snapstore-client

Merge ~tonysimpson/snapstore-client:snapstore-library-integration into snapstore-client:master

Proposed by Tony Simpson on 2019-08-07

Status:	Work in progress
Proposed branch:	~tonysimpson/snapstore-client:snapstore-library-integration
Merge into:	snapstore-client:master
Diff against target:	3582 lines (+1951/-1049) 19 files modified Makefile (+32/-12) dev/null (+0/-185) requirements.txt (+1/-0) snap/plugins/_python/__init__.py (+19/-0) snap/plugins/_python/_pip.py (+575/-0) snap/plugins/_python/_python_finder.py (+104/-0) snap/plugins/_python/_sitecustomize.py (+124/-0) snap/plugins/_python/errors.py (+79/-0) snap/plugins/python_ols.py (+499/-0) snap/snapcraft.yaml (+15/-8) snapstore (+1/-126) snapstore_client/__main__.py (+136/-0) snapstore_client/logic/login.py (+36/-59) snapstore_client/logic/overrides.py (+79/-71) snapstore_client/logic/push.py (+0/-5) snapstore_client/logic/tests/test_login.py (+103/-265) snapstore_client/logic/tests/test_overrides.py (+106/-313) snapstore_client/logic/tests/utils.py (+42/-0) snapstore_client/utils.py (+0/-5)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Simon Davy (community)		2019-08-07	Approve on 2019-08-09
Review via email: mp+371039@code.launchpad.net

Commit message

Integrate snapstore_library auth and overrides

Description of the change

Integrates the snapstore-library authentication and override

Tests have been simplified because snapstore-library has test coverage. Updated tests just cover functionality in CLI code.

snap/plugins/* should be ignore as it is just a copy of code from lp:snapstore-snap

There is a snapstore-library branch in lp:~siab/+git/siab-dependencies that can be used for testing.

CI integration has not been considered yet - a setup-jenkaas would need to be added to the Makefile and would need to pull siab-dependencies

snapstore-library review here https://code.launchpad.net/~tonysimpson/snapstore-library/+git/snapstore-library/+merge/371038

Revision history for this message

Simon Davy (bloodearnest) wrote on 2019-08-09:

Ok, so this is a big MP to review, which is not great

It might have have been better to split it into 2 or 3, 1 just adding the python-ols snapcraft plugin, one for overrides and one for authentication?

That said, I think the tests are much improved, and the use of the library makes this all much nicer.

review: Approve

Unmerged commits

9038b0a... by Tony Simpson on 2019-08-07

Removed dead code

e980150... by Tony Simpson on 2019-08-06

Make build process more like snap-store-proxy

Borrow approach from snapstore-snap (snap-store-proxy).
snap/plugins/* is a copy of plugin from snap-store-proxy.

54341a0... by Tony Simpson on 2019-08-02

Integrate snapstore_library auth and overrides

* Test have been rewritten, still requires a few more I think
* Dead code has not been removed yet
* Has not been user tested

