def test_ensure_user():
"""
Test user creation & removal
"""
# Use a prefix to make sure we never start with a number
username = '******' + str(uuid.uuid4())[:8]
# Validate that no user exists
with pytest.raises(KeyError):
pwd.getpwnam(username)
try:
# Create user!
user.ensure_user(username)
# This raises exception if user doesn't exist
ent = pwd.getpwnam(username)
# Home directory must also exist
assert os.path.exists(ent.pw_dir)
# Run ensure_user again, should be a noop
user.ensure_user(username)
# User still exists, after our second ensure_user call
pwd.getpwnam(username)
finally:
# We clean up and remove user!
user.remove_user(username)
with pytest.raises(KeyError):
pwd.getpwnam(username)
def start(self):
"""
Perform system user activities before starting server
"""
# FIXME: Move this elsewhere? Into the Authenticator?
user.ensure_user(self.user.name)
user.ensure_user_group(self.user.name, 'jupyterhub-users')
if self.user.admin:
user.ensure_user_group(self.user.name, 'jupyterhub-admins')
else:
user.remove_user_group(self.user.name, 'jupyterhub-admins')
return super().start()
def test_new_user_create():
"""
Test that plugin receives username as arg
"""
username="******"
# Call ensure_user to make sure the user plugin gets called
user.ensure_user(username)
with open(f"test_new_user_create") as f:
content = f.read()
assert content == username
def start(self):
"""
Perform system user activities before starting server
"""
# FIXME: Move this elsewhere? Into the Authenticator?
system_username = generate_system_username('jupyter-' + self.user.name)
# FIXME: This is a hack. Allow setting username directly instead
self.username_template = system_username
user.ensure_user(system_username)
user.ensure_user_group(system_username, 'jupyterhub-users')
if self.user.admin:
user.ensure_user_group(system_username, 'jupyterhub-admins')
else:
user.remove_user_group(system_username, 'jupyterhub-admins')
return super().start()
def start(self):
system_username = generate_system_username('jupyter-' + self.user.name)
# FIXME: This is a hack. Allow setting username directly instead
self.username_template = system_username
user.ensure_user(system_username)
user.ensure_user_group(system_username, 'jupyterhub-users')
if self.user.admin:
user.ensure_user_group(system_username, 'jupyterhub-admins')
else:
user.remove_user_group(system_username, 'jupyterhub-admins')
if self.user_groups:
for group, users in self.user_groups.items():
if self.user.name in users:
user.ensure_user_group(system_username, group)
return super().start()
def test_group_membership():
"""
Test group memberships can be added / removed
"""
username = '******' + str(uuid.uuid4())[:8]
groupname = 'g' + str(uuid.uuid4())[:8]
# Validate that no group exists
with pytest.raises(KeyError):
grp.getgrnam(groupname)
with pytest.raises(KeyError):
pwd.getpwnam(username)
try:
user.ensure_group(groupname)
user.ensure_user(username)
user.ensure_user_group(username, groupname)
assert username in grp.getgrnam(groupname).gr_mem
# Do it again, this should be a noop
user.ensure_user_group(username, groupname)
assert username in grp.getgrnam(groupname).gr_mem
# Remove it
user.remove_user_group(username, groupname)
assert username not in grp.getgrnam(groupname).gr_mem
# Do it again, this should be a noop
user.remove_user_group(username, groupname)
assert username not in grp.getgrnam(groupname).gr_mem
finally:
# Remove the group
user.remove_user(username)
user.remove_group(groupname)
with pytest.raises(KeyError):
grp.getgrnam(groupname)
with pytest.raises(KeyError):
pwd.getpwnam(username)
def test_ensure_user():
"""
Test user creation & removal
"""
# Use a prefix to make sure we never start with a number
username = '******' + str(uuid.uuid4())[:8]
# Validate that no user exists
with pytest.raises(KeyError):
pwd.getpwnam(username)
try:
