Restrict JupyterHub login access only to group/project members

Problem to solve

Currently, JupyterHub's k8s deployment allow users to sign-in with GitLab using OAuth, however, it does not restrict access only to members of the project/group where the app was deployed (via k8s integration)

Further details

(Include use cases, benefits, and/or goals)

Proposal

There is support within JupyterHub today to restrict logins to just a specific group when using GitLab OAuth. We should look into how to do this, so it is less risky to hook up to GitLab.com

We should be able to configure this with:

hub:
  extraConfig:
    myConfigAddition:
      c.GitLabOAuthenticator.gitlab_group_whitelist = {"<group_name>"}

We could then add this to https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/models/clusters/applications/jupyter.rb#L56-83

What does success look like, and how can we measure that?

Login to a JupyterHub instance is only permitted to members the group/project.

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.