Drive/k8s-manifests
8
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
k8s-manifests/jupyter/base/values/values.yaml

237 lines
8.2 KiB
YAML
Raw Normal View History

JupyterHub code
2023-05-03 09:19:31 +00:00
hub:
config:
Authenticator:
auto_login: true
enable_auth_state: true
JupyterHub:
tornado_settings:
headers: { 'Content-Security-Policy': "frame-ancestors *;" }
DB is supposed to be under hub
2023-09-28 06:36:09 +00:00
db:
pvc:
storageClassName: csi-sc-cinderplugin
Run service
2024-01-15 15:03:11 +00:00
extraFiles:
Syntax error
2024-01-15 15:06:46 +00:00
refresh-token.py:
mountPath: /usr/local/etc/jupyterhub/refresh-token.py
stringData: |
"""A token refresh service authenticating with the Hub.
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
This service serves `/services/refresh-token/`,
authenticated with the Hub,
showing the user their own info.
"""
import json
import os
from urllib.parse import urlparse
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
from tornado.httpserver import HTTPServer
from tornado.ioloop import IOLoop
from tornado.web import Application, RequestHandler, authenticated
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
from jupyterhub.services.auth import HubAuthenticated
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
class RefreshHandler(HubAuthenticated, RequestHandler):
@authenticated
def get(self):
user_model = self.get_current_user()
self.set_header('content-type', 'application/json')
self.write(json.dumps(user_model, indent=1, sort_keys=True))
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
def main():
app = Application(
[
Guess format for tornado app
2024-01-15 15:17:38 +00:00
('/services/?', RefreshHandler),
Syntax error
2024-01-15 15:06:46 +00:00
(r'.*', RefreshHandler),
]
)
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
http_server = HTTPServer(app)
url = urlparse(os.environ['JUPYTERHUB_SERVICE_URL'])
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
http_server.listen(url.port, url.hostname)
Run service
2024-01-15 15:03:11 +00:00
Syntax error
2024-01-15 15:06:46 +00:00
IOLoop.current().start()
if __name__ == '__main__':
main()
Run service
2024-01-15 15:03:11 +00:00
JupyterHub code
2023-05-03 09:19:31 +00:00
extraConfig:
oauthCode: |
Add expiration check
2024-01-13 14:47:22 +00:00
import time
Add code to refresh token
2024-01-15 11:29:56 +00:00
import requests
Cleaner debug
2024-01-15 09:14:07 +00:00
from datetime import datetime
Try old code again
2024-01-12 09:26:03 +00:00
from oauthenticator.generic import GenericOAuthenticator
Only define token_url once
2024-01-15 13:28:39 +00:00
token_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/api/v1/token'
Try to modify authstate after declaration
2024-01-13 15:31:06 +00:00
Add code to refresh token
2024-01-15 11:29:56 +00:00
def get_nextcloud_access_token(refresh_token):
More debug
2024-01-15 12:43:55 +00:00
debug = 'NEXTCLOUD_DEBUG_OAUTH' in os.environ
Add code to refresh token
2024-01-15 11:29:56 +00:00
client_id = os.environ['NEXTCLOUD_CLIENT_ID']
client_secret = os.environ['NEXTCLOUD_CLIENT_SECRET']
code = refresh_token
data = {
Typo
2024-01-15 13:25:57 +00:00
'grant_type': 'refresh_token',
Add code to refresh token
2024-01-15 11:29:56 +00:00
'code': code,
Typo
2024-01-15 11:36:00 +00:00
'refresh_token': refresh_token,
Add code to refresh token
2024-01-15 11:29:56 +00:00
'client_id': client_id,
'client_secret': client_secret
}
Only define token_url once
2024-01-15 13:28:39 +00:00
response = requests.post(token_url, data=data)
More debug
2024-01-15 12:43:55 +00:00
if debug:
print(response.text)
Add code to refresh token
2024-01-15 11:29:56 +00:00
return response.json()
Switch to custom class
2024-01-12 13:04:13 +00:00
