Credd Class

Warning

This is not a stable API. It may be removed, extended, or altered with little or no notice.

Note

This class – the credd client – is intended to support expert users migrating from version 1 of the HTCondor Python bindings.

class htcondor2.Credd(location=None)

The credd client. Adds, deletes, and queries (legacy) passwords, user credentials (new passwords, Kerberos), and user service credentials (OAUth2).

If you’re trying to submit a job, see Submit.issue_credentials() instead.

Parameters

location (ClassAd) – A ClassAd with a MyAddress attribute, such as might be returned by Collector.locate().

add_password(password, user=None) → None

Store the specified password in the credd for the specified user.

Parameters

• password (str) – The password to store.

• user (str) – The user for whom to store the password. If None, attempt to guess based on the current process’s effective user ID.

add_user_cred(credtype, credential, user=None) → None

Store the specified credential of the specified credtype in the credd for the specified user.

Parameters

• credtype (CredType) – One of CredType.Password and CredType.Kerberos.

• credential (bytes) – The credential to store.

• user (str) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

add_user_service_cred(credtype, credential, service, handle=None, user=None, refresh=None) → None

Store the specified OAuth credential in the credd for the specified user.

Parameters

• credtype (CredType) – Must be CredType.OAuth.

• credential (bytes) – The credential to store.

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

• refresh (bool) – Is credential a refresh-style token that must be processed by a CredMon to produce an access token. If None, have credd decide.

check_user_service_creds(credtype, serviceAds, user=None) → CredCheck

Parameters

• credtype (CredType) – Must be CredType.OAuth.

• serviceAds (List[ClassAd]) – A list of ClassAds specifying which services are needed.

• user (str) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

Raises

HTCondorException – If a problem occurs talking to the credd.

delete_password(user=None) → bool

Delete the password stored in the credd for the specified user.

Parameters

user (str) – The user for whom to delete the password. If None, attempt to guess based on the current process’s effective user ID.

delete_user_cred(credtype, user=None) → None

Delete the credential of the specified credtype stored in the credd for the specified user.

Parameters

• credtype (CredType) – One of CredType.Password and CredType.Kerberos.

• user (str) – The user for whom to delete the credential. If None, attempt to guess based on the current process’s effective user ID.

delete_user_service_cred(credtype, service, handle=None, user=None) → None

Delete the OAuth credential stored in the credd for the specified user.

Parameters

• credtype (CredType) – Must be CredType.OAuth.

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

get_oauth2_credential(service, handle, user=None) → str

Return the specified OAuth2 credential.

Parameters

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

Returns

The requested credential.

Return type

str

query_password(user=None) → bool

Check if the credd has a password stored for the specified user.

Parameters

user (str) – The user for whom to retrieve the password. If None, attempt to guess based on the current process’s effective user ID.

query_user_cred(credtype, user=None) → str

Check if the credd has a credential of the specific credtype stored in the credd for the specified user.

Parameters

• credtype (CredType) – One of CredType.Password and CredType.Kerberos.

• user (str) – The user for whom to retrieve the credential. If None, attempt to guess based on the current process’s effective user ID.

Returns

The time the credential was last updated, or None.

Return type

str

query_user_service_cred(credtype, service, handle=None, user=None) → str

Check if the credd has an OAuth credential stored for the specified user.

Parameters

• credtype (CredType) – Must be CredType.OAuth.

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

Returns

The result ClassAd serialized in the “old” syntax.

Return type

str