From 49b017ca579f0ea908848491e1b8fbd7de066c0d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 1 Aug 2022 14:12:20 +0100 Subject: [PATCH 01/18] Create CILogon app for binder-staging --- .../enc-binder-staging.secret.values.yaml | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml index 7538bf0164..ee18f940be 100644 --- a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml +++ b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml @@ -1,18 +1,24 @@ -binderhub: +basehub: + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:EIhaB2/vmCm9/rK1WLLChgIP29PJ0i6BOkiOB2bZDMSRT42Vm/FvUF2Epq9iPGUm5ow=,iv:Ak0R8lsBsNZafx3qoakrKTkbridYcv3UXQWc7bS9IY0=,tag:+9AxmW9wl/TCqLDXMKPNkA==,type:str] + client_secret: ENC[AES256_GCM,data:qJdwV1sjnPTN1Hcr1hqPh3xWBWqbbXSLUHRo2DGdnyKrANUQAr+tgOxiDzl9E4YNtLm8tCPiWdetfKi8pEtDH6ZmR4wiKSJHmxpc+mXcnXYh389UPnQ=,iv:MvMqziT1qhv/dcsXGZg7P6aHxRSP5qx1p+Z/G7AdIKg=,tag:RHbzlOBN3PKt5rvl6/u66A==,type:str] registry: - username: ENC[AES256_GCM,data:SqV10MEVeCv0,iv:C+ueMwvNELqYMCdDz3AGcDcpbR89cYhdJcLtHL2IUGI=,tag:k788+6EmUtzFFh66d10IPw==,type:str] - password: ENC[AES256_GCM,data:7f5vvxgFcahSe8i7J7n1SaNlpnc0KUhG47OTonWQLJmeCaDWhpurRVM69fwcKC9l77OV5IW13rskld9TOH8L5p/GoVZrQ1GemBPRQ2yE3CebmIIr2+nD+h7QFN225hL4b1PAtG1CDcRzhf1itSFn6qxjgJBcaJDOTTb+RoCtUzcdkL6HeTL1BW+CN/zlQBMLyxmaRbLNo508fRI+qfYtNh7eOflA+1Madfjzrqc0UZha1wWtz2tLIG98tSLaPuI8xoMPRrjGeOrqoFXGQnRNjtgWj0l9j0uMdR+/O6X65UWl77yryWvxf4hoeL2trVz2weR1OFfZHgy96ZTaC/IIzAqzUHVHRj6oL38rPRQ+PmLfMMZterAZe4J19oVIBT53QNZ/GoCzvTX03Tg9XM4m0B/+xT11DZZR7B+duHBo/dh2dbcvI7ibH0kv7O6Ij7kyeJrzSlAj/WvBD9gXK5+l2xec8ZAqxNCHeMC+A3COT5yWFiQBig1Q9/8ToP3Qop4wtNyiIL5Ss7dW0jxTC+PzCxIBC2RgxRwZGk5frFgazOXHmV7kY/jZrQEGVPm1rtvN7y2J0LRXt7YjJs1HyhQ8wKLGzB8FbqcqHolHYNEkbJKTBomFIEC5yiWEyq6QS/De/FXc0HRd8EgYEUtpMM313fm2ymYP95HqkDPcX+aZklAFm+ZTPW9lyykM4kgj3MLpkxVdYyBJiFBc+NewRcOa73f2mziHNtVLbhUxdcO0voVjoFIsFeESoATUfRnK+/Ot15B0t1Hs3Rcmf9iCi9qPqgm/I0iIP+W/V0/KfprRqXMSZTuxJlpdvZQwa72uZZBtoZ1eZtzHy8F/u8V5+K+sjKD8BgDUx9MaaO0ExcI3ACsH0AbTuNmrg2VC0IQVnUVgbxfXJxcsgQsMmv2TORc6PDGGKUy8DFxb9jCGTUYX6ewgKRtyHYC+xFQEMHGOLV9WzPunC5MjSraLrCdNWzomXmVp/xP1k1ZBn7bVTZMeRfuPlu2HvHzCmZShCxUcE5MRf8eSkDwAuL9eTYZ91qx/6UxyL6TyluDUTCd/NZAhAVyUdgNS3xwgkgC6JwwVpSpYADNc+HoGGnhuyZXH7+vjDSASemHq4q4FoZ+a5YEdDY7ypaLJ3RXwo/Gz5LzrjsCZRPeKKP8gJYp8AaZqXYS+BISraCawHKKxyGXGPCnLz/OI8FmludKF/lBWI+2USzvg9yrQseWZtMGQn8GA7ZRFDu1UthoDEFuIor1V1WbCyHFbk1dVyLULxs7g23YSwLzr87/opkFvRarxbgAAJHOorHjOMEdK2pmJ0rQ6cBp4qtjxQ5+C9iTDcZcWGBe8Zt48u3lTL+RgoNR5U6tX2Djcnt+5/1CD3YibKsnKhgOTmJ57JYmsiGtEwU/3ct464Kw0MZk50C4nhfBpK4wqS/x+6AHFml/RAYtTBwUngm7PH29Z3BB3vunhjVkg7LdyihbnhV/CMMLMTR+wVAlwOqxId86WAN5qjF3SLWACCi+yGSQEZUDjCVkfyxzzRWRJG/IICEmJtK0xEYmvCr7fKMsLKIxDWOiC81MG1DgIAd4QwxnSQZByKbLbkOyhgAz6XIK2MAPPNdF0ouAERJk3jtIDFmZD7SVPPRI8sLt8WturSvln1YCSOpXO25g7AhkCwKYkF0ct209nR9NeAJwxMMiqYwoCgx8x0VpxXw67iudZXMfWGXhQXOhyjPXs3riNISNQCnBUVupwB3LJqNCcVTTTSA1vIYUFSVyTM68Yk03QLmMdw3yKewMI+We549hGmEfHGqmCtRkUMQgaouKMfSk5k5mGb7lHYFx3hXPQLHF97Gcga/QFX9619/4rHMqFdYqP0SQ1eoDz7Wb8FCiUTNptDR5lR6Scrh89tH90wbxLa65mbpfJDC/AEdqmnpNCvn0t1OnLvOB4DthNL+iW6YoWhrjTU9xOOrmE4ES52YWvBk/5eeZZG2Ryn3FVy1gxsQbTVBaZtR4SHXzwb6KRXgceY2d7EwjPU3kW5zRMTIDxNFO1D98+wUE35tgIxs66sgrqCkBzwCKzpilL3Bw2QKqG9+COcMHJoWIOHp7MvVgFZocLdab/+dSKso3n7S4+nkRfhVGNFopDhztNYdS9yMm1BC1+X/eo0odtv2P1kQ/Ts0K6AZfAHI92owjfMnaetre+B29MNQvjbBWipAR3LEUcyCeFx96AfkSGiPhgxtuWKEBBrrnPeWyXqZyPSOCgNWusQY1sQvzNYysz4KsXC1MQKXaELzXMhCIu45l3wCobr3q5W+S3gf5O8K9ADe7AcKZPFHd4xJBLQWOa1en/1Cjxi5Gq11oCJXs7+4kV93R1iqQsGDh9NtelZVb1GwjkynuKRhe3lfhQuSt76Cv03GW7U4DG7xccai/koETnan8EDgW65JOkFKi/3fbyjJywQzeMpoMmGJGWVHujeDcc26onE6egCIrsig4Nf3DOS9zmU/HxTto4cVdMX7HV9FfRHJiFY/CHEwdExfGz6IIg2aDMlsALfp0XmLf8oVRt8nGXOCNJlhOLkAo1NvQq3aXxv/0JsjdPCuev1DfWWULQOIm/hQXBQMTe5g8woIUxIM9VDezDMOEsmzKWUR2qVv6msnJRhLU6Nf8oBS3QurQkUcJcK4nwuj/VSrJORGYoPE/V3POHT3QhsPDi0PKaZtzwqLeh4jrKdKtS5Gwu1LSg5Hwg+2dt0XFaV+1SXugnA+u2IZrqr57m/6X7lbmfHo0OYyjM3ZLyx3ivxAOFqdH9TIsp4/RIIBY2TAD0HTSlX4JShTZEXKOZ9GKpkYwWPnyXDgSjggPyDpOqzJjHIZ5G2+IZL66OvpLEztnEyPm/lgt/P5gqdtsbCDNJxDFMwpqRlh0M93Rr1r1DFo7uPVQZomUERLXpwHDVh3nbzjAmnnQVsVo7SlHT0NuY7uzX4BVFq1YM4JmO7IspGDALZZlst2L08P65jqqRAI1Qd9QI9slTnxn27a2fFC6LwtrXCseLImveGdCcHlAntERTKYqSfOrNWYBICm1yyOFde9tj/9r4Uoe/C7sxYEH1I0fZBmihtG+llZeNsFwDAteUXBKLKeuK47DZSVWtwyd4KXdoxRVvfUh/ZNA5I4HTPYCLY70BxMHBf9pfuAK18/wA+gweys31/Q==,iv:j1UJUS3ThiKxIUngJlE2jWvTtNxhX/AFhvpBSWO2v30=,tag:rWd9n5aOpX0HqmH0IOguig==,type:str] + username: ENC[AES256_GCM,data:NFzhN/vaEn+G,iv:Ve/LpOFbetJ/1heviqPIKXlKBve8UI/FYyFCiKlG3bc=,tag:2Ufdiv0Ya6RwNHiFtamw7A==,type:str] + password: ENC[AES256_GCM,data:DJPbEmT7kz7GhGsSH4rVihG92fIKO3QWy9I9IHsyZDJKfE0TzMcEPOI301DCRAQ3UgtC9MnaT2OCu4ALeuDVpf30AufZx/w3Zf8oM+HEFs3a8YIiQZICeMgHAYMBv2dgeJZUVczlk6+cPYfRcRUzAac1na+HfFB5TKLnvy5S97CCQxDDIR+0lnx4y2znVHgc0M08GtBi9HS4tlihk4DIvJdvAKLxq8VYXLOPrDusVM4VQKqujnhRBfGbvBAOZaYKIpHqNdCqG1mmH2cZjqLMaLnd5r2FW3xhZIhIjpMpgS0CQTX+m1I8miqs4S/HSzbeOfsF4a8dUxu/hri8jEVZPvJovrhD0sB6cJkuWLA9XsHI1kiwASm37UdMe8fx7OZEM/svZ+8VUY3JX2z5IJkAC6IVOTzITufeyi0m0HWzO3TZLoxgiMpRHdvqOxoiq2h7bCLgyMZkkQ9xh34/d7qG8pvhFeFQVgfva6yq6Q+S2GMHQKfudalWKOjLuk3Fqi1DRI6cZD3JpdFjZZBU/T134QbWah3ZQPZf9ypXZrF2ZcQ5AtgAJvyiVWJYbRJhvU7KbZwr9YHnQkg68mtwL8lOj4R/fl8LC3R9cVxKqCuJt4DRhkkK60MFES0jynAQKrbk1D1EZA7p+TTptCBfR3leqC8CgNe5PjNMoB0Oqn30zXgbxbZOiee4yRI1mmGAVUsmNIIgN3X5C5+O6y6qLDfgyFkx6E3Xoo629zD2v4GSXqH202HKgmcncmPe8B1b+mHfXQcdeBtcRaqI859HyZWUfBbcShVixf0VkaQNVjeuww4zb7Xa8ChkSeYZQX5