debug:
  enabled: true
hub:
  config:
    Authenticator:
      auto_login: true
      enable_auth_state: true
    JupyterHub:
      tornado_settings:
        headers: { 'Content-Security-Policy': "frame-ancestors *;" }
  db:
    pvc:
      storageClassName: csi-sc-cinderplugin
  extraConfig:
    oauthCode: |
      from oauthenticator.generic import GenericOAuthenticator

      class KeycloakOAuthenticator(GenericOAuthenticator):
        def __init__(self, *args, **kwargs):
          super().__init__(*args, **kwargs)
          self.user_dict = {}

      keycloak_base = 'https://' + os.environ['KEYCLOAK_HOST'] + '/realms/' + os.environ['KEYCLOAK_REALM'] + '/protocol/openid-connect'

      c.JupyterHub.authenticator_class = KeycloakOAuthenticator
      c.KeycloakOAuthenticator.admin_users = ['kano@sunet.se', 'benedith@sunet.se']
      c.KeycloakOAuthenticator.allow_all = True
      c.KeycloakOAuthenticator.authorize_url = keycloak_base + '/auth'
      c.KeycloakOAuthenticator.client_id = os.environ['KEYCLOAK_CLIENT_ID']
      c.KeycloakOAuthenticator.client_secret = os.environ['KEYCLOAK_CLIENT_SECRET']
      c.KeycloakOAuthenticator.enable_auth_state = True
      c.KeycloakOAuthenticator.login_service = 'Keycloak'
      c.KeycloakOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
      c.KeycloakOAuthenticator.refresh_pre_spawn = True
      c.KeycloakOAuthenticator.token_url =  keycloak_base + '/token'
      c.KeycloakOAuthenticator.userdata_params = {'state': 'state'}
      c.KeycloakOAuthenticator.userdata_url = keycloak_base + '/userinfo'
      c.KeycloakOAuthenticator.username_claim = 'preferred_username'
  extraEnv:
    JUPYTER_HOST: jupyter-test.streams.sunet.se
    JUPYTERHUB_API_KEY:
      valueFrom:
        secretKeyRef:
          name: jupyterhub-secrets
          key: api-key
    JUPYTERHUB_CRYPT_KEY:
      valueFrom:
        secretKeyRef:
          name: jupyterhub-secrets
          key: crypt-key
    KEYCLOAK_CLIENT_ID:
      valueFrom:
        secretKeyRef:
          name: keycloak-oauth-secrets
          key: client-id
    KEYCLOAK_CLIENT_SECRET:
      valueFrom:
        secretKeyRef:
          name: keycloak-oauth-secrets
          key: client-secret
    KEYCLOAK_HOST: keycloak-test.streams.sunet.se
    KEYCLOAK_REALM: streams
singleuser:
  image:
    name: quay.io/jupyter/datascience-notebook
    tag: python-3.12.8
  storage:
    dynamic:
      storageClass: csi-sc-cinderplugin
  extraEnv:
    JUPYTER_ENABLE_LAB: "yes"
    JUPYTER_HOST: jupyter-test.streams.sunet.se
    MINIO_ACCESS_KEY:
      valueFrom:
        secretKeyRef:
          name: minio-credentials
          key: MINIO_ACCESS_KEY
    MINIO_SECRET_KEY:
      valueFrom:
        secretKeyRef:
          name: minio-credentials
          key: MINIO_SECRET_KEY
    MINIO_ENDPOINT_URL: "https://s3.dco1.safedc.net"
  extraFiles:
    jupyter_notebook_config:
      mountPath: /home/jovyan/.jupyter/jupyter_server_config.py
      stringData: |
        import os
        c = get_config()
        c.NotebookApp.allow_origin = '*'
        c.NotebookApp.tornado_settings = {
            'headers': { 'Content-Security-Policy': "frame-ancestors *;" }
        }
      mode: 0644