When updating the list of allowed users, we would then update the entire JupyterHub deployment, but this requires that all the people who are allowed to add users know how to do that and potentially opens up for several critical mistakes.
My question is therefore: is it possible to configure the installation so it looks for an allowed_user user list somewhere externally? In that way, we simply add/remove users from that list and leave the rest of the installation untouched.
I think this would be an appreciated feature, if it is not already available.
This is not possible at the moment. allowed_users is a set which needs to be defined in the config. Even if we support a callable to this variable where you can fetch users from external sources like LDAP, you will have to restart JupyterHub pod for the changes to take effect. AFAIK, hot reloading is not supported by JupyterHub.
I am unable to assess if the external user list feature is a big addition or not, but I hope that it will be a possibility in the future. I am sure administrators will appreciate
Thanks for your additional input, @manics. I appreciate it.
I can use the admin interface to add and remove users. It is mainly a desire to isolate the user list to avoid any potential issues with overwriting some other important part. It just seems risky every time I adjust the config.yaml where all other configurations appear. Especially if I have to hand it over to a colleague, who then also need to be able to administer the cluster. It would be more safe if the user list could just be updated somewhere and worse case is that a wrong user name was specified, while the remaining configurations are guaranteed to remain the same.