# Create user!
user.ensure_user(username)
# This raises exception if user doesn't exist
entry = pwd.getpwnam(username)
# Home directory must also exist
home_dir = entry.pw_dir
assert os.path.exists(home_dir)
# Ensure not word readable/writable especially in teaching context
homedir_stats = os.stat(home_dir).st_mode
assert not (
homedir_stats & stat.S_IROTH
), "Everyone should not be able to read users home directory"
assert not (
homedir_stats & stat.S_IWOTH
), "Everyone should not be able to write users home directory"
assert not (
homedir_stats & stat.S_IXOTH
), "Everyone should not be able to list what is in users home directory"
# Run ensure_user again, should be a noop
user.ensure_user(username)
# User still exists, after our second ensure_user call
pwd.getpwnam(username)
finally:
# We clean up and remove user!
user.remove_user(username)
with pytest.raises(KeyError):
pwd.getpwnam(username)
def start(self):
"""
Perform system user activities before starting server
"""
# FIXME: Move this elsewhere? Into the Authenticator?
user.ensure_user(self.user.name)
user.ensure_user_group(self.user.name, 'jupyterhub-users')
if self.user.admin:
user.ensure_user_group(self.user.name, 'jupyterhub-admins')
else:
user.remove_user_group(self.user.name, 'jupyterhub-admins')
NOTEBOOKS_REPO_URL = '[email protected]:climate-modelling-climate-change-erth90026/notebooks.git'
NOTEBOOKS_REPO_DIR = '/data/notebooks-repo'
NOTEBOOKS_SRC_DIR = join(NOTEBOOKS_REPO_DIR, 'notebooks')
NOTEBOOKS_SRC_SUBDIRS_TO_COPY = [
'tutorials',
join('tutorials', 'imgs'),
'assignments',
]
NOTEBOOKS_SRC_SUBDIRS_TO_LOCK = [
'assignments-solutions',
]
USER_ROOT = join('/home', self.user.name)
# NOTEBOOKS_USER_DIR = join(USER_ROOT, 'notebooks', 'tutorials')
NOTEBOOKS_USER_DIR = join(USER_ROOT, 'notebooks')
if not isdir(NOTEBOOKS_REPO_DIR):
Repo.clone_from(NOTEBOOKS_REPO_URL, NOTEBOOKS_REPO_DIR)
notebooks_repo = Git(NOTEBOOKS_REPO_DIR)
notebooks_repo.pull()
root_uid = pwd.getpwnam("root").pw_uid
root_gid = grp.getgrnam("root").gr_gid
for src_subdir_to_lock in NOTEBOOKS_SRC_SUBDIRS_TO_LOCK:
dir_to_lock = join(NOTEBOOKS_SRC_DIR, src_subdir_to_lock)
nrdmode = os.stat(dir_to_lock)
if (nrdmode.st_mode & stat.S_IRWXO !=
0) or (nrdmode.st_mode & stat.S_IRWXG != 0):
chown(dir_to_lock, root_uid, root_gid)
chmod(dir_to_lock, 0o700)
if not isdir(NOTEBOOKS_USER_DIR):
makedirs(NOTEBOOKS_USER_DIR)
for src_subdir in NOTEBOOKS_SRC_SUBDIRS_TO_COPY:
src_dir = join(NOTEBOOKS_SRC_DIR, src_subdir)
usr_dir = join(NOTEBOOKS_USER_DIR, src_subdir)
if not isdir(usr_dir):
makedirs(usr_dir)
files_to_copy = [
f for f in listdir(src_dir) if f.endswith(('.ipynb', '.png'))
]
for file_notebook in files_to_copy:
source_notebook = join(src_dir, file_notebook)
user_notebook = join(usr_dir, file_notebook)
if not isfile(user_notebook):
copyfile(source_notebook, user_notebook)
user_uid = pwd.getpwnam(self.user.name).pw_uid
user_gid = grp.getgrnam(self.user.name).gr_gid
for root, dirs, files in walk(USER_ROOT):
for momo in dirs:
chown(join(root, momo), user_uid, user_gid)
for momo in files:
chown(join(root, momo), user_uid, user_gid)
return super().start()
