Open krassowski opened 4 months ago
It seems like we could possibly do some type of conversion from keycloak roles to jupyterhub roles similar to what we do in https://www.nebari.dev/docs/tutorials/argo-workflows-walkthrough#workflow-labels though that causes some other issues in that 2 different keycloak roles can be mapped to the same jupyterhub role. I think we are planning on creating all the default keycloak/jupyterhub roles in Nebari so it seems like this is mostly an issue for Nebari developers. Is there any other use case you can think of @krassowski for creating a keycloak roles for the jupyterhub client?
I wouldn't be opposed to some docs being adding about this limitation.
think we are planning on creating all the default keycloak/jupyterhub roles in Nebari so it seems like this is mostly an issue for Nebari developers. Is there any other use case you can think of @krassowski for creating a keycloak roles for the jupyterhub client?
This affects all roles created via keycloak as all of these are currently reflected in JupyterHub. Since any root user with access to keycloak console can create a role in keycloak any one of them can inadvertently break the deployment, which will be true even when we have predefined roles. Also, for larger deployments I imagine the predefined roles will not be sufficient as admins will want to assign roles to groups of users.
Describe the bug
Defining an invalid role in Keycloak may prevent JupyterHub from spawning:
Expected behavior
Either:
OS and architecture in which you are running Nebari
-
How to Reproduce the problem?
Create a role
xx
Command output
No response
Versions and dependencies used.
No response
Compute environment
None
Integrations
No response
Anything else?
No response