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

SIAB

Tony Simpson

 diff --git a/Makefile b/Makefile
 index d8f1bd4..2266b98 100644
 --- a/Makefile
 +++ b/Makefile
@@ -1,15 +1,22 @@
--# In a global tmp dir for now so snapcraft doesn't make copies (see
--# https://forum.snapcraft.io/t/customizable-ignores/230/12).
--TMPDIR = /tmp/snapstore-client.tmp
--
++FILE_DEPS = Makefile snap/snapcraft.yaml snapstore snapstore_client/**/*.py dependencies/*.*
  SERVICE_PACKAGE = snapstore_client
--ENV = $(TMPDIR)/env
++ENV = env
  PYTHON3 = $(ENV)/bin/python3
  PIP = $(PYTHON3) -m pip
  FLAKE8 = $(ENV)/bin/flake8
  DEPENDENCY_REPO ?= lp:~siab/+git/siab-dependencies
--SNAPSTORE_DEPENDENCY_DIR ?= $(TMPDIR)/dependencies
++SNAPSTORE_DEPENDENCY_DIR = dependencies
++
++SNAPCRAFT ?= snapcraft
++VIRT := $(shell systemd-detect-virt)
++ifeq ($(VIRT),lxc)
++  SNAPCRAFT_FLAGS ?= --destructive-mode
++else
++  SNAPCRAFT_FLAGS ?= --use-lxd
++endif
++SNAPCRAFT_BUILD_ENVIRONMENT_CHANNEL_SNAPCRAFT ?= edge
++export PATH := $(PATH):/snap/bin
  $(SNAPSTORE_DEPENDENCY_DIR):
@@ -26,8 +33,13 @@ $(ENV)/dev: $(ENV)/prod
  bootstrap: $(ENV)/prod
--snap:
--	snapcraft cleanbuild
++snap-store-proxy-client.snap: $(SNAPSTORE_DEPENDENCY_DIR) $(FILE_DEPS)
++	SNAPCRAFT_BUILD_ENVIRONMENT_CHANNEL_SNAPCRAFT=${SNAPCRAFT_BUILD_ENVIRONMENT_CHANNEL_SNAPCRAFT} SNAPCRAFT_ENABLE_ERROR_REPORTING=0 $(SNAPCRAFT) snap $(SNAPCRAFT_FLAGS) --output snap-store-proxy-client.snap
++
++snap: snap-store-proxy-client.snap
++
++install: snap
++	sudo snap install snap-store-proxy-client.snap --dangerous
  test: $(ENV)/dev
  	$(PYTHON3) -m unittest $(TESTS) 2>&1
@@ -49,11 +61,19 @@ coverage: $(ENV)/dev
  	$(PYTHON3) -m coverage html
  clean:
--	rm -rf $(TMPDIR)
++ifneq (,$(findstring --destructive-mode, $(SNAPCRAFT_FLAGS)))
++		rm -fr parts
++		rm -fr stage
++else
++		$(SNAPCRAFT) clean $(SNAPCRAFT_FLAGS)
++endif
++	rm -rf env
  	rm -rf dist docs/build
  	rm -rf .coverage htmlcov
--	find -name '__pycache__' -print0 | xargs -0 rm -rf
--	find -name '*.~*' -delete
++	snapcraft clean
++
++fullclean: clean
++	rm -rf dependencies
--.PHONY: bootstrap test lint coverage clean snap docs
++.PHONY: bootstrap test lint coverage clean fullclean snap install docs
 diff --git a/requirements.txt b/requirements.txt
 index 09ae15a..19a551f 100644
 --- a/requirements.txt
 +++ b/requirements.txt
@@ -2,3 +2,4 @@ pymacaroons
  pysha3
  pyxdg
  requests
++snapstore_library
 \ No newline at end of file
 diff --git a/snap/plugins/_python/__init__.py b/snap/plugins/_python/__init__.py
 new file mode 100644
 index 0000000..6d6ad33
 --- /dev/null
 +++ b/snap/plugins/_python/__init__.py
@@ -0,0 +1,19 @@
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++from ._pip import Pip  # noqa
++from ._python_finder import get_python_command  # noqa
++from ._sitecustomize import generate_sitecustomize  # noqa
 diff --git a/snap/plugins/_python/_pip.py b/snap/plugins/_python/_pip.py
 new file mode 100644
 index 0000000..9acf3ba
 --- /dev/null
 +++ b/snap/plugins/_python/_pip.py
@@ -0,0 +1,575 @@
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2016-2019 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import collections
++import contextlib
++import json
++import logging
++import os
++import re
++import shutil
++import stat
++import subprocess
++import sys
++import tempfile
++from typing import List, Optional, Sequence, Set
++
++import snapcraft
++from snapcraft import file_utils
++from snapcraft.internal import mangling
++from ._python_finder import get_python_command, get_python_headers, get_python_home
++from . import errors
++
++logger = logging.getLogger(__name__)
++
++
++def _process_common_args(
++    *, constraints: Optional[Set[str]] = None, process_dependency_links: bool = False
++) -> List[str]:
++    args = []
++    if constraints:
++        for constraint in constraints:
++            args.extend(["--constraint", constraint])
++
++    if process_dependency_links:
++        args.append("--process-dependency-links")
++
++    return args
++
++
++def _process_package_args(
++    *, packages: Sequence[str], requirements: Sequence[str], setup_py_dir: str
++) -> List[str]:
++    args = []
++    if requirements:
++        for requirement in requirements:
++            args.extend(["--requirement", requirement])
++
++    if packages:
++        args.extend(packages)
++
++    if setup_py_dir:
++        args.append(".")
++
++    return args
++
++
++def _replicate_owner_mode(path):
++    # Don't bother with a path that doesn't exist or is a symlink. The target
++    # of the symlink will either be updated anyway, or we won't have permission
++    # to change it.
++    if not os.path.exists(path) or os.path.islink(path):
++        return
++
++    file_mode = os.stat(path).st_mode
++
++    # We at least need to write to it to fix shebangs later
++    new_mode = file_mode | stat.S_IWUSR
++
++    # If the owner can execute it, so should everyone else.
++    if file_mode & stat.S_IXUSR:
++        new_mode |= stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH
++
++    # If the owner can read it, so should everyone else
++    if file_mode & stat.S_IRUSR:
++        new_mode |= stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH
++
++    os.chmod(path, new_mode)
++
++
++def _fix_permissions(path):
++    for root, dirs, files in os.walk(path):
++        for filename in files:
++            _replicate_owner_mode(os.path.join(root, filename))
++        for dirname in dirs:
++            _replicate_owner_mode(os.path.join(root, dirname))
++
++
++def _expand_vars(text, project_dir):
++    text = text.replace('$SNAPCRAFT_PROJECT_DIR', project_dir)
++    text = text.replace('${SNAPCRAFT_PROJECT_DIR}', project_dir)
++    return text
++
++
++class Pip:
++    """Wrapper for pip abstracting the args necessary for use in a part.
++
++    This class takes care of fetching pip, setuptools, and wheel, and then
++    simply shells out to pip with the magical arguments necessary to install
++    packages into a part.
++
++    Of particular importance: packages must be downloaded (via download())
++    before they can be installed or have wheels built.
++    """
++
++    def __init__(self, *, python_major_version, part_dir, install_dir, stage_dir, project_dir):
++        """Initialize pip.
++
++        You must call setup() before you can actually use pip.
++
++        :param str python_major_version: The python major version to find (2 or
++                                         3)
++        :param str part_dir: Path to the part's working area
++        :param str install_dir: Path to the part's install area
++        :param str stage_dir: Path to the staging area
++        :param str project_dir: Path to the project area
++
++        :raises MissingPythonCommandError: If no python could be found in the
++                                           staging or part's install area.
++        """
++        self._python_major_version = python_major_version
++        self._install_dir = install_dir
++        self._stage_dir = stage_dir
++        self._project_dir = project_dir
++
++        self._python_package_dir = os.path.join(part_dir, "python-packages")
++        os.makedirs(self._python_package_dir, exist_ok=True)
++
++        self.__python_command = None  # type:str
++        self.__python_home = None  # type: str
++
++    @property
++    def _python_command(self):
++        """Lazily determine the python command required."""
++        if not self.__python_command:
++            self.__python_command = get_python_command(
++                self._python_major_version,
++                stage_dir=self._stage_dir,
++                install_dir=self._install_dir,
++            )
++        return self.__python_command
++
++    @property
++    def _python_home(self):
++        """Lazily determine the correct python home."""
++        if not self.__python_home:
++            self.__python_home = get_python_home(
++                self._python_major_version,
++                stage_dir=self._stage_dir,
++                install_dir=self._install_dir,
++            )
++        return self.__python_home
++
++    def setup(
++        self,
++        no_index: bool = False,
++        find_links: Optional[Sequence[str]] = None
++    ):
++        """Install pip and dependencies.
++
++        Check to see if pip has already been installed. If not, fetch pip,
++        setuptools, and wheel, and install them so they can be used.
++        """
++
++        self._ensure_pip_installed(
++            no_index=no_index,
++            find_links=find_links
++        )
++        self._ensure_wheel_installed(
++            no_index=no_index,
++            find_links=find_links
++        )
++        self._ensure_setuptools_installed(
++            no_index=no_index,
++            find_links=find_links
++        )
++
++    def is_setup(self):
++        """Return true if this class has already been setup."""
++
++        return (
++            self._is_pip_installed()
++            and self._is_wheel_installed()
++            and self._is_setuptools_installed()
++        )
++
++    def _ensure_pip_installed(
++        self,
++        no_index: bool = False,
++        find_links: Optional[Sequence[str]] = None
++    ):
++        # Check to see if we have our own pip. If not, we need to use the pip
++        # on the host (installed via build-packages) to grab our own.
++        if not self._is_pip_installed():
++            logger.info("Fetching and installing pip...")
++
++            real_python_home = self.__python_home
++
++            # Make sure we're using pip from the host. Wrapping this operation
++            # in a try/finally to make sure we revert away from the host's
++            # python at the end.
++            try:
++                self.__python_home = os.path.join(os.path.sep, "usr")
++
++                # Using the host's pip, install our own pip
++                self.download(
++                    {"pip"},
++                    no_index=no_index,
++                    find_links=find_links
++                )
++                self.install({"pip"}, ignore_installed=True)
++            finally:
++                # Now that we have our own pip, reset the python home
++                self.__python_home = real_python_home
++
++    def _ensure_wheel_installed(
++        self,
++        no_index: bool = False,
++        find_links: Optional[Sequence[str]] = None
++    ):
++        if not self._is_wheel_installed():
++            logger.info("Fetching and installing wheel...")
++            self.download(
++                {"wheel"},
++                no_index=no_index,
++                find_links=find_links
++            )
++            self.install({"wheel"}, ignore_installed=True)
++
++    def _ensure_setuptools_installed(
++        self,
++        no_index: bool = False,
++        find_links: Optional[Sequence[str]] = None
++    ):
++        if not self._is_setuptools_installed():
++            logger.info("Fetching and installing setuptools...")
++            self.download(
++                {"setuptools"},
++                no_index=no_index,
++                find_links=find_links
++            )
++            self.install({"setuptools"}, ignore_installed=True)
++
++    def _is_pip_installed(self):
++        try:
++            # We're expecting an error here at least once complaining about
++            # pip not being installed. In order to verify that the error is the
++            # one we think it is, we need to process the stderr. So we'll
++            # redirect it to stdout. If it's not the error we expect, something
++            # is wrong, so re-raise it.
++            #
++            # Using _run_output here so stdout doesn't get printed to the
++            # terminal.
++            self._run_output([], stderr=subprocess.STDOUT)
++        except subprocess.CalledProcessError as e:
++            output = e.output.decode(sys.getfilesystemencoding()).strip()
++            if "no module named pip" in output.lower():
++                return False
++            else:
++                raise e
++        return True
++
++    def _is_wheel_installed(self):
++        return "wheel" in self.list()
++
++    def _is_setuptools_installed(self):
++        return "setuptools" in self.list()
++
++    def download(
++        self,
++        packages,
++        *,
++        setup_py_dir: Optional[str] = None,
++        constraints: Optional[Set[str]] = None,
++        requirements: Optional[Sequence[str]] = None,
++        process_dependency_links: bool = False,
++        no_index: bool = False,
++        find_links: Optional[Sequence[str]] = None
++    ):
++        """Download packages into cache, but do not install them.
++
++        :param iterable packages: Packages to download from index.
++        :param str setup_py_dir: Directory containing setup.py.
++        :param iterable constraints: Collection of paths to constraints files.
++        :param iterable requirements: Collection of paths to requirements
++                                      files.
++        :param boolean process_dependency_links: Enable the processing of
++                                                 dependency links.
++        :param boolean no_index: Don't hit PyPI
++        :param iterable find_links: Locations of additional repositories
++        """
++        package_args = _process_package_args(
++            packages=packages, requirements=requirements, setup_py_dir=setup_py_dir
++        )
++
++        if not package_args:
++            return  # No operation was requested
++
++        args = _process_common_args(
++            process_dependency_links=process_dependency_links, constraints=constraints
++        )
++        if no_index:
++            args.append('--no-index')
++        if find_links:
++            for fl_item in find_links:
++                args.append('--find-links')
++                args.append(_expand_vars(fl_item, self._project_dir))
++
++        # Using pip with a few special parameters:
++        #
++        # --disable-pip-version-check: Don't whine if pip is out-of-date with
++        #                              the version on pypi.
++        # --dest: Download packages into the directory we've set aside for it.
++        #
++        # For cwd, setup_py_dir will be the actual directory we need to be in
++        # or None.
++        self._run(
++            [
++                "download",
++                "--disable-pip-version-check",
++                "--dest",
++                self._python_package_dir,
++            ]
++            + args
++            + package_args,
++            cwd=setup_py_dir,
++        )
++
++    def install(
++        self,
++        packages,
++        *,
++        setup_py_dir: Optional[str] = None,
++        constraints: Optional[Set[str]] = None,
++        requirements: Optional[Sequence[str]] = None,
++        process_dependency_links: bool = False,
++        upgrade: bool = False,
++        install_deps: bool = True,
++        ignore_installed: bool = False
++    ):
++        """Install packages from cache.
++
++        The packages should have already been downloaded via `download()`.
++
++        :param iterable packages: Packages to install from cache.
++        :param str setup_py_dir: Directory containing setup.py.
++        :param iterable constraints: Collection of paths to constraints files.
++        :param iterable requirements: Collection of paths to requirements
++                                      files.
++        :param boolean process_dependency_links: Enable the processing of
++                                                 dependency links.
++        :param boolean upgrade: Recursively upgrade packages.
++        :param boolean install_deps: Install package dependencies.
++        :param boolean ignore_installed: Reinstall packages if they're already
++                                         installed
++        """
++        package_args = _process_package_args(
++            packages=packages, requirements=requirements, setup_py_dir=setup_py_dir
++        )
++
++        if not package_args:
++            return  # No operation was requested
++
++        args = _process_common_args(
++            process_dependency_links=process_dependency_links, constraints=constraints
++        )
++
++        if upgrade:
++            args.append("--upgrade")
++
++        if not install_deps:
++            args.append("--no-deps")
++
++        if ignore_installed:
++            args.append("--ignore-installed")
++
++        # Using pip with a few special parameters:
++        #
++        # --user: Install packages to PYTHONUSERBASE, which we've pointed to
++        #         the installdir.
++        # --no-index: Don't hit pypi, assume the packages are already
++        #             downloaded (i.e. by using `self.download()`)
++        # --find-links: Provide the directory into which the packages should
++        #               have already been fetched
++        #
++        # For cwd, setup_py_dir will be the actual directory we need to be in
++        # or None.
++        self._run(
++            [
++                "install",
++                "--user",
++                "--no-index",
++                "--find-links",
++                self._python_package_dir,
++            ]
++            + args
++            + package_args,
++            cwd=setup_py_dir,
++        )
++
++        # Installing with --user results in a directory with 700 permissions.
++        # We need it a bit more open than that, so open it up.
++        _fix_permissions(self._install_dir)
++
++        # Fix all shebangs to use the in-snap python.
++        mangling.rewrite_python_shebangs(self._install_dir)
++
++    def wheel(
++        self,
++        packages,
++        *,
++        setup_py_dir: Optional[str] = None,
++        constraints: Optional[Set[str]] = None,
++        requirements: Optional[Sequence[str]] = None,
++        process_dependency_links: bool = False
++    ):
++        """Build wheels of packages in the cache.
++
++        The packages should have already been downloaded via `download()`.
++
++        :param iterable packages: Packages in cache for which to build wheels.
++        :param str setup_py_dir: Directory containing setup.py.
