ESGF Security API

pyesgf provides a simplified interface to obtaining ESGF credentials.


This interface only works with *Python versions 2.7.9 or greater* (due to an SSL update).

Module pyesgf.logon

Manage the client’s interaction with ESGF’s security system. Using this module requires installing the MyProxyClient library.

To obtain ESGF credentials create a LogonManager instance and supply it with logon details:

>>> lm = LogonManager()
>>> lm.is_logged_on()
>>> lm.logon(username, password, myproxy_hostname)
>>> lm.is_logged_on()

Logon parameters that aren’t specified will be prompted for at the terminal by default. The LogonManager object also writes a .httprc file configuring OPeNDAP access through the NetCDF API.

You can use your OpenID to logon instead. The logon details will be deduced from the OpenID where possible:

>>> lm.logoff()
>>> lm.is_logged_on()
>>> lm.logon_with_openid(openid, password)
>>> lm.is_logged_on()
class pyesgf.logon.LogonManager(esgf_dir='/home/docs/.esg', dap_config='/home/docs/.dodsrc', verify=True)[source]

Manages ESGF crendentials and security configuration files.

Also integrates with NetCDF’s secure OPeNDAP configuration.


Remove any obtained credentials from the ESGF environment.

Parameters:clear_trustroots – If True also remove trustroots.
logon(username=None, password=None, hostname=None, bootstrap=False, update_trustroots=True, interactive=True)[source]

Obtain ESGF credentials from the specified MyProxy service.

If interactive == True then any missing parameters of password, username or hostname will be prompted for at the terminal.

  • interactive – Whether to ask for input at the terminal for any missing information. I.e. username, password or hostname.
  • bootstrap – Whether to bootstrap the trustroots for this MyProxy service.
  • update_trustroots – Whether to update the trustroots for this MyProxy service.
logon_with_openid(openid, password=None, bootstrap=False, update_trustroots=True, interactive=True)[source]

Obtains ESGF credentials by detecting the MyProxy parameters from the users OpenID. Some ESGF compatible OpenIDs do not contain enough information to obtain credentials. In this case the user is prompted for missing information if interactive == True, otherwise an exception is raised.

Parameters:openid – OpenID to login with See logon() for parameters interactive, bootstrap and update_trustroots.