# PR: Release databusclient 0.15 to PyPI (Issue #35)

[DhanashreePetare]

Description

This PR prepares and enables the publication of databusclient version 0.15 to PyPI, addressing issue #35. The PyPI package is currently outdated (from 2023), making the README installation instructions inconsistent with what users get via pip install databusclient.

Implementation

• Version set to 0.15 in pyproject.toml (skipping 0.13 and 0.14 as requested)
• Added __version__ = "0.15" to databusclient/__init__.py for runtime version checking
• Updated CHANGELOG.md with proper formatting and release notes

Related Issues
Issue #35

Type of change

• New feature (non-breaking change which adds functionality)
• This change requires a documentation update

Checklist:

• My code follows the ruff code style of this project.
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (if applicable)
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
  • poetry run pytest - all tests passed
  • poetry run ruff check - no linting errors

For Maintainers: How to Publish to PyPI

Since I don't have PyPI publishing credentials, a maintainer with access needs to complete the publication:

Quick Publish (if you trust the build):

# Switch to this branch
git checkout release/0.15

# Build the package
poetry build

# Validate (should pass)
twine check dist/*

# Upload to PyPI (requires credentials)
twine upload dist/*

# Create and push git tag
git tag -a v0.15 -m "Release version 0.15"
git push origin v0.15

Detailed Instructions

See RELEASE_NOTES.md for comprehensive publishing instructions including TestPyPI testing.

[coderabbitai]

📝 Walkthrough

Walkthrough

Release prep for v0.15: bumped package version and changelogs, added Vault-host-restricted download authentication and DownloadAuthError, introduced Vault token exchange retry on 401/403, expanded docstrings across modules, refactored main to expose main(), and added tests for Vault download behavior.

Changes

Cohort / File(s)	Summary
Version & Release CHANGELOG.md, pyproject.toml, RELEASE_NOTES.md	Bumped version to 0.15 and added changelog/release notes describing Vault auth, error-message updates, redirect handling, and documentation/testing updates.
Top-level package databusclient/__init__.py, databusclient/__main__.py	Added package docstring and __version__ = "0.15"; replaced unconditional CLI invocation with a named main() function guarded by if __name__ == "__main__".
CLI databusclient/cli.py	Imported DownloadAuthError and wrapped download command calls to convert DownloadAuthError into ClickException for user-friendly CLI errors.
Download & Auth databusclient/api/download.py	Added VAULT_REQUIRED_HOSTS and DownloadAuthError; enforce host-restricted Vault token requirement, implement token-exchange POST to Vault and Authorization Bearer retry on 401, and map 401/403 to explicit DownloadAuthError messages.
Deploy / Upload APIs databusclient/api/deploy.py, databusclient/api/delete.py, databusclient/extensions/webdav.py, databusclient/api/utils.py	Extensive docstring additions and input validation in deploy routines (including distribution metadata checks); delete and WebDAV helpers gained module/function docstrings; utils docstrings reformatted — no behavioral changes claimed.
Tests & Test helpers tests/conftest.py, tests/test_download_auth.py	Added SPARQLWrapper shim for tests; added unit tests covering Vault host token requirement, token-exchange success/failure, 401/403 handling, and non-Vault-host download behavior (mocks for requests.head/get/post).
Docs & README README.md, CHANGELOG.md	README updated with upgrade note and Vault-token guidance for protected hosts; changelog added.
Repository .gitignore	Added vault-token.dat and test-download/ to gitignore.

Sequence Diagram

sequenceDiagram
    autonumber
    participant CLI as User / CLI
    participant DL as databusclient.api.download
    participant Vault as Vault Service
    participant Host as Protected Host

    CLI->>DL: request download(url, vault_token_file?)
    DL->>DL: parse host
    alt host in VAULT_REQUIRED_HOSTS
        DL->>CLI: if no vault_token_file: raise DownloadAuthError ("Vault token required")
        DL->>Host: HEAD (initial)
        Host-->>DL: 401 Unauthorized
        DL->>DL: read vault_token_file -> refresh_token
        DL->>Vault: POST token-exchange (refresh_token, audience/host)
        Vault-->>DL: access_token or error
        alt access_token received
            DL->>Host: retry HEAD/GET with Authorization: Bearer <access_token>
            alt 200 OK
                Host-->>DL: content/metadata
                DL-->>CLI: download success
            else 401/403
                DL-->>CLI: raise DownloadAuthError ("invalid/expired" or "insufficient permission")
            end
        else token exchange failed
            DL-->>CLI: raise DownloadAuthError ("token exchange failed")
        end
    else non-protected host
        DL->>Host: HEAD/GET
        alt 401 without Bearer
            DL-->>CLI: raise DownloadAuthError ("API key required")
        else 200 OK
            Host-->>DL: content/metadata
            DL-->>CLI: download success
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Areas requiring extra attention:
  • databusclient/api/download.py: verify host list, Vault token-exchange request/response handling, header tweaks (Accept-Encoding), and user-facing messages.
  • tests/test_download_auth.py: ensure mocks accurately reflect real Vault and host behaviors and cover edge cases.
  • databusclient/__main__.py / databusclient/cli.py: confirm CLI entrypoint change doesn't alter packaging/entrypoint wiring and that DownloadAuthError is surfaced properly.

