def test_ensure_group():
    """
    Test group creation & removal
    """
    # Use a prefix to make sure we never start with a number
    groupname = 'g' + str(uuid.uuid4())[:8]

    # Validate that no group exists
    with pytest.raises(KeyError):
        grp.getgrnam(groupname)

    try:
        # Create group
        user.ensure_group(groupname)
        # This raises if group doesn't exist
        grp.getgrnam(groupname)

        # Do it again, this should be a noop
        user.ensure_group(groupname)
        grp.getgrnam(groupname)
    finally:
        # Remove the group
        user.remove_group(groupname)
        with pytest.raises(KeyError):
            grp.getgrnam(groupname)
Beispiel #2
0
def ensure_usergroups():
    """
    Sets up user groups & sudo rules
    """
    user.ensure_group('jupyterhub-admins')
    user.ensure_group('jupyterhub-users')

    logger.info("Granting passwordless sudo to JupyterHub admins...")
    with open('/etc/sudoers.d/jupyterhub-admins', 'w') as f:
        # JupyterHub admins should have full passwordless sudo access
        f.write('%jupyterhub-admins ALL = (ALL) NOPASSWD: ALL\n')
        # `sudo -E` should preserve the $PATH we set. This allows
        # admins in jupyter terminals to do `sudo -E pip install <package>`,
        # `pip` is in the $PATH we set in jupyterhub_config.py to include the user conda env.
        f.write('Defaults exempt_group = jupyterhub-admins\n')
def test_group_membership():
    """
    Test group memberships can be added / removed
    """
    username = '******' + str(uuid.uuid4())[:8]
    groupname = 'g' + str(uuid.uuid4())[:8]

    # Validate that no group exists
    with pytest.raises(KeyError):
        grp.getgrnam(groupname)
    with pytest.raises(KeyError):
        pwd.getpwnam(username)

    try:
        user.ensure_group(groupname)
        user.ensure_user(username)

        user.ensure_user_group(username, groupname)

        assert username in grp.getgrnam(groupname).gr_mem

        # Do it again, this should be a noop
        user.ensure_user_group(username, groupname)

        assert username in grp.getgrnam(groupname).gr_mem

        # Remove it
        user.remove_user_group(username, groupname)
        assert username not in grp.getgrnam(groupname).gr_mem

        # Do it again, this should be a noop
        user.remove_user_group(username, groupname)
        assert username not in grp.getgrnam(groupname).gr_mem
    finally:
        # Remove the group
        user.remove_user(username)
        user.remove_group(groupname)

        with pytest.raises(KeyError):
            grp.getgrnam(groupname)
        with pytest.raises(KeyError):
            pwd.getpwnam(username)
def tljh_config_post_install(config):
    """
    Configure /srv/scratch and change configs/mods
    """
    ### mkdir -p /srv/scratch
    ### sudo chown  root:jupyterhub-users /srv/scratch
    ### sudo chmod 777 /srv/scratch
    ### sudo chmod g+s /srv/scratch
    ### sudo ln -s /srv/scratch /etc/skel/scratch
    sh.mkdir('/srv/scratch', '-p')
    # jupyterhub-users doesn't get created until a user logs in
    # make sure it's created before changing permissions on directory
    ensure_group('jupyterhub-users') 
    sh.chown('root:jupyterhub-users', '/srv/scratch')
    sh.chmod('777', '/srv/scratch')
    sh.chmod('g+s', '/srv/scratch')
    sh.ln('-s', '/srv/scratch', '/etc/skel/scratch')

    
    
    
Beispiel #5
0
    Conda constructor does not play well with conda-forge, so we can ship this
    with constructor
    """
    # FIXME: Use fully deterministic package lists here
    conda.ensure_conda_packages(prefix, ['jupyterhub==0.9.0'])
    conda.ensure_pip_packages(prefix, [
        'jupyterhub-dummyauthenticator==0.3.1',
        'jupyterhub-systemdspawner==0.9.12',
    ])


ensure_jupyterhub_package(HUB_ENV_PREFIX)
ensure_jupyterhub_service(HUB_ENV_PREFIX)

user.ensure_group('jupyterhub-admins')
user.ensure_group('jupyterhub-users')

with open('/etc/sudoers.d/jupyterhub-admins', 'w') as f:
    # JupyterHub admins should have full passwordless sudo access
    f.write('%jupyterhub-admins ALL = (ALL) NOPASSWD: ALL\n')
    # `sudo -E` should preserve the $PATH we set. This allows
    # admins in jupyter terminals to do `sudo -E pip install <package>`,
    # `pip` is in the $PATH we set in jupyterhub_config.py to include the user conda env.
    f.write('Defaults exempt_group = jupyterhub-admins\n')

conda.ensure_conda_env(USER_ENV_PREFIX)
conda.ensure_conda_packages(USER_ENV_PREFIX, [
    # Conda's latest version is on conda much more so than on PyPI.
    'conda==4.5.4'
])