++        :param iterable constraints: Collection of paths to constraints files.
++        :param iterable requirements: Collection of paths to requirements
++                                      files.
++        :param boolean process_dependency_links: Enable the processing of
++                                                 dependency links.
++
++        :return: List of paths to each wheel that was built.
++        :rtype: list
++        """
++        package_args = _process_package_args(
++            packages=packages, requirements=requirements, setup_py_dir=setup_py_dir
++        )
++
++        if not package_args:
++            return []  # No operation was requested
++
++        args = _process_common_args(
++            process_dependency_links=process_dependency_links, constraints=constraints
++        )
++
++        wheels = []  # type: List[str]
++        with tempfile.TemporaryDirectory() as temp_dir:
++
++            # Using pip with a few special parameters:
++            #
++            # --no-index: Don't hit pypi, assume the packages are already
++            #             downloaded (i.e. by using `self.download()`)
++            # --find-links: Provide the directory into which the packages
++            #               should have already been fetched
++            # --wheel-dir: Build wheels into a temporary working area rather
++            #              rather than cwd. We'll copy them over. FIXME: We can
++            #              probably get away just building them in the package
++            #              dir. Try that once this refactor has been validated.
++            self._run(
++                [
++                    "wheel",
++                    "--no-index",
++                    "--find-links",
++                    self._python_package_dir,
++                    "--wheel-dir",
++                    temp_dir,
++                ]
++                + args
++                + package_args,
++                cwd=setup_py_dir,
++            )
++            wheels = os.listdir(temp_dir)
++            for wheel in wheels:
++                file_utils.link_or_copy(
++                    os.path.join(temp_dir, wheel),
++                    os.path.join(self._python_package_dir, wheel),
++                )
++
++        return [os.path.join(self._python_package_dir, wheel) for wheel in wheels]
++
++    def list(self, *, user=False):
++        """Determine which packages have been installed.
++
++        :param boolean user: Whether or not to limit results to user base.
++
++        :return: Dict of installed python packages and their versions
++        :rtype: dict
++        """
++        command = ["list"]
++        if user:
++            command.append("--user")
++
++        packages = collections.OrderedDict()
++        try:
++            output = self._run_output(command + ["--format=json"])
++            json_output = json.loads(output, object_pairs_hook=collections.OrderedDict)
++        except subprocess.CalledProcessError:
++            # --format requires a newer pip, so fall back to legacy output
++            output = self._run_output(command)
++            json_output = []  # type: List[Dict[str, str]]
++            version_regex = re.compile(r"\((.+)\)")
++            for line in output.splitlines():
++                line = line.split()
++                m = version_regex.search(line[1])
++                if not m:
++                    raise errors.PipListInvalidLegacyFormatError(output)
++                json_output.append({"name": line[0], "version": m.group(1)})
++        except json.decoder.JSONDecodeError as e:
++            raise errors.PipListInvalidJsonError(output) from e
++
++        for package in json_output:
++            if "name" not in package:
++                raise errors.PipListMissingFieldError("name", output)
++            if "version" not in package:
++                raise errors.PipListMissingFieldError("version", output)
++            packages[package["name"]] = package["version"]
++        return packages
++
++    def clean_packages(self):
++        """Remove the package cache."""
++        with contextlib.suppress(FileNotFoundError):
++            shutil.rmtree(self._python_package_dir)
++
++    def env(self):
++        """The environment used by pip.
++
++        This function is only useful if you happen to need to call into pip's
++        environment without using the API otherwise made available here (e.g.
++        calling the setup.py directly instead of with pip).
++
++        :return: Dict of the environment necessary to use the pip contained
++                 here.
++        :rtype: dict
++        """
++        env = os.environ.copy()
++        env["PYTHONUSERBASE"] = self._install_dir
++        env["PYTHONHOME"] = self._python_home
++
++        env["PATH"] = "{}:{}".format(
++            os.path.join(self._install_dir, "usr", "bin"), os.path.expandvars("$PATH")
++        )
++
++        headers = get_python_headers(
++            self._python_major_version, stage_dir=self._stage_dir
++        )
++        if headers:
++            current_cppflags = env.get("CPPFLAGS", "")
++            env["CPPFLAGS"] = "-I{}".format(headers)
++            if current_cppflags:
++                env["CPPFLAGS"] = "{} {}".format(env["CPPFLAGS"], current_cppflags)
++
++        return env
++
++    def _run(self, args, runner=None, **kwargs):
++        env = self.env()
++
++        # Using None as the default value instead of common.run so we can mock
++        # common.run.
++        if runner is None:
++            runner = snapcraft.internal.common.run
++        return runner(
++            [self._python_command, "-m", "pip"] + list(args), env=env, **kwargs
++        )
++
++    def _run_output(self, args, **kwargs):
++        return self._run(args, runner=snapcraft.internal.common.run_output, **kwargs)
 diff --git a/snap/plugins/_python/_python_finder.py b/snap/plugins/_python/_python_finder.py
 new file mode 100644
 index 0000000..c677cd6
 --- /dev/null
 +++ b/snap/plugins/_python/_python_finder.py
@@ -0,0 +1,104 @@
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import os
++import glob
++
++from . import errors
++
++
++def get_python_command(python_major_version, *, stage_dir, install_dir):
++    """Find the python command to use, preferring staged over the part.
++
++    We prefer the staged python as opposed to the in-part python in order to
++    support one part that supplies python, with another part built `after` it
++    wanting to use its python.
++
++    :param str python_major_version: The python major version to find (2 or 3)
++    :param str stage_dir: Path to the staging area
++    :param str install_dir: Path to the part's install area
++
++    :return: Path to the python command that was found
++    :rtype: str
++
++    :raises MissingPythonCommandError: If no python could be found in the
++                                       staging or part's install area.
++    """
++    python_command_name = "python{}".format(python_major_version)
++    python_command = os.path.join("usr", "bin", python_command_name)
++    staged_python = os.path.join(stage_dir, python_command)
++    part_python = os.path.join(install_dir, python_command)
++
++    if os.path.exists(staged_python):
++        return staged_python
++    elif os.path.exists(part_python):
++        return part_python
++    else:
++        raise errors.MissingPythonCommandError(
++            python_command_name, [stage_dir, install_dir]
++        )
++
++
++def get_python_headers(python_major_version, *, stage_dir):
++    """Find the python headers to use, if any, preferring staged over the host.
++
++    We want to make sure we use the headers from the staging area if available,
++    or we may end up building for an older python version than the one we
++    actually want to use.
++
++    :param str python_major_version: The python version to find (2 or 3)
++    :param str stage_dir: Path to the staging area
++
++    :return: Path to the python headers that were found ('' if none)
++    :rtype: str
++    """
++    python_command_name = "python{}".format(python_major_version)
++    base_match = os.path.join("usr", "include", "{}*".format(python_command_name))
++    staged_python = glob.glob(os.path.join(stage_dir, base_match))
++    host_python = glob.glob(os.path.join(os.path.sep, base_match))
++
++    if staged_python:
++        return staged_python[0]
++    elif host_python:
++        return host_python[0]
++    else:
++        return ""
++
++
++def get_python_home(python_major_version, *, stage_dir, install_dir):
++    """Find the correct PYTHONHOME, preferring staged over the part.
++
++    We prefer the staged python as opposed to the in-part python in order to
++    support one part that supplies python, with another part built `after` it
++    wanting to use its python.
++
++    :param str python_major_version: The python major version to find (2 or 3)
++    :param str stage_dir: Path to the staging area
++    :param str install_dir: Path to the part's install area
++
++    :return: Path to the PYTHONHOME that was found
++    :rtype: str
++
++    :raises MissingPythonCommandError: If no python could be found in the
++                                       staging or part's install area.
++    """
++    python_command = get_python_command(
++        python_major_version, stage_dir=stage_dir, install_dir=install_dir
++    )
++    if python_command.startswith(stage_dir):
++        return os.path.join(stage_dir, "usr")
++    else:
++        return os.path.join(install_dir, "usr")
 diff --git a/snap/plugins/_python/_sitecustomize.py b/snap/plugins/_python/_sitecustomize.py
 new file mode 100644
 index 0000000..aed89ea
 --- /dev/null
 +++ b/snap/plugins/_python/_sitecustomize.py
@@ -0,0 +1,124 @@
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import contextlib
++import glob
++import os
++from textwrap import dedent
++
++from ._python_finder import get_python_command
++from . import errors
++
++_SITECUSTOMIZE_TEMPLATE = dedent(
++    """\
++    import site
++    import os
++
++    snap_dir = os.getenv("SNAP")
++    snapcraft_stage_dir = os.getenv("SNAPCRAFT_STAGE")
++    snapcraft_part_install = os.getenv("SNAPCRAFT_PART_INSTALL")
++
++    for d in (snap_dir, snapcraft_stage_dir, snapcraft_part_install):
++        if d:
++            site_dir = os.path.join(d, "{site_dir}")
++            site.addsitedir(site_dir)
++
++    if snap_dir:
++        site.ENABLE_USER_SITE = False"""
++)
++
++
++def _get_user_site_dir(python_major_version, *, install_dir):
++    path_glob = os.path.join(
++        install_dir, "lib", "python{}*".format(python_major_version), "site-packages"
++    )
++    user_site_dirs = glob.glob(path_glob)
++    if not user_site_dirs:
++        raise errors.MissingUserSitePackagesError(path_glob)
++
++    return user_site_dirs[0][len(install_dir) + 1 :]
++
++
++def _get_sitecustomize_path(python_major_version, *, stage_dir, install_dir):
++    # Use the part's install_dir unless there's a python in the staging area
++    base_dir = install_dir
++    with contextlib.suppress(errors.MissingPythonCommandError):
++        python_command = get_python_command(
++            python_major_version, stage_dir=stage_dir, install_dir=install_dir
++        )
++        if python_command.startswith(stage_dir):
++            base_dir = stage_dir
++
++    site_py_glob = os.path.join(
++        base_dir, "usr", "lib", "python{}*".format(python_major_version), "site.py"
++    )
++    python_sites = glob.glob(site_py_glob)
++    if not python_sites:
++        raise errors.MissingSitePyError(site_py_glob)
++
++    python_site_dir = os.path.dirname(python_sites[0])
++
++    return os.path.join(
++        install_dir, python_site_dir[len(base_dir) + 1 :], "sitecustomize.py"
++    )
++
++
++def generate_sitecustomize(python_major_version, *, stage_dir, install_dir):
++    """Generate a sitecustomize.py to look in staging, part install, and snap.
++
++    This is done by checking the values of the environment variables $SNAP,
++    $SNAPCRAFT_STAGE, and $SNAPCRAFT_PART_INSTALL. As a result, the same
++    sitecustomize.py works to find packages at both build- and run-time.
++
++    :param str python_major_version: The python major version to use (2 or 3)
++    :param str stage_dir: Path to the staging area
++    :param str install_dir: Path to the part's install area
++
++    :raises MissingUserSitePackagesError: If no user site packages are found in
++                                          install_dir/lib/pythonX*
++    :raises MissingSitePyError: If no site.py can be found in either the
++                                staging area or the part install area.
++    """
++    sitecustomize_path = _get_sitecustomize_path(
++        python_major_version, stage_dir=stage_dir, install_dir=install_dir
++    )
++    os.makedirs(os.path.dirname(sitecustomize_path), exist_ok=True)
++
++    # There may very well already be a sitecustomize.py already there. If so,
++    # get rid of it. Is may be a symlink to another sitecustomize.py, in which
++    # case, we'll get rid of that one as well.
++    if os.path.islink(sitecustomize_path):
++        target_path = os.path.realpath(sitecustomize_path)
++
++        # Only remove the target if it's contained within the install directory
++        if target_path.startswith(os.path.abspath(install_dir) + os.sep):
++            with contextlib.suppress(FileNotFoundError):
++                os.remove(target_path)
++
++    with contextlib.suppress(FileNotFoundError):
++        os.remove(sitecustomize_path)
++
++    # Create our sitecustomize. Python from the archives already has one
++    # which is distro-specific and not needed here, so we truncate it if it's
++    # already there.
++    with open(sitecustomize_path, "w") as f:
++        f.write(
++            _SITECUSTOMIZE_TEMPLATE.format(
++                site_dir=_get_user_site_dir(
++                    python_major_version, install_dir=install_dir
++                )
++            )
++        )
 diff --git a/snap/plugins/_python/errors.py b/snap/plugins/_python/errors.py
 new file mode 100644
 index 0000000..87fbcfb
 --- /dev/null
 +++ b/snap/plugins/_python/errors.py
@@ -0,0 +1,79 @@
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import snapcraft.internal.errors
++import snapcraft.formatting_utils
++
++
++class PythonPluginError(snapcraft.internal.errors.SnapcraftError):
++    pass
++
++
++class MissingPythonCommandError(PythonPluginError):
++
++    fmt = "Unable to find {python_version}, searched: {search_paths}"
++
++    def __init__(self, python_version, search_paths):
++        super().__init__(
++            python_version=python_version,
++            search_paths=snapcraft.formatting_utils.combine_paths(
++                search_paths, "", ":"
++            ),
++        )
++
++
++class MissingUserSitePackagesError(PythonPluginError):
++
++    fmt = "Unable to find user site packages: {site_dir_glob}"
++
++    def __init__(self, site_dir_glob):
++        super().__init__(site_dir_glob=site_dir_glob)
++
++
++class MissingSitePyError(PythonPluginError):
++
++    fmt = "Unable to find site.py: {site_py_glob}"
++
++    def __init__(self, site_py_glob):
++        super().__init__(site_py_glob=site_py_glob)
++
++
++class PipListInvalidLegacyFormatError(PythonPluginError):
++
++    fmt = (
++        "Failed to parse Python package list: "
++        "The returned output is not in the expected format:\n"
++        "{output}"
++    )
++
++    def __init__(self, output):
++        super().__init__(output=output)
++
++
++class PipListInvalidJsonError(PythonPluginError):
++
++    fmt = "Pip packages output isn't valid json: {json!r}"
++
++    def __init__(self, json):
++        super().__init__(json=json)
++
++
++class PipListMissingFieldError(PythonPluginError):
++
++    fmt = "Pip packages json missing {field!r} field: {json!r}"
++
++    def __init__(self, field, json):
++        super().__init__(field=field, json=json)
 diff --git a/snap/plugins/python_ols.py b/snap/plugins/python_ols.py
 new file mode 100644
 index 0000000..95598d1
 --- /dev/null
 +++ b/snap/plugins/python_ols.py
@@ -0,0 +1,499 @@
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2016-2018 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""The python plugin can be used for python 2 or 3 based parts.
++
++It can be used for python projects where you would want to do:
++
++    - import python modules with a requirements.txt
++    - build a python project that has a setup.py
++    - install packages straight from pip
++
++This plugin uses the common plugin keywords as well as those for "sources".
++For more information check the 'plugins' topic for the former and the
++'sources' topic for the latter.
++
++Additionally, this plugin uses the following plugin-specific keywords:
++
++    - requirements:
++      (list of strings)
++      List of paths to requirements files.
++    - constraints:
++      (list of strings)
++      List of paths to constraint files.
++    - process-dependency-links:
++      (bool; default: false)
++      Enable the processing of dependency links in pip, which allow one
++      project to provide places to look for another project
++    - python-packages:
++      (list)
++      A list of dependencies to get from PyPI
++    - python-version:
++      (string; default: python3)
++      The python version to use. Valid options are: python2 and python3
++
++If the plugin finds a python interpreter with a basename that matches
++`python-version` in the <stage> directory on the following fixed path:
++`<stage-dir>/usr/bin/<python-interpreter>` then this interpreter would
++be preferred instead and no interpreter would be brought in through
++`stage-packages` mechanisms.
++"""
++
++import collections
++import contextlib
++import os
++import re
++from shutil import which
++from textwrap import dedent
++from typing import List, Set
++
++import requests
++
++import snapcraft
++from snapcraft.common import isurl
++from snapcraft.internal import errors, mangling
++from snapcraft.internal.errors import SnapcraftPluginCommandError
++import _python
++
++
++class UnsupportedPythonVersionError(snapcraft.internal.errors.SnapcraftError):
++
++    fmt = "Unsupported python version: {python_version!r}"
++
++
++class SnapcraftPluginPythonFileMissing(snapcraft.internal.errors.SnapcraftError):
