Comments (5)
Managed tokens prototype is complete. See https://github.com/shreyb/managed-tokens
from jobsub_lite.
Note that this is no longer a requirement for managed tokens, since the workaround of having managed tokens simply deposit two copies of the vault token works fine. We can push this off after some discussion with Dave D about how necessary this actually is.
from jobsub_lite.
@DrDaveD - is there any reason we should keep thinking about moving jobsub_lite to using condor_vault_storer
as opposed to what we currently do (htgettoken
)? Currently, we set BEARER_TOKEN_FILE
and call htgettoken
, and the subsequent condor_submit
calls condor_vault_storer
if necessary. This works for our current setup, since BEARER_TOKEN_FILE
is respected by both utilities.
The other good thing about using htgettoken
in our standard token code is that we don't actually have to store the vault token unless we're doing a submit (i.e. jobsub_q
, jobsub_fetchlog
, etc. don't have to actually store a token in the condor credd).
from jobsub_lite.
Closing this. We can reopen if it comes out that we need to change htgettoken
calls to condor_vault_storer
from jobsub_lite.
It still might make a difference for people who do not have kerberos, I think. For them I think they will need to do OIDC authentication twice at the beginning of each week, once for the original htgettoken and again for the condor_vault_storer that condor_submit calls. If the initial call was for condor_vault_storer then they should only have to do OIDC authentication once.
from jobsub_lite.
Related Issues (20)
- Don't assume that we have the GROUP set in the environment
- When scitokens keycache fix is available, back out changes from #498
- Go through codebase and see if line-level pylint disable statements can be resolved
- Add github actions container for CI tests
- jobsub_q bug
- Fix cyclic import in lib/condor.py HOT 3
- Add key to JOBSUB_POOL_MAP map that allows for desired_usage_model to be overridden HOT 1
- Bug in 1.6-rc1 with token role/group checking
- Request: quota messages should be disabled by default, but show up in --debug mode
- Start planning for transition to EL9 Apptainer default container HOT 6
- Migrate away from UPS
- Add a trace for jobsub_cmd commands
- If a disk quota check errors out, we shouldn't fail the submission HOT 7
- Reimplement disk quota checks using os.statvfs()
- workdir is not TMPDIR HOT 4
- wasteful re-compression HOT 5
- New condor_vault_storer version HOT 3
- Replace os.system call in tarfile creation with subprocess function
- the GZIP=-n in tarfile creation is giving a warning on AL9
- jobsub_cleanup_cred doesn't work for non-Analysis users
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jobsub_lite.