-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use oauthenticator 17.2 for pkce-experiment (jupyter-health) #5217
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @minrk, I believe this needs building and then updating the image tag in the hub config here ⬇️ but I'm not sure if you have push rights on 2i2c quay
infrastructure/config/clusters/jupyter-health/common.values.yaml
Lines 39 to 46 in de31b5e
hub: | |
# FIXME: Experiment to use oauthenticator 17.1, should be transitioned away | |
# as part of upgrading to z2jh 4, see | |
# https://github.com/2i2c-org/infrastructure/pull/4968 | |
# | |
image: | |
name: quay.io/2i2c/pkce-experiment | |
tag: 0.0.1-0.dev.git.10892.h37c70b2e |
I will try to do it
Merging this PR will trigger the following deployment actions. Support and Staging deployments
Production deployments
|
enables refreshing auth, used in jupyter-health
0171c61
to
555d88a
Compare
🎉🎉🎉🎉 Monitor the deployment of the hubs here 👉 https://github.com/2i2c-org/infrastructure/actions/runs/12139768532 |
@GeorgianaElena thanks! Looks like it deployed successfully and things are working (I see in the Hub logs that my token was expired, but rightly refreshed using a refresh token when I launched my server), but the health check failed. I don't see any information about the health check or its failure, though. I suspect it's due to refresh_auth not succeeding for the fake |
@minrk, I've disabled And the actual error is:
Looking at the oauthenticator PR now. Update, hub logs:
|
Okay, I think that makes sense, actually. If we want to be able to use OAuthenticator with users that aren't actually users, I think we need an explicit bypass of the refresh_user machinery somewhere. It is a generic issue, I suppose, but perhaps the fix belongs in OAuthenticator for now to somehow bypass either for specific users or some property of users, e.g. having no auth_state at all. |
Agree! I was leaning towards the same solution. I think I will revert this PR for now, if that's ok and we can test it again once we have the oauthenticator bypass implemented. |
@GeorgianaElena actually, can I point the health check to another user rather than the fake one? Then the health check should work and we can keep testing. |
Ah, I guess I can't really do that because the test hardcodes the username and makes quite a few assumptions about how users are handled by the Authenticator and that invalid users won't have any problems, which isn't necessarily the case, as seen here. |
enables refreshing auth tokens, used in jupyter-health