Possibly related PRs

• Refactor/project structure #39 — modifies the download module; related to Vault token handling and download authentication logic.
• Restrict Vault token exchange to specific hosts; improve auth errors; (Issue #19) #40 — implements VAULT_REQUIRED_HOSTS and DownloadAuthError with token-exchange and improved 401/403 handling; closely matches these changes.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.10% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and specifically describes the main change: releasing databusclient version 0.15 to PyPI, referencing the associated issue.
Description check	✅ Passed	PR description is well-structured with clear sections (Description, Type of change, Checklist) matching the template and including related issue reference, implementation details, and publishing instructions.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

tests/conftest.py (1)

1-30: LGTM!

A lightweight SPARQLWrapper shim for tests when the package isn't installed. The conditional guard at line 5 prevents overwriting a real installation.

One optional enhancement: if future tests need different SPARQL responses, consider making DummySPARQL configurable or adding a pytest fixture that can customize the return value.

databusclient/api/delete.py (1)

41-48: Minor docstring/type inconsistency.

The type hint specifies List[str] but the docstring says "Iterable of full Databus URIs". Consider aligning them for consistency.

🔎 Option 1 - Update docstring to match type hint:

     def add_uris(self, databusURIs: List[str]):
         """Add multiple Databus URIs to the deletion queue.
 
         Args:
-            databusURIs: Iterable of full Databus URIs.
+            databusURIs: List of full Databus URIs.
         """

🔎 Option 2 - Update type hint to match docstring (more flexible):

+from typing import Iterable, List
+
-    def add_uris(self, databusURIs: List[str]):
+    def add_uris(self, databusURIs: Iterable[str]):

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e16ff76 and 22e4d86.

📒 Files selected for processing (13)

• CHANGELOG.md (1 hunks)
• README.md (2 hunks)
• databusclient/__init__.py (1 hunks)
• databusclient/__main__.py (1 hunks)
• databusclient/api/delete.py (2 hunks)
• databusclient/api/deploy.py (7 hunks)
• databusclient/api/download.py (4 hunks)
• databusclient/api/utils.py (2 hunks)
• databusclient/cli.py (2 hunks)
• databusclient/extensions/webdav.py (4 hunks)
• pyproject.toml (1 hunks)
• tests/conftest.py (1 hunks)
• tests/test_download_auth.py (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

CHANGELOG.md

13-13: Multiple headings with the same content

(MD024, no-duplicate-heading)

🔇 Additional comments (28)

databusclient/extensions/webdav.py (4)

1-7: Module docstring is clear and informative. Provides a concise summary of the module's purpose (WebDAV/Nextcloud upload helper), describes the workflow (SHA-256 checksums, rclone copy, metadata generation), and references key functions. Good foundation for developer orientation.

---

16-24: Docstring for compute_sha256_and_length is well-structured. Args and Returns are clearly documented; naming conventions match the actual return values (hexdigest() and total_length). Makes the function's contract explicit.

---

37-42: Docstring for get_all_files clearly distinguishes file vs. directory behavior. The description of returning absolute paths for recursive directory walks is accurate and helpful for callers. Good level of detail without verbosity.

---

52-65: Docstring for upload_to_webdav is comprehensive and well-documented. All parameters are clearly described, and the return value includes the dict keys (filename, checksum, size, url), making it easy for downstream consumers like deploy_from_metadata to understand the data structure. Excellent documentation addition.

pyproject.toml (1)

3-3: LGTM!

Version bump to 0.15 aligns with the release preparation documented in CHANGELOG.md and README.md.

README.md (2)

44-48: LGTM!

Clear upgrade instructions for users who may have an older version installed. The explicit version pin databusclient==0.15 ensures users get the intended release.

