Allow setting admin users for hubs with username / password auth

[yuvipanda]

Summary

We now support username / password to authenticate with JupyterHub (#418). Currently, there seems to be no easy way to specify that some users are admins, but everyone else can just log in. If I set anyone to admin, other users get a permission denied.

User Stories

As someone using the demohub (demo.cloudbank.2i2c.cloud) to demo things, I want to be able to access the admin interface and stop / start user servers if needed.

As someone running a workshop with username / password access, I want to use the admin interface so I can access users' home directories to help them debug problems.

Acceptance criteria

• The demo cloudbank hub has 2i2c admins on it

[damianavila]

If I set anyone to admin, other users get a permission denied.

So, if you set admin_users to somebody and avoid allowed_users, are you getting the permission denied?

Accordingly to the docs, an empty allowed_usershould not restrict anyone: https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.allowed_users

[yuvipanda]

So, if you set admin_users to somebody and avoid allowed_users, are you getting the permission denied?

Yeah, that's what is happening. And I'm not sure why.

[damianavila]

@consideRatio, do you have any thoughts about this? Wondering if something is happening at the z2jh layer instead of the underlying JupyterHub...

[consideRatio]

@damianavila hmmm no the authentication layer in z2jh is just passing through information directly to JupyterHub.

I think this is the logic that decides it. If users are denied, do you see an error log message about "user name <...> is not in Authenticator.allowed_users" ?

https://github.com/jupyterhub/jupyterhub/blob/6be3160d7487bb362df7095f24454ef2814951fc/jupyterhub/app.py#L1942-L1951

[yuvipanda]

Derp, this was my mistake. I had set allowed_users as well, so it was behaving as expected.

#426 fixes this.