schrodinger.job.cert module

Provide an interface for generating user certificates for job server. Wraps ‘$SCHRODINGER/jsc cert’ commands to create a single entrypoint. The $SCHRODINGER environment variable is assumed to be an unescaped path.

Authentication can occur in two ways:

  1. Using LDAP.
In this case, the ‘jsc ldap-get’ command communicates the username and password to the job server using a gRPC method and saves the user certificate. The LDAP password can be submitted to the command either through an interactive commandline prompt or through piped stdin.
  1. Using a Unix socket.
In this case, the user must be on the server host to get a user certificate. The flow is as follows:
  1. The ‘jsc get-auth-socket-path’ command gets the path of the Unix socket from the server using a gRPC method.
  2. We then ssh to the server host and send a request over that Unix socket to retrieve a user certificate.
    (If the user is already on the same server host, we can skip ssh).
  3. That certificate is communicated back to the client machine over ssh, where a separate jsc command saves it.
exception schrodinger.job.cert.DisabledSocketAuthException

Bases: Exception

__init__

Initialize self. See help(type(self)) for accurate signature.

args
with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

exception schrodinger.job.cert.LDAPAuthenticationException

Bases: Exception

__init__

Initialize self. See help(type(self)) for accurate signature.

args
with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

exception schrodinger.job.cert.SSHAuthenticationException

Bases: Exception

__init__

Initialize self. See help(type(self)) for accurate signature.

args
with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

exception schrodinger.job.cert.BadLDAPInputException

Bases: Exception

__init__

Initialize self. See help(type(self)) for accurate signature.

args
with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

schrodinger.job.cert.get_cert_with_ldap(schrodinger, address, user, ldap_password=None)

Generates a user certificate job server at the given address. Wraps ‘$SCHRODINGER/jsc cert ldap-get –user [user] [address]’

Parameters:
  • schrodinger (str) – $SCHRODINGER environment variable for the current system
  • address (str) – Server Address of the job server to authenticate with
  • user (str) – Username to authenticate as. This must be the same as the username that will be used to submit jobs to the job server.
  • ldap_password (str) – LDAP password for the given username. If left blank, the LDAP password will be requested in a terminal prompt.
Returns:

True if the function succeeds, otherwise raises an appropriate error
Return type:

bool
Raises:

BADLDAPInputException if ldap_password is left blank and sys.stdin is not a tty
Raises:

LDAPAuthenticationException if the authentication fails
schrodinger.job.cert.get_cert_with_socket_auth(schrodinger, hostname, port, user, ssh_password=None, host_for_schrodinger=None)

Generate a user certificate for job server using socket authentication through SSH.

Parameters:
  • schrodinger (str) – $SCHRODINGER environment variable, path to schrodinger suite
  • hostname (str) – hostname for the job server to authenticate wtih
  • port (int, str) – port for the job server to authenticate with; can be either an int or a str representation of an int
  • user (str) – user for which to generate certificate, used as remote user for ssh if required.
  • ssh_password (str) – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured.
  • host_for_schrodinger (str) – host entry from schrodinger.hosts from which to retrieve schrodinger value (e.g. bolt_cpu)
Returns:

True if a certificate is generated, otherwise an appropriate error.
Return type:

bool
Raises:

DisabledSocketAuthException if socket authentication is not enabled on the job server
Raises:

SSHAuthenticationException if an SSH connection could not be established to a remote job server
Raises:

RuntimeError for any other failure
schrodinger.job.cert.get_cert(hostname, port, user, schrodinger=None, host_for_schrodinger=None, ssh_password=None, ldap_password=None)

Entrypoint to generate a user certificate for the requested server. Try to use unix socket authentication via SSH to authenticate with the job server. If that fails, try LDAP to authenticate.

Parameters:
  • hostname (str) – hostname for the job server to authenticate wtih
  • port (int, str) – port for the job server to authenticate with; can be either an int or a str representation of an int
  • user (str) – user for which to generate certificate, used as remote user for ssh if required.
  • schrodinger (str) – $SCHRODINGER environment variable, path to schrodinger suite. If None, the current system’s $SCHRODINGER environment variable will be used.
  • host_for_schrodinger (str) – host entry from schrodinger.hosts from which to retrieve schrodinger value (e.g. bolt_cpu)
  • ssh_password (str) – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured.
  • ldap_password (str) – LDAP password for the given username. If left blank, the LDAP password will be requested in a terminal prompt.
Returns:

None. Raises an exception if any problems are encountered.
Raises:

BADLDAPInputException if ldap_password is left blank and sys.stdin is not a tty
Raises:

LDAPAuthenticationException if the authentication fails
Raises:

RuntimeError for any other failure