UI Server Configuration does not seem to honour $CYLC_SITE_CONF_PATH environment variable

[jarich]

Description

The documentation suggests that the $CYLC_SITE_CONF_PATH environment variable can be set to advise Cylc UI Servers where to find the jupyter_config.py file. When running the Cylc Hub with sudospawner, setting the $CYLC_SITE_CONF_PATH in sudospawner-singleuser:

#!/bin/bash -l
export CYLC_SITE_CONF_PATH="/data/jupyterhub/config/"
# Delegate to the Cylc hub server
exec "$(dirname "$0")/cylc" "hubapp" $@

does not result in the jupyter_config.py in that directory being used.

Further, if the jupyter_config.py in the Cylc Hub's pre-packaged default location <CONDA_ENV>/site-packages/cylc/uiserver/jupyter_config.py is not readable by the workflow owner, no permissions are provided but no warning is raised either. This makes debugging site_authorization issues a little harder.

Reproducible Example

Spawn a UI server, after exporting CYLC_SITE_CONF_PATH to be a different directory, with an all-user readable jupyter_config.py that grants access to other users.

Make sure that the UI server's pre-packaged default location for jupyter_config.py is unreadable to non-owner users/and or does not grant any access to other users.

Attempt to connect to that UI server as another user. Note that access is not granted.

Expected Behaviour

Exporting CYLC_SITE_CONF_PATH before calling cylc hubapp would result in the jupyter_config.py file under that directory to be used.

If no jupyter_config.py files are found/readable, a warning is printed in addition to stating that users have no access.

[wxtim]

File Readable but not found

#!/bin/bash -l
export CYLC_SITE_CONF_PATH="/data/jupyterhub/config/"
# Delegate to the Cylc hub server
exec "$(dirname "$0")/cylc" "hubapp" $@

does not result in the jupyter_config.py in that directory being used.

I don't think I'd expect that to work - in the same way that ~/.cylc/global.cylc won't work - the pattern is location/app_name/config_file. reference

This only works for me if /data/jupyterhub/config/ contains a uiserver folder, but by putting print('HI') in my config I demonstrated that it does work.

File found but not readable

This isn't a Cylc feature, but a Jupyter Server feature, special handling of this behaviour is not reasonable. I think this ought to be a change in Jupyter server, assuming they are happy to have it.