get¶

igwn_robot_auth.get( principal: str | None = None, keytab: str | None = None, outfile: str = '/tmp/bt_u1005', issuer: str = 'igwn', ccache: str | None = None, credkey: str | None = None, role: str | None = None, minsecs: int = 3600, vaultserver: str = 'vault.ligo.org', vaulttokenfile: str | None = None, vaulttokenminttl: str | int = '24h', *, condor: bool = False, ) → None[source]¶

Get a token for a robot Kerberos principal.

Parameters:

principal (str) – Principal name for Kerberos credential. If not given it will be taken from the keytab. If principal is not specified in the form name@REALM the default realm REALM will be applied, see man krb5.conf.
keytab (str, optional) – Path to keytab file. Default taken from KRB5_KTNAME environment variable. If the environment variable is not set, or is empty, this keyword is required.
outfile (str, optional) – Path in which to write the serialised SciToken.
issuer (str, optional) – Name of vault token issuer. Default is "igwn".
ccache (str, optional) – Path to Kerberos credentials cache. Default is the default credential cache, see man krb5.conf.
credkey (str, optional) – Vault credential key for this identity. Default is derived from Kerberos principal.
role (str, optional) – Vault name of role for this identity. Default is derived from Kerberos principal.
minsecs (int, optional) – Minimum number of seconds left in bearer token before expiry. If an existing token is found with a remaining lifetime greater than this number, htgettoken will not renew it.
vaultserver (str, optional) – Name or IP of vault server to use
vaulttokenfile (str, optional) – Path in which to store/use vault token.
vaulttokenminttl (str, optional) – Minimum remaining lifetime of vault token before attempting renewal.
condor (bool, optional) – Use condor_vault_storer to initialise a token for HTCondor. Default is False.

Examples

Get a SciToken for a specific robot keytab, dynamically grabbing the principal name from the keytab:

>>> get(keytab="/home/user/.secure/robot.keytab")