SDNBDH7UKKc/MqdBadr1i09ONvPbT9vLQvwpr0VwkxlNuHtO+KnNoGrepPVD+yLHBrTpDDYPSDYQxAyQ9368diJwRjXOIehHjkAQkCwZ5rHdXngI8488wUHL/ChPFHWP2p2c9mW9lw5YQNbMHp3EGOUWscDg7mmJgGmgDvblTFpID+mh7NqqDl6liGle/xWl2KfFKud2eXjoztBwlHtRQEXoJauM+8PWrkZrVgPguX1IF0UREzkxasAKUZfC4ZQNJ5Ilz5A4ulPZh2RrdSq4CnuA7o0g/tzBzzHTyTdrueFVru/ndRmegvXOmn0yAfRbN5ZrEwsOsZnuMhpw4a/x+LAe3AnCNTwhLJiRzmlduAAS5BCB/7hkbWrCxH4lpseNJefmb8QzJj9gyJpZ3PAGKVku3C6JP5Zcect58Ti+CGRkQBpOB7ricXeOIuZndyvCvMAIDjsyPe+5B0dTHpBG1Cv2B2snvCIpIz9sVtWynI3CHmj73/gNnfzb/uobx8LXib16K1zS45XfJjGmSn7Pr0b1tOXzWe8RCwJEji+hDU4LzeAZ5sojMRGpgtJyYM2QdVl7OKkBBkj88ra8Crn81D3GrJjTcdttnIyawEPA5UHRY019kHlYNLqkDl6HAeiraMTgcCtvCPS6CYLhEIDx6mQuxvViJchPOmtEvZtNYxptQXs3z7Pe2ibPRbbQwagzv2ZLqVWgpwJjsC/whJ7pXWa4xusxrSZpHzb8zxC/wk7DfxxhdOt9i9b99XO5/V+69lzmxWWpJ9PQjP2jbXF3wX8p02dkDSkECIXpCt0qxXyY2Y4thrb/eLu0Uoc9ns/9yEp1iLnPVWFW9gg4eE6v1Gff2eoBphiv2riQVijOBqErNcgD3iCV45MVf5NFMVAfojW61bY0JyqvgqnZluVKe8lYTEkv/B3ucZYpR2OMK0MoH4VaFFk9cPDPH8IrgBLBl6/rvIWUOrCj6XwDNhNC2nuTluvZBw4AeE+KuHff39r8Vg9rPe/EtPNQC1wqp6n54/y6kTpsBKnQ43TxT9o/UGbDuQxYHn26AYvsDcsY+cDZ5dSTUlzkSxNdJrR9sC+yVbQgnGrga7RtZDCv3DmHozcUrjatniEnCik9HMjY+Ig1MUQxMyeHL8i7Gu8jiFPTQGTVJopbzZy8DIqPhl03wY80GFEnfjEN8VFOfAenuYyxWk5BEnl2ngBnzeyttecc0IkopwtZa5ZobdnblQj4UZaG2y3FHSCvAyg5gl08/TatWaPRsYM9NE21q4uV7xb8eN7HLGJp2laWWeW6O0gftcQlx8ZRwPq8l2mhpe2mRGJAfe2zYRqahIBwctDJtnECq0HVxT1RRXgjzvgWsO3DHVcITNa999/9ddPQa4kDqp+Jstkvin0rd+jX/wdZkxxWno36ymC7e0HVScKnHMTcJC+kdBTruDc4+R0I7C+Fy0OMTfw5FcaXOqqYmr5N0OCL/5TjwNxk0MHxaI3R3T6uP5DtYGDuGduqORrfWVaQlKjbPAdjmaKoqJ9KHOr7VEneV/waBcIp145kA0Z7biaeU2CqLSbg2R3xKacLeNvmp2vDScbybyttfTwxTCIjfB4D4P7dXDt9vdGlPS+GMjmaair1n1Hvxb9vrIwUeyoo6a/EKR9e2QwBYXMET90bGUCkTsa5DSzhpjHy8BCyuTlfOFAJB1+MS0PczkebFsA197Y8ucZdhn73cMV6FftuwlDgmG4IhUtma4mN8IqJ6ysyWXFITbILhbSFDuHSnCotEnYWAnrTBW6fIGCsaM9LkZzAXnTxekQLzJlZ2HHRS+LulZd1DcTwdfzJg7N4DsMxXHitzLj5BadfYuvrm/s2RL+8lIDPBGtTRs9HI5dvGaImgwEgeL5Tnkipd0AqzcvNr+l8LDWbJzOD2n1zNTi4U1ZVtMgLsSmh99Ho+fq6wclW3vHamKd4W23r7eptz50oXOx/e2GYI9kSpTN4clhPMNnfS+JSK+X6K5OoW+1QWxOPQQONvcgxLc5x0HZV5tOCgHbJnpoFGQBJdpFBjV1OHJqARJNfK2Bq9Z8O+KtUePC64BgNP3ElzmLtBmO2UIP2Sr2Lz6zUMXh4WPg75lGt8VmgAAJKqTwEsc236tcuXc/M9dUVG7oWLDhrwfFSECwgRWnDHhdL5j2ZB4AtFtEe+DC8/UsmiJNUx2YEPHcV/7cDZnarIdw/G1nZNLksOxLtsiGpZuw3xRiDGnsTuM3IqAYSakExRhu2CkCIUV17fPd0BRJp14XYcRVEgC0QVQq8epgXBWeCSrFHu8GaZSIpGa7sdg7MuI/InX4sEOD4zYZp1nXUBzQ==,iv:wOBoB6Z+AiXvNgZjx4wseaOTjHHWeQ1Cjhtb4NW7tb8=,tag:Wjb0M4tgWGRe4BEJHW0Psg==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-06-22T14:34:29Z" - enc: CiQA4OM7eFGhTSXEWGRC+ziKmycAB7N4nIMJD6lPYfSZCW//vIwSSQBq6cPrXydjRStxCoJhHa7W9K7HO6Kc87M6Zy6IcZpntGCm9UnlV+GVO0DPd/EbR40IXSUkPTKCC4CykPk5CDzU0reIGEPOSmc= + created_at: "2022-08-01T13:10:28Z" + enc: CiQA4OM7eD6ZXGlBmoo1J2XF89Vj8xeY38PT+1CfIf8BH4eH10MSSQBq6cPrQXBnNB0OIGqBoUdQP0aptUkJ8JYhDJ8ksEYYazTpD5gY4BDujYOzU6dY01W77lOWl9PNmxf0pcOsiYBaPEwOh102ByA= azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-06-22T14:34:29Z" - mac: ENC[AES256_GCM,data:w0ViXYtNKTU/dWokv+Yl4lJ0SBahWqw/4dLCyV/kfwNKmuBSustKpR/2vZzjCFyyZDR+jXuILWnpfmYVpHZcfLNKhhZcJNhEQDpfT/e822MPEI+kHEUwfYcRozFrA8EtmsHnSmI+2rDRlEtNObD64+aV6gVLoIP4e+pGu8cq2f8=,iv:IkCeO7Q79AOXeVryBh1YJNlXyvfbYdFwuN3mNl7oj98=,tag:jeEdamZbIhUDJTUuXQz58A==,type:str] + lastmodified: "2022-08-01T13:10:28Z" + mac: ENC[AES256_GCM,data:FFeQ5bX9EJbasV/es9urUcuMa1GJtpPyGMeG6cNZIsAHggy47JKLYkTjEe1h81KtNOJzqrUpfii8WtgZtL1t3VawmCHR08PlbAY/xiYZupOupwoReOvwkFsX+FBlRQm7I67sa/Ft3xYGDu33S5X7seQRL43ESYnmsGZMFkMWIV4=,iv:FC4qKzP1Gq4mgQyfCRs0hjpzTkZ+rYdbkwZ/lVHhqCc=,tag:/JjvmcKvA6dZIkmseC8+qg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.1 + version: 3.7.3 From 5cae3b383baac0ef4806c67ffafefda7289df395 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 1 Aug 2022 14:19:23 +0100 Subject: [PATCH 02/18] Fix keyname in encrypted binder-staging file --- .../2i2c/enc-binder-staging.secret.values.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml index ee18f940be..a89448261f 100644 --- a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml +++ b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml @@ -1,24 +1,24 @@ -basehub: +binderhub: jupyterhub: hub: config: CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:EIhaB2/vmCm9/rK1WLLChgIP29PJ0i6BOkiOB2bZDMSRT42Vm/FvUF2Epq9iPGUm5ow=,iv:Ak0R8lsBsNZafx3qoakrKTkbridYcv3UXQWc7bS9IY0=,tag:+9AxmW9wl/TCqLDXMKPNkA==,type:str] - client_secret: ENC[AES256_GCM,data:qJdwV1sjnPTN1Hcr1hqPh3xWBWqbbXSLUHRo2DGdnyKrANUQAr+tgOxiDzl9E4YNtLm8tCPiWdetfKi8pEtDH6ZmR4wiKSJHmxpc+mXcnXYh389UPnQ=,iv:MvMqziT1qhv/dcsXGZg7P6aHxRSP5qx1p+Z/G7AdIKg=,tag:RHbzlOBN3PKt5rvl6/u66A==,type:str] + client_id: ENC[AES256_GCM,data:RuqtZnjQa3x18fOFj8aOzcV2G5nNXOv0+HNDPQv6v5fl8kCtmaYvVKioSA/+jrVGHYA=,iv:GQwIR02EvvZ9afRePmfMveP4JrTTFb4gGxcbC2Y69kQ=,tag:rFal+Q2tiG+J0wWq4/LE1g==,type:str] + client_secret: ENC[AES256_GCM,data:komugh5Iy2b9+0fzRdB8IfKVDj9lYBsWVN4Eq80OmzFW3ykQJVf1b1Hq76px/UvsQ8ZyomJo/Gs9ES0xoM8OmHYi3S+bTRuAMLJ6je6IAMB93FEw+8M=,iv:k+mptWH6NP4p92UxfsF5CFxbRyY8uBCdE/2v3A6JTKw=,tag:aBa5+SlpI+2HiDLLDJo0nQ==,type:str] registry: - username: ENC[AES256_GCM,data:NFzhN/vaEn+G,iv:Ve/LpOFbetJ/1heviqPIKXlKBve8UI/FYyFCiKlG3bc=,tag:2Ufdiv0Ya6RwNHiFtamw7A==,type:str] - password: