Credd Class

Warning

This is not a stable API. It may be removed, extended, or altered with little or no notice.

Note

This class – the credd client – is intended to support expert users migrating from version 1 of the HTCondor Python bindings.

class htcondor2.Credd(location=None)

The credd client. Adds, deletes, and queries (legacy) passwords, user credentials (new passwords, Kerberos), and user service credentials (OAUth2).

If you’re trying to submit a job, see Submit.issue_credentials() instead.

Parameters:

location (ClassAd | None) – A ClassAd with a MyAddress attribute, such as might be returned by Collector.locate().

add_password(password, user=None) → None

Store the specified password in the credd for the specified user.

Parameters:

• password (str) – The password to store.

• user (str | None) – The user for whom to store the password. If None, attempt to guess based on the current process’s effective user ID.

add_user_cred(credtype, credential, user=None) → None

Store the specified credential of the specified credtype in the credd for the specified user.

Parameters:

• credtype (CredType) – One of CredType.Password and CredType.Kerberos.

• credential (bytes) – The credential to store.

• user (str | None) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

add_user_service_cred(credtype, credential, service, handle=None, user=None, refresh=None) → None

Store the specified OAuth credential in the credd for the specified user.

Parameters:

• credtype (CredType) – Must be CredType.OAuth.

• credential (bytes) – The credential to store.

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str | None) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str | None) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

• refresh (bool | None) – Is credential a refresh-style token that must be processed by a CredMon to produce an access token. If None, have credd decide.

check_user_service_creds(credtype, serviceAds, user=None) → CredCheck

Parameters:

• credtype (CredType) – Must be CredType.OAuth.

• serviceAds (List[ClassAd]) – A list of ClassAds specifying which services are needed.

• user (str | None) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

Raises:

HTCondorException – If a problem occurs talking to the credd.

delete_password(user=None) → bool

Delete the password stored in the credd for the specified user.

Parameters:

user (str | None) – The user for whom to delete the password. If None, attempt to guess based on the current process’s effective user ID.

delete_user_cred(credtype, user=None) → None

Delete the credential of the specified credtype stored in the credd for the specified user.

Parameters:

• credtype (CredType) – One of CredType.Password and CredType.Kerberos.

• user (str | None) – The user for whom to delete the credential. If None, attempt to guess based on the current process’s effective user ID.

delete_user_service_cred(credtype, service, handle=None, user=None) → None

Delete the OAuth credential stored in the credd for the specified user.

Parameters:

• credtype (CredType) – Must be CredType.OAuth.

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str | None) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str | None) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

get_oauth2_credential(service, handle, user=None) → str

Return the specified OAuth2 credential.

Parameters:

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str | None) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

Returns:

The requested credential.

Return type:

str

query_password(user=None) → bool

Check if the credd has a password stored for the specified user.

Parameters:

user (str | None) – The user for whom to retrieve the password. If None, attempt to guess based on the current process’s effective user ID.

query_user_cred(credtype, user=None) → str

Check if the credd has a credential of the specific credtype stored in the credd for the specified user.

Parameters:

• credtype (CredType) – One of CredType.Password and CredType.Kerberos.

• user (str | None) – The user for whom to retrieve the credential. If None, attempt to guess based on the current process’s effective user ID.

Returns:

The time the credential was last updated, or None.

Return type:

str

query_user_service_cred(credtype, service, handle=None, user=None) → str

Check if the credd has an OAuth credential stored for the specified user.

Parameters:

• credtype (CredType) – Must be CredType.OAuth.

• service (str) – An identifier. Used in submit files to map from URLs to credentials.

• handle (str | None) – An optional identifier. Used in submit files to distinguish multiple credentials from the same service.

• user (str | None) – The user for whom to store the credential. If None, attempt to guess based on the current process’s effective user ID.

Returns:

The result ClassAd serialized in the “old” syntax.

Return type:

str