k8s-manifests/jupyter/base/values/values.yaml

hub:
  config:
    Authenticator:
      auto_login: true
      enable_auth_state: true
    JupyterHub:
      tornado_settings:
        headers: { 'Content-Security-Policy': "frame-ancestors *;" }
  db:
    pvc:
      storageClassName: csi-sc-cinderplugin
  extraConfig:
    oauthCode: |
      import time
      from oauthenticator.generic import GenericOAuthenticator
      def post_auth_hook(authenticator, handler, authentication):
        user = authentication['auth_state']['oauth_user']['ocs']['data']['id']
        authentication['auth_state']['token_expires'] =  time.time() + auth_state['token_response']['expires_in']
        return authentication
      class NextcloudOAuthenticator(GenericOAuthenticator):
        def __init__(self, *args, **kwargs):
          super().__init__(*args, **kwargs)
          self.user_dict = {}

        async def pre_spawn_start(self, user, spawner):
          super().pre_spawn_start(user, spawner)
          auth_state = await user.get_auth_state()
          if not auth_state:
            return
          access_token = auth_state['access_token']
          spawner.environment['NEXTCLOUD_ACCESS_TOKEN'] = access_token

        async def refresh_user(self, user, handler=None):
          auth_state = await user.get_auth_state()
          if not auth_state:
            print(f'auth_state missing for {user}')
            return False
          access_token = auth_state['access_token']
          refresh_token = auth_state['refresh_token']
          token_response = name]['token_response']
          now = time.time()
          expires = self.user_dict[user.name]['token_expires']
          if now >= expires:
            print(f'Time is: {now}, token expired: {expires}')
            return False
          print(f'Time is: {now}, token expires: {expires}')
          return True

      c.JupyterHub.authenticator_class = NextcloudOAuthenticator
      c.NextcloudOAuthenticator.client_id = os.environ['NEXTCLOUD_CLIENT_ID']
      c.NextcloudOAuthenticator.client_secret = os.environ['NEXTCLOUD_CLIENT_SECRET']
      c.NextcloudOAuthenticator.login_service = 'Sunet Drive'
      c.NextcloudOAuthenticator.username_claim = lambda r: r.get('ocs', {}).get('data', {}).get('id')
      c.NextcloudOAuthenticator.userdata_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/ocs/v2.php/cloud/user?format=json'
      c.NextcloudOAuthenticator.authorize_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/authorize'
      c.NextcloudOAuthenticator.token_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/api/v1/token'
      c.NextcloudOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
      c.NextcloudOAuthenticator.allow_all = True
      c.NextcloudOAuthenticator.refresh_pre_spawn = True
      c.NextcloudOAuthenticator.enable_auth_state = True
      c.NextcloudOAuthenticator.auth_refresh_age = 3600
      c.NextcloudOAuthenticator.post_auth_hook = post_auth_hook

  extraEnv:
    NEXTCLOUD_HOST: sunet.drive.test.sunet.se
    JUPYTER_HOST: jupyter.drive.test.sunet.se
    JUPYTERHUB_CRYPT_KEY:
      valueFrom:
        secretKeyRef:
          name: jupyterhub-secrets
          key: crypt-key
    NEXTCLOUD_CLIENT_ID:
      valueFrom:
        secretKeyRef:
          name: nextcloud-oauth-secrets
          key: client-id
    NEXTCLOUD_CLIENT_SECRET:
      valueFrom:
        secretKeyRef:
          name: nextcloud-oauth-secrets
          key: client-secret
    networkPolicy:
      enabled: false

singleuser:
  image:
    name: docker.sunet.se/drive/jupyter-custom
    tag: lab-4.0.10
  storage:
    dynamic:
      storageClass: csi-sc-cinderplugin
  extraEnv:
    JUPYTER_ENABLE_LAB: "yes"
  extraFiles:
    jupyter_notebook_config:
      mountPath: /home/jovyan/.jupyter/jupyter_server_config.py
      stringData: |
        import os
        c = get_config()
        c.NotebookApp.allow_origin = '*'
        c.NotebookApp.tornado_settings = {
            'headers': { 'Content-Security-Policy': "frame-ancestors *;" }
        }
        os.system('/usr/local/bin/nc-sync')
      mode: 0644
JupyterHub code 2023-05-03 09:19:31 +00:00			`hub:`
			`config:`
			`Authenticator:`
			`auto_login: true`
			`enable_auth_state: true`
			`JupyterHub:`
			`tornado_settings:`
			`headers: { 'Content-Security-Policy': "frame-ancestors *;" }`
DB is supposed to be under hub 2023-09-28 06:36:09 +00:00			`db:`
			`pvc:`
			`storageClassName: csi-sc-cinderplugin`
JupyterHub code 2023-05-03 09:19:31 +00:00			`extraConfig:`
			`oauthCode: \|`
Add expiration check 2024-01-13 14:47:22 +00:00			`import time`
Try old code again 2024-01-12 09:26:03 +00:00			`from oauthenticator.generic import GenericOAuthenticator`
Switch to custom class 2024-01-12 13:04:13 +00:00			`def post_auth_hook(authenticator, handler, authentication):`
Format 2024-01-13 14:30:12 +00:00			`user = authentication['auth_state']['oauth_user']['ocs']['data']['id']`
use persited auth_state 2024-01-13 15:20:19 +00:00			`authentication['auth_state']['token_expires'] = time.time() + auth_state['token_response']['expires_in']`
Format 2024-01-13 14:30:12 +00:00			`return authentication`
Switch to custom class 2024-01-12 13:04:13 +00:00			`class NextcloudOAuthenticator(GenericOAuthenticator):`
			`def __init__(self, args, *kwargs):`
Format 2024-01-13 14:30:12 +00:00			`super().__init__(args, *kwargs)`
			`self.user_dict = {}`

