Scott Henderson
Scott Henderson
Apologies, turns out I left an Auth0 'Rule' enabled while experimenting with AWS permissions that was blocking login attempts on https://staging.hub.pangeo.io. Seems to be fixed now. For future Rules we...
> This doesn't make sense to me. Application metadata (i.e. app_metadata) is assigned on a per-user basis, not per application. That is per-user 'app_metadata'. There is also 'Application Metadata' under...
@rabernat and @jhamman . Thanks for discussing an approach to unified Auth. Some thoughts: > I think we can make this work. I can create the API if @scottyhq can...
@rabernat - I like the approach to using Teams, but for the AWS hub we're using multiple github orgs. The rule as-is I think assumes everyone is under pangeo-data. As...
@rabernat - yes, your new rule adds all team memberships for a user to app_metadata. The problem was that `REQUIRED_GITHUB_TEAMS = pangeo-data/us-central1-b-gcp` was also added to the `aws-uswest2.pangeo.io` application, blocking...
Thanks @TomAugspurger - forgot to include a code block! Here is output from your test case run on the aws-uswest2 hub: (s3fs=0.4, dask=2.8.1, botocore=1.13.29) ```python def func(): import s3fs #...
> It would make sense to me if the dask workers and the normal user interactive pods had the same ownership and permissions. The only difference is that a dask...
> How would you map usernames to IAM roles/service accounts? If there's a way to do this where dask-gateway doesn't need to store and manage this mapping then this should...
In a recent chat with @yuvipanda - he pointed me to a nice model for provisioning per-user policies and buckets on GCP that would be relevant once we get around...
just some points of clarification 1) The zero2jupyterhub docs linked above use `CHOWN_HOME: 'yes'` which is specific to `jupyter/docker-stacks`: https://github.com/jupyter/docker-stacks/blob/185a9f74b2965ba65ef18f46b5d8494fad445439/base-notebook/start.sh#L52 2) efs-provisioner dynamically creates user home directories on the efs...