schrodinger.job.cert module¶
Provide an interface for generating user certificates for job server. Wraps ‘$SCHRODINGER/jsc cert’ commands to create a single entrypoint. The $SCHRODINGER environment variable is assumed to be an unescaped path.
Authentication can occur in two ways:
- Using LDAP. In this case, the ‘jsc ldap-get’ command communicates the username and password to the job server using a gRPC method and saves the user certificate. The LDAP password can be submitted to the command either through an interactive commandline prompt or through piped stdin. 
- Using a Unix socket. In this case, the user must be on the server host to get a user certificate. The flow is as follows: - The ‘jsc get-auth-socket-path’ command gets the path of the Unix socket from the server using a gRPC method. 
- We then ssh to the server host and send a request over that Unix socket to retrieve a user certificate. (If the user is already on the same server host, we can skip ssh). 
- That certificate is communicated back to the client machine over ssh, where a separate jsc command saves it. 
 
- class schrodinger.job.cert.CertInfo(address: str, cert: str)¶
- Bases: - object- CertInfo represents the class containing address of the jobserver with the user-certificate to interact with it. The certificate contains the sensitive private key, so use it in a secured way. - address: str¶
 - cert: str¶
 - __init__(address: str, cert: str) None¶
 
- exception schrodinger.job.cert.AuthenticationException¶
- Bases: - Exception
- exception schrodinger.job.cert.SocketAuthenticationException¶
- Bases: - AuthenticationException
- exception schrodinger.job.cert.LDAPAuthenticationException¶
- Bases: - AuthenticationException
- exception schrodinger.job.cert.BadLDAPInputException¶
- Bases: - Exception
- schrodinger.job.cert.get_cert_with_ldap(schrodinger, address, user, ldap_password=None)¶
- Generates a user certificate job server at the given address. Wraps ‘$SCHRODINGER/jsc cert ldap-get –user [user] [address]’ - Parameters:
- schrodinger (str) – $SCHRODINGER environment variable for the current system 
- address (str) – Server Address of the job server to authenticate with 
- user (str) – Username to authenticate as. This must be the same as the username that will be used to submit jobs to the job server. 
- ldap_password (str) – LDAP password for the given username. If None, the command is assumed to be in interactive mode. 
 
- Returns:
- user-certificate as JSON string if authentication succeeds, or raises an exception otherwise. 
- Return type:
- string 
- Raises:
- BADLDAPInputException if ldap_password is None and sys.stdin is not a tty 
- Raises:
- LDAPAuthenticationException if the authentication fails 
 
- schrodinger.job.cert.get_cert_with_socket_auth(schrodinger: str, hostname: str, user: str, socket_path: str, server_schrodinger: str, ssh_password: Optional[str] = None, prompt_for_password: Optional[bool] = True)¶
- Generate a user certificate for job server using socket authentication through SSH. - Parameters:
- schrodinger – $SCHRODINGER environment variable, path to schrodinger suite 
- hostname – job server’s hostname 
- user – user for which to generate certificate, used as remote user for ssh if required. 
- socket_path – the path on the server where the auth socket is located 
- server_schrodinger – for remote job servers, a path to the SCHRODINGER installation containing a “jsc” executable to communicate with the socket. 
- ssh_password – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured. 
- prompt_for_password – whether to prompt for the SSH password for the given user (the parameter will only be in effect if stdin is attached to a terminal). 
 
- Returns:
- user-certificate as JSON string, otherwise an appropriate error. 
- Return type:
- string 
- Raises:
- RuntimeError for any other failure 
 
- schrodinger.job.cert.get_cert(hostname: str, port: Union[int, str], user: str, *, schrodinger: Optional[str] = None, ssh_password: Optional[str] = None, ldap_password: Optional[str] = None, server_schrodinger: Optional[str] = None, prompt_for_password: Optional[bool] = True) CertInfo¶
- Entrypoint to generate a user certificate for the requested server. - A server can have one or both of unix socket authentication and LDAP authentication. - Attempts unix socket authentication if enabled, otherwise falls back to LDAP authentication. - Parameters:
- hostname – hostname for the job server to authenticate wtih 
- port – port for the job server to authenticate with 
- user – user for which to generate certificate, used as remote user for ssh if required. 
- schrodinger – $SCHRODINGER environment variable, path to schrodinger suite. If None, the current system’s $SCHRODINGER environment variable will be used. 
- ssh_password – the SSH password for the given user. If None, the SSH password will be requested via a terminal prompt unless passwordless SSH is configured. 
- ldap_password – LDAP password for the given username. If left blank, the LDAP password will be requested in a terminal prompt. 
- server_schrodinger – the server SCHRODINGER installation for socket authentication. If blank, this will be derived from available sources. 
- prompt_for_password – whether to prompt for the SSH password when attempting socket authentication. 
 
- Returns:
- address of the registered job server and user-certificate as JSON string as CertInfo. 
- Raises:
- BADLDAPInputException if ldap_password is left blank and sys.stdin is not a tty 
- Raises:
- AuthenticationException if the authentication fails 
- Raises:
- RuntimeError for any other failure 
 
- schrodinger.job.cert.validate_server_for_auth(server_info: ServerInfo) bool¶
- Validates that it is possible to authenticate with the server. Otherwise, raises an error - Returns:
- bool indicating if the server’s certificate hostname is known. 
- Raises:
- RuntimeError, AuthenticationException 
 
- schrodinger.job.cert.has_cert_for_server(address, schrodinger=None)¶
- Check if the current user already has an existing cert for the given job server. - Parameters:
- address (str) – Address of the Job Server 
- Returns:
- True if cert exists, False if not 
- Return type:
- bool 
 
- schrodinger.job.cert.verify_cert(address: str, schrodinger: Optional[str] = None)¶
- Verify that an rpc can be made using a TLS gRPC connection to the jobserver at the given address. 
- schrodinger.job.cert.remove_cert(address: str, schrodinger: Optional[str] = None)¶
- Removes the certificate to the user’s collection. Wraps $SCHRODINGER/jsc cert add. - Parameters:
- address (str) – The host:port of the server to remove. 
- schrodinger (str) – $SCHRODINGER environment variable for the current system 
 
- Raises:
- RuntimeError if the executed command fails 
 
- schrodinger.job.cert.configured_servers() Set[str]¶
- Check to see if the SCHRODINGER install has default job servers configured. - Returns:
- a set of server addresses 
- Return type:
- set of str 
 
- schrodinger.job.cert.servers_without_registration() Set[str]¶
- Check to see if the current user is missing registration for default job servers. - Returns:
- a set of server address that are lacking registration.