account_management¶

Tools for managing ACCRE accounts, password changes, password resets, etc.

class accre.account_management.ClusterAccountCreator(*, vunetid, ticket, allow_inactive=False)[source]¶

Bases: object

Class for creating cluster accounts via the create_cluster_account method. This class basically just exists because the creation function would otherwise be very long or have to pass lots of parameters to internal helper functions, so this is just nicer to manage.

Here creating an account means ensuring that we have a valid VUNetID and making the initial POSIX/cluster account with a home directory in GPFS, setting a temporary password, emailing the user, and updating the RT ticket.

This will not add secondary groups or scheduler associations. This should be done in a subsequent repair step.

create_cluster_account()[source]¶

Create a new user on the cluster with an autogenerated password and send emails to the admins, helpdesk, and the new user

Returns:: Dict with key ‘cluster’ indicating if the user was successfully created on the cluster, and a ‘error’ key with further details about any errors.
Return type:: dict(str, bool|str)

class accre.account_management.ClusterPasswordResetter(*, vunetid, email, ticket)[source]¶

Bases: object

Class for resetting cluster account passwords via the reset_cluster_password method. This class basically just exists because the creation function would otherwise be very long or have to pass lots of parameters to internal helper functions, so this is just nicer to manage

reset_cluster_password()[source]¶: Reset the user’s cluster password, and send emails to the user, the admins, and the helpdesk ticket.

class accre.account_management.VUNetIDValidator[source]¶

Bases: object

Client for checking VUNetIDs for existence, active status, and basic info either in VUIT LDAP (real people) or the internal ACCRE LDAP robot registry (robots). Mimics the interface of accre.ldap.VUDS

connect()[source]¶: Bind new connections to the configured LDAP servers

disconnect()[source]¶: Unbind the current connections to the configured LDAP servers

exists(vunetid)[source]¶

Check if the given vunetid exists in VUIT or the ACCRE robot list

Parameters:: vunetid (str) – the vunetid to be checked
Returns:: True if the vunetid exists
Return type:: bool

info(vunetid)[source]¶

Return a dictionary of information about the specified vunetid including the full name (fullname), uid (uid), Vanderbilt email (vanderbilt_email), and type (robot or person)

Parameters:: vunetid (str) – the vunetid to be checked
Returns:: fullname, uid, vanderbilt_email, and type
Return type:: dict

is_locked(vunetid)[source]¶

Check if the given vunetid is locked due to becoming an inactive VUnetID, having an expired VUNet password, or being a locked robot.

Parameters:: vunetid (str) – the vunetid to be checked
Returns:: True if the vunetid is locked
Return type:: bool

accre.account_management.accre_chsh_cli()[source]¶: CLI entry point for ACCRE login shell management Run accre-chsh --help for usage

accre.account_management.accre_password_cli()[source]¶: CLI entry point for ACCRE password management Run accre_password --help for usage

accre.account_management.repair_affiliate_group_membership(user)[source]¶

Add affiliate groups for any of the user’s groups as secondary groups in the database.

Parameters:: user (str) – VUNetID of the user to be repaired
Returns:: dictionary with added key containing list of groups added
Return type:: dict(str, list(str))

accre.account_management.repair_ldap_group_membership(user)[source]¶

Add or remove secondary groups for the specifed user in LDAP according to their corresponding database groups. Raise an exception if the primary group for the user is mismatched.

Parameters:: user (str) – VUNetID of the user to be repaired
Returns:: dictionary with added and removed keys containing lists of groups added or removed, or primary group changes.
Return type:: dict(str, list(str))

accre.account_management.repair_user(user, verbose=False)[source]¶

Run a battery of repair subroutines on the specified user and return a list of result dictionaries from each subroutine. These repairs should bring the user slurm and ldap records into compliance with the administrative database.

Parameters:

user (str) – VUNetID of the user to be repaired
verbose (bool) – Print information to stdout if True

Returns:

List of change dicts from each repair subroutine

Return type:

list(dict(str, str))

accre.account_management.repair_user_slurm_acc_associations(user)[source]¶

Add missing slurm accelerated associations for a given user according to what should exist from the database. Remove associations that should not exist. Note that this function does not repair associations for standard partitions.

Parameters:: user (str) – VUNetID of the user to be repaired
Returns:: Dict of changes, including list of added associations by user, account, partition
Return type:: dict(str, list(tuple(str, str, str)))

accre.account_management.repair_user_slurm_associations(user, add=True, remove=True)[source]¶

Add missing slurm associations for a given user according to what should exist from the database. Remove associations that should not exist. Note that this function does not repair associations for accelerated partitions.

Parameters:

user (str) – VUNetID of the user to be repaired
add (bool) – Add missing associations if true
remove (bool) – Remove erroneous assocations if true

Returns:

Dict of changes, including list of added associations by user, account, partition

Return type:

dict(str, list(tuple(str, str, str)))

accre.account_management.repair_user_slurm_default_group(user)[source]¶

If the user’s primary group is a scheduler group, make sure that the slurm default group for the user matches the primary group

Parameters:: user (str) – VUNetID of the user to be repaired
Returns:: Dict of changes, which if the default group changed just a single key/value for the new default group
Return type:: dict(str, str)

account_management¶

Table of Contents

Search