Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add image_whitelist and default options form #219

Merged
merged 6 commits into from
Nov 12, 2018

Conversation

minrk
Copy link
Member

@minrk minrk commented Feb 10, 2018

if c.DockerSpawner.image_whitelist is specified, a default options form is constructed with a select dropdown for choosing the image to launch.

image_whitelist is a dict of {key: image}, where the key is the value to be used in the form (and shown to humans), while the values are the actual docker images. In this case, the actual image name is not shown to users.

image_whitelist may be specified as a list, in which case it is cast to a dict of the form {image:image}, where the keys are the same as the values (users see actual image names, rather than abbreviations/descriptions).

closes #236

@dhirschfeld
Copy link
Contributor

One thing I'd like is to be able to specify different images for different groups.

I'm not sure if there is currently any concept of a group membership for authenticated users? It's something I've been meaning to look into...

@dhirschfeld
Copy link
Contributor

In the config I would hard-code the allowed images for each group - i.e. the image_whitelist would be a mapping of the group name to image names

c.DockerSpawner.image_whitelist = {
    prod_group : {'display_name': 'image_name'},
    uat_group : {'display_name': 'image_name'},
    dev_group : {
        'display_name1': 'image_name1',
        'display_name2': 'image_name2',
    },
}

The allowed images would then be chosen from the union of all groups the user was a member of and the options form would group the image names by the group name.

I understand if this is too specialised a usecase to be incorporated in DockerSpawner itself - I just wanted to put it out there as something to consider...

@dhirschfeld
Copy link
Contributor

In the config I would hard-code the allowed images for each group

I'd ideally like this to be configurable in the JupyterHub admin UI - it would be a bit awkward to have to restart JupyterHub just to add a new image to the whitelist

@minrk
Copy link
Member Author

minrk commented Feb 27, 2018

Thanks for your use case. I think I probably won't have support for group-specific image lists in the base class since I think that can take too many forms, but I'll make sure that the necessary overrides are convenient via config, so all you'll have to provide is a callable that returns the right whitelist for the current user.

As for groups, yes JupyterHub does have the concept of groups, though a user can be a member of multiple groups (like unix), so you have to be a little careful. There isn't UI for managing groups, but you can do it via REST and/or config.

Admin UI can only be used to affect values stored in the db, not config. Anything that lives only in config would get lost on Hub relaunch.

@dhirschfeld
Copy link
Contributor

Just for completeness' sake I'll point out that my proposal is similar/related to the below issues which are spread about different repos:

if c.DockerSpawner.image_whitelist is specified, a default options form is constructed
with a select dropdown for choosing the image to launch.

image_whitelist is a dict of key: image, where the key is the value to be used in the form,
while the values are the actual docker images.

image_whitelist may be specified as a list, in which case it is cast to a dict of the form {image:image},
where the keys are the same as the values (users see actual image names, rather than abbreviations/descriptions).
@nils-werner
Copy link

Would it make sense to design SystemUserSpawner, MultiDockerImageSpawner etc. to be mixins, so their behaviour can be mixed and matched depending on the users needs?

@minrk minrk force-pushed the image-whitelist branch from 2e52cb7 to ef24db4 Compare June 13, 2018 14:29
@minrk
Copy link
Member Author

minrk commented Jun 13, 2018

@nils-werner that's already how it works, since this functionality is defined on DockerSpawner and SwarmSpawner is a subclass, so it inherits everything from DockerSpawner.

@dhirschfeld this now allows image_whitelist to be a callable, so you can specify your image whitelist as a function of the user it's generating the whitelist for.

@nils-werner
Copy link

nils-werner commented Jun 19, 2018

that's already how it works, since this functionality is defined on DockerSpawner and SwarmSpawner is a subclass, so it inherits everything from DockerSpawner.

I mean as mixins, not just deriving from one class. Using mixins, I could create a spawner that offers both systemuser and swarm using

class MySpawner(SystemUserSpawner, SwarmSpawner):
     pass

Following this principle, launching multiple docker images could be put in another mixin and be used like

class MySpawner(SystemUserSpawner, SwarmSpawner, MultiDockerImages):
     pass

minrk added 4 commits June 19, 2018 10:30
So that it can be derived from the user

callable will be passed the Spawner as a single argument.
User is accessible as Spawner.user.
@minrk minrk force-pushed the image-whitelist branch from ef24db4 to b6cdf7a Compare June 19, 2018 08:30
@Data-drone
Copy link

@minrk is this finished now? when will it be merged into the dockerSpawner ?

@minrk minrk merged commit 10d3a37 into jupyterhub:master Nov 12, 2018
@minrk minrk deleted the image-whitelist branch November 12, 2018 13:38
@minrk
Copy link
Member Author

minrk commented Nov 12, 2018

Yes, I believe this is ready.

@pinsleepe
Copy link

@minrk working like a charm!

@pgonyan
Copy link

pgonyan commented Nov 23, 2018

Is this functionality working in 0.10?

I wrote in jupyterhub_config.py
c.DockerSpawner.image_whitelist = {'esit/r-notebook':'esit/r-notebook', 'esit/r-notebook':'esit/r-notebook'}

But... logs adive
jupyterhub | [W 2018-11-23 14:34:00.360 JupyterHub configurable:168] Config option image_whitelist not recognized by DockerSpawner.

Using Ldapauthenticator
jupyterhub | [I 2018-11-23 14:33:08.843 JupyterHub app:1667] Using Authenticator: ldapauthenticator.ldapauthenticator.LDAPAuthenticator-1.
2.2
jupyterhub | [I 2018-11-23 14:33:08.844 JupyterHub app:1667] Using Spawner: dockerspawner.dockerspawner.DockerSpawner-0.10.0

@pgonyan
Copy link

pgonyan commented Nov 23, 2018

Is there a documentation page for this functionality or any examples?

@psychemedia
Copy link

I'm interested for docs on this too...

eg I'm using a simple Dummyauthenticator but I'm not seeing the image selection list for a pre-existing user?

@pinsleepe
Copy link

This functionality is not part of the official release yet. You have to install dockerspawner from this repo master branch (explained here). Hope this help!

@psychemedia
Copy link

@pinsleepe Yep, I've been using installs from the Guthub masters.

@dhirschfeld
Copy link
Contributor

I'm keen to use this functionality but need a release to be able to do so easily

@flixr
Copy link

flixr commented Jan 5, 2019

Dito.
Is there a timeline for the next release?

@minrk
Copy link
Member Author

minrk commented Mar 1, 2019

Working on the 0.11 release now.

@MaisamMD
Copy link

MaisamMD commented Feb 5, 2021

How can I map a specific volume to each of the images in the white list?

something like:

c.DockerSpawner.volumes = {'host/directory':'/container/directory'}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Multi Image Docker Spawner
9 participants