---

173-174: LGTM!

Helpful clarification about when Vault tokens are required. This aligns with the Vault authentication improvements mentioned in the changelog.

databusclient/__main__.py (1)

9-19: LGTM!

Encapsulating cli.app() in a named main() function with a __name__ == "__main__" guard is a good practice that improves testability and prevents side effects on import.

databusclient/__init__.py (1)

1-21: LGTM!

Good docstring additions that improve documentation coverage. The module and function docstrings clearly explain the package's purpose and the run() function's role.

databusclient/api/delete.py (1)

1-70: LGTM!

Comprehensive docstrings added to the DeleteQueue class and its methods. The documentation clearly explains the purpose and usage of each method.

databusclient/api/utils.py (2)

1-5: LGTM! Clear module documentation.

The module docstring provides a helpful overview of the utility functions and their usage across API submodules.

---

33-54: LGTM! Improved docstring clarity.

The updated docstrings are more concise and use consistent formatting. The descriptions accurately reflect the function behaviors.

databusclient/api/download.py (5)

16-25: LGTM! Well-designed authentication constants.

The explicit host whitelist (VAULT_REQUIRED_HOSTS) and dedicated exception class (DownloadAuthError) provide clear security boundaries and enable user-friendly error handling. The comment clearly marks this as the authoritative source.

---

69-77: LGTM! Effective fail-fast validation.

The early hostname check prevents confusing downstream authentication errors and provides clear guidance to users. Using urlparse for hostname extraction is the correct approach.

---

82-84: LGTM! Consistent error handling.

Converting to DownloadAuthError provides consistent, user-friendly error reporting for authentication failures.

---

110-143: LGTM! Secure and well-structured Vault authentication flow.

The authentication logic correctly:

• Restricts token exchange to explicitly configured hosts (VAULT_REQUIRED_HOSTS)
• Provides clear, actionable error messages for auth failures
• Maps HTTP status codes to user-friendly explanations

The removal of Accept-Encoding at line 134 likely avoids compression-related issues during retry, though it's worth confirming this is intentional behavior.

---

146-153: LGTM! Comprehensive error coverage.

The generic 403/401 handlers provide helpful fallback messages for authentication failures outside the Bearer token flow, guiding users to check their credentials.

databusclient/api/deploy.py (3)

1-6: LGTM! Clear module documentation.

The module docstring provides a helpful overview of the deploy functionality and its main components.

---

35-199: LGTM! Enhanced function documentation.

The updated docstrings across multiple helper functions provide clear, concise descriptions of behavior, parameters, and return values. The documentation improvements aid maintainability without changing functionality.

---

277-296: LGTM! Robust input validation.

The validation logic correctly:

• Checks for missing required keys and provides clear error messages
• Validates that size is a positive integer
• Validates SHA-256 checksums are exactly 64 hexadecimal characters

This defensive validation catches malformed metadata early and provides helpful error messages.

databusclient/cli.py (3)

10-10: LGTM! Required import for error handling.

The DownloadAuthError import enables the CLI to provide user-friendly error messages for authentication failures.

---

16-20: LGTM! Improved CLI documentation.

The enhanced docstring provides a clear overview of available commands.

---

178-190: LGTM! Clean error handling integration.

The try/except block correctly catches DownloadAuthError and converts it to a ClickException, ensuring authentication errors are presented to users in a clear, CLI-friendly format. The original error message is preserved for maximum clarity.

tests/test_download_auth.py (5)

12-32: LGTM! Well-designed test helper.

The make_response helper effectively mocks the requests.Response interface, including iter_content for streaming and raise_for_status for error handling. This provides clean test setup across multiple test cases.

---

35-42: LGTM! Effective test for early validation.

The test correctly verifies that attempting to download from a Vault-required host without a token raises DownloadAuthError with an appropriate message.

---

45-55: LGTM! Validates normal download path.

The test confirms that downloads from non-Vault hosts proceed without requiring a Vault token, ensuring the authentication restrictions are properly scoped.

---

58-87: LGTM! Comprehensive token exchange error handling test.

The test correctly simulates the entire token exchange flow and verifies that a 401 response after token exchange produces a clear error message about token validity. The use of monkeypatch for REFRESH_TOKEN avoids filesystem dependencies.

---

90-104: LGTM! Validates permission error handling.

The test confirms that 403 Forbidden responses produce clear error messages about insufficient permissions, providing good coverage of authorization failure scenarios.