Merge pull request #2277 from GeorgianaElena/no-mo-auth0

No more auth0

config/clusters/2i2c-aws-us/cluster.yaml

@@ -14,17 +14,13 @@ hubs:
     display_name: "2i2c AWS staging"
     domain: staging.aws.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       - staging.values.yaml
       - enc-staging.secret.values.yaml
   - name: dask-staging
     display_name: "2i2c AWS dask-staging"
     domain: dask-staging.aws.2i2c.cloud
     helm_chart: daskhub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       - common.values.yaml
       - dask-staging.values.yaml
@@ -33,8 +29,7 @@ hubs:
     display_name: "2i2c Research Delight"
     domain: researchdelight.2i2c.cloud
     helm_chart: daskhub
-    auth0:
-      connection: github
     helm_chart_values_files:
       - common.values.yaml
       - researchdelight.values.yaml
+      - enc-researchdelight.secret.values.yaml

config/clusters/2i2c-aws-us/enc-researchdelight.secret.values.yaml

@@ -0,0 +1,21 @@
+basehub:
+    jupyterhub:
+        hub:
+            config:
+                CILogonOAuthenticator:
+                    client_id: ENC[AES256_GCM,data:do6oRsCHVlEaopw/SGKnudX6QMwTRo/Vco2sBCXkHNJ8aASBToFUlHqG8U8stmAe1eYJ,iv:FgtBzUzC8kap+BASyDY/sqnv1kvItTOX0a1j+mwYsy4=,tag:BhpZ5fAaYzSSIF9/RzLsXg==,type:str]
+                    client_secret: ENC[AES256_GCM,data:1aIn9R5loffBYMuLuzn5+I+QkmX5qE7kYuqEKy0dvKJQZg/LK0yzVKoHiLOIYYJqTToVUMCc+aC+ZYTlNmCvGg3GwYPTkjVChRVYJRUZvl1ELP7YcV0=,iv:YORVpCcx9w4hgyKlomZKyAzEvnm+OFZbPu3tw3DvQAo=,tag:hUeV48uiv5PtjSp96o5n+w==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2023-03-13T10:27:13Z"
+          enc: CiUA4OM7eCdS0zudoyhLRbKlG+r1jUBQwFNAczMpasSH5X06+IWHEkkALQgViIkNihiV+Z+ZUwjJcCpuOprNMklD4AJ6UBeHxurj/VMPpCUBgveo7MwK/8+YMYofFpleS4b5rsLJ717oWDJjjM8cA8+W
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-03-13T10:27:13Z"
+    mac: ENC[AES256_GCM,data:Bw1VoDnPAN1CvIOruB4SBVJf0gKXFbtOBHAy8gGSbA7s9PdiVN8FNmRSlutC8xKNqSVQ7vmtYhonJ+AHS6+PXa1aAceKMmQAmeMtwqE0HHSwR9Ujcw3F0bkjwHUMHIGgCOm0FawbHtMFBvAYXb8rgtCnZjGirJGmJ4TJ153IpXg=,iv:SsFQArAjuip3KyOvM45TsqHrNO0SQ+sTReuzZ5Yq8GU=,tag:TbqHDResuHQkapqPd9nSBA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

config/clusters/2i2c-aws-us/researchdelight.values.yaml

@@ -44,7 +44,13 @@ basehub:
         NVIDIA_DRIVER_CAPABILITIES: compute,utility
     hub:
       config:
-        Authenticator:
-          allowed_users: &allowed_users
-            - jmunroe
-          admin_users: *allowed_users
+        JupyterHub:
+          authenticator_class: cilogon
+        CILogonOAuthenticator:
+          scope:
+            - "profile"
+          username_claim: "preferred_username"
+          oauth_callback_url: "https://researchdelight.2i2c.cloud/hub/oauth_callback"
+          # Only show the option to login with GitHub
+          shown_idps:
+            - http://github.com/login/oauth/authorize

config/clusters/2i2c-uk/cluster.yaml

@@ -14,16 +14,13 @@ hubs:
     display_name: "2i2c-uk Staging"
     domain: staging.uk.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      connection: github
     helm_chart_values_files:
       - staging.values.yaml
+      - enc-staging.secret.values.yaml
   - name: lis
     display_name: "London Interdisciplinary School"
     domain: ds.lis.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       - lis.values.yaml
       - enc-lis.secret.values.yaml

