Allow non-existant path dependencies

[adriangb]

Currently poetry lock --no-update fails when you remove any path dependency because it first loads all dependencies from the lock file (which still has a reference to the dependency you just deleted) and it fails at that point because when DirectoryDependency is instantiated with a non-existent path it immediately throws an exception.

This change allows the process to continue, which is the same behavior VCS dependencies have.

If the pyproject.toml has a path dependency that doesn't exist we will want to error for poetry install and poetry lock (poetry build with path dependencies is already kinda a no-go). poetry install already fails gracefully (if you lock the project then delete the path dependency and try to install; i.e. when no locking happens before we start installing), I opened python-poetry/poetry#6844 to make poetry lock fail gracefully.

[adriangb]

I looked into the version history for this file to see if I could find some rational for the way it currently works. This goes all the way back to the "Initial commit"

poetry-core/poetry_core/packages/directory_dependency.py

Line 35 in d095e4a

raise ValueError("Directory {} does not exist".format(self._path))

so I guess at this point only @sdispater knows.

[adriangb]

@radoering any thoughts on this?

[radoering]

I think it makes sense, but I have to take a deeper look if python-poetry/poetry#6844 is sufficient (i.e. covers all commands). For example, does poetry show still fails gracefully?

Further, I think we should do a similar change for file dependencies because it's the same use case.

[radoering]

related: python-poetry/poetry#668, #210

[radoering]

Either all checks should raise an error or all checks should emit a warning (different modes). If I don't care if the directory exists, I won't care if it has been replaced with a file.

[radoering]

Same here. If I don't care for existence, I won't care if it's not a Python package.

[adriangb]

I'd like to push back on this a bit. There's a real use case for creating a DirectoryDependency pointing to a path that does not exist: you deleted or renamed the dependency and are updating the lock file. I can't think of any use case where you'd want to point at an existing but invalid dependency, so in those cases I think failing fast is the best option.

[radoering]

I like mentioning the name of the dependency (how you did in the companion PR). Maybe, we can add it in the warning/error messages here, too.

[radoering]

I think we should try the approach mentioned in #210 (comment). We need two modes for _validate: a warning mode and an exception mode. The warning mode can be used in the __init__ and the exception mode in full_path. I think it should be save to assume that when accessing full_path the directory must exist (and be a valid project).

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[adriangb]

Removing this test since we actually want to be able to create a Poetry object with invalid path deps, we just want it to fail for certain operations (install, show, etc.).

[adriangb]

I think these tests should be testing each individual failure mode, but this was good enough for years so I suppose it will do

[adriangb]

Adding name was necessary because .name doesn't get set until super().__init__ is called which already requires full_path.

[adriangb]

This little bit of caching means that if we already checked in __init__ we don't need to check again. We could also cache the negative case but it doesn't seem worth the complexity IMO.

[adriangb]

I'd like to push back on this a bit. There's a real use case for creating a DirectoryDependency pointing to a path that does not exist: you deleted or renamed the dependency and are updating the lock file. I can't think of any use case where you'd want to point at an existing but invalid dependency, so in those cases I think failing fast is the best option.

[adriangb]

So this works. Conceptually though I don't like the idea of having .full_path be the "validation". From the perspective of the poetry codebase it seems like it might be a bit confusing, even calling it something like get_full_path_and_validate_dependency() -> Path would be better to make it clear that this method gets called for validation. But that's more your call, you're more familiar with the coupling between the codebases.

[radoering]

You have got a point there. On the one hand it's an easier transition from "validation in __init__" and you can't forget to validate, on the other hand it might be a bit surprising. We could also make the validate method "public" and require to call it explicitly. Some more eyes might be needed here. I'll discuss this with other maintainers.

[adriangb]

Sounds good. Do you think we could move forward with what we've got in the meantime? I think what we've got here is better than what we had before and the behavior ("automatic" validation) is largely the same, so we could treat making validate public and somehow requiring it to be explicitly called a future refactoring. Mostly because I think there needs to be some thought put into what this means for other dependency types (VCS, direct, etc.) and where it should be called in poetry; I don't want that to stall this work.

[radoering]

I took a deeper look into this topic and believe to have found a cleaner solution in #520. Please take a look if this approach fits your needs.

[adriangb]

Yep should work