def post_auth_hook(authenticator, handler, authentication):
Format
2024-01-13 14:30:12 +00:00
user = authentication['auth_state']['oauth_user']['ocs']['data']['id']
Try to modify authstate after declaration
2024-01-13 15:31:06 +00:00
auth_state = authentication['auth_state']
auth_state['token_expires'] = time.time() + auth_state['token_response']['expires_in']
authentication['auth_state'] = auth_state
Format
2024-01-13 14:30:12 +00:00
return authentication
Try to modify authstate after declaration
2024-01-13 15:31:06 +00:00
Switch to custom class
2024-01-12 13:04:13 +00:00
class NextcloudOAuthenticator(GenericOAuthenticator):
def __init__(self, *args, **kwargs):
Format
2024-01-13 14:30:12 +00:00
super().__init__(*args, **kwargs)
self.user_dict = {}
use persited auth_state
2024-01-13 15:20:19 +00:00
async def pre_spawn_start(self, user, spawner):
Format
2024-01-13 14:30:12 +00:00
super().pre_spawn_start(user, spawner)
use persited auth_state
2024-01-13 15:20:19 +00:00
auth_state = await user.get_auth_state()
if not auth_state:
return
access_token = auth_state['access_token']
Format
2024-01-13 14:30:12 +00:00
spawner.environment['NEXTCLOUD_ACCESS_TOKEN'] = access_token
Add refresh user function
2024-01-13 14:30:57 +00:00
async def refresh_user(self, user, handler=None):
Cleaner debug
2024-01-15 09:14:07 +00:00
debug = 'NEXTCLOUD_DEBUG_OAUTH' in os.environ
use persited auth_state
2024-01-13 15:20:19 +00:00
auth_state = await user.get_auth_state()
if not auth_state:
Cleaner debug
2024-01-15 09:14:07 +00:00
if debug:
print(f'auth_state missing for {user}')
use persited auth_state
2024-01-13 15:20:19 +00:00
return False
access_token = auth_state['access_token']
refresh_token = auth_state['refresh_token']
Fix typo
2024-01-13 15:24:28 +00:00
token_response = auth_state['token_response']
Remove exception
2024-01-13 15:21:55 +00:00
now = time.time()
Cleaner debug
2024-01-15 09:14:07 +00:00
now_hr = datetime.fromtimestamp(now)
Fix typo
2024-01-13 15:24:28 +00:00
expires = auth_state['token_expires']
Cleaner debug
2024-01-15 09:14:07 +00:00
expires_hr = datetime.fromtimestamp(expires)
Allways refresh
2024-01-15 13:12:17 +00:00
expires = 0
Use access token again
2024-01-15 11:07:53 +00:00
if debug:
print(f'auth_state for {user}: {auth_state}')
Remove exception
2024-01-13 15:21:55 +00:00
if now >= expires:
Cleaner debug
2024-01-15 09:14:07 +00:00
if debug:
print(f'Time is: {now_hr}, token expired: {expires_hr}')
Add code to refresh token
2024-01-15 11:29:56 +00:00
print(f'Refreshing token for {user}')
try:
token_response = get_nextcloud_access_token(refresh_token)
auth_state['access_token'] = token_response['access_token']
auth_state['refresh_token'] = token_response['refresh_token']
auth_state['token_expires'] = now + token_response['expires_in']
auth_state['token_response'] = token_response
if debug:
Return correct format
2024-01-15 13:44:33 +00:00
print(f'Successfully refreshed token for {user.name}')
print(f'auth_state for {user.name}: {auth_state}')
return {'name': user.name, 'auth_state': auth_state}
Add code to refresh token
2024-01-15 11:29:56 +00:00
except Exception as e:
if debug:
print(f'Failed to refresh token for {user}')
return False
Add expiration check
2024-01-13 14:47:22 +00:00
return False
Cleaner debug
2024-01-15 09:14:07 +00:00
if debug:
print(f'Time is: {now_hr}, token expires: {expires_hr}')
Remove exception
2024-01-13 15:21:55 +00:00
return True
Add refresh user function
2024-01-13 14:30:57 +00:00
Switch to custom class
2024-01-12 13:04:13 +00:00
c.JupyterHub.authenticator_class = NextcloudOAuthenticator
c.NextcloudOAuthenticator.client_id = os.environ['NEXTCLOUD_CLIENT_ID']
c.NextcloudOAuthenticator.client_secret = os.environ['NEXTCLOUD_CLIENT_SECRET']
