How to use env vars like JUPYTERHUB_USER in initContainers

JupyterHub
6

I finally got it working! I got some help from this post too.

I have a feeling that the way I’ve done it is not ideal, and I still do not understand certain things. For example, I set enable_auth_state to true in hub.config.Authenticator but that is not sufficient; I had to set this in the hub.extraConfig Python code. Also, where is the hub.auth.custom stuff documented? I just tried inserting the auth config block at different levels of the YAML hierarchy until it worked.

If anyone can help me clean this up so we have a solid example of how to do this for the GitLab authenticator, hopefully it will save someone the hours I just spent!

Here is the relevant part of my Helm values file:


hub:
  auth:
    type: custom
    custom:
      className: "CustomAuthTokenGenerator"
  config:
    # See https://zero-to-jupyterhub.readthedocs.io/en/stable/administrator/authentication.html?highlight=CryptKeeper#enable-auth-state
    Authenticator:
      enable_auth_state: true
    CryptKeeper:
      keys:
        - ff...68
    JupyterHub:
      admin_access: true
      # See 
      #   https://docs.gitlab.com/ce/integration/oauth_provider.html
      #   https://oauthenticator.readthedocs.io/en/latest/getting-started.html#gitlab-setup
      CustomAuthTokenGenerator:
        oauth_callback_url: 'https://example.com/jupyter/hub/oauth_callback'
        client_id: '6c..23'
        client_secret: '76..9a'
        scope:
        - 'read_user'
        - 'read_api'
        allowed_gitlab_groups:
        - '12345678'
  extraConfig:
    # See https://zero-to-jupyterhub.readthedocs.io/en/stable/administrator/advanced.html?highlight=extraconfig#hub-extraconfig 
    uwsAuthConfig.py: |
      from oauthenticator.gitlab import GitLabOAuthenticator
      import hashlib
      class CustomAuthTokenGenerator(GitLabOAuthenticator):
          async def pre_spawn_start(self, user, spawner):
              """Pass upstream_token to spawner via environment variable"""
              auth_state = await user.get_auth_state()
              if not auth_state:
                  # auth_state not enabled
                  return
              try:
                  spawner.environment['GITLAB_ACCESS_TOKEN'] = auth_state['access_token']
                  spawner.environment['GITLAB_USERNAME'] = auth_state['gitlab_user']['username']
              except Exception as e:
                  print('ERROR setting env vars from auth_state')
                  print(str(e))
              try:
                  spawner.environment['UWS_AUTH_TOKEN'] = hashlib.sha1(bytes(f'{auth_state["gitlab_user"]["username"]}-secret-salt-string', 'utf-8')).hexdigest()
              except Exception as e:
                  print('ERROR setting UWS_AUTH_TOKEN from GitLab auth_state: {}'.format(str(e)))
      c.JupyterHub.authenticator_class = CustomAuthTokenGenerator
      # Need to persist auth state in database.
      c.Authenticator.enable_auth_state = True
1 Like