config/clusters/2i2c-uk/enc-staging.secret.values.yaml

@@ -0,0 +1,20 @@
+jupyterhub:
+    hub:
+        config:
+            CILogonOAuthenticator:
+                client_id: ENC[AES256_GCM,data:OulkQLtbaZZUvZFQfR1fiuWkoQdvZaJAh+Wphg3S9YxSXZOnRNy23hN3Ui2hnazX8wLL,iv:TZOmXllGA4GvE2azJd7IwhypwC/D6CLJg3CweX3R7wE=,tag:DnCyr5eat32g9B4AlCVxRg==,type:str]
+                client_secret: ENC[AES256_GCM,data:SLM8V8HIBv+nMozwdpOhO4NlRvYae+fhVO4IhpHnnhZ8BGnsCot0uad+tklFGwyoR68vddX9yun0qHwjfTzlaOHENkkwXkD52J+TIeRVEJOdrwQPvJs=,iv:ApMDFnSLqB4KHknvpJcCSevmptKa9tZyAnjMBqkr9Is=,tag:bQN0EYyHMTaIwZyzWP5ZOg==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2023-03-10T13:29:59Z"
+          enc: CiUA4OM7eBQfi4RYcpwuLJXamh/i6kVx2K/y87f+PgIjWXE1dngFEkkALQgViKjrMGaTl3ZxlgCkKZW6xi6GHF5taiqSLl3IuWSIivslyCbld75Em6NhFiBaoNQrj+LLxGs7DIfUT6S+RSnJ2QyGbSrd
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-03-10T13:29:59Z"
+    mac: ENC[AES256_GCM,data:kuFGqPRbS7PUZLos+29gXZklEz6RXfNBDQP2Kp8yYHLObvNxp/ZM3PPp5wQNCVbZjFN6QJIl3QnsYcrZR9uRplD1G9xVUG1+ZIpieZp4oQ6iprCJ7K0tMbA1yrb1kcpSNWFILzUt65XgqcCWyV7aGIuevkTq071zyfDqNR8GR74=,iv:U/B/KPQxkDLAkxgFMGiiCflVqe6q3rfG7KG32mliAVQ=,tag:efK5tPKMlebap6dQ5/GgfA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

config/clusters/2i2c-uk/staging.values.yaml

@@ -28,3 +28,15 @@ jupyterhub:
         funded_by:
           name: 2i2c
           url: https://2i2c.org
+  hub:
+    config:
+      JupyterHub:
+        authenticator_class: cilogon
+      CILogonOAuthenticator:
+        scope:
+          - "profile"
+        username_claim: "preferred_username"
+        oauth_callback_url: "https://staging.uk.2i2c.cloud/hub/oauth_callback"
+        # Only show the option to login with GitHub
+        shown_idps:
+          - http://github.com/login/oauth/authorize

config/clusters/2i2c/aup.values.yaml

@@ -24,6 +24,16 @@ jupyterhub:
       guarantee: 6G
   hub:
     config:
+      JupyterHub:
+        authenticator_class: cilogon
+      CILogonOAuthenticator:
+        scope:
+          - "profile"
+        username_claim: "preferred_username"
+        oauth_callback_url: "https://aup.pilot.2i2c.cloud/hub/oauth_callback"
+        # Only show the option to login with GitHub
+        shown_idps:
+          - http://github.com/login/oauth/authorize
       Authenticator:
         allowed_users: &aup_users
           - swalker

config/clusters/2i2c/catalyst-cooperative.values.yaml

@@ -38,9 +38,16 @@ basehub:
             url: https://2i2c.org
     hub:
       config:
+        JupyterHub:
+          authenticator_class: cilogon
+        CILogonOAuthenticator:
+          oauth_callback_url: "https://catalyst-cooperative.pilot.2i2c.cloud/hub/oauth_callback"
+          username_claim: "email"
+          # Only show the option to login with Google
+          shown_idps:
+            - http://google.com/accounts/o8/id
         Authenticator:
           allowed_users: &catalyst_users
             - [email protected]
             - [email protected]
-            - [email protected]
           admin_users: *catalyst_users