++
++    fmt = (
++        "Failed to find the referred {plugin_property} file at the given "
++        "path: {plugin_property_value!r}.\n"
++        "Check the property and ensure the file exists."
++    )
++
++    def __init__(self, *, plugin_property, plugin_property_value):
++        super().__init__(
++            plugin_property=plugin_property, plugin_property_value=plugin_property_value
++        )
++
++
++class PythonPlugin(snapcraft.BasePlugin):
++    @classmethod
++    def schema(cls):
++        schema = super().schema()
++        schema["properties"]["requirements"] = {
++            "type": "array",
++            "minitems": 1,
++            "uniqueItems": True,
++            "items": {"type": "string"},
++            "default": [],
++        }
++        schema["properties"]["constraints"] = {
++            "type": "array",
++            "minitems": 1,
++            "uniqueItems": True,
++            "items": {"type": "string"},
++            "default": [],
++        }
++        schema["properties"]["python-packages"] = {
++            "type": "array",
++            "minitems": 1,
++            "uniqueItems": True,
++            "items": {"type": "string"},
++            "default": [],
++        }
++        schema["properties"]["process-dependency-links"] = {
++            "type": "boolean",
++            "default": False,
++        }
++        schema["properties"]["python-version"] = {
++            "type": "string",
++            "default": "python3",
++            "enum": ["python2", "python3"],
++        }
++        schema["properties"]["pip-no-index"] = {
++            "type": "boolean",
++            "default": False,
++        }
++        schema["properties"]["pip-find-links"] = {
++            "type": "array",
++            "items": {"type": "string"},
++            "default": [],
++        }
++        schema["anyOf"] = [{"required": ["source"]}, {"required": ["python-packages"]}]
++
++        return schema
++
++    @classmethod
++    def get_pull_properties(cls):
++        # Inform Snapcraft of the properties associated with pulling. If these
++        # change in the YAML Snapcraft will consider the pull step dirty.
++        return [
++            "requirements",
++            "constraints",
++            "python-packages",
++            "process-dependency-links",
++            "python-version",
++            "pip-no-index",
++            "pip-find-links",
++        ]
++
++    @property
++    def plugin_stage_packages(self):
++        if self.options.python_version == "python2":
++            python_base = "python"
++        elif self.options.python_version == "python3":
++            python_base = "python3"
++
++        if self.project.info.base in ("core", "core16", "core18"):
++            stage_packages = [python_base]
++        else:
++            stage_packages = []
++
++        if self.project.info.base == "core18" and python_base == "python3":
++            stage_packages.append("{}-distutils".format(python_base))
++
++        return stage_packages
++
++    # ignore mypy error: Read-only property cannot override read-write property
++    @property  # type: ignore
++    def stage_packages(self):
++        try:
++            _python.get_python_command(
++                self._python_major_version,
++                stage_dir=self.project.stage_dir,
++                install_dir=self.installdir,
++            )
++        except _python.errors.MissingPythonCommandError:
++            return super().stage_packages + self.plugin_stage_packages
++        else:
++            return super().stage_packages
++
++    @property
++    def _pip(self):
++        if not self.__pip:
++            self.__pip = _python.Pip(
++                python_major_version=self._python_major_version,
++                part_dir=self.partdir,
++                install_dir=self.installdir,
++                stage_dir=self.project.stage_dir,
++                project_dir=self.project._project_dir,
++            )
++        return self.__pip
++
++    def __init__(self, name, options, project):
++        super().__init__(name, options, project)
++
++        self._setup_base_tools(project.info.base)
++
++        self._manifest = collections.OrderedDict()
++
++        # Pip requires only the major version of python rather than the command
++        # name like our option requires.
++        match = re.match(r"python(?P<major_version>\d).*", self.options.python_version)
++        if not match:
++            raise UnsupportedPythonVersionError(
++                python_version=self.options.python_version
++            )
++
++        self._python_major_version = match.group("major_version")
++        self.__pip = None
++
++    def _setup_base_tools(self, base):
++        # NOTE: stage-packages are lazily loaded.
++        if base in ("core", "core16", "core18"):
++            if self.options.python_version == "python3":
++                self.build_packages.extend(
++                    [
++                        "python3-dev",
++                        "python3-pip",
++                        "python3-pkg-resources",
++                        "python3-setuptools",
++                    ]
++                )
++            elif self.options.python_version == "python2":
++                self.build_packages.extend(
++                    [
++                        "python-dev",
++                        "python-pip",
++                        "python-pkg-resources",
++                        "python-setuptools",
++                    ]
++                )
++        else:
++            raise errors.PluginBaseError(part_name=self.name, base=base)
++
++    def pull(self):
++        super().pull()
++
++        self._pip.setup(
++            no_index=self.options.pip_no_index,
++            find_links=self.options.pip_find_links
++        )
++
++        with simple_env_bzr(os.path.join(self.installdir, "bin")):
++            # Download this project, using its setup.py if present. This will
++            # also download any python-packages requested.
++            self._download_project()
++
++    def clean_pull(self):
++        super().clean_pull()
++        self._pip.clean_packages()
++
++    def build(self):
++        super().build()
++
++        with simple_env_bzr(os.path.join(self.installdir, "bin")):
++            # Install the packages that have already been downloaded
++            installed_pipy_packages = self._install_project()
++
++        requirements = self._get_list_of_packages_from_property(
++            self.options.requirements
++        )
++        if requirements:
++            self._manifest["requirements-contents"] = requirements
++
++        constraints = self._get_list_of_packages_from_property(self.options.constraints)
++        if constraints:
++            self._manifest["constraints-contents"] = constraints
++
++        self._manifest["python-packages"] = [
++            "{}={}".format(name, installed_pipy_packages[name])
++            for name in installed_pipy_packages
++        ]
++
++        _python.generate_sitecustomize(
++            self._python_major_version,
++            stage_dir=self.project.stage_dir,
++            install_dir=self.installdir,
++        )
++
++    def _find_file(self, *, filename: str) -> str:
++        # source-subdir defaults to ''
++        for basepath in [self.builddir, self.sourcedir]:
++            if basepath == self.sourcedir:
++                # This is overwritten in the base plugin
++                # TODO add consistency
++                source_subdir = self.options.source_subdir
++            else:
++                source_subdir = ""
++            filepath = os.path.join(basepath, source_subdir, filename)
++            if os.path.exists(filepath):
++                return filepath
++
++        return None
++
++    def _get_setup_py_dir(self):
++        setup_py_dir = None
++        setup_py_path = self._find_file(filename="setup.py")
++        if setup_py_path:
++            setup_py_dir = os.path.dirname(setup_py_path)
++
++        return setup_py_dir
++
++    def _get_list_of_packages_from_property(self, property_list: Set[str]) -> List[str]:
++        """Return a sorted list of all packages found in property."""
++        package_list = list()  # type: List[str]
++        for entry in property_list:
++            contents = self._get_file_contents(entry)
++            package_list.extend(contents.splitlines())
++        return package_list
++
++    def _get_normalized_property_set(
++        self, property_name, property_list: List[str]
++    ) -> Set[str]:
++        """Return a normalized set from a requirements or constraints list."""
++        normalized = set()  # type: Set[str]
++        for entry in property_list:
++            if isurl(entry):
++                normalized.add(entry)
++            else:
++                entry_file = self._find_file(filename=entry)
++                if not entry_file:
++                    raise SnapcraftPluginPythonFileMissing(
++                        plugin_property=property_name, plugin_property_value=entry
++                    )
++                normalized.add(entry_file)
++
++        return normalized
++
++    def _install_wheels(self, wheels):
++        installed = self._pip.list()
++        wheel_names = [os.path.basename(w).split("-")[0] for w in wheels]
++        # we want to avoid installing what is already provided in
++        # stage-packages
++        need_install = [k for k in wheel_names if k not in installed]
++        self._pip.install(
++            need_install,
++            upgrade=True,
++            install_deps=False,
++            process_dependency_links=self.options.process_dependency_links,
++        )
++
++    def _download_project(self):
++        constraints = self._get_normalized_property_set(
++            "constraints", self.options.constraints
++        )
++        requirements = self._get_normalized_property_set(
++            "requirements", self.options.requirements
++        )
++
++
++        self._pip.download(
++            self.options.python_packages,
++            setup_py_dir=None,
++            constraints=constraints,
++            requirements=requirements,
++            process_dependency_links=self.options.process_dependency_links,
++            no_index=self.options.pip_no_index,
++            find_links=self.options.pip_find_links,
++        )
++
++    def _install_project(self):
++        setup_py_dir = self._get_setup_py_dir()
++        constraints = self._get_normalized_property_set(
++            "constraints", self.options.constraints
++        )
++        requirements = self._get_normalized_property_set(
++            "requirements", self.options.requirements
++        )
++
++        # setup.py is handled in a different step as some projects may
++        # need to satisfy dependencies for setup.py to be parsed.
++        wheels = self._pip.wheel(
++            self.options.python_packages,
++            setup_py_dir=None,
++            constraints=constraints,
++            requirements=requirements,
++            process_dependency_links=self.options.process_dependency_links,
++        )
++
++        if wheels:
++            self._install_wheels(wheels)
++
++        if setup_py_dir is not None:
++            self._pip.download(
++                [],
++                setup_py_dir=setup_py_dir,
++                constraints=constraints,
++                requirements=set(),
++                process_dependency_links=self.options.process_dependency_links,
++                no_index=self.options.pip_no_index,
++                find_links=self.options.pip_find_links,
++            )
++            wheels = self._pip.wheel(
++                [],
++                setup_py_dir=setup_py_dir,
++                constraints=constraints,
++                requirements=set(),
++                process_dependency_links=self.options.process_dependency_links,
++            )
++
++            if wheels:
++                self._install_wheels(wheels)
++
++            setup_py_path = os.path.join(setup_py_dir, "setup.py")
++            if os.path.exists(setup_py_path):
++                # pbr and others don't work using `pip install .`
++                # LP: #1670852
++                # There is also a chance that this setup.py is distutils based
++                # in which case we will rely on the `pip install .` ran before
++                #  this.
++                with contextlib.suppress(SnapcraftPluginCommandError):
++                    self._setup_tools_install(setup_py_path)
++
++        return self._pip.list()
++
++    def _setup_tools_install(self, setup_file):
++        command = [
++            _python.get_python_command(
++                self._python_major_version,
++                stage_dir=self.project.stage_dir,
++                install_dir=self.installdir,
++            ),
++            os.path.basename(setup_file),
++            "--no-user-cfg",
++            "install",
++            "--single-version-externally-managed",
++            "--user",
++            "--record",
++            "install.txt",
++        ]
++        self.run(command, env=self._pip.env(), cwd=os.path.dirname(setup_file))
++
++        # Fix all shebangs to use the in-snap python. The stuff installed from
++        # pip has already been fixed, but anything done in this step has not.
++        mangling.rewrite_python_shebangs(self.installdir)
++
++    def _get_file_contents(self, path):
++        if isurl(path):
++            return requests.get(path).text
++        else:
++            file_path = os.path.join(self.sourcedir, path)
++            with open(file_path) as _file:
++                return _file.read()
++
++    def get_manifest(self):
++        return self._manifest
++
++    def snap_fileset(self):
++        fileset = super().snap_fileset()
++        fileset.append("-bin/pip")
++        fileset.append("-bin/pip2")
++        fileset.append("-bin/pip3")
++        fileset.append("-bin/pip2.7")
++        fileset.append("-bin/pip3.*")
++        fileset.append("-bin/easy_install*")
++        fileset.append("-bin/wheel")
++        # The RECORD files include hashes useful when uninstalling packages.
++        # In the snap they will cause conflicts when more than one part uses
++        # the python plugin.
++        fileset.append("-lib/python*/site-packages/*/RECORD")
++        return fileset
++
++
++@contextlib.contextmanager
++def simple_env_bzr(bin_dir):
++    """Create an appropriate environment to run bzr.
++
++       The python plugin sets up PYTHONUSERBASE and PYTHONHOME which
++       conflicts with bzr when using python3 as those two environment
++       variables will make bzr look for modules in the wrong location.
++       """
++    os.makedirs(bin_dir, exist_ok=True)
++    bzr_bin = os.path.join(bin_dir, "bzr")
++    real_bzr_bin = which("bzr")
++    if real_bzr_bin:
++        exec_line = 'exec {} "$@"'.format(real_bzr_bin)
++    else:
++        exec_line = "echo bzr needs to be in PATH; exit 1"
++    with open(bzr_bin, "w") as f:
++        f.write(
++            dedent(
++                """#!/bin/sh
++               unset PYTHONUSERBASE
++               unset PYTHONHOME
++               {}
++            """.format(
++                    exec_line
++                )
++            )
++        )
++    os.chmod(bzr_bin, 0o777)
++    try:
++        yield
++    finally:
++        os.remove(bzr_bin)
++        if not os.listdir(bin_dir):
++            os.rmdir(bin_dir)
 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
 index f234ee1..613affa 100644
 --- a/snap/snapcraft.yaml
 +++ b/snap/snapcraft.yaml
@@ -1,10 +1,10 @@
++
  name: snap-store-proxy-client
--version: 1.0
++version: "1.0"
  summary: Canonical snap store proxy administration client.
  description: |
    The Canonical snapstore client is used to manage a snap store proxy.
--
--# Defaults, but snapcraft prints ugly yellow messages without them.
++base: core
  confinement: strict
  grade: stable
@@ -16,17 +16,24 @@ apps:
  parts:
    deps:
--    plugin: python
--    requirements: ./requirements.txt
++    plugin: python-ols
++    source: .
++    pip-find-links:
++      - $SNAPCRAFT_PROJECT_DIR/dependencies
++    pip-no-index: true
++    requirements:
++      - ./requirements.txt
      stage-packages:
        - libsodium18
    source:
      plugin: dump
      source: .
++    override-build: |
++      #TODO: Would be a lot simpler to make snapstore_client normal
++      #      Python package
++      cp -a $SNAPCRAFT_PROJECT_DIR/snapstore $SNAPCRAFT_PART_INSTALL
++      cp -a $SNAPCRAFT_PROJECT_DIR/snapstore_client $SNAPCRAFT_PART_INSTALL
      stage:
        - ./snapstore
        - ./snapstore_client/
--    override-prime: |
--      snapcraftctl prime
--      /snap/core/current/usr/bin/python3 -m compileall -q -j0 snapstore_client
 diff --git a/snapstore b/snapstore
 index cd67b71..4550e58 100755
 --- a/snapstore
 +++ b/snapstore
@@ -1,132 +1,7 @@
  #!/usr/bin/env python3
--# -*- coding: utf-8 -*-
--# Copyright 2017 Canonical Ltd.  This software is licensed under the
--# GNU General Public License version 3 (see the file LICENSE).
--
--"""CLI utility to manage a store-in-a-box installation."""
--
--import argparse
--import logging
--import os
  import sys
--from snapstore_client.cli import configure_logging
--from snapstore_client.logic.login import login
--from snapstore_client.logic.overrides import (
--    delete_override,
--    list_overrides,
--    override,
--)
--from snapstore_client.logic.push import push_snap
--
--
--DEFAULT_SSO_URL = 'https://login.ubuntu.com/'
--
--
--def main():
--    try:
--        configure_logging()
--        args = parse_args()
--        return args.func(args) or 0
--    except KeyboardInterrupt:
--        # use default logger as we can't guarantee that configuration
--        # has completed.
--        logging.error("Operation cancelled")
--        return 1
--
--
--def parse_args():
--    parser = argparse.ArgumentParser()
--    subparsers = parser.add_subparsers(help='sub-command help')
--
--    login_parser = subparsers.add_parser(
--        'login', help='Sign into a store.',
--        formatter_class=argparse.ArgumentDefaultsHelpFormatter)
--    login_parser.add_argument('store_url', help='Store URL')
--    login_parser.add_argument('email', help='Ubuntu One SSO email', nargs='?')