ENC[AES256_GCM,data:DJPbEmT7kz7GhGsSH4rVihG92fIKO3QWy9I9IHsyZDJKfE0TzMcEPOI301DCRAQ3UgtC9MnaT2OCu4ALeuDVpf30AufZx/w3Zf8oM+HEFs3a8YIiQZICeMgHAYMBv2dgeJZUVczlk6+cPYfRcRUzAac1na+HfFB5TKLnvy5S97CCQxDDIR+0lnx4y2znVHgc0M08GtBi9HS4tlihk4DIvJdvAKLxq8VYXLOPrDusVM4VQKqujnhRBfGbvBAOZaYKIpHqNdCqG1mmH2cZjqLMaLnd5r2FW3xhZIhIjpMpgS0CQTX+m1I8miqs4S/HSzbeOfsF4a8dUxu/hri8jEVZPvJovrhD0sB6cJkuWLA9XsHI1kiwASm37UdMe8fx7OZEM/svZ+8VUY3JX2z5IJkAC6IVOTzITufeyi0m0HWzO3TZLoxgiMpRHdvqOxoiq2h7bCLgyMZkkQ9xh34/d7qG8pvhFeFQVgfva6yq6Q+S2GMHQKfudalWKOjLuk3Fqi1DRI6cZD3JpdFjZZBU/T134QbWah3ZQPZf9ypXZrF2ZcQ5AtgAJvyiVWJYbRJhvU7KbZwr9YHnQkg68mtwL8lOj4R/fl8LC3R9cVxKqCuJt4DRhkkK60MFES0jynAQKrbk1D1EZA7p+TTptCBfR3leqC8CgNe5PjNMoB0Oqn30zXgbxbZOiee4yRI1mmGAVUsmNIIgN3X5C5+O6y6qLDfgyFkx6E3Xoo629zD2v4GSXqH202HKgmcncmPe8B1b+mHfXQcdeBtcRaqI859HyZWUfBbcShVixf0VkaQNVjeuww4zb7Xa8ChkSeYZQX5SDNBDH7UKKc/MqdBadr1i09ONvPbT9vLQvwpr0VwkxlNuHtO+KnNoGrepPVD+yLHBrTpDDYPSDYQxAyQ9368diJwRjXOIehHjkAQkCwZ5rHdXngI8488wUHL/ChPFHWP2p2c9mW9lw5YQNbMHp3EGOUWscDg7mmJgGmgDvblTFpID+mh7NqqDl6liGle/xWl2KfFKud2eXjoztBwlHtRQEXoJauM+8PWrkZrVgPguX1IF0UREzkxasAKUZfC4ZQNJ5Ilz5A4ulPZh2RrdSq4CnuA7o0g/tzBzzHTyTdrueFVru/ndRmegvXOmn0yAfRbN5ZrEwsOsZnuMhpw4a/x+LAe3AnCNTwhLJiRzmlduAAS5BCB/7hkbWrCxH4lpseNJefmb8QzJj9gyJpZ3PAGKVku3C6JP5Zcect58Ti+CGRkQBpOB7ricXeOIuZndyvCvMAIDjsyPe+5B0dTHpBG1Cv2B2snvCIpIz9sVtWynI3CHmj73/gNnfzb/uobx8LXib16K1zS45XfJjGmSn7Pr0b1tOXzWe8RCwJEji+hDU4LzeAZ5sojMRGpgtJyYM2QdVl7OKkBBkj88ra8Crn81D3GrJjTcdttnIyawEPA5UHRY019kHlYNLqkDl6HAeiraMTgcCtvCPS6CYLhEIDx6mQuxvViJchPOmtEvZtNYxptQXs3z7Pe2ibPRbbQwagzv2ZLqVWgpwJjsC/whJ7pXWa4xusxrSZpHzb8zxC/wk7DfxxhdOt9i9b99XO5/V+69lzmxWWpJ9PQjP2jbXF3wX8p02dkDSkECIXpCt0qxXyY2Y4thrb/eLu0Uoc9ns/9yEp1iLnPVWFW9gg4eE6v1Gff2eoBphiv2riQVijOBqErNcgD3iCV45MVf5NFMVAfojW61bY0JyqvgqnZluVKe8lYTEkv/B3ucZYpR2OMK0MoH4VaFFk9cPDPH8IrgBLBl6/rvIWUOrCj6XwDNhNC2nuTluvZBw4AeE+KuHff39r8Vg9rPe/EtPNQC1wqp6n54/y6kTpsBKnQ43TxT9o/UGbDuQxYHn26AYvsDcsY+cDZ5dSTUlzkSxNdJrR9sC+yVbQgnGrga7RtZDCv3DmHozcUrjatniEnCik9HMjY+Ig1MUQxMyeHL8i7Gu8jiFPTQGTVJopbzZy8DIqPhl03wY80GFEnfjEN8VFOfAenuYyxWk5BEnl2ngBnzeyttecc0IkopwtZa5ZobdnblQj4UZaG2y3FHSCvAyg5gl08/TatWaPRsYM9NE21q4uV7xb8eN7HLGJp2laWWeW6O0gftcQlx8ZRwPq8l2mhpe2mRGJAfe2zYRqahIBwctDJtnECq0HVxT1RRXgjzvgWsO3DHVcITNa999/9ddPQa4kDqp+Jstkvin0rd+jX/wdZkxxWno36ymC7e0HVScKnHMTcJC+kdBTruDc4+R0I7C+Fy0OMTfw5FcaXOqqYmr5N0OCL/5TjwNxk0MHxaI3R3T6uP5DtYGDuGduqORrfWVaQlKjbPAdjmaKoqJ9KHOr7VEneV/waBcIp145kA0Z7biaeU2CqLSbg2R3xKacLeNvmp2vDScbybyttfTwxTCIjfB4D4P7dXDt9vdGlPS+GMjmaair1n1Hvxb9vrIwUeyoo6a/EKR9e2QwBYXMET90bGUCkTsa5DSzhpjHy8BCyuTlfOFAJB1+MS0PczkebFsA197Y8ucZdhn73cMV6FftuwlDgmG4IhUtma4mN8IqJ6ysyWXFITbILhbSFDuHSnCotEnYWAnrTBW6fIGCsaM9LkZzAXnTxekQLzJlZ2HHRS+LulZd1DcTwdfzJg7N4DsMxXHitzLj5BadfYuvrm/s2RL+8lIDPBGtTRs9HI5dvGaImgwEgeL5Tnkipd0AqzcvNr+l8LDWbJzOD2n1zNTi4U1ZVtMgLsSmh99Ho+fq6wclW3vHamKd4W23r7eptz50oXOx/e2GYI9kSpTN4clhPMNnfS+JSK+X6K5OoW+1QWxOPQQONvcgxLc5x0HZV5tOCgHbJnpoFGQBJdpFBjV1OHJqARJNfK2Bq9Z8O+KtUePC64BgNP3ElzmLtBmO2UIP2Sr2Lz6zUMXh4WPg75lGt8VmgAAJKqTwEsc236tcuXc/M9dUVG7oWLDhrwfFSECwgRWnDHhdL5j2ZB4AtFtEe+DC8/UsmiJNUx2YEPHcV/7cDZnarIdw/G1nZNLksOxLtsiGpZuw3xRiDGnsTuM3IqAYSakExRhu2CkCIUV17fPd0BRJp14XYcRVEgC0QVQq8epgXBWeCSrFHu8GaZSIpGa7sdg7MuI/InX4sEOD4zYZp1nXUBzQ==,iv:wOBoB6Z+AiXvNgZjx4wseaOTjHHWeQ1Cjhtb4NW7tb8=,tag:Wjb0M4tgWGRe4BEJHW0Psg==,type:str] + username: ENC[AES256_GCM,data:k4U0HNK3ViUF,iv:f87l847a0ZOGuYdOlqfoojHVdveurl7Hxwp7KNBZk7E=,tag:46eWy5HosU7yYTbilQ9MJA==,type:str] + password: ENC[AES256_GCM,data:HnOAdXI1Q7DtI+oUA+crjGd+glQOx8Td48G0Y5mMU5GZdbKPgdAV92BEY/MrKWb5ULdsnAKR8GYqmNr9Gr4K3f7debwpLCO6reKsGI37CUh0+RFrmGDvVkjaOE9fNMlqtEG3H+dePeFqCQXaBw7XPKEZcd+pcKID18mS5ZZD/R/x915uiIT7YupBAe3HUbxYbNGVo6o9MPbUoVxQQUseyWzU23i05BO8Abn0HGfeyuEo6XmH4TLkCbdJhqe0tWt6+rAfT42DFzIXeu2UmEZi2Uz94naJBv2QoTrgP0l9UW487Q8wyF8bFzhsxtcvxr0Iy8UifFJdcfrpMetN7dNj8x3k7lhZ7+dJz+KGmXI34+EUMRbJSE1qDqvOLOZt+EzE8dwmVx9hqFsYBpbjNfBaIRUD2ygUIoCmotkYEPLUM7WauFRrUC/MWNOMZBpJfEPbz722E8h164eiiI62JB0y3IheNbS8Sl9Se8uZrJW8vBvz56VlvV5dgyT+VXI7wVszeCMo3WG+oqZDX4l/4PY7Y3zIHuYRIEDl38FoAbflymF9mA/kfLE6Jjd00a2RVrILsxy+u/vML119axvFvgnCwdAXxDhd+HWO7hqTr7DEqrZY0ohhio6SRr+w75rNS7rMaBcoayNe1yUyBMxOOXkDoWRofMZIy8FLEfPE1eqmNHUeTmeAbfuc+S/JzvmBqEZhleJ+teF6a9ZeC4SaeqaVwfLarZSEHIOi4KknQV376ip3THOvYqNvDkUH9IH3yTLmUXU8dVGUT0lkHNxnIM0zJKROKMYaykXEwPewEvB0WNsmimGHBi7NPyQ2Ddc0MSCZvhXPr+saY2p4WPZEsIF6eKIGJNVH0EJF00Z9FCkY1hruBPClPcuO/uNu18O81H0NZmrXV31wfJE18uSINHkdOGk2qPox3/1YgMl7Gps6e8FelgzOLqz9MRIJJNgtED4hQY8MsAjkSjbtkwjZhPnl/m42DtdZNPgehmwFJ+1kmXAiOZhzL13skTezUZxYLRJbVbj+K6e3pj8uK/qn6wLjiEnEnYIKxJ3Yi2G6Ro+DaRW1B9vD/6mHar25hNDk+fQFT5/USr6FrRvlzXQCZg5FGk91LBjJUEUpVm/HYN/mh2do+X8KnJNp4+WqDzGi1ske0aJqpM+JN8mFHMnZoXUGp42pzL2NXr9yFtkvnLH7yleQXpfaILowVDPETbasFy5/DEd81P6cKLM5XxJ2meqv7rxVV33VtQ/O7IePzywhRQM1uvGzcmzlBYNyAkJUVGaOarLSP/T9SGi/twVOAi/Bi+lISdm4Ow07DD9BnSff6GnRcJAzbF6PbMWdC4qHPuZTyG0iHgP53NEsWTtWcWEEXs/naMzFrwTmS8AA+e8/T0nz/pz5/tGjqu1LGkxQO5Qot/A9RxZ2sGZZUI8SucP9T16MVNUXl14kF0WinFc241Gey0Qz9d4TK8QefTZ1AneYnH9IiYpJs/oDJ0k/c3vqz//4UDRb9cH4GGJChTGb9ryKnCW37UuOXh16722d5O/ACGhsUPPNHUB3doReCCfbM1ww/QYzXlzqJC/p/lbQ9hyCN/X6NhOdVUVJCrwkKtfZiCteWSd7ATaH10JcVJ1VjOmdKt2XAuEu+1wTfdr13GPCDuLoiVk8HTCaho15kHeE6InKHNLVGryrtm/bIWxnBNTl3uIMjAPnlnB33o9eu6Sq7V6jx9bsC3OXAqwuGiQzfO3TfkIJ5I9C0CURSAMY9Z4M0+yGD5qF/mIm/wphgJPYlcOec5ThJEaJ+ANlrQcKHmSlVWPTiUt5RCY18UXpCXt46okuE4mbc/8eAg3bCZ9JEmXFaH6uG2kLmjFaXA7I3X/mxBBr1sfXgw8EBPtNOkvMwy3L6j4Za8ZsaSjFBNDTEzNm2iSm06lylMmkQlIak+8pT+vor6Ai60Oqf/pF0FFM/DAnkfnbv+R8mZqsanMu6gCTWsfGGK5JqrvS+FSJNAfIwdVuJgsXkkVy6VzStcEcfKTRPfHyBcS7at78vqfchDLEwj2zJJweQrF1aHG2MjjhGQJY45hDlpfAZEyeZqBeLGAvAzAX7Wa31ax4E/Be6PA2M7bEJy36z/ZWm+uKmfHuESabUfqAt9PDJHuhxkEasjw2cvHCrCOE/je+geUVKcAweosrCAbd/rc78czLQqUWbUtunWkg3k47TPEPsbDYmjbfzc10D+SNlJSohIoGwKGU54vpD4zAV9g5nV/K+LY0fiUF89rAfxT443JxKth/tSFLyFiWv+BPhPHL+HFJ4R7BA6GLMK29WgODl4PNaz4P71iGovvu5Hg8fWf3UPCRGKz8XpS1oiF5MHJgQ+h8cCkiYQ6L9VnbprgiTVjCKvpxsEFq5JKU5llTFeGnmLMJOJl/YNlsZLrkyTZioiHJOCLkWT4ZM6PLaCG5myk1LO67Q1AVuw4/RuGkDeOSpEEsuGgfy8c/J8GBO+8Xb6qGEj/MHtAa4LFAvIL5WJWwAJrF26ID5BkB3u2E8zmb1WKVqplJVvMWQus3ctKBWmxvl0xUZosGwvgwqZVnQ4BEUNbZTqUpQGbdqBtx8hPo/ZTYbrbfl760fDX1OC3OmsZZRyF4oWZ/Pb+MQ2BaL7mCHrN0nGu1Ek6Egn/NVJ0FBJuAswJiluHA2fRAJRzfXxCcetMtfglCSt1WgsYEAYQIF403DyO088NQ7mcYlyYGntn88fPq+T/q/tv6A6nYhJ46Uwwe5lAu44ftO3HaxrUizamjB0xuz7PNt8tPEvd3IU6cVUqHuuBAp6OWctX1JtIZU9pp93GXqJzRIa/6NxNyQJujpBup8C85o+UxSFlUVIVIIB+rJuBOqKasINeqF+ld8zWglzoqNL3lvfYZLxdQJNrjCs5L9ka+u6xo0PDO+LVlWmVX0dE18jlXZRPwaqvD8BqJQPEMG0xDzwCSf0ip8Qud/Zq/wiBTpe4ZXbdveGfRMSO+85qhwGA/MmGbmJZpSaphBBtij9jvAr8P513lDXzBaW5/xVCmxx2PFRx8j2bmKRxwJQf7ZkoFKCLyK/o0EpgSC1Mn+XlzUW/HF7oVc08ZOYa8f1x7WQI6x4oe/PKR5zG2xwoLn2ymDKwwDfeYsaAtdV3dgutyq+kw3kfKZ80tYv7p7TBWYaafbgGINA==,iv:9GG/CZsI57aFJQCssW7iQg/4lHpTc4U5iHHNeZKh3c0=,tag:6IKw5v+ZffBvGIuD04pYHw==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-01T13:10:28Z" - enc: CiQA4OM7eD6ZXGlBmoo1J2XF89Vj8xeY38PT+1CfIf8BH4eH10MSSQBq6cPrQXBnNB0OIGqBoUdQP0aptUkJ8JYhDJ8ksEYYazTpD5gY4BDujYOzU6dY01W77lOWl9PNmxf0pcOsiYBaPEwOh102ByA= + created_at: "2022-08-01T13:18:37Z" + enc: CiQA4OM7eCPRk629NK6+DDn7Gy/Peufg+kOWtHsew00rqKvuez8SSQBq6cPrK17q00TFVRWLU3xtIoK2nzpE36J19S+2a1vE+kX6c4Dr9njvMwN5FD/4i2+UeI9H031N5X4XfWbLAKcrpyWwhhFKaYc= azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-08-01T13:10:28Z" - mac: ENC[AES256_GCM,data:FFeQ5bX9EJbasV/es9urUcuMa1GJtpPyGMeG6cNZIsAHggy47JKLYkTjEe1h81KtNOJzqrUpfii8WtgZtL1t3VawmCHR08PlbAY/xiYZupOupwoReOvwkFsX+FBlRQm7I67sa/Ft3xYGDu33S5X7seQRL43ESYnmsGZMFkMWIV4=,iv:FC4qKzP1Gq4mgQyfCRs0hjpzTkZ+rYdbkwZ/lVHhqCc=,tag:/JjvmcKvA6dZIkmseC8+qg==,type:str] + lastmodified: "2022-08-01T13:18:37Z" + mac: ENC[AES256_GCM,data:OumJGzPVOAKcMiD/4/8Q6LFwW5yxG0E8I7DY+LvfEEDsLbrzUHuubL358ct3DL6NYTxeYBZiab5iqAmNAR81LpbTvnmEqUppQgvc1/kWnkBwLl/hJFPI9m1ltGvXwx5dtPMqUNP72N678jZvqLWNFoSjM43A5DPXURDSIf2svX8=,iv:lpUAiAEHZ/k0ZKYEacSR8cGNbuhaBJM2QUOJ+6+1dLk=,tag:NOqpDnmvt4Ah2aj6OERbrQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From c183de94ad85b7f48f522014981fd36e96e42f1e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 1 Aug 2022 14:31:38 +0100 Subject: [PATCH 03/18] Add CILogon auth config to binder-staging --- config/clusters/2i2c/binder-staging.values.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 4886c219e0..82f8279feb 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -21,6 +21,16 @@ binderhub: extra_static_url_prefix: /extra_static/ about_message: |

binder.pangeo.io is public infrastructure operated by the 2i2c team.

+ jupyterhub: + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://binder-staging.2i2c.cloud/hub/oauth_callback" + username_claim: "email" + allowed_idps: + - 2i2c.org initContainers: - name: git-clone-templates image: alpine/git From 179af5b28f06cf15d74527269e47ba27e7c550db Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Mon, 1 Aug 2022 15:11:25 +0100 Subject: [PATCH 04/18] Use correct allowed_idps config Co-authored-by: Georgiana Elena --- config/clusters/2i2c/binder-staging.values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 82f8279feb..8b916637f8 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -30,7 +30,10 @@ binderhub: oauth_callback_url: "https://binder-staging.2i2c.cloud/hub/oauth_callback" username_claim: "email" allowed_idps: - - 2i2c.org + - http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' initContainers: - name: git-clone-templates image: alpine/git From 90ff0307776451d4cd0fc61cc360d79cb3829391 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 1 Aug 2022 14:11:36 +0000 Subject: [PATCH 05/18] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/2i2c/binder-staging.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 8b916637f8..cb53a37327 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -31,8 +31,8 @@ binderhub: username_claim: "email" allowed_idps: - http://google.com/accounts/o8/id: - username_derivation: - username_claim: "email" + username_derivation: + username_claim: "email" username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' initContainers: - name: git-clone-templates From e65492dfe8fceaa0135c41ae44046909dbb71220 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 1 Aug 2022 15:15:01 +0100 Subject: [PATCH 06/18] Add missing config for auth on a BinderHub Copied from https://binderhub.readthedocs.io/en/latest/authentication.html#enabling-authentication --- .../clusters/2i2c/binder-staging.values.yaml | 13 +++++++++++-- .../enc-binder-staging.secret.values.yaml | 19 +++++++++++-------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index cb53a37327..855c47138b 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -15,7 +15,7 @@ binderhub: # The URL set as jupyterhub.ingress.hosts[0] in this config hub_url: https://hub.binder-staging.2i2c.cloud image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging- - + auth_enabled: true template_path: /etc/binderhub/custom/templates extra_static_path: /etc/binderhub/custom/static extra_static_url_prefix: /extra_static/ @@ -23,7 +23,14 @@ binderhub:

binder.pangeo.io is public infrastructure operated by the 2i2c team.