use persited auth_state 2024-01-13 15:20:19 +00:00			`async def pre_spawn_start(self, user, spawner):`
Format 2024-01-13 14:30:12 +00:00			`super().pre_spawn_start(user, spawner)`
use persited auth_state 2024-01-13 15:20:19 +00:00			`auth_state = await user.get_auth_state()`
			`if not auth_state:`
			`return`
			`access_token = auth_state['access_token']`
Format 2024-01-13 14:30:12 +00:00			`spawner.environment['NEXTCLOUD_ACCESS_TOKEN'] = access_token`
Add refresh user function 2024-01-13 14:30:57 +00:00
			`async def refresh_user(self, user, handler=None):`
use persited auth_state 2024-01-13 15:20:19 +00:00			`auth_state = await user.get_auth_state()`
			`if not auth_state:`
Remove exception 2024-01-13 15:21:55 +00:00			`print(f'auth_state missing for {user}')`
use persited auth_state 2024-01-13 15:20:19 +00:00			`return False`
			`access_token = auth_state['access_token']`
			`refresh_token = auth_state['refresh_token']`
Remove exception 2024-01-13 15:21:55 +00:00			`token_response = name]['token_response']`
			`now = time.time()`
			`expires = self.user_dict[user.name]['token_expires']`
			`if now >= expires:`
			`print(f'Time is: {now}, token expired: {expires}')`
Add expiration check 2024-01-13 14:47:22 +00:00			`return False`
Remove exception 2024-01-13 15:21:55 +00:00			`print(f'Time is: {now}, token expires: {expires}')`
			`return True`
Add refresh user function 2024-01-13 14:30:57 +00:00
Switch to custom class 2024-01-12 13:04:13 +00:00			`c.JupyterHub.authenticator_class = NextcloudOAuthenticator`
			`c.NextcloudOAuthenticator.client_id = os.environ['NEXTCLOUD_CLIENT_ID']`
			`c.NextcloudOAuthenticator.client_secret = os.environ['NEXTCLOUD_CLIENT_SECRET']`
			`c.NextcloudOAuthenticator.login_service = 'Sunet Drive'`
			`c.NextcloudOAuthenticator.username_claim = lambda r: r.get('ocs', {}).get('data', {}).get('id')`
			`c.NextcloudOAuthenticator.userdata_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/ocs/v2.php/cloud/user?format=json'`
			`c.NextcloudOAuthenticator.authorize_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/authorize'`
			`c.NextcloudOAuthenticator.token_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/api/v1/token'`
			`c.NextcloudOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'`
			`c.NextcloudOAuthenticator.allow_all = True`
			`c.NextcloudOAuthenticator.refresh_pre_spawn = True`
			`c.NextcloudOAuthenticator.enable_auth_state = True`
			`c.NextcloudOAuthenticator.auth_refresh_age = 3600`
			`c.NextcloudOAuthenticator.post_auth_hook = post_auth_hook`

JupyterHub code 2023-05-03 09:19:31 +00:00			`extraEnv:`
			`NEXTCLOUD_HOST: sunet.drive.test.sunet.se`
			`JUPYTER_HOST: jupyter.drive.test.sunet.se`
Allow authstate to be persisted 2024-01-13 15:09:47 +00:00			`JUPYTERHUB_CRYPT_KEY:`
			`valueFrom:`
			`secretKeyRef:`
			`name: jupyterhub-secrets`
			`key: crypt-key`
JupyterHub code 2023-05-03 09:19:31 +00:00			`NEXTCLOUD_CLIENT_ID:`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-oauth-secrets`
			`key: client-id`
			`NEXTCLOUD_CLIENT_SECRET:`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-oauth-secrets`
			`key: client-secret`
Update charts to 3.2.1 and make values.yaml match docs 2024-01-11 08:27:05 +00:00			`networkPolicy:`
			`enabled: false`
Simplify Signed-off-by: Micke Nordin <kano@sunet.se> 2024-01-10 12:45:44 +00:00
JupyterHub code 2023-05-03 09:19:31 +00:00			`singleuser:`
			`image:`
			`name: docker.sunet.se/drive/jupyter-custom`
Upgrade lab to lab-4.0.10 2024-01-12 15:07:42 +00:00			`tag: lab-4.0.10`
JupyterHub code 2023-05-03 09:19:31 +00:00			`storage:`
Try persistant storage 2024-01-12 15:12:57 +00:00			`dynamic:`
			`storageClass: csi-sc-cinderplugin`
JupyterHub code 2023-05-03 09:19:31 +00:00			`extraEnv:`
			`JUPYTER_ENABLE_LAB: "yes"`
			`extraFiles:`
			`jupyter_notebook_config:`
			`mountPath: /home/jovyan/.jupyter/jupyter_server_config.py`
			`stringData: \|`
			`import os`
			`c = get_config()`
			`c.NotebookApp.allow_origin = '*'`
			`c.NotebookApp.tornado_settings = {`
			`'headers': { 'Content-Security-Policy': "frame-ancestors *;" }`
			`}`
			`os.system('/usr/local/bin/nc-sync')`
			`mode: 0644`