config/clusters/2i2c/cluster.yaml

@@ -14,19 +14,13 @@ hubs:
     display_name: "2i2c staging"
     domain: staging.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      connection: google-oauth2
     helm_chart_values_files:
       - staging.values.yaml
       - enc-staging.secret.values.yaml
   - name: dask-staging
     display_name: "2i2c dask staging"
     domain: dask-staging.2i2c.cloud
     helm_chart: daskhub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      enabled: false
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
@@ -37,19 +31,13 @@ hubs:
     display_name: "2i2c binder staging"
     domain: binder-staging.2i2c.cloud
     helm_chart: binderhub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      enabled: false
     helm_chart_values_files:
       - binder-staging.values.yaml
       - enc-binder-staging.secret.values.yaml
   - name: demo
     display_name: "2i2c demo"
     domain: demo.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
@@ -60,8 +48,6 @@ hubs:
     display_name: "Ocean Hack Week"
     domain: oceanhackweek.2i2c.cloud
     helm_chart: daskhub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
@@ -72,95 +58,73 @@ hubs:
     display_name: "Purdue Fort Wayne"
     domain: pfw.pilot.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      connection: github
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
       # that you intend for these files to be applied in this order.
       - pfw.values.yaml
+      - enc-pfw.secret.values.yaml
   - name: peddie
     display_name: "Peddie Academy"
     domain: peddie.pilot.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      connection: google-oauth2
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
       # that you intend for these files to be applied in this order.
       - peddie.values.yaml
+      - enc-peddie.secret.values.yaml
   - name: catalyst-cooperative
     display_name: "Catalyst Cooperative"
     domain: catalyst-cooperative.pilot.2i2c.cloud
     helm_chart: daskhub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      connection: google-oauth2
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
       # that you intend for these files to be applied in this order.
       - catalyst-cooperative.values.yaml
+      - enc-catalyst-cooperative.secret.values.yaml
   - name: earthlab
     display_name: "EarthLab"
     domain: earthlab.pilot.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      connection: github
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
       # that you intend for these files to be applied in this order.
       - earthlab.values.yaml
+      - enc-earthlab.secret.values.yaml
   - name: paleohack2021
     display_name: "PaleoHack"
     domain: paleohack2021.hackathon.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      connection: github
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
       # that you intend for these files to be applied in this order.
       - paleohack2021.values.yaml
+      - enc-paleohack2021.secret.values.yaml
   - name: aup
     display_name: "The American University of Paris"
     domain: aup.pilot.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      # connection update? Also ensure the basehub Helm chart is provided a
-      # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type!
-      connection: github
     helm_chart_values_files:
       # The order in which you list files here is the order the will be passed
       # to the helm upgrade command in, and that has meaning. Please check
       # that you intend for these files to be applied in this order.
       - aup.values.yaml
+      - enc-aup.secret.values.yaml
   - name: temple
     display_name: "Temple University"
     domain: temple.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       - temple.values.yaml
       - enc-temple.secret.values.yaml
   - name: ucmerced
     display_name: "UC Merced"
     domain: ucmerced.2i2c.cloud
     helm_chart: basehub
-    auth0:
-      enabled: false
     helm_chart_values_files:
       - ucmerced.values.yaml
       - enc-ucmerced.secret.values.yaml

config/clusters/2i2c/dask-staging.values.yaml

@@ -37,13 +37,20 @@ basehub:
         JupyterHub:
           authenticator_class: cilogon
         CILogonOAuthenticator:
+          scope:
+            - "email"
+            - "profile"
           oauth_callback_url: "https://dask-staging.2i2c.cloud/hub/oauth_callback"
           # Only show the option to login with Google
           shown_idps:
-            - https://accounts.google.com/o/oauth2/auth
+            - http://accounts.google.com/o/oauth2/auth
+            - http://github.com/login/oauth/authorize
           allowed_idps:
             http://google.com/accounts/o8/id:
               username_derivation:
                 username_claim: "email"
               allowed_domains:
                 - "2i2c.org"
+            http://github.com/login/oauth/authorize:
+              username_derivation:
+                username_claim: "preferred_username"

config/clusters/2i2c/earthlab.values.yaml

@@ -20,6 +20,16 @@ jupyterhub:
           url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees
   hub:
     config:
+      JupyterHub:
+        authenticator_class: cilogon
+      CILogonOAuthenticator:
+        scope:
+          - "profile"
+        username_claim: "preferred_username"
+        oauth_callback_url: "https://earthlab.pilot.2i2c.cloud/hub/oauth_callback"
+        # Only show the option to login with GitHub
+        shown_idps:
+          - http://github.com/login/oauth/authorize
       Authenticator:
         allowed_users: &earthlab_users
           - lwasser

