Add support for Tenant ID #1097
Conversation
If tenant id is specified in the kernel start request's body via tenant_id, or as a query parameter (?tenant_id) to GET /api/kernels, it will be used to associate kernels with a tenant. If no tenant ID is given in the request body or as a query parameter the UNIVERSAL_TENANT_ID will be used so that all managed kernels use the same logic.
for more information, see https://pre-commit.ci
|
hi @kevin-bates |
|
I'm not sure how real time collaboration (rtc) is implemented at that level but I suspect the "sharing" is at the notebook file level and each user has their own kernel. |
|
We already have things like KERNEL_USERNAME, which provides a sort of a human-readable |
The UUID is not displayed anywhere, only (optionally) configured at the client (jupyter_server). If we went with anything like a "name", then that opens the door for requiring a registry, etc. so that uniqueness can be detected. |
|
@lresende, @rahul26goyal - are you available to review this PR? |
|
I've moved this to draft. After talking with @lresende, we felt it might be best to hold off on this until we have more firm requirements - particularly with how the tenant identities are configured and managed. We will revisit down the road as necessary. |
Although Enterprise Gateway states it supports multi-tenancy prior to this change, any "tenant" listing active kernels via
/api/kernelswill see kernels corresponding to every tenant. As a result, the shutdown of one tenant would terminate the kernels of all tenants.This pull request introduces
tenant_idas a means for associating kernels to a given tenant and thereby adds support for multi-tenancy in a minimally viable way.The
GatewayClientobject that resides within Jupyter Server will add support for the configuration of a tenant_id. When configured, theenvstanza associated with a kernel's start request will include the tenant_id as a value to the envJUPYTER_GATEWAY_TENANT_ID. In addition, the list kernels call will include a query parameter specifying the same tenant_id. Older client applications or admin applications that do not specify a query parameter will see all kernels - just like today.EG will use the tenant_id in the start request to manage a list of corresponding kernels. When the client requests the list of active kernels, it will use the kernel ids associated with the given tenant-id to filter the results.
If no tenant-id is specified in the start request, the
UNIVERSAL_TENANT_IDwill be used. This results in common functionality for both new and legacy applications. Applications not configuring a tenant-id will result in the same behavior seen today (which is really only viable for "single-tenant" installations).Although I haven't created a PR for the
GatewayClientwork (waiting for this merge), its changes can be found here.