needs reformatting or if maybe the instructions just need updating - let me know!

sergio-sisternes-epam
sergio-sisternes-epam approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@sergio-sisternes-epam sergio-sisternes-epam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean fix -- the 6-line change in _do_fetch() correctly distinguishes "private repo hiding existence" from "file not found" by raising on unauthenticated 404 to trigger try_with_fallback auth retry. Good test coverage with 4 regression tests.

Re: formatting -- we don't enforce black in CI, so the reformatting here is fine (contained to files you touched). We should update the contributing guide to clarify this. Thanks for flagging it!

Note: CI hasn't run yet (fork PR). Would be good to get Build & Test triggered before merge.

@sergio-sisternes-epam sergio-sisternes-epam mentioned this pull request Apr 14, 2026
Open
@jacobokeeffe-ow
Copy link
Copy Markdown
Author

jacobokeeffe-ow commented Apr 14, 2026

thanks @sergio-sisternes-epam.

I think you might need to give approval in order the get the github action to run? https://github.com/microsoft/apm/actions/runs/24339327316 : "This workflow is awaiting approval from a maintainer"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sergio-sisternes-epam sergio-sisternes-epam sergio-sisternes-epam approved these changes

@danielmeppiel danielmeppiel Awaiting requested review from danielmeppiel danielmeppiel is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

apm marketplace add fails to authenticate when fetching marketplace.json from private repositories

2 participants

@jacobokeeffe-ow @sergio-sisternes-epam