insitro · mattrasmus · May 29, 2025 · May 28, 2025 · May 29, 2025 · May 29, 2025
diff --git a/redun/backends/db/__init__.py b/redun/backends/db/__init__.py
@@ -3144,18 +3144,31 @@ def _get_uri_from_secret(secret_name: str) -> str:
     def _get_credentialed_uri(base_uri: str, conf: Section) -> str:
         parts = urlparse(base_uri)
 
-        if "@" in parts.netloc:
+        if parts.password:
             raise RedunDatabaseError(
-                "rejected db_uri containing credentials. use environment variables instead"
+                f"Do not include passwords in DB URIs. Use environment variables instead (e.g {DEFAULT_DB_USERNAME_ENV} and {DEFAULT_DB_PASSWORD_ENV})"
             )
 
-        credentials = RedunBackendDb._get_login_credentials(conf)
+        credentials = RedunBackendDb._get_login_credentials(conf, parts.username)
         if credentials:
-            parts = parts._replace(netloc=f"{credentials}@{parts.netloc}")
+            if "@" in parts.netloc:
+                _, netloc = parts.netloc.rsplit("@", 1)
+            else:
+                netloc = parts.netloc
+            parts = parts._replace(netloc=f"{credentials}@{netloc}")
         return urlunparse(parts)
 
     @staticmethod
-    def _get_login_credentials(conf: Section) -> Optional[str]:
-        user = os.getenv(conf.get("db_username_env", DEFAULT_DB_USERNAME_ENV))
+    def _get_login_credentials(conf: Section, username: Optional[str] = None) -> Optional[str]:
+        # Replace username by env var if defined.
+        username = os.getenv(conf.get("db_username_env", DEFAULT_DB_USERNAME_ENV), username)
+
         password = quote_plus(os.getenv(conf.get("db_password_env", DEFAULT_DB_PASSWORD_ENV), ""))
-        return user and password and f"{user}:{password}"
+
+        if username:
+            if password:
+                return f"{username}:{password}"
+            else:
+                return username
+        else:
+            return None
diff --git a/redun/cli.py b/redun/cli.py
@@ -1463,13 +1463,11 @@ def init_command(self, args: Namespace, extra_args: List[str], argv: List[str])
         """
         Initialize redun project directory.
         """
-        if not args.config:
-            if extra_args:
-                basedir = extra_args[0]
-            else:
-                basedir = "."
+        if extra_args:
+            basedir = extra_args[0]
             args.config = os.path.join(basedir, REDUN_CONFIG_DIR)
-
+        else:
+            args.config = get_config_dir(args.config)
         self.get_scheduler(args, migrate=True)
         self.display("Initialized redun repository: {}".format(args.config))
 

diff --git a/redun/tests/test_cli.py b/redun/tests/test_cli.py
@@ -379,6 +379,37 @@ def main(x: File, y: List[File]):
     assert "--y Y" in output
 
 
+@use_tempdir
+def test_init() -> None:
+    """
+    Ensure `redun init` creates a new redun config dir.
+    """
+    # Default config dir.
+    client = RedunClient()
+    client.execute(["redun", "init"])
+    assert File(".redun/redun.ini").exists()
+    assert File(".redun/redun.db").exists()
+
+    # Config dir specified by flag.
+    client = RedunClient()
+    client.execute(["redun", "--config", "config1", "init"])
+    assert File("config1/redun.ini").exists()
+    assert File("config1/redun.db").exists()
+
+    # Config dir specified by positional argument.
+    client = RedunClient()
+    client.execute(["redun", "init", "dir1"])
+    assert File("dir1/.redun/redun.ini").exists()
+    assert File("dir1/.redun/redun.db").exists()
+
+    # Config dir specified by env var.
+    with patch.dict(os.environ, {"REDUN_CONFIG": "config2"}, clear=True):
+        client = RedunClient()
+        client.execute(["redun", "init"])
+        assert File("config2/redun.ini").exists()
+        assert File("config2/redun.db").exists()
+
+
 @use_tempdir
 @patch.dict(os.environ, {AWS_ARRAY_VAR: "1"}, clear=True)
 def test_oneshot_existing_output() -> None:

diff --git a/redun/tests/test_uri_parsing.py b/redun/tests/test_uri_parsing.py
@@ -1,3 +1,4 @@
+import os
 import json
 from unittest.mock import patch
 
@@ -57,6 +58,29 @@ def test_uri_with_credentials() -> None:
         RDB._get_uri("postgresql://user:secret@localhost:5432/redun", {})
 
 
+@patch.dict(os.environ, {"REDUN_DB_USERNAME": "", "REDUN_DB_PASSWORD": ""}, clear=True)
+def test_uri_with_username() -> None:
+    # Only specifying username should be allowed.
+    assert (
+        RDB._get_uri("postgresql://user@localhost:5432/redun", {})
+        == "postgresql://user@localhost:5432/redun"
+    )
+
+    # Env var should override username.
+    with patch.dict(os.environ, {"REDUN_DB_USERNAME": "alice"}, clear=True):
+        assert (
+            RDB._get_uri("postgresql://user@localhost:5432/redun", {})
+            == "postgresql://alice@localhost:5432/redun"
+        )
+
+    # Username env var alone should be allowed.
+    with patch.dict(os.environ, {"REDUN_DB_USERNAME": "alice"}, clear=True):
+        assert (
+            RDB._get_uri("postgresql://localhost:5432/redun", {})
+            == "postgresql://alice@localhost:5432/redun"
+        )
+
+
 @patch("redun.executors.aws_utils.get_aws_client")
 def test_uri_from_secret(client_mock) -> None:
     engine = "postgres"