Define roles that allow my users to access to custom managed services

Hello, I try to allow my users to access my subservices I definied. The service renders an extra HTML Page on the Screen in Jupyterhub. It works fine as long as I use it as admin, but in production, the users don´t have admin rights and get a permission denied error.

JupyterHub is running on an OpenShift Cluster.

I tried to add a custom role to solve this issue, but the issue is persisting.

Roles

c.JupyterHub.load_roles = [
    {
        "name": "service-access",
        "description": "Allows all users access to the extra services",
        "scopes": ["access:services"],
        "services": ["about", "jobs"],
    },
]

Services looks like this:

c.JupyterHub.services = [
    {
        "name": "about",
        "command": ["tornado_service", "about", "6666", "AboutViewHandler"],
        "url": "http://127.0.0.1:6666",
        "environment": common_env,
    },

The example above results in the following error:

s_exist raise KeyError(f\"Scope '{scope}' {log_for} does not exist\") KeyError: \"Scope 'services' for role service-access does not exist\""}

Does anyone know what I am doing wrong here? Thank you!

c.JupyterHub.load_roles = [
    {
        "name": "user",
        # grant all users access to all services
        "scopes": ["access:services", "self"],
    }
]

I missunderstood the way it works. The scopes do not describe the scopes they need to be access, rather than the scopes they have itself. A bit confusing for me :slight_smile:

3 Likes