This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-releases-client.git
The following commit(s) were added to refs/heads/main by this push:
new 641d173 Warn when the configuration ASF UID does not match the JWT UID
641d173 is described below
commit 641d173ed8ad5bb9359bb312e31919c2368ca598
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Jul 11 14:06:37 2025 +0100
Warn when the configuration ASF UID does not match the JWT UID
---
pyproject.toml | 4 ++--
src/atrclient/client.py | 23 ++++++++++++++++-------
uv.lock | 4 ++--
3 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/pyproject.toml b/pyproject.toml
index fdcd703..e4404db 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -11,7 +11,7 @@ build-backend = "hatchling.build"
[project]
name = "apache-trusted-releases"
-version = "0.20250710.1944"
+version = "0.20250711.1305"
description = "ATR CLI and Python API"
readme = "README.md"
requires-python = ">=3.13"
@@ -48,4 +48,4 @@ atr = "atrclient.client:main"
packages = ["src/atrclient"]
[tool.uv]
-exclude-newer = "2025-07-10T19:44:00Z"
+exclude-newer = "2025-07-11T13:05:00Z"
diff --git a/src/atrclient/client.py b/src/atrclient/client.py
index 8024eb2..2045766 100755
--- a/src/atrclient/client.py
+++ b/src/atrclient/client.py
@@ -603,20 +603,29 @@ def config_jwt_refresh(asf_uid: str | None = None) -> str:
def config_jwt_usable() -> str:
+ with config_lock() as config:
+ config_asf_uid = config_get(config, ["asf", "uid"])
+
jwt_value, payload = config_jwt_payload()
if jwt_value is None:
- with config_lock() as config:
- asf_uid = config_get(config, ["asf", "uid"])
- if asf_uid is None:
+ if config_asf_uid is None:
show_error_and_exit("No ASF UID stored in configuration.")
- return config_jwt_refresh(asf_uid)
+ return config_jwt_refresh(config_asf_uid)
exp = payload.get("exp") or 0
if exp < time.time():
- asf_uid = payload.get("sub")
- if not asf_uid:
+ payload_asf_uid = payload.get("sub")
+ if not payload_asf_uid:
show_error_and_exit("No ASF UID in JWT payload.")
- return config_jwt_refresh(asf_uid)
+ if payload_asf_uid != config_asf_uid:
+ # The user probably just changed their configuration
+ # But we will refresh the JWT anyway
+ # It will still fail if the PAT is not valid
+ show_warning(
+ f"JWT ASF UID {payload_asf_uid} does not "
+ f"match configuration ASF UID {config_asf_uid}"
+ )
+ return config_jwt_refresh(payload_asf_uid)
return jwt_value
diff --git a/uv.lock b/uv.lock
index 3723fd9..d8823f3 100644
--- a/uv.lock
+++ b/uv.lock
@@ -2,7 +2,7 @@ version = 1
requires-python = ">=3.13"
[options]
-exclude-newer = "2025-07-10T19:44:00Z"
+exclude-newer = "2025-07-11T13:05:00Z"
[[package]]
name = "aiohappyeyeballs"
@@ -74,7 +74,7 @@ wheels = [
[[package]]
name = "apache-trusted-releases"
-version = "0.20250710.1944"
+version = "0.20250711.1305"
source = { editable = "." }
dependencies = [
{ name = "aiohttp" },
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
