Hi,
We are running jupyterhub in a shared setup. We use single sign on with kerberos, and sudospawner to spawn user instances.
I am trying to limit our users’ ability to install arbitrary user extensions. I am able to turn off extension-manager completely but I want a more elegant solution. The extension allowlist as discussed here seems reasonable: Extensions — JupyterLab 3.2.8 documentation.
However I am not savvy enough in Jupyterlab to figure out where to put the configuration parameters.
I tried:
1- Added c.LabServerApp.allowed_extensions_uris='/Path/To/Allowlist/allowlist.json'
to jupyterhub_config.py.
2- Added '--LabServerApp.allowed_extensions_uris=/Path/To/Allowlist/allowlist.json'
to c.Spawner.args in jupyterhub_config.py.
Here is my allowlist.json contents:
{
"allowed_extensions": [
{
"name": "@jupyterlab/*",
"type": "jupyterlab",
"reason": "All @jupyterlab org extensions are allowed, of course…",
"creation_date": "2020-03-11T03:28:56.782Z",
"last_update_date": "2020-03-11T03:28:56.782Z"
},
{
"name":"@jupyter-widgets/*",
"type":"jupyterlab",
"reason": "It is part of our offering",
"creation_date":"2022-11-07"
},
{
"name":"@123npm/qgrid",
"type":"jupyterlab",
"reason": "It is part of our offering",
"creation_date":"2022-11-07"
},
{
"name":"jupyter-matplotlib",
"type":"jupyterlab",
"reason": "It is part of our offering",
"creation_date":"2022-11-07"
}
]
}
Didn’t work
Would love to learn how to do it right.