Add support of using custom env variables

[AnastasiaSliusar]

References

This PR is the part of solution of the feature where users can set up custom env variables for a kernel which has not been run yet.
UI is on AnastasiaSliusar/jupyterlab#2

Code changes

• This PR includes accept_kernel_env_var flag which can be used during launching the application. If it is true then a user can see UI for configuring custom env variables when they select another not used kernel from the kernel select dialog or when they call a context menu for a certain kernel icon on Launcher
• This PR includes support of custom_env_vars variable which has user selection and it is used to setup custom env variables for a certain kernel

[Zsailer]

page_config is a concept specific to JupyterLab. Up until this point, Jupyter Server has been agnostic to it. This hook might need to land in jupyterlab_server instead, which extends jupyter_server and brings the page_config concept to the server.

[Zsailer]

I think this trait name and description is too vague.

Since this is specifically about passing custom environment variables to the kernel, I think we need to clarify in this trait and help message that we mean kernel env vars here.

[Zsailer]

Thanks for working on this @AnastasiaSliusar! Great stuff!

I glanced at the diff and left some minor comments in the PR. I know this is still in draft state, so I didn't do a deeper review.

Feel free to ping me here anytime you're ready for a review.

[AnastasiaSliusar]

Thanks for working on this @AnastasiaSliusar! Great stuff!

I glanced at the diff and left some minor comments in the PR. I know this is still in draft state, so I didn't do a deeper review.

Feel free to ping me here anytime you're ready for a review.

Hello, @Zsailer Thank you for your time and for your comments. I have a question. At the moment, custom env variables are not saved for a certain kernel. A user can just setup them for a kernel which has not be launched yet and then run a kernel. But if a user wants to run a notebook from a filebrowser a kernel won't run with its custom env variables if they have been setup before.
So my question is:

• How do you think we should save custom env variables into notebook metadata or not?
  I remember when we told about JEP parameterized kernel specs we made decision that saving user inputs into notebook metadata can violate the app security.

Thank you for your attention

[Zsailer]

I remember when we told about jupyter/enhancement-proposals#87 we made decision that saving user inputs into notebook metadata can violate the app security.

That's right. Notebook documents can leave the server they originated from, e.g. someone downloads their notebook and emails it to a friend. The environment variables (at best) include irrelevant information or (at worst) might contain sensitive information specific to the original server.

Aside from the security concerns, though, I just don't think these custom environment variables are a notebook-driven concept anyways, and thus, don't belong in the notebook document. They are essentially parameterized "instances" of the kernel. If we really want to cache previous launch configurations, we should do it through a separate service/extension IMO and store in a memory cache or (if persistence is needed across server lifetimes) store in a DB.

If you went that route, we'd need to extend JupyterLab's open document command, triggered by the filebrowser, to check this cache for previous launches and prompt the user to confirm if they'd like to use the same environment as previous launch.

[AnastasiaSliusar]

I remember when we told about jupyter/enhancement-proposals#87 we made decision that saving user inputs into notebook metadata can violate the app security.

That's right. Notebook documents can leave the server they originated from, e.g. someone downloads their notebook and emails it to a friend. The environment variables (at best) include irrelevant information or (at worst) might contain sensitive information specific to the original server.

Aside from the security concerns, though, I just don't think these custom environment variables are a notebook-driven concept anyways, and thus, don't belong in the notebook document. They are essentially parameterized "instances" of the kernel. If we really want to cache previous launch configurations, we should do it through a separate service/extension IMO and store in a memory cache or (if persistence is needed across server lifetimes) store in a DB.

If you went that route, we'd need to extend JupyterLab's open document command, triggered by the filebrowser, to check this cache for previous launches and prompt the user to confirm if they'd like to use the same environment as previous launch.

Thank you for detailed explanation

[AnastasiaSliusar]

Thanks for working on this @AnastasiaSliusar! Great stuff!

I glanced at the diff and left some minor comments in the PR. I know this is still in draft state, so I didn't do a deeper review.

Feel free to ping me here anytime you're ready for a review.

Dear @Zsailer I separated logic of using page_config between jupyter_server and jupyterlab_server (jupyterlab/jupyterlab_server#459) and you can review this PR now. Thank you for your attention:)

[Zsailer]

Thanks @AnastasiaSliusar.

I've left a few comments throughout the code. :) In general, I think we should use the new trait as a switch to accept/ignore these variables in the server REST API. Right now, this trait is only used to inform JupyterLab server clients about this feature via the page_config in your upstream jupyterlab_server PR. But that doesn't prevent clients from ignoring this config and still POSTing custom variables that affect the kernel. Ideally, if the trait is False, the server will ignore these variables even if a client tries to submit them.

One additional question. This PR adds the notion of custom kernel environment variables to the session REST API, but shouldn't we also extend this to the kernel's REST API too? Why special case it here? I think we should add this functionality to both APIs, since they are doing the same thing under the hood with kernels.

[Zsailer]

Shouldn't this be conditional based on the value of allow_setup_custom_env_variables?

[AnastasiaSliusar]

Dear @Zsailer I think it is a good idea. Sure, I agree. Thank you for suggestion.

[Zsailer]

Same question here, shouldn't this be conditional based on the value of allow_setup_custom_env_variables?

[Zsailer]

A couple of comments on this new trait:

1. I think we should shorten the name if we can 😅
2. Even though I said we should shorten it, I think we need the word kernel in the name somewhere 😆 . How about accept_kernel_env_vars? It's slightly shorter and more clear (IMO).
3. I think this trait needs to be passed as a tornado setting so that the request handlers can use this trait too.