--    login_parser.add_argument('--sso-url', help='Ubuntu One SSO URL',
--                              default=DEFAULT_SSO_URL)
--    login_parser.add_argument('--offline', help="Use offline mode interaction",
--                              action='store_true')
--    login_parser.set_defaults(func=login)
--
--    list_overrides_parser = subparsers.add_parser(
--        'list-overrides', help='List channel map overrides.',
--    )
--    list_overrides_parser.add_argument(
--        '--series', default='16',
--        help='The series within which to list overrides.')
--    list_overrides_parser.add_argument(
--        'snap_name',
--        help='The name of the snap whose channel map should be listed.')
--    list_overrides_parser.add_argument(
--        '--password',
--        help='Password for interacting with an offline proxy',
--        default=os.environ.get('SNAP_PROXY_PASSWORD')
--    )
--    list_overrides_parser.set_defaults(func=list_overrides)
--
--    override_parser = subparsers.add_parser(
--        'override', help='Set channel map overrides.',
--    )
--    override_parser.add_argument(
--        '--series', default='16',
--        help='The series within which to set overrides.')
--    override_parser.add_argument(
--        'snap_name',
--        help='The name of the snap whose channel map should be modified.')
--    override_parser.add_argument(
--        'channel_map_entries', nargs='+', metavar='channel_map_entry',
--        help='A channel map override, in the form <channel>=<revision>.')
--    override_parser.add_argument(
--        '--password',
--        help='Password for interacting with an offline proxy',
--        default=os.environ.get('SNAP_PROXY_PASSWORD')
--    )
--    override_parser.set_defaults(func=override)
--
--    delete_override_parser = subparsers.add_parser(
--        'delete-override', help='Delete channel map overrides.',
--    )
--    delete_override_parser.add_argument(
--        '--series', default='16',
--        help='The series within which to delete overrides.')
--    delete_override_parser.add_argument(
--        'snap_name',
--        help='The name of the snap whose channel map should be modified.')
--    delete_override_parser.add_argument(
--        'channels', nargs='+', metavar='channel',
--        help='A channel whose overrides should be deleted.')
--    delete_override_parser.add_argument(
--        '--password',
--        help='Password for interacting with an offline proxy',
--        default=os.environ.get('SNAP_PROXY_PASSWORD')
--    )
--    delete_override_parser.set_defaults(func=delete_override)
--
--    push_snap_parser = subparsers.add_parser(
--        'push-snap', help='push a snap to an offline proxy')
--    push_snap_parser.add_argument(
--        'snap_tar_file',
--        help='The .tar.gz file of a bundled downloaded snap')
--    push_snap_parser.add_argument(
--        '--push-channel-map',
--        action='store_true',
--        help="Force push of the channel map,"
--             " removing any existing overrides")
--    push_snap_parser.add_argument(
--        '--password',
--        help='Password for interacting with an offline proxy',
--        default=os.environ.get('SNAP_PROXY_PASSWORD')
--    )
--    push_snap_parser.set_defaults(func=push_snap)
--
--    if len(sys.argv) == 1:
--        # Display help if no arguments are provided.
--        parser.print_help()
--        sys.exit(1)
--
--    return parser.parse_args()
++from snapstore_client.__main__ import main
  if __name__ == '__main__':
 diff --git a/snapstore_client/__main__.py b/snapstore_client/__main__.py
 new file mode 100644
 index 0000000..be6029a
 --- /dev/null
 +++ b/snapstore_client/__main__.py
@@ -0,0 +1,136 @@
++# Copyright 2017 Canonical Ltd.  This software is licensed under the
++# GNU General Public License version 3 (see the file LICENSE).
++
++"""CLI utility to manage a store-in-a-box installation."""
++
++import argparse
++import logging
++import os
++import sys
++
++from snapstore_client.cli import configure_logging
++from snapstore_client.logic.login import login
++from snapstore_client.logic.overrides import (
++    delete_override,
++    list_overrides,
++    override,
++)
++from snapstore_client.logic.push import push_snap
++
++
++logger = logging.getLogger(__name__)
++
++
++DEFAULT_SSO_URL = 'https://login.ubuntu.com/'
++
++
++def main():
++    try:
++        configure_logging()
++        args = parse_args()
++        return args.func(args) or 0
++    except Exception as e:
++        logging.error("%s: %s", type(e).__name__, e)
++    except KeyboardInterrupt:
++        # use default logger as we can't guarantee that configuration
++        # has completed.
++        logging.error("Operation cancelled")
++    return 1
++
++
++def parse_args():
++    parser = argparse.ArgumentParser()
++    subparsers = parser.add_subparsers(help='sub-command help')
++
++    login_parser = subparsers.add_parser(
++        'login', help='Sign into a store.',
++        formatter_class=argparse.ArgumentDefaultsHelpFormatter)
++    login_parser.add_argument('store_url', help='Store URL')
++    login_parser.add_argument('email', help='Ubuntu One SSO email', nargs='?')
++    login_parser.add_argument('--sso-url', help='Ubuntu One SSO URL',
++                              default=DEFAULT_SSO_URL)
++    login_parser.add_argument('--offline', help="Use offline mode interaction",
++                              action='store_true')
++    login_parser.set_defaults(func=login)
++
++    list_overrides_parser = subparsers.add_parser(
++        'list-overrides', help='List channel map overrides.',
++    )
++    list_overrides_parser.add_argument(
++        '--series', default='16',
++        help='The series within which to list overrides.')
++    list_overrides_parser.add_argument(
++        'snap_name',
++        help='The name of the snap whose channel map should be listed.')
++    list_overrides_parser.add_argument(
++        '--password',
++        help='Password for interacting with an offline proxy',
++        default=os.environ.get('SNAP_PROXY_PASSWORD')
++    )
++    list_overrides_parser.set_defaults(func=list_overrides)
++
++    override_parser = subparsers.add_parser(
++        'override', help='Set channel map overrides.',
++    )
++    override_parser.add_argument(
++        '--series', default='16',
++        help='The series within which to set overrides.')
++    override_parser.add_argument(
++        'snap_name',
++        help='The name of the snap whose channel map should be modified.')
++    override_parser.add_argument(
++        'channel_map_entries', nargs='+', metavar='channel_map_entry',
++        help='A channel map override, in the form <channel>=<revision>.')
++    override_parser.add_argument(
++        '--password',
++        help='Password for interacting with an offline proxy',
++        default=os.environ.get('SNAP_PROXY_PASSWORD')
++    )
++    override_parser.set_defaults(func=override)
++
++    delete_override_parser = subparsers.add_parser(
++        'delete-override', help='Delete channel map overrides.',
++    )
++    delete_override_parser.add_argument(
++        '--series', default='16',
++        help='The series within which to delete overrides.')
++    delete_override_parser.add_argument(
++        'snap_name',
++        help='The name of the snap whose channel map should be modified.')
++    delete_override_parser.add_argument(
++        'channels', nargs='+', metavar='channel',
++        help='A channel whose overrides should be deleted.')
++    delete_override_parser.add_argument(
++        '--password',
++        help='Password for interacting with an offline proxy',
++        default=os.environ.get('SNAP_PROXY_PASSWORD')
++    )
++    delete_override_parser.set_defaults(func=delete_override)
++
++    push_snap_parser = subparsers.add_parser(
++        'push-snap', help='push a snap to an offline proxy')
++    push_snap_parser.add_argument(
++        'snap_tar_file',
++        help='The .tar.gz file of a bundled downloaded snap')
++    push_snap_parser.add_argument(
++        '--push-channel-map',
++        action='store_true',
++        help="Force push of the channel map,"
++             " removing any existing overrides")
++    push_snap_parser.add_argument(
++        '--password',
++        help='Password for interacting with an offline proxy',
++        default=os.environ.get('SNAP_PROXY_PASSWORD')
++    )
++    push_snap_parser.set_defaults(func=push_snap)
++
++    if len(sys.argv) == 1:
++        # Display help if no arguments are provided.
++        parser.print_help()
++        sys.exit(1)
++
++    return parser.parse_args()
++
++
++if __name__ == '__main__':
++    sys.exit(main())
 diff --git a/snapstore_client/exceptions.py b/snapstore_client/exceptions.py
 deleted file mode 100644
 index 061b5fe..0000000
 --- a/snapstore_client/exceptions.py
 +++ /dev/null
@@ -1,72 +0,0 @@
--# Copyright 2017 Canonical Ltd.  This software is licensed under the
--# GNU General Public License version 3 (see the file LICENSE).
--
--"""Client exceptions."""
--
--
--class ClientError(Exception):
--    """The base class for all user-visible exceptions."""
--
--    @property
--    def fmt(self):
--        raise NotImplementedError
--
--    def __init__(self, **kwargs):
--        for key, value in kwargs.items():
--            setattr(self, key, value)
--
--    def __str__(self):
--        return self.fmt.format(**self.__dict__)
--
--
--class InvalidCredentials(ClientError):
--
--    fmt = 'Invalid credentials: {message}.'
--
--    def __init__(self, message):
--        super().__init__(message=message)
--
--
--class InvalidStoreURL(ClientError):
--
--    fmt = 'Invalid store url: {message}.'
--
--    def __init__(self, message):
--        super().__init__(message=message)
--
--
--class StoreCommunicationError(ClientError):
--
--    fmt = 'Connection error with the store using: {message}.'
--
--    def __init__(self, message):
--        super().__init__(message=message)
--
--
--class StoreMacaroonSSOMismatch(ClientError):
--
--    fmt = 'Root macaroon does not refer to expected SSO host: {sso_host}.'
--
--    def __init__(self, sso_host):
--        super().__init__(sso_host=sso_host)
--
--
--class StoreAuthenticationError(ClientError):
--
--    # No terminating full stop because the message from SSO sometimes
--    # (though not always!) includes one.
--    fmt = 'Authentication error: {message}'
--
--    def __init__(self, message, extra=None):
--        super().__init__(message=message, extra=extra)
--
--
--class StoreTwoFactorAuthenticationRequired(StoreAuthenticationError):
--
--    def __init__(self):
--        super().__init__('Two-factor authentication required.')
--
--
--class StoreMacaroonNeedsRefresh(ClientError):
--
--    fmt = 'Authentication macaroon needs to be refreshed.'
 diff --git a/snapstore_client/logic/login.py b/snapstore_client/logic/login.py
 index 9550988..1eb92ef 100644
 --- a/snapstore_client/logic/login.py
 +++ b/snapstore_client/logic/login.py
@@ -2,86 +2,63 @@
  import getpass
  import logging
--from urllib.parse import urlparse
++from urllib.parse import urljoin
--from pymacaroons import Macaroon
++import requests
--from snapstore_client import (
--    config,
--    exceptions,
--    webservices as ws,
--)
++from snapstore_client import config
++from snapstore_library import exceptions, authentication
  logger = logging.getLogger(__name__)
--def _extract_caveat_id(sso_url, root_macaroon):
--    macaroon = Macaroon.deserialize(root_macaroon)
--    sso_host = urlparse(sso_url).netloc
--    for caveat in macaroon.caveats:
--        if caveat.location == sso_host:
--            return caveat.caveat_id
--    else:
--        raise exceptions.StoreMacaroonSSOMismatch(sso_host)
++def set_offline(args):
++    store_name = "default"
++    cfg = config.Config()
++    store = cfg.store_section(store_name)
++    store.set("gw_url", args.store_url)
++    cfg.save()
++    logger.info("Configured %s as the %s store", args.store_url, store_name)
++    return 0
  def login(args):
--    # TODO: validate these before using to avoid ugly errors.
--    gw_url = args.store_url
--    sso_url = args.sso_url
--
      if args.offline:
--        cfg = config.Config()
--        store = cfg.store_section('default')
--        store.set('gw_url', gw_url)
--        cfg.save()
--        return
++        return set_offline(args)
--    logger.info('Enter your Ubuntu One SSO credentials.')
++    logger.info("Enter your Ubuntu One SSO credentials.")
      email = args.email
      if not email:
--        email = input('Email: ')
--    password = getpass.getpass('Password: ')
++        email = input("Email: ")
++    password = getpass.getpass("Password: ")
++    session = requests.Session()
++    auth_url = urljoin(args.store_url, "/v2/auth/issue-store-admin")
++    sso_url = urljoin(args.sso_url, "/api/v2/tokens/discharge")
      try:
--        root = ws.issue_store_admin(gw_url)
--    except exceptions.ClientError as e:
--        logger.error(str(e))
--        return
--    caveat_id = _extract_caveat_id(sso_url, root)
--    try:
--        try:
--            unbound_discharge = ws.get_sso_discharge(
--                sso_url, email, password, caveat_id)
--            logger.info('Login successful')
--        except exceptions.StoreTwoFactorAuthenticationRequired:
--            one_time_password = input('Second-factor auth: ')
--            unbound_discharge = ws.get_sso_discharge(
--                sso_url, email, password, caveat_id,
--                one_time_password=one_time_password)
--            logger.info('Login successful')
--    except exceptions.StoreAuthenticationError as e:
--        logger.error('Login failed.')
--        logger.error('%s', e)
--        if e.extra:
--            for key, value in e.extra.items():
--                if isinstance(value, list):
--                    value = ' '.join(value)
--                logger.error('%s: %s', key, value)
--        return 1
++        root_macaroon, discharge_macaroon = authentication.login(
++            session, auth_url, sso_url, email, password
++        )
++    except exceptions.TwoFactorAuthenticationRequired:
++        one_time_password = input("Second-factor auth: ")
++        root_macaroon, discharge_macaroon = authentication.login(
++            session, auth_url, sso_url, email, password, otp=one_time_password
++        )
++    logger.info("Login successful")
      cfg = config.Config()
      # For now, the store is always called "default". In the future we may want
      # to support multiple stores by allowing the user to provide a nice name
      # for a store at login that can be used to select the store for later
      # operations.
--    store = cfg.store_section('default')
--    store.set('gw_url', gw_url)
--    store.set('sso_url', sso_url)
--    store.set('root', root)
--    store.set('unbound_discharge', unbound_discharge)
--    store.set('email', email)
++    store_name = "default"
++    store = cfg.store_section(store_name)
++    store.set("gw_url", args.store_url)
++    store.set("sso_url", args.sso_url)
++    store.set("root", root_macaroon.serialize())
++    store.set("unbound_discharge", discharge_macaroon.serialize())
++    store.set("email", email)
      cfg.save()
--
++    logger.info("Configured %s as the %s store", args.store_url, store_name)
      return 0
 diff --git a/snapstore_client/logic/overrides.py b/snapstore_client/logic/overrides.py
 index d3c8356..aa6d490 100644
 --- a/snapstore_client/logic/overrides.py
 +++ b/snapstore_client/logic/overrides.py
@@ -1,51 +1,73 @@
  # Copyright 2017 Canonical Ltd.
  import logging
++from urllib.parse import urljoin
--from requests.exceptions import HTTPError
++import requests
--from snapstore_client import (
--    config,
--    exceptions,
--    webservices as ws,
--)
++from snapstore_client import config
  from snapstore_client.presentation_helpers import (
      channel_map_string_to_tuple,
      override_to_string,
+ )
  from snapstore_client.utils import (
      _check_default_store,
--    _log_authorized_error,
--    _log_credentials_error,
+ )
++from snapstore_library import authentication, overrides
  logger = logging.getLogger(__name__)
++# Used by the offline store
++HARDCODED_ADMIN = "admin"
++
++
++def _get_macaroon_auth(session, store):
++    refresh_url = urljoin(store.get("sso_url"), "/api/v2/tokens/refresh")
++    refresh_handler = authentication.MacaroonRefreshHandler(
++        session, refresh_url
++    )
++
++    def discharge_updater(discharge):
++        store.set("unbound_discharge", discharge)
++
++    return authentication.HTTPMacaroonAuth(
++        authentication.deserialize(store.get("root")),
++        authentication.deserialize(store.get("unbound_discharge")),
++        refresh_handler=refresh_handler,
++        dischage_update_handler=discharge_updater,
++    )
++
++
++def _get_auth(session, args, store):
++    if args.password:
++        auth = requests.auth.HTTPBasicAuth(HARDCODED_ADMIN, args.password)
++    else:
++        auth = _get_macaroon_auth(session, store)
++    return auth
++
++
++def _print_overrides(overrides_response):
++    for override in overrides_response["overrides"]:
++        logger.info(override_to_string(override))
++
++
  def list_overrides(args):
      cfg = config.Config()
      store = _check_default_store(cfg)
      if not store:
          return 1
--    try:
--        if args.password:
--            response = ws.get_overrides(
--                store, args.snap_name,
--                series=args.series, password=args.password)
--        else:
--            response = ws.refresh_if_necessary(
--                store, ws.get_overrides,
--                store, args.snap_name, series=args.series)
--    except exceptions.InvalidCredentials as e:
--        _log_credentials_error(e)
--        return 1
--    except HTTPError:
--        _log_authorized_error()
--        return 1
--    for override in response['overrides']:
--        logger.info(override_to_string(override))
++    session = requests.Session()
++    auth = _get_auth(session, args, store)
++    url = urljoin(
++        store.get("gw_url"), "/v2/metadata/overrides/{}".format(args.snap_name)
++    )
++    overrides_response = overrides.get_overrides(