c.NextcloudOAuthenticator.login_service = 'Sunet Drive'
c.NextcloudOAuthenticator.username_claim = lambda r: r.get('ocs', {}).get('data', {}).get('id')
c.NextcloudOAuthenticator.userdata_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/ocs/v2.php/cloud/user?format=json'
c.NextcloudOAuthenticator.authorize_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/authorize'
Only define token_url once
2024-01-15 13:28:39 +00:00
c.NextcloudOAuthenticator.token_url = token_url
Switch to custom class
2024-01-12 13:04:13 +00:00
c.NextcloudOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
c.NextcloudOAuthenticator.allow_all = True
c.NextcloudOAuthenticator.refresh_pre_spawn = True
c.NextcloudOAuthenticator.enable_auth_state = True
Add start of service
2024-01-15 14:03:35 +00:00
c.NextcloudOAuthenticator.auth_refresh_age = 3600
Switch to custom class
2024-01-12 13:04:13 +00:00
c.NextcloudOAuthenticator.post_auth_hook = post_auth_hook
Add start of service
2024-01-15 14:03:35 +00:00
serviceCode: |
Run service
2024-01-15 15:03:11 +00:00
import sys
c.JupyterHub.load_roles = [
{
"name": "refresh-token",
One final try
2024-01-15 16:26:54 +00:00
"services": [
"refresh-token"
comma
2024-01-15 16:28:53 +00:00
],
Run service
2024-01-15 15:03:11 +00:00
"scopes": [
"admin:auth_state"
]
Missing comma
2024-01-15 15:42:31 +00:00
},
Extend server group
2024-01-15 15:39:54 +00:00
{
Use user role
2024-01-15 15:55:11 +00:00
"name": "user",
Missing comma
2024-01-15 15:42:31 +00:00
"scopes": [
One final try
2024-01-15 16:26:54 +00:00
"access:services!service=refresh-token",
"read:services!service=refresh-token",
Use self meta scope
2024-01-15 16:05:37 +00:00
"self",
Missing comma
2024-01-15 15:42:31 +00:00
],
Add server scopes
2024-01-16 08:32:21 +00:00
},
{
"name": "server",
"scopes": [
"access:services!service=refresh-token",
"read:services!service=refresh-token",
"inherit",
],
Extend server group
2024-01-15 15:39:54 +00:00
}
Run service
2024-01-15 15:03:11 +00:00
]
c.JupyterHub.services = [
{
'name': 'refresh-token',
Syntax error
2024-01-15 15:06:46 +00:00
'command': [sys.executable, '/usr/local/etc/jupyterhub/refresh-token.py']
Run service
2024-01-15 15:03:11 +00:00
}
]
JupyterHub code
2023-05-03 09:19:31 +00:00
extraEnv:
Cleaner debug
2024-01-15 09:14:07 +00:00
NEXTCLOUD_DEBUG_OAUTH: "yes"
JupyterHub code
2023-05-03 09:19:31 +00:00
NEXTCLOUD_HOST: sunet.drive.test.sunet.se
JUPYTER_HOST: jupyter.drive.test.sunet.se
Allow authstate to be persisted
2024-01-13 15:09:47 +00:00
JUPYTERHUB_CRYPT_KEY:
valueFrom:
secretKeyRef:
name: jupyterhub-secrets
key: crypt-key
JupyterHub code
2023-05-03 09:19:31 +00:00
NEXTCLOUD_CLIENT_ID:
valueFrom:
secretKeyRef:
name: nextcloud-oauth-secrets
key: client-id
NEXTCLOUD_CLIENT_SECRET:
valueFrom:
secretKeyRef:
name: nextcloud-oauth-secrets
key: client-secret
Update charts to 3.2.1 and make values.yaml match docs
2024-01-11 08:27:05 +00:00
networkPolicy:
enabled: false
Simplify Signed-off-by: Micke Nordin <kano@sunet.se>
2024-01-10 12:45:44 +00:00
JupyterHub code
2023-05-03 09:19:31 +00:00
singleuser:
image:
name: docker.sunet.se/drive/jupyter-custom
Upgrade lab to lab-4.0.10
2024-01-12 15:07:42 +00:00
tag: lab-4.0.10
JupyterHub code
2023-05-03 09:19:31 +00:00
storage:
Try persistant storage
2024-01-12 15:12:57 +00:00
dynamic:
storageClass: csi-sc-cinderplugin
JupyterHub code
2023-05-03 09:19:31 +00:00
extraEnv:
JUPYTER_ENABLE_LAB: "yes"
extraFiles:
jupyter_notebook_config:
mountPath: /home/jovyan/.jupyter/jupyter_server_config.py
stringData: |
import os
c = get_config()
c.NotebookApp.allow_origin = '*'
c.NotebookApp.tornado_settings = {
'headers': { 'Content-Security-Policy': "frame-ancestors *;" }
}
os.system('/usr/local/bin/nc-sync')
mode: 0644
Reference in a new issue Copy permalink