schrodinger.job.cert module¶
Provide an interface for generating user certificates for job server. Wraps ‘$SCHRODINGER/jsc cert’ commands to create a single entrypoint. The $SCHRODINGER environment variable is assumed to be an unescaped path.
Authentication can occur in two ways:
- Using LDAP.
In this case, the ‘jsc ldap-get’ command communicates the username and password to the job server using a gRPC method and saves the user certificate. The LDAP password can be submitted to the command either through an interactive commandline prompt or through piped stdin.
- Using a Unix socket.
- In this case, the user must be on the server host to get a user certificate. The flow is as follows:
- The ‘jsc get-auth-socket-path’ command gets the path of the Unix socket from the server using a gRPC method.
- We then ssh to the server host and send a request over that Unix socket to retrieve a user certificate.
- (If the user is already on the same server host, we can skip ssh).
- That certificate is communicated back to the client machine over ssh, where a separate jsc command saves it.
-
exception
schrodinger.job.cert.
DisabledSocketAuthException
¶ Bases:
Exception
-
__init__
¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
exception
schrodinger.job.cert.
LDAPAuthenticationException
¶ Bases:
Exception
-
__init__
¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
exception
schrodinger.job.cert.
BadLDAPInputException
¶ Bases:
Exception
-
__init__
¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
schrodinger.job.cert.
get_cert_with_ldap
(schrodinger, address, user, ldap_password=None)¶ Generates a user certificate job server at the given address. Wraps ‘$SCHRODINGER/jsc cert ldap-get –user [user] [address]’
Parameters: - schrodinger (str) – $SCHRODINGER environment variable for the current system
- address (str) – Server Address of the job server to authenticate with
- user (str) – Username to authenticate as. This must be the same as the username that will be used to submit jobs to the job server.
- ldap_password (str) – LDAP password for the given username. If left blank, the LDAP password will be requested in a terminal prompt.
Returns: True if the function succeeds, otherwise raises an appropriate error
Return type: bool
Raises: BADLDAPInputException if ldap_password is left blank and sys.stdin is not a tty
Raises: LDAPAuthenticationException if the authentication fails
-
schrodinger.job.cert.
get_cert_with_socket_auth
(schrodinger, hostname, port, user, ssh_password=None, host_for_schrodinger=None)¶ Generate a user certificate for job server using socket authentication through SSH.
Parameters: - schrodinger (str) – $SCHRODINGER environment variable, path to schrodinger suite
- hostname (str) – hostname for the job server to authenticate wtih
- port (int, str) – port for the job server to authenticate with; can be either an int or a str representation of an int
- user (str) – user for which to generate certificate, used as remote user for ssh if required.
- ssh_password (str) – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured.
- host_for_schrodinger (str) – host entry from schrodinger.hosts from which to retrieve schrodinger value (e.g. bolt_cpu)
Returns: True if a certificate is generated, otherwise an appropriate error.
Return type: bool
Raises: DisabledSocketAuthException if socket authentication is not enabled on the job server
Raises: paramiko.ssh_exception.AuthenticationException if an SSH connection could not be established. This could be because of an incorrect password, or because an existing SSH configuration was found without passwordless authentication to the specified remote hosts.
Raises: paramiko.ssh_exception.SSHException if an SSH connection could not be established. This could be because no existing SSH configuration was found while no ssh_password was given.
Raises: RuntimeError for any other failure
-
schrodinger.job.cert.
get_cert
(hostname, port, user, schrodinger=None, host_for_schrodinger=None, ssh_password=None, ldap_password=None)¶ Entrypoint to generate a user certificate for the requested server. Try to use unix socket authentication via SSH to authenticate with the job server. If that fails, try LDAP to authenticate.
Parameters: - hostname (str) – hostname for the job server to authenticate wtih
- port (int, str) – port for the job server to authenticate with; can be either an int or a str representation of an int
- user (str) – user for which to generate certificate, used as remote user for ssh if required.
- schrodinger (str) – $SCHRODINGER environment variable, path to schrodinger suite. If None, the current system’s $SCHRODINGER environment variable will be used.
- host_for_schrodinger (str) – host entry from schrodinger.hosts from which to retrieve schrodinger value (e.g. bolt_cpu)
- ssh_password (str) – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured.
- ldap_password (str) – LDAP password for the given username. If left blank, the LDAP password will be requested in a terminal prompt.
Returns: None. Raises an exception if any problems are encountered.
Raises: BADLDAPInputException if ldap_password is left blank and sys.stdin is not a tty
Raises: LDAPAuthenticationException if the authentication fails
Raises: RuntimeError for any other failure
-
schrodinger.job.cert.
has_cert_for_server
(address, schrodinger=None)¶ Check if the current user already has an existing cert for the given job server.
Parameters: address (str) – Address of the Job Server Returns: True if cert exists, False if not Return type: bool
-
schrodinger.job.cert.
configured_servers
()¶ Check to see if the SCHRODINGER install has default job servers configured.
Returns: a set of server addresses Return type: set of str
-
schrodinger.job.cert.
servers_without_registration
()¶ Check to see if the current user is missing registration for default job servers.
Returns: a list of server address that are lacking registration. Return type: list of str
-
schrodinger.job.cert.
hostname_and_port
(addr)¶ Get the hostname and port of the provided address. If no port is provided, return the default.
Returns: a tuple of address and port Return type: (str, int)