++        session, url, args.snap_name, auth=auth
++    )
++    _print_overrides(overrides_response)
  def override(args):
@@ -54,31 +76,24 @@ def override(args):
      if not store:
          return 1
--    overrides = []
++    overrides_data = []
      for channel_map_entry in args.channel_map_entries:
          channel, revision = channel_map_string_to_tuple(channel_map_entry)
--        overrides.append({
--            'snap_name': args.snap_name,
--            'revision': revision,
--            'channel': channel,
--            'series': args.series,
--        })
--    try:
--        if args.password:
--            response = ws.set_overrides(
--                store, overrides, password=args.password)
--        else:
--            response = ws.refresh_if_necessary(
--                store, ws.set_overrides,
--                store, overrides)
--    except exceptions.InvalidCredentials as e:
--        _log_credentials_error(e)
--        return 1
--    except HTTPError:
--        _log_authorized_error()
--        return 1
--    for override in response['overrides']:
--        logger.info(override_to_string(override))
++        overrides_data.append(
++            {
++                "snap_name": args.snap_name,
++                "revision": revision,
++                "channel": channel,
++                "series": args.series,
++            }
++        )
++    session = requests.Session()
++    auth = _get_auth(session, args, store)
++    url = urljoin(store.get("gw_url"), "/v2/metadata/overrides")
++    overrides_response = overrides.set_overrides(
++        session, url, overrides_data, auth=auth
++    )
++    _print_overrides(overrides_response)
  def delete_override(args):
@@ -87,27 +102,20 @@ def delete_override(args):
      if not store:
          return 1
--    overrides = []
++    overrides_data = []
      for channel in args.channels:
--        overrides.append({
--            'snap_name': args.snap_name,
--            'revision': None,
--            'channel': channel,
--            'series': args.series,
--        })
--    try:
--        if args.password:
--            response = ws.set_overrides(
--                store, overrides, password=args.password)
--        else:
--            response = ws.refresh_if_necessary(
--                store, ws.set_overrides,
--                store, overrides)
--    except exceptions.InvalidCredentials as e:
--        _log_credentials_error(e)
--        return 1
--    except HTTPError:
--        _log_authorized_error()
--        return 1
--    for override in response['overrides']:
--        logger.info(override_to_string(override))
++        overrides_data.append(
++            {
++                "snap_name": args.snap_name,
++                "revision": None,
++                "channel": channel,
++                "series": args.series,
++            }
++        )
++    session = requests.Session()
++    auth = _get_auth(session, args, store)
++    url = urljoin(store.get("gw_url"), "/v2/metadata/overrides")
++    overrides_response = overrides.set_overrides(
++        session, url, overrides_data, auth=auth
++    )
++    _print_overrides(overrides_response)
 diff --git a/snapstore_client/logic/push.py b/snapstore_client/logic/push.py
 index abd06e8..be5fcd4 100644
 --- a/snapstore_client/logic/push.py
 +++ b/snapstore_client/logic/push.py
@@ -10,12 +10,10 @@ from requests.exceptions import HTTPError
  from snapstore_client import (
      config,
--    exceptions,
+ )
  from snapstore_client.utils import (
      _check_default_store,
      _log_authorized_error,
--    _log_credentials_error,
+ )
  logger = logging.getLogger(__name__)
@@ -298,9 +296,6 @@ def push_snap(args):
              logger.error(
                  "This command only works with a supplied password"
                  " and a proxy in offline mode")
--    except exceptions.InvalidCredentials as e:
--        _log_credentials_error(e)
--        return 1
      except HTTPError:
          _log_authorized_error()
          return 1
 diff --git a/snapstore_client/logic/tests/test_login.py b/snapstore_client/logic/tests/test_login.py
 index d7854cc..f2fce6e 100644
 --- a/snapstore_client/logic/tests/test_login.py
 +++ b/snapstore_client/logic/tests/test_login.py
@@ -1,286 +1,124 @@
  # Copyright 2017 Canonical Ltd.
++from testtools.assertions import assert_that
++from testtools.matchers import Equals
++import pymacaroons
--import json
--from unittest import mock
--from urllib.parse import urljoin, urlparse
++from snapstore_client.logic.tests.utils import RunMainTestCase
++from snapstore_library import exceptions
--import fixtures
--from pymacaroons import Macaroon
--import responses
--from testtools import TestCase
--from testtools.matchers import (
--    ContainsDict,
--    Equals,
--    MatchesDict,
--)
--from snapstore_client import (
--    config,
--    exceptions,
--)
--from snapstore_client.logic.login import login
--from snapstore_client.tests import factory
--
--
--class LoginTests(TestCase):
--
--    def setUp(self):
--        super().setUp()
--        self.default_gw_url = 'http://store.local/'
--        self.default_sso_url = 'https://login.staging.ubuntu.com/'
--        self.logger = self.useFixture(fixtures.FakeLogger())
--        self.config_path = self.useFixture(fixtures.TempDir()).path
--        self.useFixture(fixtures.MonkeyPatch(
--            'xdg.BaseDirectory.xdg_config_home', self.config_path))
--        self.useFixture(fixtures.MonkeyPatch(
--            'xdg.BaseDirectory.xdg_config_dirs', [self.config_path]))
--        self.mock_input = self.useFixture(fixtures.MockPatch(
--            'builtins.input')).mock
--        self.mock_getpass = self.useFixture(fixtures.MockPatch(
--            'getpass.getpass')).mock
--
--    def make_responses_callback(self, response_templates):
--        full_responses = []
--        for response in response_templates:
--            status = response.get('status', 200)
--            content_type = 'text/plain'
--            if 'json' in response:
--                content_type = 'application/json'
--                body = json.dumps(response['json'])
--            else:
--                body = response.get('body')
--            full_responses.append(
--                (status, {'Content-Type': content_type}, body))
--        iter_responses = iter(full_responses)
--        return lambda request: next(iter_responses)
--
--    def make_args(self, store_url=None,
--                  sso_url=None, email=None, offline=False):
--        return factory.Args(
--            store_url=store_url or self.default_gw_url,
--            sso_url=sso_url or self.default_sso_url,
--            email=email,
--            offline=offline,
++class LoginTests(RunMainTestCase):
++    def test_offline_login(self):
++        self.mock_with_side_effect(
++            "snapstore_library.authentication.login",
++            AssertionError("should not be called"),
+         )
--    def add_issue_store_admin_response(self, *response_templates, gw_url=None):
--        gw_url = gw_url or self.default_gw_url
--        issue_store_admin_url = urljoin(gw_url, '/v2/auth/issue-store-admin')
--        responses.add_callback(
--            'POST', issue_store_admin_url,
--            self.make_responses_callback(response_templates))
--
--    def add_get_sso_discharge_response(self, *response_templates,
--                                       sso_url=None):
--        sso_url = sso_url or self.default_sso_url
--        discharge_url = urljoin(sso_url, '/api/v2/tokens/discharge')
--        responses.add_callback(
--            'POST', discharge_url,
--            self.make_responses_callback(response_templates))
--
--    def make_root_macaroon(self, sso_url=None):
--        macaroon = Macaroon()
--        sso_url = sso_url or self.default_sso_url
--        sso_host = urlparse(sso_url).netloc
--        macaroon.add_third_party_caveat(sso_host, 'key', 'payload')
--        return macaroon.serialize()
++        exit_status = self.run_main(
++            "login", "http://store.local/", "--offline"
++        )
--    @responses.activate
--    def test_login_sso_mismatch(self):
--        self.mock_input.return_value = 'user@example.org'
--        self.mock_getpass.return_value = 'secret'
--        macaroon = Macaroon()
--        macaroon.add_third_party_caveat('another.example.com', '', '')
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': macaroon.serialize()}})
--        self.add_get_sso_discharge_response({'status': 401})
--        self.assertRaises(
--            exceptions.StoreMacaroonSSOMismatch, login, self.make_args())
++        assert_that(exit_status, Equals(0))
++        assert_that(
++            self.logger.output,
++            Equals("Configured http://store.local/ as the default store\n"),
++        )
--    @responses.activate
--    def test_login_sso_bad_email(self):
--        self.mock_input.return_value = ''
--        self.mock_getpass.return_value = ''
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': self.make_root_macaroon()}})
--        auth_error = {
--            'message': 'Invalid request data',
--            'extra': {'email': ['Enter a valid email address.']},
--        }
--        self.add_get_sso_discharge_response(
--            {'status': 401, 'json': {'error_list': [auth_error]}})
--        self.assertEqual(1, login(self.make_args()))
--        self.assertEqual(
--            'Enter your Ubuntu One SSO credentials.\n'
--            'Login failed.\n'
--            'Authentication error: Invalid request data\n'
--            'email: Enter a valid email address.\n',
--            self.logger.output)
++    def test_login(self):
++        root_macaroon = pymacaroons.Macaroon(location="test1")
++        discharge_macaroon = pymacaroons.Macaroon(location="test2")
++        self.mock_with_return(
++            "snapstore_library.authentication.login",
++            (root_macaroon, discharge_macaroon),
++        )
++        self.mock_with_return("getpass.getpass", "secret")
--    @responses.activate
--    def test_login_sso_unauthorized(self):
--        self.mock_input.return_value = 'user@example.org'
--        self.mock_getpass.return_value = 'secret'
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': self.make_root_macaroon()}})
--        auth_error = {'message': 'Provided email/password is not correct.'}
--        self.add_get_sso_discharge_response(
--            {'status': 401, 'json': {'error_list': [auth_error]}})
--        self.assertEqual(1, login(self.make_args()))
--        self.assertEqual(
--            'Enter your Ubuntu One SSO credentials.\n'
--            'Login failed.\n'
--            'Authentication error: Provided email/password is not correct.\n',
--            self.logger.output)
++        exit_status = self.run_main(
++            "login", "http://store.local/", "test@example.com"
++        )
--    @responses.activate
--    def test_login_twofactor_required(self):
--        self.mock_input.side_effect = ('user@example.org', '123456')
--        self.mock_getpass.return_value = 'secret'
--        root = self.make_root_macaroon()
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': root}})
--        self.add_get_sso_discharge_response(
--            {'status': 401,
--             'json': {'error_list': [{'code': 'twofactor-required'}]}},
--            {'status': 200, 'json': {'discharge_macaroon': 'dummy'}})
--        self.assertEqual(0, login(self.make_args()))
++        assert_that(exit_status, Equals(0))
++        assert_that(
++            self.logger.output,
++            Equals(
++                "Enter your Ubuntu One SSO credentials.\n"
++                "Login successful\n"
++                "Configured http://store.local/ as the default store\n"
++            ),
++        )
--        self.assertIn(
--            'Enter your Ubuntu One SSO credentials.', self.logger.output)
--        self.mock_input.assert_has_calls([
--            mock.call('Email: '), mock.call('Second-factor auth: ')])
--        self.mock_getpass.assert_called_once_with('Password: ')
--        self.assertEqual(3, len(responses.calls))
--        self.assertEqual({
--            'email': 'user@example.org',
--            'password': 'secret',
--            'caveat_id': 'payload',
--        }, json.loads(responses.calls[1].request.body.decode()))
--        self.assertEqual({
--            'email': 'user@example.org',
--            'password': 'secret',
--            'caveat_id': 'payload',
--            'otp': '123456',
--        }, json.loads(responses.calls[2].request.body.decode()))
--        self.assertThat(config.Config().parser, ContainsDict({
--            'store:default': MatchesDict({
--                'gw_url': Equals(self.default_gw_url),
--                'sso_url': Equals(self.default_sso_url),
--                'root': Equals(root),
--                'unbound_discharge': Equals('dummy'),
--                'email': Equals('user@example.org'),
--            }),
--        }))
++    def test_login_two_factor_required(self):
++        root_macaroon = pymacaroons.Macaroon(location="test1")
++        discharge_macaroon = pymacaroons.Macaroon(location="test2")
--    @responses.activate
--    def test_login_twofactor_not_required(self):
--        self.mock_input.return_value = 'user@example.org'
--        self.mock_getpass.return_value = 'secret'
--        root = self.make_root_macaroon()
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': root}})
--        self.add_get_sso_discharge_response(
--            {'status': 200, 'json': {'discharge_macaroon': 'dummy'}})
--        login(self.make_args())
++        def _login(session, auth_url, sso_url, email, password, otp=None):
++            if otp is None:
++                raise exceptions.TwoFactorAuthenticationRequired()
++            assert_that(otp, Equals("123456"))
++            return root_macaroon, discharge_macaroon
--        self.assertIn(
--            'Enter your Ubuntu One SSO credentials.', self.logger.output)
--        self.mock_input.assert_called_once_with('Email: ')
--        self.mock_getpass.assert_called_once_with('Password: ')
--        self.assertEqual(2, len(responses.calls))
--        self.assertEqual({
--            'email': 'user@example.org',
--            'password': 'secret',
--            'caveat_id': 'payload',
--        }, json.loads(responses.calls[1].request.body.decode()))
--        self.assertThat(config.Config().parser, ContainsDict({
--            'store:default': MatchesDict({
--                'gw_url': Equals(self.default_gw_url),
--                'sso_url': Equals(self.default_sso_url),
--                'root': Equals(root),
--                'unbound_discharge': Equals('dummy'),
--                'email': Equals('user@example.org'),
--            }),
--        }))
++        self.mock_with_side_effect(
++            "snapstore_library.authentication.login", _login
++        )
++        self.mock_with_return("getpass.getpass", "secret")
++        self.mock_with_return("builtins.input", "123456")
--    @responses.activate
--    def test_login_with_email(self):
--        self.mock_input.side_effect = Exception("shouldn't be called")
--        self.mock_getpass.return_value = 'secret'
--        root = self.make_root_macaroon()
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': root}})
--        self.add_get_sso_discharge_response(
--            {'status': 200, 'json': {'discharge_macaroon': 'dummy'}})
--        login(self.make_args(email='user@example.org'))
++        exit_status = self.run_main(
++            "login", "http://store.local/", "test@example.com"
++        )
--        self.assertIn(
--            'Enter your Ubuntu One SSO credentials.', self.logger.output)
--        self.mock_input.assert_not_called()
--        self.mock_getpass.assert_called_once_with('Password: ')
--        self.assertEqual(2, len(responses.calls))
--        self.assertEqual({
--            'email': 'user@example.org',
--            'password': 'secret',
--            'caveat_id': 'payload',
--        }, json.loads(responses.calls[1].request.body.decode()))
--        self.assertThat(config.Config().parser, ContainsDict({
--            'store:default': MatchesDict({
--                'gw_url': Equals(self.default_gw_url),
--                'sso_url': Equals(self.default_sso_url),
--                'root': Equals(root),
--                'unbound_discharge': Equals('dummy'),
--                'email': Equals('user@example.org'),
--            }),
--        }))
++        assert_that(exit_status, Equals(0))
++        assert_that(
++            self.logger.output,
++            Equals(
++                "Enter your Ubuntu One SSO credentials.\n"
++                "Login successful\n"
++                "Configured http://store.local/ as the default store\n"
++            ),
++        )
--    @responses.activate
--    def test_store_url(self):
--        gw_url = 'http://otherstore.local:1234/'
++    def test_login_no_email_arg(self):
++        root_macaroon = pymacaroons.Macaroon(location="test1")
++        discharge_macaroon = pymacaroons.Macaroon(location="test2")
--        self.mock_input.return_value = 'user@example.org'
--        self.mock_getpass.return_value = 'secret'
--        root = self.make_root_macaroon()
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': root}}, gw_url=gw_url)
--        self.add_get_sso_discharge_response(
--            {'status': 200, 'json': {'discharge_macaroon': 'dummy'}})
--        login(self.make_args(store_url=gw_url))
++        def _login(session, auth_url, sso_url, email, password, otp=None):
++            assert_that(email, Equals("test@example.com"))
++            return root_macaroon, discharge_macaroon
--        self.assertEqual(2, len(responses.calls))
--        self.assertEqual(responses.calls[0].request.url[:len(gw_url)], gw_url)
--        self.assertTrue(
--            responses.calls[1].request.url.startswith(self.default_sso_url))
--        self.assertThat(config.Config().parser, ContainsDict({
--            'store:default': ContainsDict({
--                'gw_url': Equals(gw_url),
--                'sso_url': Equals(self.default_sso_url),
--            }),
--        }))
++        self.mock_with_side_effect(
++            "snapstore_library.authentication.login", _login
++        )
++        self.mock_with_return("builtins.input", "test@example.com")