jupyterhub: hub: + redirectToServer: false config: + BinderSpawner: + auth_enabled: false + services: + binder: + oauth_no_confirm: true + oauth_redirect_uri: "https://binder-staging.2i2c.cloud/hub/oauth_callback" JupyterHub: authenticator_class: cilogon CILogonOAuthenticator: @@ -33,7 +40,9 @@ binderhub: - http://google.com/accounts/o8/id: username_derivation: username_claim: "email" - username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' + username_pattern: "^(.+@2i2c\.org|deployment-service-check)$" + singleuser: + cmd: jupyterhub-singleuser initContainers: - name: git-clone-templates image: alpine/git diff --git a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml index a89448261f..6cc152ce09 100644 --- a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml +++ b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml @@ -3,22 +3,25 @@ binderhub: hub: config: CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:RuqtZnjQa3x18fOFj8aOzcV2G5nNXOv0+HNDPQv6v5fl8kCtmaYvVKioSA/+jrVGHYA=,iv:GQwIR02EvvZ9afRePmfMveP4JrTTFb4gGxcbC2Y69kQ=,tag:rFal+Q2tiG+J0wWq4/LE1g==,type:str] - client_secret: ENC[AES256_GCM,data:komugh5Iy2b9+0fzRdB8IfKVDj9lYBsWVN4Eq80OmzFW3ykQJVf1b1Hq76px/UvsQ8ZyomJo/Gs9ES0xoM8OmHYi3S+bTRuAMLJ6je6IAMB93FEw+8M=,iv:k+mptWH6NP4p92UxfsF5CFxbRyY8uBCdE/2v3A6JTKw=,tag:aBa5+SlpI+2HiDLLDJo0nQ==,type:str] + client_id: ENC[AES256_GCM,data:0geI4CrkoLofGQiINJdHaf/t5h6CLh+vBX319Oq7g1s/KWUW/1EsXx/VKNx1U3tt/F4=,iv:m07AeKeBbhrnc8G+xQZ1Y3g75kAzdIfGZg7iBfv9UCI=,tag:orVcBLft0DkuZOy/H8jsAg==,type:str] + client_secret: ENC[AES256_GCM,data:Yh6xjgQ9SqeEGeGz9gmEl29a93/XvvbQNoSVyHvZIgXB5QOXUTuwdPWXQCkBO9rt5UD0TjWad+PYRtB3ek2vyzr5sgoBIA6934P2quCvpJxya7MpsLk=,iv:ppL9hmPba7TjXTt0ND0J44oVFkz89Nl1jhCWbvECz0w=,tag:kBtB5nOzw4gMFSeoqWEuDg==,type:str] + services: + binder: + oauth_client_id: ENC[AES256_GCM,data:Tdc9bQmU0F/0jMf/S14XqXJqeybBqtycc0cbhdUYpTpaWaOJM6x8SOfOw7B8HWE3rDM=,iv:b/lA734rHp6n56bTRrqs6CPzYtyqTesDnH+juCSRlx0=,tag:1WGNxA4/ZdDZdoIQ3wlOHA==,type:str] registry: - username: ENC[AES256_GCM,data:k4U0HNK3ViUF,iv:f87l847a0ZOGuYdOlqfoojHVdveurl7Hxwp7KNBZk7E=,tag:46eWy5HosU7yYTbilQ9MJA==,type:str] - password: ENC[AES256_GCM,data:HnOAdXI1Q7DtI+oUA+crjGd+glQOx8Td48G0Y5mMU5GZdbKPgdAV92BEY/MrKWb5ULdsnAKR8GYqmNr9Gr4K3f7debwpLCO6reKsGI37CUh0+RFrmGDvVkjaOE9fNMlqtEG3H+dePeFqCQXaBw7XPKEZcd+pcKID18mS5ZZD/R/x915uiIT7YupBAe3HUbxYbNGVo6o9MPbUoVxQQUseyWzU23i05BO8Abn0HGfeyuEo6XmH4TLkCbdJhqe0tWt6+rAfT42DFzIXeu2UmEZi2Uz94naJBv2QoTrgP0l9UW487Q8wyF8bFzhsxtcvxr0Iy8UifFJdcfrpMetN7dNj8x3k7lhZ7+dJz+KGmXI34+EUMRbJSE1qDqvOLOZt+EzE8dwmVx9hqFsYBpbjNfBaIRUD2ygUIoCmotkYEPLUM7WauFRrUC/MWNOMZBpJfEPbz722E8h164eiiI62JB0y3IheNbS8Sl9Se8uZrJW8vBvz56VlvV5dgyT+VXI7wVszeCMo3WG+oqZDX4l/4PY7Y3zIHuYRIEDl38FoAbflymF9mA/kfLE6Jjd00a2RVrILsxy+u/vML119axvFvgnCwdAXxDhd+HWO7hqTr7DEqrZY0ohhio6SRr+w75rNS7rMaBcoayNe1yUyBMxOOXkDoWRofMZIy8FLEfPE1eqmNHUeTmeAbfuc+S/JzvmBqEZhleJ+teF6a9ZeC4SaeqaVwfLarZSEHIOi4KknQV376ip3THOvYqNvDkUH9IH3yTLmUXU8dVGUT0lkHNxnIM0zJKROKMYaykXEwPewEvB0WNsmimGHBi7NPyQ2Ddc0MSCZvhXPr+saY2p4WPZEsIF6eKIGJNVH0EJF00Z9FCkY1hruBPClPcuO/uNu18O81H0NZmrXV31wfJE18uSINHkdOGk2qPox3/1YgMl7Gps6e8FelgzOLqz9MRIJJNgtED4hQY8MsAjkSjbtkwjZhPnl/m42DtdZNPgehmwFJ+1kmXAiOZhzL13skTezUZxYLRJbVbj+K6e3pj8uK/qn6wLjiEnEnYIKxJ3Yi2G6Ro+DaRW1B9vD/6mHar25hNDk+fQFT5/USr6FrRvlzXQCZg5FGk91LBjJUEUpVm/HYN/mh2do+X8KnJNp4+WqDzGi1ske0aJqpM+JN8mFHMnZoXUGp42pzL2NXr9yFtkvnLH7yleQXpfaILowVDPETbasFy5/DEd81P6cKLM5XxJ2meqv7rxVV33VtQ/O7IePzywhRQM1uvGzcmzlBYNyAkJUVGaOarLSP/T9SGi/twVOAi/Bi+lISdm4Ow07DD9BnSff6GnRcJAzbF6PbMWdC4qHPuZTyG0iHgP53NEsWTtWcWEEXs/naMzFrwTmS8AA+e8/T0nz/pz5/tGjqu1LGkxQO5Qot/A9RxZ2sGZZUI8SucP9T16MVNUXl14kF0WinFc241Gey0Qz9d4TK8QefTZ1AneYnH9IiYpJs/oDJ0k/c3vqz//4UDRb9cH4GGJChTGb9ryKnCW37UuOXh16722d5O/ACGhsUPPNHUB3doReCCfbM1ww/QYzXlzqJC/p/lbQ9hyCN/X6NhOdVUVJCrwkKtfZiCteWSd7ATaH10JcVJ1VjOmdKt2XAuEu+1wTfdr13GPCDuLoiVk8HTCaho15kHeE6InKHNLVGryrtm/bIWxnBNTl3uIMjAPnlnB33o9eu6Sq7V6jx9bsC3OXAqwuGiQzfO3TfkIJ5I9C0CURSAMY9Z4M0+yGD5qF/mIm/wphgJPYlcOec5ThJEaJ+ANlrQcKHmSlVWPTiUt5RCY18UXpCXt46okuE4mbc/8eAg3bCZ9JEmXFaH6uG2kLmjFaXA7I3X/mxBBr1sfXgw8EBPtNOkvMwy3L6j4Za8ZsaSjFBNDTEzNm2iSm06lylMmkQlIak+8pT+vor6Ai60Oqf/pF0FFM/DAnkfnbv+R8mZqsanMu6gCTWsfGGK5JqrvS+FSJNAfIwdVuJgsXkkVy6VzStcEcfKTRPfHyBcS7at78vqfchDLEwj2zJJweQrF1aHG2MjjhGQJY45hDlpfAZEyeZqBeLGAvAzAX7Wa31ax4E/Be6PA2M7bEJy36z/ZWm+uKmfHuESabUfqAt9PDJHuhxkEasjw2cvHCrCOE/je+geUVKcAweosrCAbd/rc78czLQqUWbUtunWkg3k47TPEPsbDYmjbfzc10D+SNlJSohIoGwKGU54vpD4zAV9g5nV/K+LY0fiUF89rAfxT443JxKth/tSFLyFiWv+BPhPHL+HFJ4R7BA6GLMK29WgODl4PNaz4P71iGovvu5Hg8fWf3UPCRGKz8XpS1oiF5MHJgQ+h8cCkiYQ6L9VnbprgiTVjCKvpxsEFq5JKU5llTFeGnmLMJOJl/YNlsZLrkyTZioiHJOCLkWT4ZM6PLaCG5myk1LO67Q1AVuw4/RuGkDeOSpEEsuGgfy8c/J8GBO+8Xb6qGEj/MHtAa4LFAvIL5WJWwAJrF26ID5BkB3u2E8zmb1WKVqplJVvMWQus3ctKBWmxvl0xUZosGwvgwqZVnQ4BEUNbZTqUpQGbdqBtx8hPo/ZTYbrbfl760fDX1OC3OmsZZRyF4oWZ/Pb+MQ2BaL7mCHrN0nGu1Ek6Egn/NVJ0FBJuAswJiluHA2fRAJRzfXxCcetMtfglCSt1WgsYEAYQIF403DyO088NQ7mcYlyYGntn88fPq+T/q/tv6A6nYhJ46Uwwe5lAu44ftO3HaxrUizamjB0xuz7PNt8tPEvd3IU6cVUqHuuBAp6OWctX1JtIZU9pp93GXqJzRIa/6NxNyQJujpBup8C85o+UxSFlUVIVIIB+rJuBOqKasINeqF+ld8zWglzoqNL3lvfYZLxdQJNrjCs5L9ka+u6xo0PDO+LVlWmVX0dE18jlXZRPwaqvD8BqJQPEMG0xDzwCSf0ip8Qud/Zq/wiBTpe4ZXbdveGfRMSO+85qhwGA/MmGbmJZpSaphBBtij9jvAr8P513lDXzBaW5/xVCmxx2PFRx8j2bmKRxwJQf7ZkoFKCLyK/o0EpgSC1Mn+XlzUW/HF7oVc08ZOYa8f1x7WQI6x4oe/PKR5zG2xwoLn2ymDKwwDfeYsaAtdV3dgutyq+kw3kfKZ80tYv7p7TBWYaafbgGINA==,iv:9GG/CZsI57aFJQCssW7iQg/4lHpTc4U5iHHNeZKh3c0=,tag:6IKw5v+ZffBvGIuD04pYHw==,type:str] + username: ENC[AES256_GCM,data:9LeQi3hx9Dkd,iv:A6BPZhzafi9ae2eCMAz22CIspdTiQ1YgPVJ21dK/20s=,tag:w0wnwXKca54wJFT2KObwdA==,type:str] + password: ENC[AES256_GCM,data:OE4Ju2EBsTNvVYZBvlOQjEe6kanRcEUO/kWf2RTe2Ph/Ju7/weHok4HN7OwVF53AURm1yasvpJXQyAaZY2BuGj/wb/4zVuwpWrlS0OnUnU6m2z/aIDcbx4Dg+g3bucjTQXGNqXwZFsBFCNrmAHyFQnTBJfuzKI9ryVBrVxrqNcd1CstZ/HBKJ0BHd3IcavLS1Aw3fXAgOg+XsHJ3afR27TqhTyu/rKKh5X6k1Gy7KsLT5XCqNz3RR04SEx3wR16LAp0NfIkThxNXdtGJeJ7mVYAYZbi9k5/PJNJPFNtruApAGl30wwXqUmYzk8PzOMY+guc/RCjdRueDwZ964Rj8E/yp+YqeWHlDrsefF30amQYjDQpuNx74XvNSA0CNhCOLZInsm2aTGR60F8NbEpffx3XKFp+gCYZfkVKo2h8JtmzUCqHHXS6ixUWEizJsH1fybtocD9CsO/XM/oHdCc+xZXQ/7OPA9dc+rieZS2ot+doIHgWt9dwOXOl/hVooX3VBDD4UY9LF2y+5VV1GO+VaDS9M1p1Ke1YSRIC/kiB+H86wkgyujdcjZ726vIV4C0poSR7dDSz7CZ0NdC6Yr6zLQK3/24pQ9TM5xnW6Q/b/UUcffdtDgwpOvPSkJFF+9kuzhl8Tr3A/TB1Z02a1LFgy2oWzFBpcCZL7gLiBgu4ocVm+IzyGG+HPCnmZL5ywruF+q8SE+zNzXNFtZpUGnqs9simNWp2Cg0kaZOExXrbQrh/OX8rMqkemU/Vr1APe/zqUN8L3U79aJOoFPZzv1xVy02xryBx5kZ13WfT23dbhZaPxdzbuRBBcU67Z7EQIN53JjQ5HcrP0tCs21KOp0tkBQP+x1OJO6F4OA/nEImMOLmfggvvY9yRDnG6re6YoyT6sMEToxxyOdRs7sAfdEIviig70n+7e9UUBdOcxk4wad+86jNa9sBR2fLZXY+XX8Gk5c95hkohaPwZ+u1k7C5wHS0nHxm9tKNkHFCKOqAOMkIP2/+OxEy8+M5fWUP8H4dic1sZQYyTR8mfGIqXwuAAGXLNjKOFbC4kzU4IFFr2qfH23wB/5BkuTz/3y1QWBJEB2fPaPEsNZMdxDumWRIsGXiBPeEb9QYMRgKHm2yS2AfXDh