config/clusters/2i2c/enc-aup.secret.values.yaml

@@ -0,0 +1,20 @@
+jupyterhub:
+    hub:
+        config:
+            CILogonOAuthenticator:
+                client_id: ENC[AES256_GCM,data:skz582BMzIdoaU1ND/NrJQkkjwQVu84GjqkjLI3AR/9lwdXfC2V+Negbtlbg773rb1Wc,iv:yPgRHqrNW+wuNIPM/CCYJwiSTU4/elV9EUzsFi9SKB0=,tag:gKJyaIyeb0r5+KFMQbZTHw==,type:str]
+                client_secret: ENC[AES256_GCM,data:m6TikJ95O3HLF91G8Fs8SGiJsO2CRr0MD3vWKUvbMFeQYhkwQ/ImpN9gZ5fqvFhLIvMsdK0laOGo3DqyBmva99MVx/Rw19NuZtL+mVa7SOjjWRsnSHs=,iv:nSdTaoV2lNnNC6wHYwjWAZTQ2HiHPVNrR86EIcGwU2I=,tag:NkJxOB/OHu7faDID7/R+EA==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2023-03-09T11:44:08Z"
+          enc: CiUA4OM7eD9t5d2xJBjb7r71D2P6hJTJIWhxorOrRcXzzFFC8ZvKEkkALQgViKJNq8Eo+B/YY2JmbqCemM2QeDWoqCdsZzUKiFzGkT1h2fpW912Fk34TwmqFIzbUw6oHqi80dAu/0gOkgFfiu32R+gGG
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-03-09T11:44:08Z"
+    mac: ENC[AES256_GCM,data:1JJQvYQfzqY8JrBDbsXH2LMrehbWx+5RgZ6jIY5bh16bieot4+hCzKTSa8kqXKGmDZTT2s7X28e4V4yx9EzKterG6RYWZ1se6j8C23XeBti02ZLLPYESTTg6d7XhaiPm1UPXJNP+VoO3bIFqNqjlNkwNbdCu1zmhqPcgJ9k8BEM=,iv:H/61a0/E9hD2KPHU85LZF1gsVRkgExwCMiqJT6qHUdU=,tag:84pYDjFDQyyiywzUUA+QCQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

config/clusters/2i2c/enc-catalyst-cooperative.secret.values.yaml

@@ -0,0 +1,21 @@
+basehub:
+    jupyterhub:
+        hub:
+            config:
+                CILogonOAuthenticator:
+                    client_id: ENC[AES256_GCM,data:Qlu4OJtBmg82qD1OTj0FVQDA5K8RRlpdUevtFBgchB6LAHj5CnepwMQz+hueJAZhNdZS,iv:i/cnfNw8PQmnrOt7oUt3KXxTkFGyqfXwMwrezQmMVyQ=,tag:YvMEbRdSeN6lJGffole6cA==,type:str]
+                    client_secret: ENC[AES256_GCM,data:zcvVGpmoAe+DO7GIWX51S5xrdVVUAI2fZS9hLQVWmI0IzCOlMeOROT3m5gV000h7B2uaRNRICS+za6IhhwluLS3n6XTvjr1VNVl55EOeLbnA8LxgLhs=,iv:V4c0t42mU7I3GaGvcbT68BRdF4WlN8p7lLstuCzhH3I=,tag:RdesI/NlBvgGUv+KJMg0NA==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2023-03-09T11:28:16Z"
+          enc: CiUA4OM7eCrxQztzKJoFZfwlURj4g7zQWfVZmhEeOpoTMN+9YazfEkkALQgViPNv8VbN9gACA/5sGTKwpQHwi4svh9nL4C4oLlL6MDYx7h/nFBUWZxprv5aHJJVoS8vxyGa/s0N9OHKaOIkC3AtNb+Zc
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-03-09T11:28:17Z"
+    mac: ENC[AES256_GCM,data:KrlJ5uzMawcdH/r4M5QAHyINq3t04vHumrJFw/rRO5OSi5Hi3ZcrV++hJ4G+w9JmiX/qdkU5XkjQb6n3UNDPbS+V4pYSlcOpHDRWax2mH6zxszYNjgAwBOrXRLrfxW8x63LZhGkEu7Wx3rSkmdU9hPtPWm18p9cqmIcEN2QPbUE=,iv:G7qBVms1J5+N5jv8i6aGbI06pVVAtJOyI+xh9YKcL/Y=,tag:h5wWEZ1UvGODq1YWvjQv+w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3