++        self.mock_with_return("getpass.getpass", "secret")
++
++        exit_status = self.run_main("login", "http://store.local/")
++
++        assert_that(exit_status, Equals(0))
++        assert_that(
++            self.logger.output,
++            Equals(
++                "Enter your Ubuntu One SSO credentials.\n"
++                "Login successful\n"
++                "Configured http://store.local/ as the default store\n"
++            ),
++        )
--    @responses.activate
--    def test_sso_url(self):
--        sso_url = 'https://othersso.local:1234/'
++    def test_login_unhandled_error(self):
++        self.mock_with_side_effect(
++            "snapstore_library.authentication.login",
++            Exception("Some error happened"),
++        )
++        self.mock_with_return("getpass.getpass", "secret")
--        self.mock_input.return_value = 'user@example.org'
--        self.mock_getpass.return_value = 'secret'
--        root = self.make_root_macaroon(sso_url=sso_url)
--        self.add_issue_store_admin_response(
--            {'status': 200, 'json': {'macaroon': root}})
--        self.add_get_sso_discharge_response(
--            {'status': 200, 'json': {'discharge_macaroon': 'dummy'}},
--            sso_url=sso_url)
--        login(self.make_args(sso_url=sso_url))
++        exit_status = self.run_main(
++            "login", "http://store.local/", "test@example.com"
++        )
--        self.assertEqual(2, len(responses.calls))
--        self.assertTrue(
--            responses.calls[0].request.url.startswith(self.default_gw_url))
--        self.assertEqual(
--            responses.calls[1].request.url[:len(sso_url)], sso_url)
--        self.assertThat(config.Config().parser, ContainsDict({
--            'store:default': ContainsDict({
--                'gw_url': Equals(self.default_gw_url),
--                'sso_url': Equals(sso_url),
--            }),
--        }))
++        assert_that(exit_status, Equals(1))
++        assert_that(
++            self.logger.output,
++            Equals(
++                "Enter your Ubuntu One SSO credentials.\n"
++                "Exception: Some error happened\n"
++            ),
++        )
 diff --git a/snapstore_client/logic/tests/test_overrides.py b/snapstore_client/logic/tests/test_overrides.py
 index 05e32fc..5d53b48 100644
 --- a/snapstore_client/logic/tests/test_overrides.py
 +++ b/snapstore_client/logic/tests/test_overrides.py
@@ -1,314 +1,107 @@
  # Copyright 2017 Canonical Ltd.
--
--import json
--from urllib.parse import urljoin
--
--import fixtures
--import responses
--from testtools import TestCase
--
--from snapstore_client import config
--from snapstore_client.logic.overrides import (
--    delete_override,
--    list_overrides,
--    override,
--)
--from snapstore_client.tests import (
--    factory,
--    testfixtures,
--)
--
--
--class OverridesTests(TestCase):
--
--    def test_list_overrides_no_store_config(self):
--        self.useFixture(testfixtures.ConfigFixture(empty=True))
--        logger = self.useFixture(fixtures.FakeLogger())
--        rc = list_overrides(factory.Args(snap_name='some-snap', series='16'))
--        self.assertEqual(rc, 1)
--        self.assertEqual(
--            logger.output,
--            'No store configuration found. '
--            'Have you run "snap-store-proxy-client login"?\n')
--
--    @responses.activate
--    def test_list_overrides_online(self):
--        self.useFixture(testfixtures.ConfigFixture())
--        logger = self.useFixture(fixtures.FakeLogger())
--        snap_id = factory.generate_snap_id()
--        overrides = [
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap'),
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=3,
--                upstream_revision=4, channel='foo/stable',
--                architecture='i386'),
--        ]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated doubles once
--        # they exist.
--        overrides_url = urljoin(
--            config.Config().store_section('default').get('gw_url'),
--            '/v2/metadata/overrides/mysnap')
--        responses.add(
--            'GET', overrides_url, status=200, json={'overrides': overrides})
--
--        list_overrides(
--            factory.Args(snap_name='mysnap', series='16', password=False))
--        self.assertEqual(
--            'mysnap stable amd64 1 (upstream 2)\n'
--            'mysnap foo/stable i386 3 (upstream 4)\n',
--            logger.output)
--        # We shouldn't have Basic Authorization headers, but Macaroon
--        self.assertNotIn(
--            'Basic',
--            responses.calls[0].request.headers['Authorization'])
--
--    @responses.activate
--    def test_list_overrides_offline(self):
--        self.useFixture(testfixtures.ConfigFixture())
--        logger = self.useFixture(fixtures.FakeLogger())
--        snap_id = factory.generate_snap_id()
--        overrides = [
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap'),
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=3,
--                upstream_revision=4, channel='foo/stable',
--                architecture='i386'),
--        ]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated doubles once
--        # they exist.
--        overrides_url = urljoin(
--            config.Config().store_section('default').get('gw_url'),
--            '/v2/metadata/overrides/mysnap')
--        responses.add(
--            'GET', overrides_url, status=200, json={'overrides': overrides})
--
--        list_overrides(
--            factory.Args(snap_name='mysnap', series='16', password='test'))
--        self.assertEqual(
--            'mysnap stable amd64 1 (upstream 2)\n'
--            'mysnap foo/stable i386 3 (upstream 4)\n',
--            logger.output)
--        self.assertEqual(
--            'Basic YWRtaW46dGVzdA==',
--            responses.calls[0].request.headers['Authorization'])
--
--    def test_override_no_store_config(self):
--        self.useFixture(testfixtures.ConfigFixture(empty=True))
--        logger = self.useFixture(fixtures.FakeLogger())
--        rc = override(factory.Args(
--            snap_name='some-snap', channel_map_entries=['stable=1'],
--            series='16',
--            password=False))
--        self.assertEqual(rc, 1)
--        self.assertEqual(
--            logger.output,
--            'No store configuration found. '
--            'Have you run "snap-store-proxy-client login"?\n')
--
--    @responses.activate
--    def test_override_online(self):
--        self.useFixture(testfixtures.ConfigFixture())
--        logger = self.useFixture(fixtures.FakeLogger())
--        snap_id = factory.generate_snap_id()
--        overrides = [
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap'),
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=3,
--                upstream_revision=4, channel='foo/stable',
--                architecture='i386'),
--        ]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated doubles once
--        # they exist.
--        overrides_url = urljoin(
--            config.Config().store_section('default').get('gw_url'),
--            '/v2/metadata/overrides')
--        responses.add(
--            'POST', overrides_url, status=200, json={'overrides': overrides})
--
--        override(factory.Args(
--            snap_name='mysnap',
--            channel_map_entries=['stable=1', 'foo/stable=3'],
--            series='16',
--            password=False))
--        self.assertEqual([
--            {
--                'snap_name': 'mysnap',
--                'revision': 1,
--                'channel': 'stable',
--                'series': '16',
--            },
--            {
--                'snap_name': 'mysnap',
--                'revision': 3,
--                'channel': 'foo/stable',
--                'series': '16',
--            },
--        ], json.loads(responses.calls[0].request.body.decode()))
--        self.assertEqual(
--            'mysnap stable amd64 1 (upstream 2)\n'
--            'mysnap foo/stable i386 3 (upstream 4)\n',
--            logger.output)
--        # We shouldn't have Basic Authorization headers, but Macaroon
--        self.assertNotIn(
--            'Basic',
--            responses.calls[0].request.headers['Authorization'])
--
--    @responses.activate
--    def test_override_offline(self):
--        self.useFixture(testfixtures.ConfigFixture())
--        logger = self.useFixture(fixtures.FakeLogger())
--        snap_id = factory.generate_snap_id()
--        overrides = [
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap'),
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=3,
--                upstream_revision=4, channel='foo/stable',
--                architecture='i386'),
--        ]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated doubles once
--        # they exist.
--        overrides_url = urljoin(
--            config.Config().store_section('default').get('gw_url'),
--            '/v2/metadata/overrides')
--        responses.add(
--            'POST', overrides_url, status=200, json={'overrides': overrides})
--
--        override(factory.Args(
--            snap_name='mysnap',
--            channel_map_entries=['stable=1', 'foo/stable=3'],
--            series='16',
--            password='test'))
--        self.assertEqual([
--            {
--                'snap_name': 'mysnap',
--                'revision': 1,
--                'channel': 'stable',
--                'series': '16',
--            },
--            {
--                'snap_name': 'mysnap',
--                'revision': 3,
--                'channel': 'foo/stable',
--                'series': '16',
--            },
--        ], json.loads(responses.calls[0].request.body.decode()))
--        self.assertEqual(
--            'mysnap stable amd64 1 (upstream 2)\n'
--            'mysnap foo/stable i386 3 (upstream 4)\n',
--            logger.output)
--        self.assertEqual(
--            'Basic YWRtaW46dGVzdA==',
--            responses.calls[0].request.headers['Authorization'])
--
--    def test_delete_override_no_store_config(self):
--        self.useFixture(testfixtures.ConfigFixture(empty=True))
--        logger = self.useFixture(fixtures.FakeLogger())
--        rc = delete_override(factory.Args(
--            snap_name='some-snap', channels=['stable'],
--            series='16', password=False))
--        self.assertEqual(rc, 1)
--        self.assertEqual(
--            logger.output,
--            'No store configuration found. '
--            'Have you run "snap-store-proxy-client login"?\n')
--
--    @responses.activate
--    def test_delete_override_online(self):
--        self.useFixture(testfixtures.ConfigFixture())
--        logger = self.useFixture(fixtures.FakeLogger())
--        snap_id = factory.generate_snap_id()
--        overrides = [
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=None),
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=None,
--                upstream_revision=4, channel='foo/stable',
--                architecture='i386'),
--        ]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated doubles once
--        # they exist.
--        overrides_url = urljoin(
--            config.Config().store_section('default').get('gw_url'),
--            '/v2/metadata/overrides')
--        responses.add(
--            'POST', overrides_url, status=200, json={'overrides': overrides})
--
--        delete_override(factory.Args(
--            snap_name='mysnap',
--            channels=['stable', 'foo/stable'],
--            series='16',
--            password=False))
--        self.assertEqual([
--            {
--                'snap_name': 'mysnap',
--                'revision': None,
--                'channel': 'stable',
--                'series': '16',
--            },
--            {
--                'snap_name': 'mysnap',
--                'revision': None,
--                'channel': 'foo/stable',
--                'series': '16',
--            },
--        ], json.loads(responses.calls[0].request.body.decode()))
--        self.assertEqual(
--            'mysnap stable amd64 is tracking upstream (revision 2)\n'
--            'mysnap foo/stable i386 is tracking upstream (revision 4)\n',
--            logger.output)
--        # We shouldn't have Basic Authorization headers, but Macaroon
--        self.assertNotIn(
--            'Basic',
--            responses.calls[0].request.headers['Authorization'])
--
--    @responses.activate
--    def test_delete_override_offline(self):
--        self.useFixture(testfixtures.ConfigFixture())
--        logger = self.useFixture(fixtures.FakeLogger())
--        snap_id = factory.generate_snap_id()
--        overrides = [
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=None),
--            factory.SnapDeviceGateway.Override(
--                snap_id=snap_id, snap_name='mysnap', revision=None,
--                upstream_revision=4, channel='foo/stable',
--                architecture='i386'),
--        ]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated doubles once
--        # they exist.
--        overrides_url = urljoin(
--            config.Config().store_section('default').get('gw_url'),
--            '/v2/metadata/overrides')
--        responses.add(
--            'POST', overrides_url, status=200, json={'overrides': overrides})
--
--        delete_override(factory.Args(
--            snap_name='mysnap',
--            channels=['stable', 'foo/stable'],
--            series='16',
--            password='test'))
--        self.assertEqual([
--            {
--                'snap_name': 'mysnap',
--                'revision': None,
--                'channel': 'stable',
--                'series': '16',
--            },
--            {
--                'snap_name': 'mysnap',
--                'revision': None,
--                'channel': 'foo/stable',
--                'series': '16',
--            },
--        ], json.loads(responses.calls[0].request.body.decode()))
--        self.assertEqual(
--            'mysnap stable amd64 is tracking upstream (revision 2)\n'
--            'mysnap foo/stable i386 is tracking upstream (revision 4)\n',
--            logger.output)
--        self.assertEqual(
--            'Basic YWRtaW46dGVzdA==',
--            responses.calls[0].request.headers['Authorization'])
++from testtools.assertions import assert_that
++from testtools.matchers import Equals
++
++from snapstore_client.logic.tests.utils import RunMainTestCase
++
++
++class OverridesTests(RunMainTestCase):
++    def test_list_overrides(self):
++        overrides = {
++            "overrides": [
++                {
++                    "snap_id": "x" * 32,
++                    "snap_name": "mysnap",
++                    "revision": 1,
++                    "upstream_revision": 2,
++                    "channel": "stable",
++                    "architecture": "amd64",
++                    "series": 16,
++                },
++                {
++                    "snap_id": "x" * 32,
++                    "snap_name": "mysnap",
++                    "revision": 3,
++                    "upstream_revision": 5,
++                    "channel": "foo/stable",
++                    "architecture": "i386",
++                    "series": 16,
++                },
++            ]
++        }
++        self.mock_with_return(
++            "snapstore_library.overrides.get_overrides", overrides
++        )
++
++        self.run_main_preconfigured("list-overrides", "mysnap")
++
++        assert_that(
++            self.logger.output,
++            Equals(
++                "mysnap stable amd64 1 (upstream 2)\n"
++                "mysnap foo/stable i386 3 (upstream 5)\n"
++            ),
++        )
++
++    def test_overrides(self):
++        overrides = {
++            "overrides": [
++                {
++                    "snap_id": "x" * 32,
++                    "snap_name": "mysnap",
++                    "revision": 1,
++                    "upstream_revision": 6,
++                    "channel": "stable",
++                    "architecture": "amd64",
++                    "series": 16,
++                },
++                {
++                    "snap_id": "x" * 32,
++                    "snap_name": "mysnap",
++                    "revision": 3,
++                    "upstream_revision": 7,
++                    "channel": "foo/stable",
++                    "architecture": "i386",
++                    "series": 16,
++                },
++            ]
++        }
++        self.mock_with_return(
++            "snapstore_library.overrides.set_overrides", overrides
++        )
++
++        self.run_main_preconfigured(
++            "override", "mysnap", "foo/stable=3", "stable=1"
++        )
++
++        assert_that(
++            self.logger.output,
++            Equals(
++                "mysnap stable amd64 1 (upstream 6)\n"
++                "mysnap foo/stable i386 3 (upstream 7)\n"
++            ),
++        )
++
++    def test_delete_overrides(self):
++        overrides = {
++            "overrides": [
++                {
++                    "snap_id": "x" * 32,
++                    "snap_name": "mysnap",
++                    "revision": 1,
++                    "upstream_revision": 6,
++                    "channel": "stable",
++                    "architecture": "amd64",
++                    "series": 16,
++                }
++            ]
++        }
++        self.mock_with_return(
++            "snapstore_library.overrides.set_overrides", overrides
++        )
++
++        self.run_main_preconfigured("delete-override", "mysnap", "foo/stable")
++
++        assert_that(
++            self.logger.output, Equals("mysnap stable amd64 1 (upstream 6)\n")
++        )
 diff --git a/snapstore_client/logic/tests/utils.py b/snapstore_client/logic/tests/utils.py
 new file mode 100644
 index 0000000..fd2d596
 --- /dev/null
 +++ b/snapstore_client/logic/tests/utils.py
@@ -0,0 +1,42 @@
++import sys
++
++import testtools
++import fixtures
++
++from snapstore_client.__main__ import main
++from snapstore_client.tests import testfixtures
++
++
++class RunMainTestCase(testtools.TestCase):
++    def mock(self, function):
++        return self.useFixture(fixtures.MockPatch(function)).mock
++
++    def mock_with_return(self, function, rtn):
