-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use jupyter server as base provider #384
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #384 +/- ##
==========================================
- Coverage 95.77% 94.25% -1.53%
==========================================
Files 31 31
Lines 2273 2350 +77
Branches 0 308 +308
==========================================
+ Hits 2177 2215 +38
- Misses 96 106 +10
- Partials 0 29 +29 ☔ View full report in Codecov by Sentry. |
Current test failures are due to this PR not being released yet. |
@kevin-bates what kind of review do you need:
|
I think moving the handlers and "base" services to Jupyter Server 2.0 will require some authentication and authorization changes. If my understanding is correct, we will need to convey the cookie used to track a user's authentication via the Also, it would be ideal to have the gateways (including Enterprise Gateway here as well) work when the client application is a down-level Jupyter Server (or older Notebook) when the cookie is not present. I also don't know if this will have ramifications on users that rely on a reverse proxy for securing their Gateway server. I'm hoping these changes won't have an impact there. I'm not sure if this answers your questions. It's quite a gray area for me. |
It does answer, thank you. btw The need for a cookie is breaking other use case which I would like to discuss, see jupyter-server/jupyter_server#1245 (comment) |
Yes, we'll definitely need to follow that conversation to see how this might impact the gateways. |
Hi @krassowski, thanks for asking about this work in today's Jupyter Server/Kernels meeting. I was happy to see that I had created a PR for this effort. Although all of the current check-boxes are checked, I believe additional tasks will come from the "Notes/Caveats/Status" section. Any help would be appreciated. In that vane, I've sent an invite for your collaboration on this branch. |
I think this is completely reasonable. Let's make kernel_gateway 3.x be Jupyter Server ready, and (temporarily) maintain two branches.
I think both of these issues can be smoothed over by using a default, (essentially) no-op Identity Provider in Kernel Gateway. This This will make KG work as it always has. If someone would like to customize a KG to 1) track identity or 2) perform finer grained authorization, the new identity_provider and authorizer APIs give them the hooks to do it. I don't think we need to flow a more thorough user model through KG—at least not to release this PR. @kevin-bates, I know your time is very limited these days, so I can pick up this PR and get it out the door. |
That would be fantastic @Zsailer, thank you! |
I think this is ready to go. I'm not sure why tests aren't running.... looking into this. |
for more information, see https://pre-commit.ci
b9aca67
to
43975c5
Compare
We need jupyter-server/jupyter_server#1311 to be merged and released in Jupyter Server before this PR will work. |
All green baby! |
Merging. |
@kevin-bates are you able to add me as a maintainer on the PyPI package here? Or @blink1073? |
@Zsailer I moved the package to the Jupyter org and added the Jupyter Server team as a maintainer, you should have access now. |
(I also added you as a member of that team). |
Thanks, @blink1073! I'll cut a release first thing Monday. |
This pull request replaces
notebook
withjupyter_server
as its base provider. This will be merged as part of Kernel Gateway's 3.0 release and provides the following changes:notebook
withjupyter_server
as its base provider@gen.coroutine/yield
withasync/await
unittest
withpytest
and adds coverage diagnosticsNotes/Caveats/Status:
--KernelGatewayApp.auth_token=foo
for the gateway, and--GatewayClient.auth_token=foo
for the server). Not settingauth_token
results in401 (Unauthorized)
.