JupyterHub returns 403 when a user inheriting permissions from a group attempts log in
Summary
Users that have inherited permissions are unable to sign in to JupyterHub after it has been installed on a barebones Kubernetes cluster.
Steps to reproduce
- Create a project on GitLab.com in a namespace with any subscription level.
- Ensure that you are at least a
Developer
of that project. - Create a Kubernetes cluster through the GitLab integration.
- Install Helm Tiller, Ingress, and JupyterHub.
- Navigate to the
nip.io
JupyterHub URL provided once the installation of JupyterHub is complete. - Click
Sign in with GitLab
. - Authorize the application.
- Observe a
403
error.
Example Project
What is the current bug behavior?
The user is unable to sign in to the JupyterHub application that they just installed.
What is the expected correct behavior?
The user is able to sign in to their newly created JupyterHub installation.
Relevant logs and/or screenshots
Authorizing:
Error:
Output of checks
This bug happens on GitLab.com: 12.2.0-pre 0c1c17ab
ZD: https://gitlab.zendesk.com/agent/tickets/130113 (Internal)
/cc @danielgruesso
TODO
-
merge !17744 (merged) -
merge https://github.com/jupyterhub/oauthenticator/pull/283 -
release new oauthenticator version -
bump oauthenticator version in jupyterhub chart -
release new jupyterhub chart (latest 0.9.0-alpha
versions already have what we need, and we are already on a development version) -
update chart version used by gitlab
Edited by Hordur Freyr Yngvason