4kWBZ1Fzud6yw8EibQNSLzAYm5dvv8l4WVD+VFrO24MPQG8WCIjNJvJsdOayH4wE1YEeDeFr9JXk7pEbtfMrUFUxsAZoEC2/kFD4KN4424GXF9PO+nYrtu0u2G3XhkFR4MWbCVDAEdpXe08GBvkbuzxayMd/kU107AXT+qXSHOGIlDg4+9NjJSf7ikIaiwFPQDbs+jI3kNjk1SBcp3Th8Pxiq+Fynj2czrNtJbuioicft7JVm+1lTkkfcnv9CmjbSrZHJMmm6gWEQTJoO/h6VgW05jwuEsw4ZsW5GGJ6esYHLjLCEKk6jhyUHJDHyz3ANxKijyMd0kDbAW4BxujvHAw0XvpsX4joLk1dayDfoKJUGaZVwmEAbY8EAVGMmPgEGUHlc+KTaeSfrC11DTDUfG/DAOMWMdCLilYvDHikPrEkRtDddAMEDo4zERa6V8iOjHhfo/FV7mfF/Kf/ryZBkT2GBa81Afd5W/hvjiVtqwnsStHOiHcGg6pL8zTA4J3wNpySKyG8ISm/H6rCV/sN9g0ZGpY98BMhVUbhRK93bi+PAvhTkcbhIKiCfr9XIR5+3GtvkIJklGeQRofo0HROTeReUOf9PoudlTVV1cm1XV1zxf/rOg0DLquXYas5sraPWPmb7GVME+qhXOU68MEk9CUQJaAtPFW7p6UyJkw8rSn2ZhvDi1Qp4ahYdKZErIj+R8pYAXG/IuAHf0YvA5uGV1qnijwv8CJwqk11VMl9nQI0y2b5zZ2JV7gfnmRfzHbfCF35hqaGa4lqNkXLhQguoRIFfzlh5lGvTy+Qr8V58UUfacKh9OPqXAzXqpJ0FOy/PiNONS2LCdDWevB0rYHdcIqNbTK90J9rxw0DnpEMeM6MVrnapWTW2Kp3zqxS4opUBBF10Bb36W++G6/uTzTUzcZ4TMAfLIeX/sQ7aYEKy4Jk2Ui+6tH7CTUxePUIopKzCv0AT0DyiUdbsvAEGTlxdAvtAKLRUdOTxNyL3DErjcEBs02BQh1ua0ub/Qh8GapZVKOt4ZGcvFgbxYnb72wZffkKZEQW36Lod1NycdxYVWHR0zu6veDXAWsbLbIN79vdyOnRuddpRbhFkSHUbSoxNVGUnUKQ3e9MI/8j85Xrn4EDE6H8twK/PmJ17IQ9KYDLG0uYHOP6kLAQuKSvszuooEvwYNSvh04ySASdOYHOCDbFSUkZGaS9PLFt8hRyqdRnfhA+PThQfoyedCOhS3DxvBbEa9Y5rur1njvza+6G/E5LKP0o6Zr68YWrJaU2a4nzIgJc0vDgqA89zySYmsoydIunoehx9F5JptjOFNyJdY0qD/iP3NxPvvMoGcDv4av0WC33Ku/wKuEH1Zcpq+LevDYy89ldeSWHJBZkSAxoynCVJzmPTSYiypAT4Wzr+yOLL0fcoPaH/b95acIIO7QZYOJ9AjLTuWOOo6OCRQumxDYt5ffratK3k3rQJp/pzI5sYBvDdRrD9N10ZKl5F2i2qUqaVHqM9CV1gTpCKGcOpwIS832CpbSd5VsjbIi97HuQym1ZFMEL4i1XEF4wfWUUqupAaVoMZYTspiJ4zqc2KBlFSftdSz6yUFa7HDEKJflZ1tonF3AGubRGuy1oQfLkWoK8LZlbQBL2HdI/U32PydYcD2aDijRiKVVs9M+CZ5qYn1nnkuBtLtK2mJV3qUSK3VuclztoWscOthk1kkkufxk1TdmrFuYIjXck7tt5sXc5AQIqRN6Wm3ZiuBZoV5TLT/joz/UmzPkZ6bFSfK3iBxVyAy1mMvYpENjsaaq+J07NoIwJpUFciEosYJUGysJ3ITGvVVuBKc/O0P+Ibi98GsLCdrvr2NbYpUSgewfWqKar+MY2pol0bo/wItJvLYQyi7gECU8T5CUOGxDimGwYv0a62ZNY+p5xDy6p7UiHOh6KI8bIapvF7SQLg5oIE+NTSrID3zGoZWrDxQQqVk6XeCm4t0WPv1gKyCcutZcjDLkC0lhaLKXqnJFalreAtsICK+QTyW5PWRkorrvIJrJ4PA==,iv:4C0Qrd30FUuEiGuJzkr62KE6ZnF75Dfcp44jGaCYvAU=,tag:8efkAp6LbHqDavzGbQh3NQ==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-01T13:18:37Z" - enc: CiQA4OM7eCPRk629NK6+DDn7Gy/Peufg+kOWtHsew00rqKvuez8SSQBq6cPrK17q00TFVRWLU3xtIoK2nzpE36J19S+2a1vE+kX6c4Dr9njvMwN5FD/4i2+UeI9H031N5X4XfWbLAKcrpyWwhhFKaYc= + created_at: "2022-08-01T14:05:40Z" + enc: CiQA4OM7eBvlCz4HJOd6KfhEFgdrF/ttkqfBrPr+vllYTmeA/BYSSQBq6cPrnSK06vOUOKi/N/LsHQFknwhQiP4cH3LVJDy0p2GWL1z2/XtnIVljuyZCkSUomhKzNIp+ClTzsQ9EZ1+5nNslH4+yFN8= azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-08-01T13:18:37Z" - mac: ENC[AES256_GCM,data:OumJGzPVOAKcMiD/4/8Q6LFwW5yxG0E8I7DY+LvfEEDsLbrzUHuubL358ct3DL6NYTxeYBZiab5iqAmNAR81LpbTvnmEqUppQgvc1/kWnkBwLl/hJFPI9m1ltGvXwx5dtPMqUNP72N678jZvqLWNFoSjM43A5DPXURDSIf2svX8=,iv:lpUAiAEHZ/k0ZKYEacSR8cGNbuhaBJM2QUOJ+6+1dLk=,tag:NOqpDnmvt4Ah2aj6OERbrQ==,type:str] + lastmodified: "2022-08-01T14:05:40Z" + mac: ENC[AES256_GCM,data:I1y4m6A09pKG5d2evlf2iTJ16ZkoKqWdjN9pVq2x3YscZ0V/bglf+qFEjtYxDYOvDcuJOMZ7PxydqbiHi2rwCSixvvZScUhsuPO6C4fbeS0LqIhbV07NAgSvTPPkNYrjYaRLtscrwGVoDPGcFdenfYKzJeVraaRxUudXAtwY1tY=,iv:IX+Qklvc7q/UkAVBRIqR4U3HaK9ry+DLd2B+yNPQ9uk=,tag:Iwy1HYw2s1Xtu9o1+WXQug==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From f3d24f0c497ddfa330b5dcd8340c72f581f08c73 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 1 Aug 2022 16:00:16 +0100 Subject: [PATCH 07/18] Swap quote marks --- config/clusters/2i2c/binder-staging.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 855c47138b..f7db83ea62 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -40,7 +40,7 @@ binderhub: - http://google.com/accounts/o8/id: username_derivation: username_claim: "email" - username_pattern: "^(.+@2i2c\.org|deployment-service-check)$" + username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' singleuser: cmd: jupyterhub-singleuser initContainers: From 6b2e7012497c78966f978a4bc4b9c9b3fa603844 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 1 Aug 2022 16:35:42 +0100 Subject: [PATCH 08/18] delete repeated username_claim instance --- config/clusters/2i2c/binder-staging.values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index f7db83ea62..46632d1e31 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -35,12 +35,13 @@ binderhub: authenticator_class: cilogon CILogonOAuthenticator: oauth_callback_url: "https://binder-staging.2i2c.cloud/hub/oauth_callback" - username_claim: "email" allowed_idps: - http://google.com/accounts/o8/id: username_derivation: - username_claim: "email" + username_claim: email + Authenticator: username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' + delete_invalid_users: true singleuser: cmd: jupyterhub-singleuser initContainers: From c708ca0968303d409630d54ec32f7802542aaca9 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 11:54:07 +0200 Subject: [PATCH 09/18] Secure binder-staging under cilogon authentication --- .../clusters/2i2c/binder-staging.values.yaml | 32 ++++++++++++++++--- .../enc-binder-staging.secret.values.yaml | 19 +++++------ 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 46632d1e31..2b252ed688 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -13,7 +13,8 @@ binderhub: token_url: https://us-central1-docker.pkg.dev/v2/token?service= BinderHub: # The URL set as jupyterhub.ingress.hosts[0] in this config - hub_url: https://hub.binder-staging.2i2c.cloud + auth_enabled: True + hub_url: https://binder-staging.hub.2i2c.cloud image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging- auth_enabled: true template_path: /etc/binderhub/custom/templates @@ -69,9 +70,32 @@ binderhub: jupyterhub: ingress: + enabled: true hosts: - - hub.binder-staging.2i2c.cloud + - binder-staging.hub.2i2c.cloud tls: - - secretName: https-auto-tls-binder + - secretName: https-auto-tls-hub-binder hosts: - - hub.binder-staging.2i2c.cloud + - binder-staging.hub.2i2c.cloud + hub: + redirectToServer: false + services: + binder: + oauth_client_id: service-binderhub + oauth_no_confirm: true + oauth_redirect_uri: "https://binder-staging.2i2c.cloud/oauth_callback" + config: + BinderSpawner: + auth_enabled: true + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" + username_claim: "email" + # Only show the option to login with Google + shown_idps: + - http://google.com/accounts/o8/id + Authenticator: + allowed_users: &binder_staging_users + - georgianaelena@2i2c.org + admin_users: *binder_staging_users diff --git a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml index 6cc152ce09..75f0912059 100644 --- a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml +++ b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml @@ -3,25 +3,22 @@ binderhub: hub: config: CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:0geI4CrkoLofGQiINJdHaf/t5h6CLh+vBX319Oq7g1s/KWUW/1EsXx/VKNx1U3tt/F4=,iv:m07AeKeBbhrnc8G+xQZ1Y3g75kAzdIfGZg7iBfv9UCI=,tag:orVcBLft0DkuZOy/H8jsAg==,type:str] - client_secret: ENC[AES256_GCM,data:Yh6xjgQ9SqeEGeGz9gmEl29a93/XvvbQNoSVyHvZIgXB5QOXUTuwdPWXQCkBO9rt5UD0TjWad+PYRtB3ek2vyzr5sgoBIA6934P2quCvpJxya7MpsLk=,iv:ppL9hmPba7TjXTt0ND0J44oVFkz89Nl1jhCWbvECz0w=,tag:kBtB5nOzw4gMFSeoqWEuDg==,type:str] - services: - binder: - oauth_client_id: ENC[AES256_GCM,data:Tdc9bQmU0F/0jMf/S14XqXJqeybBqtycc0cbhdUYpTpaWaOJM6x8SOfOw7B8HWE3rDM=,iv:b/lA734rHp6n56bTRrqs6CPzYtyqTesDnH+juCSRlx0=,tag:1WGNxA4/ZdDZdoIQ3wlOHA==,type:str] + client_id: ENC[AES256_GCM,data:lmo+SPm5Fg5EeGdcYRzSJWOUC/OQgRkjfxIgCGKoTnDVb9BW0ur20eYSf/n2MRYc4E5S,iv:WJNvfVSiPESgtRcNGFMCvfdgnDkgsUaK1DfWgWWYzNw=,tag:8uu6rctiLC/G8wPh6S6erQ==,type:str] + client_secret: ENC[AES256_GCM,data:Zjp3ZWB2lhQ2a7Dk6b3NpFSesIh4MSXyL07QuVr97yDDQ4zyTrPYFAtoUEPoic9BPjhlFoDTmAFwgnhl5XfEf4EXmwSXf8AywQmtG+nVyaniEvERWgc=,iv:n3yln+IOt9GDg4ZjpapC00X9nf0ZhmIyYEFQQ/0JyRU=,tag:kZGN/hzcqtbu0+bcYgpf9A==,type:str] registry: - username: ENC[AES256_GCM,data:9LeQi3hx9Dkd,iv:A6BPZhzafi9ae2eCMAz22CIspdTiQ1YgPVJ21dK/20s=,tag:w0wnwXKca54wJFT2KObwdA==,type:str] - password: ENC[AES256_GCM,data:OE4Ju2EBsTNvVYZBvlOQjEe6kanRcEUO/kWf2RTe2Ph/Ju7/weHok4HN7OwVF53AURm1yasvpJXQyAaZY2BuGj/wb/4zVuwpWrlS0OnUnU6m2z/aIDcbx4Dg+g3bucjTQXGNqXwZFsBFCNrmAHyFQnTBJfuzKI9ryVBrVxrqNcd1CstZ/HBKJ0BHd3IcavLS1Aw3fXAgOg+XsHJ3afR27TqhTyu/rKKh5X6k1Gy7KsLT5XCqNz3RR04SEx3wR16LAp0NfIkThxNXdtGJeJ7mVYAYZbi9k5/PJNJPFNtruApAGl30wwXqUmYzk8PzOMY+guc/RCjdRueDwZ964Rj8E/yp+YqeWHlDrsefF30amQYjDQpuNx74XvNSA0CNhCOLZInsm2aTGR60F8NbEpffx3XKFp+gCYZfkVKo2h8JtmzUCqHHXS6ixUWEizJsH1fybtocD9CsO/XM/oHdCc+xZXQ/7OPA9dc+rieZS2ot+doIHgWt9dwOXOl/hVooX3VBDD4UY9LF2y+5VV1GO+VaDS9M1p1Ke1YSRIC/kiB+H86wkgyujdcjZ726vIV4C0poSR7dDSz7CZ0NdC6Yr6zLQK3/24pQ9TM5xnW6Q/b/UUcffdtDgwpOvPSkJFF+9kuzhl8Tr3A/TB1Z02a1LFgy2oWzFBpcCZL7gLiBgu4ocVm+IzyGG+HPCnmZL5ywruF+q8SE+zNzXNFtZpUGnqs9simNWp2Cg0kaZOExXrbQrh/OX8rMqkemU/Vr1APe/zqUN8L3U79aJOoFPZzv1xVy02xryBx5kZ13WfT23dbhZaPxdzbuRBBcU67Z7EQIN53JjQ5HcrP0tCs21KOp0tkBQP+x1OJO6F4OA/nEImMOLmfggvvY9yRDnG6re6YoyT6sMEToxxyOdRs7sAfdEIviig70n+7e9UUBdOcxk4wad+86jNa9sBR2fLZXY+XX8Gk5c95hkohaPwZ+u1k7C5wHS0nHxm9tKNkHFCKOqAOMkIP2/+OxEy8+M5fWUP8H4dic1sZQYyTR8mfGIqXwuAAGXLNjKOFbC4kzU4IFFr2qfH23wB/5BkuTz/3y1QWBJEB2fPaPEsNZMdxDumWRIsGXiBPeEb9QYMRgKHm2yS2AfXDh4kWBZ1Fzud6yw8EibQNSLzAYm5dvv8l4WVD+VFrO24MPQG8WCIjNJvJsdOayH4wE1YEeDeFr9JXk7pEbtfMrUFUxsAZoEC2/kFD4KN4424GXF9PO+nYrtu0u2G3XhkFR4MWbCVDAEdpXe08GBvkbuzxayMd/kU107AXT+qXSHOGIlDg4+9NjJSf7ikIaiwFPQDbs+jI3kNjk1SBcp3Th8Pxiq+Fynj2czrNtJbuioicft7JVm+1lTkkfcnv9CmjbSrZHJMmm6gWEQTJoO/h6VgW05jwuEsw4ZsW5GGJ6esYHLjLCEKk6jhyUHJDHyz3ANxKijyMd0kDbAW4BxujvHAw0XvpsX4joLk1dayDfoKJUGaZVwmEAbY8EAVGMmPgEGUHlc+KTaeSfrC11DTDUfG/DAOMWMdCLilYvDHikPrEkRtDddAMEDo4zERa6V8iOjHhfo/FV7mfF/Kf/ryZBkT2GBa81Afd5W/hvjiVtqwnsStHOiHcGg6pL8zTA4J3wNpySKyG8ISm/H6rCV/sN9g0ZGpY98BMhVUbhRK93bi+PAvhTkcbhIKiCfr9XIR5+3GtvkIJklGeQRofo0HROTeReUOf9PoudlTVV1cm1XV1zxf/rOg0DLquXYas5sraPWPmb7GVME+qhXOU68MEk9CUQJaAtPFW7p6UyJkw8rSn2ZhvDi1Qp4ahYdKZErIj+R8pYAXG/IuAHf0YvA5uGV1qnijwv8CJwqk11VMl9nQI0y2b5zZ2JV7gfnmRfzHbfCF35hqaGa4lqNkXLhQguoRIFfzlh5lGvTy+Qr8V58UUfacKh9OPqXAzXqpJ0FOy/PiNONS2LCdDWevB0rYHdcIqNbTK90J9rxw0DnpEMeM6MVrnapWTW2Kp3zqxS4opUBBF10Bb36W++G6/uTzTUzcZ4TMAfLIeX/sQ7aYEKy4Jk2Ui+6tH7CTUxePUIopKzCv0AT0DyiUdbsvAEGTlxdAvtAKLRUdOTxNyL3DErjcEBs02BQh1ua0ub/Qh8GapZVKOt4ZGcvFgbxYnb72wZffkKZEQW36Lod1NycdxYVWHR0zu6veDXAWsbLbIN79vdyOnRuddpRbhFkSHUbSoxNVGUnUKQ3e9MI/8j85Xrn4EDE6H8twK/PmJ17IQ9KYDLG0uYHOP6kLAQuKSvszuooEvwYNSvh04ySASdOYHOCDbFSUkZGaS9PLFt8hRyqdRnfhA+PThQfoyedCOhS3DxvBbEa9Y5rur1njvza+6G/E5LKP0o6Zr68YWrJaU2a4nzIgJc0vDgqA89zySYmsoydIunoehx9F5JptjOFNyJdY0qD/iP3NxPvvMoGcDv4av0WC33Ku/wKuEH1Zcpq+LevDYy89ldeSWHJBZkSAxoynCVJzmPTSYiypAT4Wzr+yOLL0fcoPaH/b95acIIO7QZYOJ9AjLTuWOOo6OCRQumxDYt5ffratK3k3rQJp/pzI5sYBvDdRrD9N10ZKl5F2i2qUqaVHqM9CV1gTpCKGcOpwIS832CpbSd5VsjbIi97HuQym1ZFMEL4i1XEF4wfWUUqupAaVoMZYTspiJ4zqc2KBlFSftdSz6yUFa7HDEKJflZ1tonF3AGubRGuy1oQfLkWoK8LZlbQBL2HdI/U32PydYcD2aDijRiKVVs9M+CZ5qYn1nnkuBtLtK2mJV3qUSK3VuclztoWscOthk1kkkufxk1TdmrFuYIjXck7tt5sXc5AQIqRN6Wm3ZiuBZoV5TLT/joz/UmzPkZ6bFSfK3iBxVyAy1mMvYpENjsaaq+J07NoIwJpUFciEosYJUGysJ3ITGvVVuBKc/O0P+Ibi98GsLCdrvr2NbYpUSgewfWqKar+MY2pol0bo/wItJvLYQyi7gECU8T5CUOGxDimGwYv0a62ZNY+p5xDy6p7UiHOh6KI8bIapvF7SQLg5oIE+NTSrID3zGoZWrDxQQqVk6XeCm4t0WPv1gKyCcutZcjDLkC0lhaLKXqnJFalreAtsICK+QTyW5PWRkorrvIJrJ4PA==,iv:4C0Qrd30FUuEiGuJzkr62KE6ZnF75Dfcp44jGaCYvAU=,tag:8efkAp6LbHqDavzGbQh3NQ==,type:str] + password: ENC[AES256_GCM,data:4NDH2rvYvN8jXrMEQtlVgS+2PM/KZhCaTLqe9O8QtdD/zqHKoAZGQMtfDYytuj7QRqQQ4CT/06xrxLCSQmoYBYrLtn81MkUoUqNXdCPYcWmlQB5vnNwP5+mgUDiPgK/EJaIZEfBdzJr4RRJ1F9sQO642WsQo7h399VjjP8LUC31r1GE6+pLXQqhKMrQEp6fSxOptivvyEomAHR2et98LM+rkW6XgIdY9Skkz50tEiq53x0QbaQrKUvOHTSSPtmRjTWDmghlJ0TKQb4HVZsZAWLtNuQV1O3/HwRM4oKBb0Cm8Zkz1/b/Knsdbo9vLcyfr0UQoKnntkliknfhTBss/cm1327kIzcWpQOatUBWsuPLOUM2ttoAq6VBUzsst1vig5J5DDQ/PmV63gv2O2iPzpQLFhQVM1lin/XwOIDq0L761kmw+8NtrdaDKPYE+XAa+06FwLj60F/cN/fvSMfoajklagOXvrIRVqTLGm2L1pshU/Ik9IaJomKSkTaC8KdqvuJy7bDGtqpQR5aNXzGONzo9+hJ0jMHeNnY2HJikIcHfwhKeRW/Ilb+6vWjiWvmeH9vPD7AsPMym7lfC2Tbo3eOhQ0DZ7Dh7/o2zv0bL7lC3QwiIS7OCCbH7BGBhsYWKtSs6WRIMwsvAYhH5pK0R9QChOWliRNUHQA8ZT4jPyRaf6VI+V6/it5brzcvQy6+xm+UBff6NL5svIyPngO89PDljEHFEnfL6xV0M2QaPoqjDAOEeFyL7F0AHLleaa0NHwIyUTM/CPvwadFxD/o2dqFIvckfGYi1Y45Yc8tia2U3Pm0TZfLVc4i3CaRy21daI7zolf69dCePhDF7XXCO1ljT9BOXVKNRdcWIA0V5byjba3cbQ3vMEI2VXJL/gWF1Phpi45pvQdO/5tVbx6R1Ai0awxm6RbRU7cXF7qRb3hIlQQ4weu24uncbySSE3oH3PmJBiwtRvin5c3znoLPnqltqfftybHTbikaYVrAt80dZgw3W8UOsEex67igESpGTXBECxLC0i+3rwo7xiNxrJ+/SCf/CIc+bOi4sBImZz1i9LUdLx12hza7K5qDUM92cIMKg4dEGcGDef0UpDKvMNA0POweq3nV5XOqc7+/55XRjiWNZeZ6eAeOTr8NPOlNBcLNZYtOJkGR7wGzYzP9To0AHeXJkbISpdGHan7xED87FGOrBAstfPUVG2ZXYkuGyGY/JfuIoWjXXvExOtSkMTkXYZPWM5vIWOILJM5/tkRXBRC2y2Lb+qugaldhudLneyhC90SbMplEanBhfa+kDjQVGlWFxkp4navazcMYDvDTydAGlsfi4GYC3BZGx5Z/8hByZiGeoeuy1yRhATEDeJUOAxTvKR+TtgUp7Pt4nAeOCRcFwYuxSf8EGKt1+XXgjZFSZnjAPe66A+HN/bOIwXuM0fXB58Tc58aMY8x/wMSdPXH9b/wM48YQ6xP/4VysEBW5Dg2P5CXhqIp4YTdJvNo/JRykADv5wc5NQ95w5z/6xB2fczYbdXEhKXiowACMoXON1F/sL8HzA4JzTxpYaVkzKMR1T7OYXyMs4ZJx+sViUVyx/2dMdXRBivXKZznPFbGx6n6rApPTGmxEVe5cYc6eDNFxFj2nt/fhEYFiMkYcRjpnXf0KtjtXnkKhVDYSn5rKrDjagsY78atJ7CSCy0EAY14k+DhHmr3gNGyHIZ1+R07jl5kM8g0iLS/I5HUjays01vQvP0tHP39u25hOh8AphWtSQJwQOCEXR8A22DsT9dxoWtzidxPRwje9BMTpAGue+IaGip9fdQ3tN23YprYwrkjMRH+y4nATEYztzLOZ3ointQ3nVHw6mdvbqUczreMR3s4ahTkMviJapxjltSE98+kJEc/sGfTnUNpiYqMAQCSAJZhirvnxWLc7p0BtevwB5XqsEQupqUXT1fC1ZUK5G9YPHR45YQcRAoCQB9L8VUulo7lYdjRMqWH8JCPoh83jqVX9XxynaWNotrzjiKPpUP4tSjufL/5cMyXxVvlzxEAUMcIaOwXpXezIlRUxvNXP/oC50YSQpSJEtgC4hbZM3ZbbxDwbEckI1cueiGwMUElN1TuIjMEyz6dGdQPmEA+FBVeGIs/x5LZhghD6/66LeCNB6Tv3m9YCv+Zj+yL4Zkiw9gpT7IT+wbQznuV