Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jupyterhub Integration #53

Open
jkuruzovich opened this issue Apr 23, 2018 · 4 comments
Open

Jupyterhub Integration #53

jkuruzovich opened this issue Apr 23, 2018 · 4 comments
Labels
type:Question

Comments

@jkuruzovich
Copy link

This is really a great addition to Jupyterlab. I'm wondering if anyone has devised a way of setting the token in Jupyterhub (and specificity using the Zero to Jupyterhub helm chart)? Thanks in advance.
@ian-r-rose
Copy link
Member

For security and rate-limiting reasons, it is probably best for users to set up their own personal access tokens and add it to their local config files. I don't manage any JupyterHub deployments myself, so I don't really have detailed insights, but perhaps @dhirschfeld has some thoughts on best practices for setting it up?

@dhirschfeld
Copy link
Member

I'm still formulating my opinions on that front! Also, different JupyterHub deployments might require different solutions.

I do think a personal access token is the right way for this extension to be accessing GitHub but AFAICS that essentially precludes the extension from working until the user first creates a token. I'm thinking of getting around that using a service account with read-only access but that's likely pretty specific to my situation.

I was thinking if an access token wasn't specified that there could be a landing page with a a big button pointing to https://github.com/settings/tokens/new and an explanation that a token needed to be created to use the extension.

@jkuruzovich
Copy link
Author

Thanks! At least for the Jupyterhub on Kubernetes setup, if a user were to store their token on the local drive, then after the container is created the launch script could change that to an environment variable.

singleuser:
  image:
    name: my org/myimage
    tag: myth
  lifecycleHooks:
    postStart:
      exec:
        command: ["/bin/sh", "export $(cat /home/jovyan/my.env | grep -v ^# | xargs)"]

Could the github extension pull the user token from an environment variable?
I have a setup and am glad to try and then put a pull request for the updated docs if that seems a reasonable way to do it.

@ian-r-rose
Copy link
Member

Coming back to this after some work on deploying this extension in a JupyterHub environment.

It is possible to pass an access token from a JupyterHub spawner to an individual notebook server. Even better, if you are using GitHub OAuth, you can pass the token generated by user login. An example of how to do that with zero-to-jupyterhub is shown here: https://github.com/CityOfLosAngeles/citywide-jupyterhub/blob/e010e49cf02ef42c4c9a237b6e9bc33d6a344288/deploy/config.yaml#L18-L42

I think it would also be a good idea for the extension to be able to pull a token from an environment variable. If anybody wants to tackle that, I could provide guidance (I think it would be a ~5 line enhancement).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkuruzovich @dhirschfeld @ian-r-rose