search

nebari-dev / nebari-slurm

An opinionated open source deployment of jupyterhub based on an Slurm job scheduler.
BSD 3-Clause "New" or "Revised" License
28 stars 10 forks source link

[ENH] - MIssing dask-gateway control roles on Keycloak #170

Open viniciusdc opened 2 months ago

viniciusdc commented 2 months ago

Feature description

In our docs, we outline the matrix comparison between Nebari and Nebari-slurm (formally known as QHub and QHub-HPC respectively). This is misleading since our code-base does not support the required roles nor the logic in superhub to control whether the user can access dask.

To fix this, we will need to include extend jupytehrub' keycloak client: https://github.com/nebari-dev/nebari-slurm/blob/4ff70836391720b0a48d7e7d3a6ab954c576d541/roles/jupyterhub/tasks/jupyterhub.yaml#L40-L110

To include the extra roles, as well as update the dask_gateway_config.py and jupyterhub_config.py with the required logic similar to its cloud counterpart.

  role_mapping = {
    "admin"     = ["jupyterhub_admin", "dask_gateway_admin"]
    "developer" = ["jupyterhub_developer", "dask_gateway_developer"]
    "analyst"   = ["jupyterhub_developer"]
  }

Value and/or benefit

Correct control over dask resources

Anything else?

No response