When one keyring attempt fails, don't bother with more

news/8090.bugfix

@@ -0,0 +1,3 @@
+Only attempt to use the keyring once and if it fails, don't try again.
+This prevents spamming users with several keyring unlock prompts when they
+cannot unlock or don't want to do so.

src/pip/_internal/network/auth.py

@@ -44,6 +44,7 @@
 def get_keyring_auth(url, username):
     # type: (str, str) -> Optional[AuthInfo]
     """Return the tuple auth for a given url from keyring."""
+    global keyring
     if not url or not keyring:
         return None
 
@@ -69,6 +70,7 @@ def get_keyring_auth(url, username):
         logger.warning(
             "Keyring is skipped due to an exception: %s", str(exc),
         )
+        keyring = None
     return None
 
 

tests/unit/test_network_auth.py

@@ -242,3 +242,29 @@ def test_keyring_get_credential(monkeypatch, url, expect):
     assert auth._get_new_credentials(
         url, allow_netrc=False, allow_keyring=True
     ) == expect
+
+
+class KeyringModuleBroken(object):
+    """Represents the current supported API of keyring, but broken"""
+
+    def __init__(self):
+        self._call_count = 0
+
+    def get_credential(self, system, username):
+        self._call_count += 1
+        raise Exception("This keyring is broken!")
+
+
+def test_broken_keyring_disables_keyring(monkeypatch):
+    keyring_broken = KeyringModuleBroken()
+    monkeypatch.setattr(pip._internal.network.auth, 'keyring', keyring_broken)
+
+    auth = MultiDomainBasicAuth(index_urls=["http://example.com/"])
+
+    assert keyring_broken._call_count == 0
+    for i in range(5):
+        url = "http://example.com/path" + str(i)
+        assert auth._get_new_credentials(
+            url, allow_netrc=False, allow_keyring=True
+        ) == (None, None)
+        assert keyring_broken._call_count == 1