JupyterHub (v0.8.2) Github Authorization not working

JupyterHub
1

Context:

I have two EKS clusters. “EKS” is AWS managed kubernetes service. I have deployed JupyterHub application to EKS using helm on each cluster. The only difference is that one cluster is running JupyterHub version 0.7.0 and the other is 0.8.2

We use Github auth for JupyterHub. E.g., in our helm chart:

auth:
  admin:
    access: true
    users:
    - my-github-user
  github:
    callbackUrl: ...
    clientId: ...
    clientSecret: ...
    org_whitelist:
    - my-github-org
  scopes:
  - read:org
  type: github

Problem: Authorization appears to be broken for JupyterHub 0.8.2

The JupyterHub 0.7.0 application is working as expected w.r.t. authorization (it only allows users to log in if they are a member of my-github-org.

The JupyterHub 0.8.2 application is not working as expected. It allows any Github user to log in.

The environment configuration is exactly the same, the only difference is the JupyterHub version. Could this be a regression in JupyterHub?

2

Also, to prove my theory I want to try downgrading the version of JupyterHub from 0.8.2 to 0.7.0 … but not sure if this will break the JHub application. Is it backwards compatible? E.g. if the JHub release is 0.8.2, and I issue this command “helm upgrade --install jhub jupyterhub/jupyterhub --namespace jhub --version=0.7.0 --values config.yaml” – will it work?

3

There was a breaking change in 0.8.0: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/6290e23602225b543850f5567c77ddd6c3662297/CHANGELOG.md#breaking-changes-1
The property was renamed auth.github.orgWhitelist

4

Wow. I really wish helm validated configs and threw an error instead of silently authorizing the world to my app

5

Hopefully that will be possible in Helm 3!