++        mock = self.mock(function)
++        mock.return_value = rtn
++        return mock
++
++    def mock_with_side_effect(self, function, side_effect):
++        mock = self.mock(function)
++        mock.side_effect = side_effect
++        return mock
++
++    def _run_main(self, *args, empty_config=True):
++        self.useFixture(testfixtures.ConfigFixture(empty=empty_config))
++        self.mock("snapstore_client.__main__.configure_logging")
++        self.logger = self.useFixture(fixtures.FakeLogger())
++
++        old_argv = sys.argv
++        try:
++            sys.argv = ["snap-store-proxy-client"] + list(args)
++            return main()
++        except SystemExit as se:
++            raise AssertionError("Exited with {}".format(se.code))
++        finally:
++            sys.argv = old_argv
++
++    def run_main(self, *args):
++        return self._run_main(*args, empty_config=True)
++
++    def run_main_preconfigured(self, *args):
++        return self._run_main(*args, empty_config=False)
 diff --git a/snapstore_client/tests/test_webservices.py b/snapstore_client/tests/test_webservices.py
 deleted file mode 100644
 index c9c743c..0000000
 --- a/snapstore_client/tests/test_webservices.py
 +++ /dev/null
@@ -1,228 +0,0 @@
--# Copyright 2017 Canonical Ltd.
--
--import json
--import sys
--from urllib.parse import urljoin
--
--import fixtures
--from requests.exceptions import HTTPError
--import responses
--from testtools import TestCase
--
--from snapstore_client import (
--    config,
--    exceptions,
--    webservices,
--)
--from snapstore_client.tests import (
--    factory,
--    matchers,
--    testfixtures,
--)
--
--if sys.version < '3.6':
--    import sha3  # noqa
--
--
--class WebservicesTests(TestCase):
--
--    def setUp(self):
--        super().setUp()
--        self.config = self.useFixture(testfixtures.ConfigFixture())
--
--    @responses.activate
--    def test_issue_store_admin_success(self):
--        gw_url = 'http://store.local/'
--        issue_store_admin_url = urljoin(gw_url, '/v2/auth/issue-store-admin')
--        responses.add(
--            'POST', issue_store_admin_url, status=200,
--            json={'macaroon': 'dummy'})
--
--        self.assertEqual('dummy', webservices.issue_store_admin(gw_url))
--
--    @responses.activate
--    def test_issue_store_admin_error(self):
--        logger = self.useFixture(fixtures.FakeLogger())
--        gw_url = 'http://store.local/'
--        issue_store_admin_url = urljoin(gw_url, '/v2/auth/issue-store-admin')
--        responses.add(
--            'POST', issue_store_admin_url, status=400,
--            json=factory.APIError.single('Something went wrong').to_dict())
--
--        self.assertRaises(
--            HTTPError, webservices.issue_store_admin, gw_url)
--        self.assertEqual(
--            'Failed to issue store_admin macaroon:\nSomething went wrong\n',
--            logger.output)
--
--    @responses.activate
--    def test_get_sso_discharge_success(self):
--        sso_url = 'http://sso.local/'
--        discharge_url = urljoin(sso_url, '/api/v2/tokens/discharge')
--        responses.add(
--            'POST', discharge_url, status=200,
--            json={'discharge_macaroon': 'dummy'})
--
--        self.assertEqual(
--            'dummy',
--            webservices.get_sso_discharge(
--                sso_url, 'user@example.org', 'secret', 'caveat'))
--        request = responses.calls[0].request
--        self.assertEqual('application/json', request.headers['Content-Type'])
--        self.assertEqual({
--            'email': 'user@example.org',
--            'password': 'secret',
--            'caveat_id': 'caveat',
--        }, json.loads(request.body.decode()))
--
--    @responses.activate
--    def test_get_sso_discharge_success_with_otp(self):
--        sso_url = 'http://sso.local/'
--        discharge_url = urljoin(sso_url, '/api/v2/tokens/discharge')
--        responses.add(
--            'POST', discharge_url, status=200,
--            json={'discharge_macaroon': 'dummy'})
--
--        self.assertEqual(
--            'dummy',
--            webservices.get_sso_discharge(
--                sso_url, 'user@example.org', 'secret', 'caveat',
--                one_time_password='123456'))
--        request = responses.calls[0].request
--        self.assertEqual('application/json', request.headers['Content-Type'])
--        self.assertEqual({
--            'email': 'user@example.org',
--            'password': 'secret',
--            'caveat_id': 'caveat',
--            'otp': '123456',
--        }, json.loads(request.body.decode()))
--
--    @responses.activate
--    def test_get_sso_discharge_twofactor_required(self):
--        sso_url = 'http://sso.local/'
--        discharge_url = urljoin(sso_url, '/api/v2/tokens/discharge')
--        responses.add(
--            'POST', discharge_url, status=401,
--            json={'error_list': [{'code': 'twofactor-required'}]})
--
--        self.assertRaises(
--            exceptions.StoreTwoFactorAuthenticationRequired,
--            webservices.get_sso_discharge,
--            sso_url, 'user@example.org', 'secret', 'caveat')
--
--    @responses.activate
--    def test_get_sso_discharge_structured_error(self):
--        sso_url = 'http://sso.local/'
--        discharge_url = urljoin(sso_url, '/api/v2/tokens/discharge')
--        responses.add(
--            'POST', discharge_url, status=400,
--            json={'error_list': [{'code': 'invalid-request',
--                                  'message': 'Something went wrong'}]})
--
--        e = self.assertRaises(
--            exceptions.StoreAuthenticationError, webservices.get_sso_discharge,
--            sso_url, 'user@example.org', 'secret', 'caveat')
--        self.assertEqual('Something went wrong', e.message)
--
--    @responses.activate
--    def test_get_sso_discharge_unstructured_error(self):
--        logger = self.useFixture(fixtures.FakeLogger())
--        sso_url = 'http://sso.local/'
--        discharge_url = urljoin(sso_url, '/api/v2/tokens/discharge')
--        responses.add(
--            'POST', discharge_url, status=503, body='Try again later.')
--
--        self.assertRaises(
--            HTTPError, webservices.get_sso_discharge,
--            sso_url, 'user@example.org', 'secret', 'caveat')
--        self.assertEqual(
--            'Failed to get SSO discharge:\n'
--            '====================\n'
--            'Try again later.\n'
--            '====================\n',
--            logger.output)
--
--    @responses.activate
--    def test_get_overrides_success(self):
--        logger = self.useFixture(fixtures.FakeLogger())
--        overrides = [factory.SnapDeviceGateway.Override()]
--        # XXX cjwatson 2017-06-26: Use acceptable-generated double once it
--        # exists.
--        store = config.Config().store_section('default')
--        overrides_url = urljoin(
--            store.get('gw_url'), '/v2/metadata/overrides/mysnap')
--        responses.add('GET', overrides_url, status=200, json=overrides)
--
--        self.assertEqual(overrides, webservices.get_overrides(
--            store, 'mysnap'))
--        request = responses.calls[0].request
--        self.assertThat(
--            request.headers['Authorization'],
--            matchers.MacaroonHeaderVerifies(self.config.key))
--        self.assertNotIn('Failed to get overrides:', logger.output)
--
--    @responses.activate
--    def test_get_overrides_error(self):
--        logger = self.useFixture(fixtures.FakeLogger())
--        store = config.Config().store_section('default')
--        overrides_url = urljoin(
--            store.get('gw_url'), '/v2/metadata/overrides/mysnap')
--        responses.add(
--            'GET', overrides_url, status=400,
--            json=factory.APIError.single('Something went wrong').to_dict())
--
--        self.assertRaises(
--            HTTPError, webservices.get_overrides, store, 'mysnap')
--        self.assertEqual(
--            'Failed to get overrides:\nSomething went wrong\n', logger.output)
--
--    @responses.activate
--    def test_set_overrides_success(self):
--        logger = self.useFixture(fixtures.FakeLogger())
--        override = factory.SnapDeviceGateway.Override()
--        # XXX cjwatson 2017-06-26: Use acceptable-generated double once it
--        # exists.
--        store = config.Config().store_section('default')
--        overrides_url = urljoin(store.get('gw_url'), '/v2/metadata/overrides')
--        responses.add('POST', overrides_url, status=200, json=[override])
--
--        self.assertEqual([override], webservices.set_overrides(
--            store, [{
--                'snap_name': override['snap_name'],
--                'revision': override['revision'],
--                'channel': override['channel'],
--                'series': override['series'],
--            }]))
--        request = responses.calls[0].request
--        self.assertThat(
--            request.headers['Authorization'],
--            matchers.MacaroonHeaderVerifies(self.config.key))
--        self.assertEqual([{
--            'snap_name': override['snap_name'],
--            'revision': override['revision'],
--            'channel': override['channel'],
--            'series': override['series'],
--        }], json.loads(request.body.decode()))
--        self.assertNotIn('Failed to set override:', logger.output)
--
--    @responses.activate
--    def test_set_overrides_error(self):
--        logger = self.useFixture(fixtures.FakeLogger())
--        override = factory.SnapDeviceGateway.Override()
--        # XXX cjwatson 2017-06-26: Use acceptable-generated double once it
--        # exists.
--        store = config.Config().store_section('default')
--        overrides_url = urljoin(store.get('gw_url'), '/v2/metadata/overrides')
--        responses.add(
--            'POST', overrides_url, status=400,
--            json=factory.APIError.single('Something went wrong').to_dict())
--
--        self.assertRaises(HTTPError, lambda: webservices.set_overrides(
--            store, {
--                'snap_name': override['snap_name'],
--                'revision': override['revision'],
--                'channel': override['channel'],
--                'series': override['series'],
--            }))
--        self.assertEqual(
--            'Failed to set override:\nSomething went wrong\n', logger.output)
 diff --git a/snapstore_client/utils.py b/snapstore_client/utils.py
 index 461a1c3..8b10606 100644
 --- a/snapstore_client/utils.py
 +++ b/snapstore_client/utils.py
@@ -3,11 +3,6 @@ import logging
  logger = logging.getLogger(__name__)
--def _log_credentials_error(e):
--    logger.error('%s', e)
--    logger.error('Try to "snap-store-proxy-client login" again.')
--
--
  def _log_authorized_error():
      logger.error(("Perhaps you have not been registered as an "
                    "admin with the proxy."))
 diff --git a/snapstore_client/webservices.py b/snapstore_client/webservices.py
 deleted file mode 100644
 index 3ebf149..0000000
 --- a/snapstore_client/webservices.py
 +++ /dev/null
@@ -1,185 +0,0 @@
--# Copyright 2017 Canonical Ltd.  This software is licensed under the
--# GNU General Public License version 3 (see the file LICENSE).
--
--import base64
--import json
--import logging
--import urllib.parse
--
--from pymacaroons import Macaroon
--import requests
--
--from snapstore_client import exceptions
--
--
--logger = logging.getLogger(__name__)
--
--
--def issue_store_admin(gw_url):
--    """Ask the store to issue a store_admin macaroon."""
--    issue_store_admin_url = urllib.parse.urljoin(
--        gw_url, '/v2/auth/issue-store-admin')
--    try:
--        resp = requests.post(issue_store_admin_url)
--    except requests.exceptions.ConnectionError:
--        raise exceptions.StoreCommunicationError(gw_url)
--    except requests.exceptions.RequestException:
--        raise exceptions.InvalidStoreURL(gw_url)
--    if resp.status_code == 404:
--        _print_error_message('issue store_admin macaroon', resp)
--        raise exceptions.InvalidStoreURL(gw_url)
--    elif resp.status_code != 200:
--        _print_error_message('issue store_admin macaroon', resp)
--        resp.raise_for_status()
--    return resp.json()['macaroon']
--
--
--def get_sso_discharge(sso_url, email, password, caveat_id,
--                      one_time_password=None):
--    discharge_url = urllib.parse.urljoin(
--        sso_url, '/api/v2/tokens/discharge')
--    data = {'email': email, 'password': password, 'caveat_id': caveat_id}
--    if one_time_password is not None:
--        data['otp'] = one_time_password
--    resp = requests.post(
--        discharge_url, headers={'Accept': 'application/json'}, json=data)
--    if not resp.ok:
--        try:
--            error_list = resp.json().get('error_list', [])
--            if resp.status_code == 401:
--                for error in error_list:
--                    if error.get('code') == 'twofactor-required':
--                        raise exceptions.StoreTwoFactorAuthenticationRequired()
--            if error_list:
--                # Only bother about the first error.
--                error = error_list[0]
--                raise exceptions.StoreAuthenticationError(
--                    error['message'], extra=error.get('extra'))
--        except json.JSONDecodeError:
--            pass
--        _print_error_message('get SSO discharge', resp)
--        resp.raise_for_status()
--    return resp.json()['discharge_macaroon']
--
--
--def refresh_sso_discharge(store, unbound_discharge_raw):
--    refresh_url = urllib.parse.urljoin(
--        store.get('sso_url'), '/api/v2/tokens/refresh')
--    data = {'discharge_macaroon': unbound_discharge_raw}
--    resp = requests.post(
--        refresh_url, headers={'Accept': 'application/json'}, json=data)
--    if not resp.ok:
--        _print_error_message('refresh SSO discharge', resp)
--        resp.raise_for_status()
--    return resp.json()['discharge_macaroon']
--
--
--def _deserialize_macaroon(name, value):
--    if value is None:
--        raise exceptions.InvalidCredentials('no {} macaroon'.format(name))
--    try:
--        return Macaroon.deserialize(value)
--    except Exception:
--        raise exceptions.InvalidCredentials(
--            'failed to deserialize {} macaroon'.format(name))
--
--
--def _get_macaroon_auth(store):
--    """Return an Authorization header containing store macaroons."""
--    root_raw = store.get('root')
--    root = _deserialize_macaroon('root', root_raw)
--    unbound_discharge_raw = store.get('unbound_discharge')
--    unbound_discharge = _deserialize_macaroon(
--        'unbound discharge', unbound_discharge_raw)
--    bound_discharge = root.prepare_for_request(unbound_discharge)
--    bound_discharge_raw = bound_discharge.serialize()
--    return 'Macaroon root="{}", discharge="{}"'.format(
--        root_raw, bound_discharge_raw)
--
--
--def _get_basic_auth(password):
--    """Build the basic auth for interacting with an offline proxy"""
--    # XXX twom 2019-03-15 Hardcoded username, awaiting user management
--    username = 'admin'
--    credentials = '{}:{}'.format(username, password)
--    try:
--        encoded_credentials = base64.b64encode(credentials.encode('UTF-8'))
--    except UnicodeEncodeError:
--        logger.error('Unable to encode password to UTF-8')
--        raise
--    return 'Basic {}'.format(encoded_credentials.decode())
--
--
--def _raise_needs_refresh(response):
--    if (response.status_code == 401 and
--            response.headers.get('WWW-Authenticate') == (
--                'Macaroon needs_refresh=1')):
--        raise exceptions.StoreMacaroonNeedsRefresh()
--
--
--def refresh_if_necessary(store, func, *args, **kwargs):
--    """Make a request, refreshing macaroons if necessary."""
--    try:
--        return func(*args, **kwargs)
--    except exceptions.StoreMacaroonNeedsRefresh:
--        unbound_discharge = refresh_sso_discharge(
--            store.get('sso_url'), store.get('unbound_discharge'))
--        store.set('unbound_discharge', unbound_discharge)
--        store.save()
--        return func(*args, **kwargs)
--
--
--def get_overrides(store, snap_name, series='16', password=None):
--    """Get all overrides for a snap."""
--    overrides_url = urllib.parse.urljoin(
--        store.get('gw_url'),
--        '/v2/metadata/overrides/{}'.format(urllib.parse.quote_plus(snap_name)))
--    headers = {
--        'X-Ubuntu-Series': series,
--    }
--    if password:
--        headers['Authorization'] = _get_basic_auth(password)
--    else:
--        headers['Authorization'] = _get_macaroon_auth(store)
--    resp = requests.get(overrides_url, headers=headers)
--    _raise_needs_refresh(resp)
--    if resp.status_code != 200:
--        _print_error_message('get overrides', resp)
--        resp.raise_for_status()
--    return resp.json()
--
--
--def set_overrides(store, overrides, password=None):
--    """Add or remove channel map overrides for a snap."""
--    overrides_url = urllib.parse.urljoin(
--        store.get('gw_url'), '/v2/metadata/overrides')
--    if password:
--        headers = {'Authorization': _get_basic_auth(password)}
--    else:
--        headers = {'Authorization': _get_macaroon_auth(store)}
--    resp = requests.post(overrides_url, headers=headers, json=overrides)
--    _raise_needs_refresh(resp)
--    if resp.status_code != 200:
--        _print_error_message('set override', resp)
--        resp.raise_for_status()
--    return resp.json()
--
--
--def _print_error_message(action, response):
--    """Print failure messages from other services in a standard way."""
--    logger.error("Failed to %s:", action)
--    if response.status_code == 500:
--        logger.error("Server sent 500 response.")
--    elif response.status_code == 404:
--        logger.error("Server sent 404 response")
--    else:
--        try:
--            json_document = response.json()
--            error_list = json_document.get(
--                'error-list', json_document.get('error_list', []))
--            for error in error_list:
--                logger.error(error['message'])
--        except json.JSONDecodeError:
--            logger.error('=' * 20)
--            logger.error(response.content.decode('UTF-8', errors='replace'))
--            logger.error('=' * 20)