berkeley-dsep-infra / hubploy

Toolkit to deploy many z2jh based JupyterHubs
BSD 3-Clause "New" or "Revised" License
17 stars 15 forks source link

Support using AWS roles in addition to user accounts #71

Closed cslocum closed 4 years ago

cslocum commented 4 years ago

Add support for using AWS roles, while preserving the user account functionality.

See https://github.com/yuvipanda/hubploy/issues/70 for a lengthier description.

cslocum commented 4 years ago

In general, each auth function has two parts:

1. Tell the native tool (docker, kubectl/helm, etc) _how_ to get credentials (via ecr-login or aws). Let's call this setting the credential helper

2. Telling the credential helper how to actually authenticate.

Roles and user accounts are two ways to do (2), while (1) is common to both approaches. We should make this clear enough in the code.

I understand what you are talking about here (I think). But I am unclear on whether you would like changes to the code itself, or just abundant comments.

cslocum commented 4 years ago

In general, I try to have only one yield in a context manager. Otherwise it can get hard to reason about where the with statement is actually executing. Do you think it's possible to move the conditionals around to make that the case?

Did I do this correctly?

cslocum commented 4 years ago

Can this be merged? I've got further development work that builds on these changes.

yuvipanda commented 4 years ago

Moved to #82