def test_ensure_group(): """ Test group creation & removal """ # Use a prefix to make sure we never start with a number groupname = 'g' + str(uuid.uuid4())[:8] # Validate that no group exists with pytest.raises(KeyError): grp.getgrnam(groupname) try: # Create group user.ensure_group(groupname) # This raises if group doesn't exist grp.getgrnam(groupname) # Do it again, this should be a noop user.ensure_group(groupname) grp.getgrnam(groupname) finally: # Remove the group user.remove_group(groupname) with pytest.raises(KeyError): grp.getgrnam(groupname)
def ensure_usergroups(): """ Sets up user groups & sudo rules """ user.ensure_group('jupyterhub-admins') user.ensure_group('jupyterhub-users') logger.info("Granting passwordless sudo to JupyterHub admins...") with open('/etc/sudoers.d/jupyterhub-admins', 'w') as f: # JupyterHub admins should have full passwordless sudo access f.write('%jupyterhub-admins ALL = (ALL) NOPASSWD: ALL\n') # `sudo -E` should preserve the $PATH we set. This allows # admins in jupyter terminals to do `sudo -E pip install <package>`, # `pip` is in the $PATH we set in jupyterhub_config.py to include the user conda env. f.write('Defaults exempt_group = jupyterhub-admins\n')
def test_group_membership(): """ Test group memberships can be added / removed """ username = '******' + str(uuid.uuid4())[:8] groupname = 'g' + str(uuid.uuid4())[:8] # Validate that no group exists with pytest.raises(KeyError): grp.getgrnam(groupname) with pytest.raises(KeyError): pwd.getpwnam(username) try: user.ensure_group(groupname) user.ensure_user(username) user.ensure_user_group(username, groupname) assert username in grp.getgrnam(groupname).gr_mem # Do it again, this should be a noop user.ensure_user_group(username, groupname) assert username in grp.getgrnam(groupname).gr_mem # Remove it user.remove_user_group(username, groupname) assert username not in grp.getgrnam(groupname).gr_mem # Do it again, this should be a noop user.remove_user_group(username, groupname) assert username not in grp.getgrnam(groupname).gr_mem finally: # Remove the group user.remove_user(username) user.remove_group(groupname) with pytest.raises(KeyError): grp.getgrnam(groupname) with pytest.raises(KeyError): pwd.getpwnam(username)
def tljh_config_post_install(config): """ Configure /srv/scratch and change configs/mods """ ### mkdir -p /srv/scratch ### sudo chown root:jupyterhub-users /srv/scratch ### sudo chmod 777 /srv/scratch ### sudo chmod g+s /srv/scratch ### sudo ln -s /srv/scratch /etc/skel/scratch sh.mkdir('/srv/scratch', '-p') # jupyterhub-users doesn't get created until a user logs in # make sure it's created before changing permissions on directory ensure_group('jupyterhub-users') sh.chown('root:jupyterhub-users', '/srv/scratch') sh.chmod('777', '/srv/scratch') sh.chmod('g+s', '/srv/scratch') sh.ln('-s', '/srv/scratch', '/etc/skel/scratch')
Conda constructor does not play well with conda-forge, so we can ship this with constructor """ # FIXME: Use fully deterministic package lists here conda.ensure_conda_packages(prefix, ['jupyterhub==0.9.0']) conda.ensure_pip_packages(prefix, [ 'jupyterhub-dummyauthenticator==0.3.1', 'jupyterhub-systemdspawner==0.9.12', ]) ensure_jupyterhub_package(HUB_ENV_PREFIX) ensure_jupyterhub_service(HUB_ENV_PREFIX) user.ensure_group('jupyterhub-admins') user.ensure_group('jupyterhub-users') with open('/etc/sudoers.d/jupyterhub-admins', 'w') as f: # JupyterHub admins should have full passwordless sudo access f.write('%jupyterhub-admins ALL = (ALL) NOPASSWD: ALL\n') # `sudo -E` should preserve the $PATH we set. This allows # admins in jupyter terminals to do `sudo -E pip install <package>`, # `pip` is in the $PATH we set in jupyterhub_config.py to include the user conda env. f.write('Defaults exempt_group = jupyterhub-admins\n') conda.ensure_conda_env(USER_ENV_PREFIX) conda.ensure_conda_packages(USER_ENV_PREFIX, [ # Conda's latest version is on conda much more so than on PyPI. 'conda==4.5.4' ])