k8s-manifests/jupyter/base/charts/jupyterhub/templates/hub/_helpers-passwords.tpl

{{- /*
    This file contains logic to lookup already
    generated passwords or generate a new.

    proxy.secretToken       / hub.config.ConfigurableHTTPProxy.auth_token
    hub.cookieSecret        / hub.config.JupyterHub.cookie_secret
    auth.state.cryptoKey*   / hub.config.CryptKeeper.keys

    *Note that the entire auth section is deprecated and users
    are forced through "fail" in NOTES.txt to migrate to hub.config.

    Note that lookup logic returns falsy value when run with
    `helm diff upgrade`, so it is a bit troublesome to test.
*/}}

{{- /*
    Returns given number of random Hex characters.

    - randNumeric 4 | atoi generates a random number in [0, 10^4)
      This is a range range evenly divisble by 16, but even if off by one,
      that last partial interval offsetting randomness is only 1 part in 625.
    - mod N 16 maps to the range 0-15
    - printf "%x" represents a single number 0-15 as a single hex character
*/}}
{{- define "jupyterhub.randHex" -}}
    {{- $result := "" }}
    {{- range $i := until . }}
        {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
        {{- $result = print $result $rand_hex_char }}
    {{- end }}
    {{- $result }}
{{- end }}

{{- define "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" -}}
    {{- if (.Values.hub.config | dig "ConfigurableHTTPProxy" "auth_token" "") }}
        {{- .Values.hub.config.ConfigurableHTTPProxy.auth_token }}
    {{- else if .Values.proxy.secretToken }}
        {{- .Values.proxy.secretToken }}
    {{- else }}
        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }}
        {{- if hasKey $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" }}
            {{- index $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" | b64dec }}
        {{- else }}
            {{- randAlphaNum 64 }}
        {{- end }}
    {{- end }}
{{- end }}

{{- define "jupyterhub.hub.config.JupyterHub.cookie_secret" -}}
    {{- if (.Values.hub.config | dig "JupyterHub" "cookie_secret" "") }}
        {{- .Values.hub.config.JupyterHub.cookie_secret }}
    {{- else if .Values.hub.cookieSecret }}
        {{- .Values.hub.cookieSecret }}
    {{- else }}
        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }}
        {{- if hasKey $k8s_state.data "hub.config.JupyterHub.cookie_secret" }}
            {{- index $k8s_state.data "hub.config.JupyterHub.cookie_secret" | b64dec }}
        {{- else }}
            {{- include "jupyterhub.randHex" 64 }}
        {{- end }}
    {{- end }}
{{- end }}

{{- define "jupyterhub.hub.config.CryptKeeper.keys" -}}
    {{- if (.Values.hub.config | dig "CryptKeeper" "keys" "") }}
        {{- .Values.hub.config.CryptKeeper.keys | join ";" }}
    {{- else }}
        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) | default (dict "data" (dict)) }}
        {{- if hasKey $k8s_state.data "hub.config.CryptKeeper.keys" }}
            {{- index $k8s_state.data "hub.config.CryptKeeper.keys" | b64dec }}
        {{- else }}
            {{- include "jupyterhub.randHex" 64 }}
        {{- end }}
    {{- end }}
{{- end }}

{{- define "jupyterhub.hub.services.get_api_token" -}}
    {{- $_ := index . 0 }}
    {{- $service_key := index . 1 }}
    {{- $explicitly_set_api_token := or ($_.Values.hub.services | dig $service_key "api_token" "") ($_.Values.hub.services | dig $service_key "apiToken" "") }}
    {{- if $explicitly_set_api_token }}
        {{- $explicitly_set_api_token }}
    {{- else }}
        {{- $k8s_state := lookup "v1" "Secret" $_.Release.Namespace (include "jupyterhub.hub.fullname" $_) | default (dict "data" (dict)) }}
        {{- $k8s_secret_key := print "hub.services." $service_key ".apiToken" }}
        {{- if hasKey $k8s_state.data $k8s_secret_key }}
            {{- index $k8s_state.data $k8s_secret_key | b64dec }}
        {{- else }}
            {{- include "jupyterhub.randHex" 64 }}
        {{- end }}
    {{- end }}
{{- end }}
Jupytherhub: Export 3.0.3 like so: ``` helm repo add jupyterhub https://hub.jupyter.org/helm-chart/ helm fetch jupyterhub/jupyterhub --version 3.0.3 --untar --untardir . ``` 2023-09-25 14:28:39 +00:00			`{{- /*`
			`This file contains logic to lookup already`
			`generated passwords or generate a new.`

