schrodinger.job.cert module¶
Provide an interface for generating user certificates for job server. Wraps ‘$SCHRODINGER/jsc cert’ commands to create a single entrypoint. The $SCHRODINGER environment variable is assumed to be an unescaped path.
Authentication can occur in two ways:
Using LDAP. In this case, the ‘jsc ldap-get’ command communicates the username and password to the job server using a gRPC method and saves the user certificate. The LDAP password can be submitted to the command either through an interactive commandline prompt or through piped stdin.
Using a Unix socket. In this case, the user must be on the server host to get a user certificate. The flow is as follows:
The ‘jsc get-auth-socket-path’ command gets the path of the Unix socket from the server using a gRPC method.
We then ssh to the server host and send a request over that Unix socket to retrieve a user certificate. (If the user is already on the same server host, we can skip ssh).
That certificate is communicated back to the client machine over ssh, where a separate jsc command saves it.
-
exception
schrodinger.job.cert.
AuthenticationException
[source]¶ Bases:
Exception
-
__init__
(*args, **kwargs)¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
exception
schrodinger.job.cert.
SocketAuthenticationException
[source]¶ Bases:
Exception
-
__init__
(*args, **kwargs)¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
exception
schrodinger.job.cert.
LDAPAuthenticationException
[source]¶ Bases:
schrodinger.job.cert.AuthenticationException
-
__init__
(*args, **kwargs)¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
exception
schrodinger.job.cert.
BadLDAPInputException
[source]¶ Bases:
Exception
-
__init__
(*args, **kwargs)¶ Initialize self. See help(type(self)) for accurate signature.
-
args
¶
-
with_traceback
()¶ Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
-
-
schrodinger.job.cert.
get_cert_with_ldap
(schrodinger, address, user, ldap_password=None)[source]¶ Generates a user certificate job server at the given address. Wraps ‘$SCHRODINGER/jsc cert ldap-get –user [user] [address]’
- Parameters
schrodinger (str) – $SCHRODINGER environment variable for the current system
address (str) – Server Address of the job server to authenticate with
user (str) – Username to authenticate as. This must be the same as the username that will be used to submit jobs to the job server.
ldap_password (str) – LDAP password for the given username. If None, the command is assumed to be in interactive mode.
- Returns
True if authentication succeeds. False if authentication fails, or raises an exception if not in interactive mode.
- Return type
bool
- Raises
BADLDAPInputException if ldap_password is None and sys.stdin is not a tty
- Raises
LDAPAuthenticationException if the authentication fails
-
schrodinger.job.cert.
get_cert_with_socket_auth
(schrodinger: str, hostname: str, port: Union[int, str], user: str, socket_path: str, ssh_password: Optional[str] = None, host_for_schrodinger: Optional[str] = None)[source]¶ Generate a user certificate for job server using socket authentication through SSH.
- Parameters
schrodinger (str) – $SCHRODINGER environment variable, path to schrodinger suite
hostname (str) – hostname for the job server to authenticate wtih
port (int, str) – port for the job server to authenticate with; can be either an int or a str representation of an int
user (str) – user for which to generate certificate, used as remote user for ssh if required.
socket_path – the path on the server where the auth socket is located
ssh_password (str) – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured.
host_for_schrodinger (str) – host entry from schrodinger.hosts from which to retrieve schrodinger value (e.g. bolt_cpu)
- Returns
True if a certificate is generated, otherwise an appropriate error.
- Return type
bool
- Raises
paramiko.ssh_exception.AuthenticationException if an SSH connection could not be established. This could be because of an incorrect password, or because an existing SSH configuration was found without passwordless authentication to the specified remote hosts.
- Raises
paramiko.ssh_exception.SSHException if an SSH connection could not be established. This could be because no existing SSH configuration was found while no ssh_password was given.
- Raises
RuntimeError for any other failure
-
schrodinger.job.cert.
get_cert
(hostname: str, port: Union[int, str], user: str, schrodinger: Optional[str] = None, host_for_schrodinger: Optional[str] = None, ssh_password: Optional[str] = None, ldap_password: Optional[str] = None)[source]¶ Entrypoint to generate a user certificate for the requested server.
A server can have one or both of unix socket authentication and LDAP authentication.
Attempts unix socket authentication if enabled, otherwise falls back to LDAP authentication.
- Parameters
hostname – hostname for the job server to authenticate wtih
port – port for the job server to authenticate with
user – user for which to generate certificate, used as remote user for ssh if required.
schrodinger – $SCHRODINGER environment variable, path to schrodinger suite. If None, the current system’s $SCHRODINGER environment variable will be used.
host_for_schrodinger – host entry from schrodinger.hosts from which to retrieve schrodinger value (e.g. bolt_cpu)
ssh_password – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured.
ldap_password – LDAP password for the given username. If left blank, the LDAP password will be requested in a terminal prompt.
- Returns
hostname of the registered job server upon success
- Raises
BADLDAPInputException if ldap_password is left blank and sys.stdin is not a tty
- Raises
AuthenticationException if the authentication fails
- Raises
RuntimeError for any other failure
-
schrodinger.job.cert.
validate_server_for_auth
(serverInfo: schrodinger.job.server.ServerInfo) → bool[source]¶ Validates that it is possible to authenticate with the server. Otherwise, raises an error
- Returns
bool indicating if the server’s certificate hostname is known.
- Raises
RuntimeError, AuthenticationException
-
schrodinger.job.cert.
has_cert_for_server
(address, schrodinger=None)[source]¶ Check if the current user already has an existing cert for the given job server.
- Parameters
address (str) – Address of the Job Server
- Returns
True if cert exists, False if not
- Return type
bool
-
schrodinger.job.cert.
verify_cert
(address: str, schrodinger: Optional[str] = None)[source]¶ Verify that an rpc can be made using a TLS gRPC connection to the jobserver at the given address.
-
schrodinger.job.cert.
remove_cert
(address: str, schrodinger: Optional[str] = None)[source]¶ Removes the certificate to the user’s collection. Wraps $SCHRODINGER/jsc cert add.
- Parameters
address (str) – The host:port of the server to remove.
schrodinger (str) – $SCHRODINGER environment variable for the current system
- Raises
RuntimeError if the executed command fails
-
schrodinger.job.cert.
configured_servers
()[source]¶ Check to see if the SCHRODINGER install has default job servers configured.
- Returns
a set of server addresses
- Return type
set of str
-
schrodinger.job.cert.
servers_without_registration
() → Set[str][source]¶ Check to see if the current user is missing registration for default job servers.
- Returns
a set of server address that are lacking registration.