Closed consideRatio closed 1 year ago
One idea that might be worth communicating in the help string is the idea that "users previously granted access will continue to have access" (by any means) if this is True.
If "granted access" means "configured to be allowed" then this isn't true if allowed_organizations
was configured for example. But if "granted access" means "successfully signed in", then its true but also leaves out the case when they were configured to be allowed via allowed_users
or similar. This complexity makes me not come up with an alternative formulation that I think is better =/ If you have a formulation idea that you think is better, go for it.
Another point to perhaps add clearly and succinctly, which follows directly from the previous one, but I think is worth communicating is that this option means removing users from allowed_users does NOT revoke access if this is True.
I've updated the allow_existing_users
help string about this, and made the changelog reference to config be links to the configuration reference.
I rebased to reduce complexity of documentation PRs I'm working on building on this PR.
Before the introduction of this config, existing jupyterhub users would when
allowed_users
was configured be allowed as well, but now they won't unlessallow_existing_users
is explicitly configured to True, and then they will be allowed independently ifallowed_users
was configured with any users or not.Checklist
add_user
hook adds users to theallowed_users
set ifallow_existing_users
is configured. So, we don't make a full end to end test where the authenticator authenticates and authorizes an existing user. We have tests for successful use of theallowed_users
set though, so the part missing is testing the assumption thatadd_user
is called by JupyterHub for existing users on startup and for newly created users, but that is a JuptyerHub promise forAuthenticator.add_user
.Related