-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[POC] Auth aware profile list #700
base: main
Are you sure you want to change the base?
[POC] Auth aware profile list #700
Conversation
Thanks for submitting your first pull request! You are awesome! 🤗 |
d098fe9
to
961f4fd
Compare
@npapapietro can you try to clarify the problem you wish to solve, and the limitations of for example handling management of the profile list using hooks as examplified in the discourse post? If I can understand that clearly, its far easier to consider the strategy you have come up with on a high level, and then also on a more detailed level looking at code changes. |
I have been using the methods described in that post since it was suggest in my customer's jupyterhub installations :). It works well, but I think that pulling the key auth changes into the kubespawner might improve usability, deployment and security of kubernetes jupyterhub installation (and perhaps other installations as well). Motivation:
This is a QOL feature in my opinion and by no means a hard requirement for most of my jupyterhub installations, but I have bandwidth to take a whack at it and see if the community would benefit from this as well. Strategy: Since the base instance of
The goal I would make is to reduce the amount of upstream/downstream changes to function signatures outside of the sibling PR i've created in OAuthenticator. One of the caveats with this method is not all OAuth providers are created equal. Some (like Gitlab) required calls to the provider (for pagination perhaps?) to retrieve the user group/role/project data needed to make the |
Motivaion
The overall goal of this PR is to allow auth logic in KubeSpawner.profile_list depending on the instance of OAuthenticator chosen. This PR is meant to continue the discussions here as well as a sibling PR to jupyterhub/oauthenticator#571.
Changes
_options_form_default
: Returns callable ifself.profile_list
is not empty_render_options_form_dynamically
: Checks ifself.profile_list
is callable, and generates the list, then proceeds to filter out profiles (and profile options) if the authenticator class meets the auth criteria_filter_profile_options_form
: New async function that filters profiles based on user configuredoauthenticator_override
Per reviewer feedback I will proceed with extending some test coverage to this new logic. No auth is currently being tested beyond Dummy, so this will require some review as well.