From 73ec2cc584cbb10d86a674862b75a457e9f19ea3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 3 Feb 2025 13:41:31 +0100 Subject: [PATCH] Try generic oauth --- jupyter/jupyter-application.yaml | 2 +- jupyter/overlays/test/values/values.yaml | 47 ++++++++++++------------ 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/jupyter/jupyter-application.yaml b/jupyter/jupyter-application.yaml index de1a683..70d7fda 100644 --- a/jupyter/jupyter-application.yaml +++ b/jupyter/jupyter-application.yaml @@ -7,7 +7,7 @@ spec: project: default source: repoURL: https://platform.sunet.se/streams/streams-manifests.git - targetRevision: streams-manifests-2025-02-03-v03 + targetRevision: streams-manifests-2025-02-03-v05 path: jupyter/overlays/test destination: server: https://kubernetes.default.svc diff --git a/jupyter/overlays/test/values/values.yaml b/jupyter/overlays/test/values/values.yaml index e49323b..6e35bee 100644 --- a/jupyter/overlays/test/values/values.yaml +++ b/jupyter/overlays/test/values/values.yaml @@ -13,29 +13,30 @@ hub: storageClassName: csi-sc-cinderplugin extraConfig: oauthCode: | + import os from oauthenticator.generic import GenericOAuthenticator - class KeycloakOAuthenticator(GenericOAuthenticator): - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.user_dict = {} + keycloak_base = 'https://' + os.environ['OAUTH2_HOST'] + '/realms/' + os.environ['OAUTH2_REALM'] + '/protocol/openid-connect' + os.environ['OAUTH2_TOKEN_URL'] = keycloak_base + '/token' + os.environ['OAUTH2_AUTHORIZE_URL'] = keycloak_base + '/auth' - keycloak_base = 'https://' + os.environ['KEYCLOAK_HOST'] + '/realms/' + os.environ['KEYCLOAK_REALM'] + '/protocol/openid-connect' + c.JupyterHub.authenticator_class = 'GenericOAuthenticator' - c.JupyterHub.authenticator_class = KeycloakOAuthenticator - c.KeycloakOAuthenticator.admin_users = ['kano', 'benedith'] - c.KeycloakOAuthenticator.allow_all = True - c.KeycloakOAuthenticator.authorize_url = keycloak_base + '/auth' - c.KeycloakOAuthenticator.client_id = os.environ['KEYCLOAK_CLIENT_ID'] - c.KeycloakOAuthenticator.client_secret = os.environ['KEYCLOAK_CLIENT_SECRET'] - c.KeycloakOAuthenticator.enable_auth_state = True - c.KeycloakOAuthenticator.login_service = 'Keycloak' - c.KeycloakOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback' - c.KeycloakOAuthenticator.refresh_pre_spawn = True - c.KeycloakOAuthenticator.token_url = keycloak_base + '/token' - c.KeycloakOAuthenticator.userdata_params = {'state': 'state'} - c.KeycloakOAuthenticator.userdata_url = keycloak_base + '/userinfo' - c.KeycloakOAuthenticator.username_key = 'username' + c.OAuthenticator.client_id = os.environ['OAUTH2_CLIENT_ID'] + c.OAuthenticator.client_secret = os.environ['OAUTH2_CLIENT_SECRET'] + + c.GenericOAuthenticator.token_url = os.environ['OAUTH2_TOKEN_URL'] + c.GenericOAuthenticator.userdata_url = keycloak_base + '/userinfo' + c.GenericOAuthenticator.userdata_method = 'GET' + c.GenericOAuthenticator.userdata_params = {'state': 'state'} + c.GenericOAuthenticator.username_key = 'preferred_username' + c.GenericOAuthenticator.admin_users = ['kano', 'benedith'] + c.GenericOAuthenticator.allow_all = True + c.GenericOAuthenticator.authorize_url = os.environ['OAUTH2_AUTHORIZE_URL'] + c.GenericOAuthenticator.enable_auth_state = True + c.GenericOAuthenticator.login_service = 'Keycloak' + c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback' + c.GenericOAuthenticator.refresh_pre_spawn = True extraEnv: JUPYTER_HOST: jupyter-test.streams.sunet.se JUPYTERHUB_API_KEY: @@ -48,18 +49,18 @@ hub: secretKeyRef: name: jupyterhub-secrets key: crypt-key - KEYCLOAK_CLIENT_ID: + OAUTH2_CLIENT_ID: valueFrom: secretKeyRef: name: keycloak-oauth-secrets key: client-id - KEYCLOAK_CLIENT_SECRET: + OAUTH2_CLIENT_SECRET: valueFrom: secretKeyRef: name: keycloak-oauth-secrets key: client-secret - KEYCLOAK_HOST: keycloak-test.streams.sunet.se - KEYCLOAK_REALM: streams + OAUTH2_HOST: keycloak-test.streams.sunet.se + OAUTH2_REALM: streams singleuser: image: name: quay.io/jupyter/datascience-notebook