			`proxy.secretToken / hub.config.ConfigurableHTTPProxy.auth_token`
			`hub.cookieSecret / hub.config.JupyterHub.cookie_secret`
			`auth.state.cryptoKey* / hub.config.CryptKeeper.keys`

			`*Note that the entire auth section is deprecated and users`
			`are forced through "fail" in NOTES.txt to migrate to hub.config.`

			`Note that lookup logic returns falsy value when run with`
			`helm diff upgrade`, so it is a bit troublesome to test.
			`*/}}`

			`{{- /*`
			`Returns given number of random Hex characters.`

			`- randNumeric 4 \| atoi generates a random number in [0, 10^4)`
			`This is a range range evenly divisble by 16, but even if off by one,`
			`that last partial interval offsetting randomness is only 1 part in 625.`
			`- mod N 16 maps to the range 0-15`
			`- printf "%x" represents a single number 0-15 as a single hex character`
			`*/}}`
			`{{- define "jupyterhub.randHex" -}}`
			`{{- $result := "" }}`
			`{{- range $i := until . }}`
			`{{- $rand_hex_char := mod (randNumeric 4 \| atoi) 16 \| printf "%x" }}`
			`{{- $result = print $result $rand_hex_char }}`
			`{{- end }}`
			`{{- $result }}`
			`{{- end }}`

			`{{- define "jupyterhub.hub.config.ConfigurableHTTPProxy.auth_token" -}}`
			`{{- if (.Values.hub.config \| dig "ConfigurableHTTPProxy" "auth_token" "") }}`
			`{{- .Values.hub.config.ConfigurableHTTPProxy.auth_token }}`
			`{{- else if .Values.proxy.secretToken }}`
			`{{- .Values.proxy.secretToken }}`
			`{{- else }}`
			`{{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) \| default (dict "data" (dict)) }}`
			`{{- if hasKey $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" }}`
			`{{- index $k8s_state.data "hub.config.ConfigurableHTTPProxy.auth_token" \| b64dec }}`
			`{{- else }}`
			`{{- randAlphaNum 64 }}`
			`{{- end }}`
			`{{- end }}`
			`{{- end }}`

			`{{- define "jupyterhub.hub.config.JupyterHub.cookie_secret" -}}`
			`{{- if (.Values.hub.config \| dig "JupyterHub" "cookie_secret" "") }}`
			`{{- .Values.hub.config.JupyterHub.cookie_secret }}`
			`{{- else if .Values.hub.cookieSecret }}`
			`{{- .Values.hub.cookieSecret }}`
			`{{- else }}`
			`{{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) \| default (dict "data" (dict)) }}`
			`{{- if hasKey $k8s_state.data "hub.config.JupyterHub.cookie_secret" }}`
			`{{- index $k8s_state.data "hub.config.JupyterHub.cookie_secret" \| b64dec }}`
			`{{- else }}`
			`{{- include "jupyterhub.randHex" 64 }}`
			`{{- end }}`
			`{{- end }}`
			`{{- end }}`

			`{{- define "jupyterhub.hub.config.CryptKeeper.keys" -}}`
			`{{- if (.Values.hub.config \| dig "CryptKeeper" "keys" "") }}`
			`{{- .Values.hub.config.CryptKeeper.keys \| join ";" }}`
			`{{- else }}`
			`{{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub.fullname" .) \| default (dict "data" (dict)) }}`
			`{{- if hasKey $k8s_state.data "hub.config.CryptKeeper.keys" }}`
			`{{- index $k8s_state.data "hub.config.CryptKeeper.keys" \| b64dec }}`
			`{{- else }}`
			`{{- include "jupyterhub.randHex" 64 }}`
			`{{- end }}`
			`{{- end }}`
			`{{- end }}`

			`{{- define "jupyterhub.hub.services.get_api_token" -}}`
			`{{- $_ := index . 0 }}`
			`{{- $service_key := index . 1 }}`
			`{{- $explicitly_set_api_token := or ($_.Values.hub.services \| dig $service_key "api_token" "") ($_.Values.hub.services \| dig $service_key "apiToken" "") }}`
			`{{- if $explicitly_set_api_token }}`
			`{{- $explicitly_set_api_token }}`
			`{{- else }}`
			`{{- $k8s_state := lookup "v1" "Secret" $_.Release.Namespace (include "jupyterhub.hub.fullname" $_) \| default (dict "data" (dict)) }}`
			`{{- $k8s_secret_key := print "hub.services." $service_key ".apiToken" }}`
			`{{- if hasKey $k8s_state.data $k8s_secret_key }}`
			`{{- index $k8s_state.data $k8s_secret_key \| b64dec }}`
			`{{- else }}`
			`{{- include "jupyterhub.randHex" 64 }}`
			`{{- end }}`
			`{{- end }}`
			`{{- end }}`