hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-12 20:43:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

consistent docstrings, config for services/spawner oauth_roles

Browse Source
This commit is contained in:
Min RK
2021-04-29 12:58:16 +02:00
parent 7022a4c558
commit 1337a53a9f
4 changed files with 30 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
jupyterhub/services/service.py
View File

@@ -193,8 +193,14 @@ class Service(LoggingConfigurable):
oauth_roles = List( oauth_roles = List(
help="""OAuth allowed roles. help="""OAuth allowed roles.
List of roles that are passed to generated tokens if the service act as an OAuth client This sets the maximum and default roles
on behalf of users""" assigned to oauth tokens issued for this service
(i.e. tokens stored in browsers after authenticating with the server),
defining what actions the service can take on behalf of logged-in users.
Default is an empty list, meaning minimal permissions to identify users,
no actions can be taken on their behalf.
"""
).tag(input=True) ).tag(input=True)
api_token = Unicode( api_token = Unicode(

17
jupyterhub/spawner.py
View File

@@ -219,10 +219,19 @@ class Spawner(LoggingConfigurable):
oauth_client_id = Unicode() oauth_client_id = Unicode()
handler = Any() handler = Any()
allowed_roles = List( oauth_roles = Union(
help="""OAuth allowed roles for single-user servers [Callable(), List()],
""" help="""Allowed roles for oauth tokens.
).tag(input=True)
This sets the maximum and default roles
assigned to oauth tokens issued by a single-user server's
oauth client (i.e. tokens stored in browsers after authenticating with the server),
defining what actions the server can take on behalf of logged-in users.
Default is an empty list, meaning minimal permissions to identify users,
no actions can be taken on their behalf.
""",
).tag(config=True)
will_resume = Bool( will_resume = Bool(
False, False,

4
jupyterhub/tests/test_spawner.py
View File

@@ -430,5 +430,5 @@ async def test_hub_connect_url(db):
async def test_spawner_oauth_roles(app): async def test_spawner_oauth_roles(app):
allowed_roles = ['lotsa', 'roles'] allowed_roles = ['lotsa', 'roles']
spawner = new_spawner(app.db, allowed_roles=allowed_roles) spawner = new_spawner(app.db, oauth_roles=allowed_roles)
assert spawner.allowed_roles == allowed_roles assert spawner.oauth_roles == allowed_roles

7
jupyterhub/user.py
View File

@@ -564,11 +564,16 @@ class User:
oauth_client = oauth_provider.fetch_by_client_id(client_id) oauth_client = oauth_provider.fetch_by_client_id(client_id)
# create a new OAuth client + secret on every launch # create a new OAuth client + secret on every launch
# containers that resume will be updated below # containers that resume will be updated below
allowed_roles = spawner.oauth_roles
if callable(allowed_roles):
allowed_roles = allowed_roles(spawner)
oauth_provider.add_client( oauth_provider.add_client(
client_id, client_id,
api_token, api_token,
url_path_join(self.url, server_name, 'oauth_callback'), url_path_join(self.url, server_name, 'oauth_callback'),
allowed_roles=spawner.allowed_roles, allowed_roles=allowed_roles,
description="Server at %s" description="Server at %s"
% (url_path_join(self.base_url, server_name) + '/'), % (url_path_join(self.base_url, server_name) + '/'),
) )