tljh/configurer.py

"""
Parse YAML config file & update JupyterHub config.

Config should never append or mutate, only set. Functions here could
be called many times per lifetime of a jupyterhub.

Traitlets that modify the startup of JupyterHub should not be here.
FIXME: A strong feeling that JSON Schema should be involved somehow.
"""
# Default configuration for tljh
# User provided config is merged into this
default = {
    'auth': {
        'type': 'firstuse',
        'dummy': {},
        'firstuse': {
            'create_users': False
        }
    },
    'users': {
        'allowed': [],
        'banned': [],
        'admin': []
    },
    'limits': {
        'memory': '1G',
        'cpu': None
    },
    'user_environment': {
        'default_app': 'classic'
    }

}


def apply_config(config_overrides, c):
    """
    Merge config_overrides with config defaults & apply to JupyterHub config c
    """
    tljh_config = _merge_dictionaries(dict(default), config_overrides)

    update_auth(c, tljh_config)
    update_userlists(c, tljh_config)
    update_limits(c, tljh_config)
    update_user_environment(c, tljh_config)
    update_user_account_config(c, tljh_config)


def set_if_not_none(parent, key, value):
    """
    Set attribute 'key' on parent if value is not None
    """
    if value is not None:
        setattr(parent, key, value)


def update_auth(c, config):
    """
    Set auth related configuration from YAML config file

    Use auth.type to determine authenticator to use. All parameters
    in the config under auth.{auth.type} will be passed straight to the
    authenticators themselves.
    """
    auth = config.get('auth')

    if auth['type'] == 'dummy':
        c.JupyterHub.authenticator_class = 'dummyauthenticator.DummyAuthenticator'
        authenticator_parent = c.DummyAuthenticator
    elif auth['type'] == 'firstuse':
        c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator'
        authenticator_parent = c.FirstUseAuthenticator

    for k, v in auth[auth['type']].items():
        set_if_not_none(authenticator_parent, k, v)


def update_userlists(c, config):
    """
    Set user whitelists & admin lists
    """
    users = config['users']

    c.Authenticator.whitelist = set(users['allowed'])
    c.Authenticator.blacklist = set(users['banned'])
    c.Authenticator.admin_users = set(users['admin'])


def update_limits(c, config):
    """
    Set user server limits
    """
    limits = config['limits']

    c.SystemdSpawner.mem_limit = limits['memory']
    c.SystemdSpawner.cpu_limit = limits['cpu']


def update_user_environment(c, config):
    """
    Set user environment configuration
    """
    user_env = config['user_environment']

    # Set default application users are launched into
    if user_env['default_app'] == 'jupyterlab':
        c.Spawner.default_url = '/lab'
    elif user_env['default_app'] == 'nteract':
        c.Spawner.default_url = '/nteract'


def update_user_account_config(c, config):
    c.SystemdSpawner.username_template = 'jupyter-{USERNAME}'


def _merge_dictionaries(a, b, path=None, update=True):
    """
    Merge two dictionaries recursively.

    From https://stackoverflow.com/a/7205107
    """
    if path is None:
        path = []
    for key in b:
        if key in a:
            if isinstance(a[key], dict) and isinstance(b[key], dict):
                _merge_dictionaries(a[key], b[key], path + [str(key)])
            elif a[key] == b[key]:
                pass  # same leaf value
            elif update:
                a[key] = b[key]
            else:
                raise Exception('Conflict at %s' % '.'.join(path + [str(key)]))
        else:
            a[key] = b[key]
    return a
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`"""`
			`Parse YAML config file & update JupyterHub config.`

			`Config should never append or mutate, only set. Functions here could`
			`be called many times per lifetime of a jupyterhub.`

			`Traitlets that modify the startup of JupyterHub should not be here.`
			`FIXME: A strong feeling that JSON Schema should be involved somehow.`
			`"""`
			`# Default configuration for tljh`
			`# User provided config is merged into this`
			`default = {`
			`'auth': {`
Make firstuseauthenticator the default Fixes #14 2018-07-03 11:54:42 -07:00			`'type': 'firstuse',`
Disable user creation by default With firstuseauthenticator, users need to be manually created in the admin console before they can log in. This makes for a far more secure default experience. 2018-07-03 16:28:20 -07:00			`'dummy': {},`
			`'firstuse': {`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`'create_users': False`
Disable user creation by default With firstuseauthenticator, users need to be manually created in the admin console before they can log in. This makes for a far more secure default experience. 2018-07-03 16:28:20 -07:00			`}`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`},`
			`'users': {`
			`'allowed': [],`
			`'banned': [],`
			`'admin': []`
Support user resource limits Set default limit to 1G. Possibly controversial! 2018-06-27 01:30:34 -07:00			`},`
			`'limits': {`
			`'memory': '1G',`
			`'cpu': None`
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00			`},`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`'user_environment': {`
			`'default_app': 'classic'`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`}`
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`}`


Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`def apply_config(config_overrides, c):`
			`"""`
			`Merge config_overrides with config defaults & apply to JupyterHub config c`
			`"""`
			`tljh_config = _merge_dictionaries(dict(default), config_overrides)`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00
Support user resource limits Set default limit to 1G. Possibly controversial! 2018-06-27 01:30:34 -07:00			`update_auth(c, tljh_config)`
			`update_userlists(c, tljh_config)`
			`update_limits(c, tljh_config)`
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00			`update_user_environment(c, tljh_config)`
Prefix user accounts we create - Helps protect against users named 'root' - Makes it clearer that you should not rely on these users for general PAM work, because they are prefixed. Fixes #9 2018-07-12 13:33:24 -07:00			`update_user_account_config(c, tljh_config)`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00

Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`def set_if_not_none(parent, key, value):`
			`"""`
			`Set attribute 'key' on parent if value is not None`
			`"""`
			`if value is not None:`
			`setattr(parent, key, value)`


Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`def update_auth(c, config):`
			`"""`
			`Set auth related configuration from YAML config file`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00
			`Use auth.type to determine authenticator to use. All parameters`
			`in the config under auth.{auth.type} will be passed straight to the`
			`authenticators themselves.`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`"""`
			`auth = config.get('auth')`

			`if auth['type'] == 'dummy':`
			`c.JupyterHub.authenticator_class = 'dummyauthenticator.DummyAuthenticator'`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`authenticator_parent = c.DummyAuthenticator`
Make firstuseauthenticator the default Fixes #14 2018-07-03 11:54:42 -07:00			`elif auth['type'] == 'firstuse':`
			`c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator'`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`authenticator_parent = c.FirstUseAuthenticator`

			`for k, v in auth[auth['type']].items():`
			`set_if_not_none(authenticator_parent, k, v)`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00

			`def update_userlists(c, config):`
			`"""`
			`Set user whitelists & admin lists`
			`"""`
			`users = config['users']`

			`c.Authenticator.whitelist = set(users['allowed'])`
			`c.Authenticator.blacklist = set(users['banned'])`
			`c.Authenticator.admin_users = set(users['admin'])`


Support user resource limits Set default limit to 1G. Possibly controversial! 2018-06-27 01:30:34 -07:00			`def update_limits(c, config):`
			`"""`
			`Set user server limits`
			`"""`
			`limits = config['limits']`

			`c.SystemdSpawner.mem_limit = limits['memory']`
			`c.SystemdSpawner.cpu_limit = limits['cpu']`


Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00			`def update_user_environment(c, config):`
			`"""`
			`Set user environment configuration`
			`"""`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`user_env = config['user_environment']`
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00
			`# Set default application users are launched into`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`if user_env['default_app'] == 'jupyterlab':`
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00			`c.Spawner.default_url = '/lab'`
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config! 2018-07-15 13:40:17 -07:00			`elif user_env['default_app'] == 'nteract':`
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml 2018-06-29 00:47:08 -07:00			`c.Spawner.default_url = '/nteract'`


Prefix user accounts we create - Helps protect against users named 'root' - Makes it clearer that you should not rely on these users for general PAM work, because they are prefixed. Fixes #9 2018-07-12 13:33:24 -07:00			`def update_user_account_config(c, config):`
			`c.SystemdSpawner.username_template = 'jupyter-{USERNAME}'`


Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`def _merge_dictionaries(a, b, path=None, update=True):`
			`"""`
			`Merge two dictionaries recursively.`

Don't handle merging lists Doesn't work clearly 2018-07-10 11:45:07 -07:00			`From https://stackoverflow.com/a/7205107`
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used 2018-06-27 01:18:07 -07:00			`"""`
			`if path is None:`
			`path = []`
			`for key in b:`
			`if key in a:`
			`if isinstance(a[key], dict) and isinstance(b[key], dict):`
			`_merge_dictionaries(a[key], b[key], path + [str(key)])`
			`elif a[key] == b[key]:`
			`pass # same leaf value`
			`elif update:`
			`a[key] = b[key]`
			`else:`
			`raise Exception('Conflict at %s' % '.'.join(path + [str(key)]))`
			`else:`
			`a[key] = b[key]`
			`return a`