+/h0FuEg+aLJD9RDZIPAxShr7sJiAWmGEFvkbL/A0FRzia2QYFhe95RMh+qvV0MuPvtaHc77ke9QFihWLaQYKgOAOqDJN9pIa5Il5Un6tOTBuLmSB7cdgeG47tdm0rCvr/B8N4WkuOX7aKNcrGXSpr2q3mZ4J0iOni3k6Wmz5R59r5/mXwz/oEPOzqgiNg48GT5LHjRaZayT0ePt57PJf4I4VsRBbgy/Cw11iXR5rr1IV36cOrO0lIMgJ8BGBrDkLtwD+noGWWPp2ONZFatEgSCmiSyIbpF8pLLIXowYcyFzws0g8suf7xSjjgbvmhxzomQ4VvuODFBj2zy/G+IfzWTsvXLAmgi/uZOd4H9waX1Wzrgz8mbt5l9LdQFBrVHKSJKmaMEq9U3Kaj2S//wIuGCahA2CQ/AVbtM6x6GDCIvac5joMJ7nIzG95GDSJVE8A97McQVlA5DdN2VLEb/zEnCjcnmFfSaJXaZM/gw7LNJi7bGBKnIDzKtuzO54ki66/YZT4iYbJBDI3jTfzgYsprm+f6Dc9uXnZWE2ublS3CEerl40IyPapkL4kleUe5Wx6ZEloU3bzjsGbx7xUpK+xj6oirUhZlrJvlkwaqhJYa9yQaqd9dkQxJpOnvMfgtRne5bSGRw7qXi36qzmLg32ctRwqf+PIcGLZV4POiIM2SeDaCNqrr+rkUftRaD5OfG464Sx56Y8QA+5yq8r9o6oO603bfxYVPn9KGV4ltmOVIbkKqk/b6ianaNAIdsJA9WOfDFynxZ8N0Rpfgl0/auUcDeJRnKESJTXE3uextZ7pHMNirWcSE7IfqflSCuXq8uRgFliKONFJ7EKsx5CdplQRFUrMRXuKwoDOplHFlGuR5qa/8yDmh3C+IdYKBkOnE5jnxLK1KOV3CWKfLD9EMV5j+pI89A07WoC5/W/PAAwR3rn6YYwqLm+wehtNngrVYKT4xKYVUNOpTKpUSrM7Ok3EtTEiw==,iv:1q+DrCDVZVS5sjOXLSxDaqTNP63hV/gX6vEA0DLdWEQ=,tag:skYSdgTtLKi7nB5oKFHYHA==,type:str] + username: ENC[AES256_GCM,data:RcTIaMP0pi98,iv:nszUBWnX0RFxIyZtXabdcsKhfab6gq0FWS0bQchPRsM=,tag:ns2cbMp38GTRNrbg7yso3g==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-01T14:05:40Z" - enc: CiQA4OM7eBvlCz4HJOd6KfhEFgdrF/ttkqfBrPr+vllYTmeA/BYSSQBq6cPrnSK06vOUOKi/N/LsHQFknwhQiP4cH3LVJDy0p2GWL1z2/XtnIVljuyZCkSUomhKzNIp+ClTzsQ9EZ1+5nNslH4+yFN8= + created_at: "2023-03-21T09:32:00Z" + enc: CiUA4OM7eGUo1x5cSQOKMOCKM2F+7MT5wWEd8zMnGxCRerQdCibVEkkALQgViN+uU1JfIwyrS5/ZeCobvHyAoR8rrG4RKwG9RBwlJnNL81MKzw7jDcvKJoxW+dgbGoDtJ4Sy/UZAZqD9ozTAlAeCPsXC azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-08-01T14:05:40Z" - mac: ENC[AES256_GCM,data:I1y4m6A09pKG5d2evlf2iTJ16ZkoKqWdjN9pVq2x3YscZ0V/bglf+qFEjtYxDYOvDcuJOMZ7PxydqbiHi2rwCSixvvZScUhsuPO6C4fbeS0LqIhbV07NAgSvTPPkNYrjYaRLtscrwGVoDPGcFdenfYKzJeVraaRxUudXAtwY1tY=,iv:IX+Qklvc7q/UkAVBRIqR4U3HaK9ry+DLd2B+yNPQ9uk=,tag:Iwy1HYw2s1Xtu9o1+WXQug==,type:str] + lastmodified: "2023-03-21T09:32:40Z" + mac: ENC[AES256_GCM,data:eeZncNjDsKB7XVNx4dO7DFUx4Mvi5pooDuM3Sh0ulpdDhaJFNDiTDDPjWwSdujyIHU7D+WduyQXqpinyM8UzHdUW2P6Xmbrctvf5/bvsRwBOrFkEBY8ab9BDCz3lZJmzEW62fnqYJOvXJS0L2GdXGqNsP8bw0PAR0FZFBSNwT5s=,iv:OH74i3b67NXozQ5zD9/62SHTioIloaMvjH6XAYvPz8A=,tag:wWce+Pzyr//R69blNrSRSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From c60332e0eeeb0d924f76d033366a57f8c2150307 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 11:56:16 +0200 Subject: [PATCH 10/18] Allow jupyterhub config in binderhub --- helm-charts/binderhub/values.schema.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/helm-charts/binderhub/values.schema.yaml b/helm-charts/binderhub/values.schema.yaml index 0bce03c743..648496f346 100644 --- a/helm-charts/binderhub/values.schema.yaml +++ b/helm-charts/binderhub/values.schema.yaml @@ -54,3 +54,6 @@ properties: global: type: object additionalProperties: true + jupyterhub: + type: object + additionalProperties: true From 540e2d8245dda78db65cbea4d27bfb80c8ab0a37 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 11:57:01 +0200 Subject: [PATCH 11/18] Don't skip 2i2c binder-staging --- .github/workflows/deploy-hubs.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index fb70d1c146..6a2cbdb1f0 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -215,10 +215,10 @@ jobs: run: | deployer deploy ${{ matrix.jobs.cluster_name }} dask-staging - # - name: Upgrade binder-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists - # if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' - # run: | - # deployer deploy ${{ matrix.jobs.cluster_name }} binder-staging + - name: Upgrade binder-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists + if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' + run: | + deployer deploy ${{ matrix.jobs.cluster_name }} binder-staging # Retry action: https://github.com/marketplace/actions/retry-step - name: Run health check for dask-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists From 34802364fee5e68b09c8eb65d3e7198e4d0276f9 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 12:01:10 +0200 Subject: [PATCH 12/18] Add entire 2i2c as admins --- config/clusters/2i2c/binder-staging.values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 2b252ed688..8aa6cfc49f 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -97,5 +97,13 @@ binderhub: - http://google.com/accounts/o8/id Authenticator: allowed_users: &binder_staging_users + - choldgraf@2i2c.org + - colliand@2i2c.org + - erik@2i2c.org + - damianavila@2i2c.org - georgianaelena@2i2c.org + - jmunroe@2i2c.org + - pnasrat@2i2c.org + - sgibson@2i2c.org + - yuvipanda@2i2c.org admin_users: *binder_staging_users From 5f389a6b40b3892e3b6c45a8e7612fd947fab00d Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 12:19:45 +0200 Subject: [PATCH 13/18] Use allowed_domain --- .../clusters/2i2c/binder-staging.values.yaml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 8aa6cfc49f..dcfb9de3d4 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -91,19 +91,12 @@ binderhub: authenticator_class: cilogon CILogonOAuthenticator: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" - username_claim: "email" # Only show the option to login with Google shown_idps: - http://google.com/accounts/o8/id - Authenticator: - allowed_users: &binder_staging_users - - choldgraf@2i2c.org - - colliand@2i2c.org - - erik@2i2c.org - - damianavila@2i2c.org - - georgianaelena@2i2c.org - - jmunroe@2i2c.org - - pnasrat@2i2c.org - - sgibson@2i2c.org - - yuvipanda@2i2c.org - admin_users: *binder_staging_users + allowed_idps: + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + allowed_domains: + - "2i2c.org" From 11f43f2eb5e2a4e4a113f1b1c0c4078b134f064d Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 12:45:12 +0200 Subject: [PATCH 14/18] Fix some dupes --- .../clusters/2i2c/binder-staging.values.yaml | 26 +------------------ 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index dcfb9de3d4..68435c5a7f 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -13,38 +13,14 @@ binderhub: token_url: https://us-central1-docker.pkg.dev/v2/token?service= BinderHub: # The URL set as jupyterhub.ingress.hosts[0] in this config - auth_enabled: True + auth_enabled: true hub_url: https://binder-staging.hub.2i2c.cloud image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging- - auth_enabled: true template_path: /etc/binderhub/custom/templates extra_static_path: /etc/binderhub/custom/static extra_static_url_prefix: /extra_static/ about_message: |

binder.pangeo.io is public infrastructure operated by the 2i2c team.

- jupyterhub: - hub: - redirectToServer: false - config: - BinderSpawner: - auth_enabled: false - services: - binder: - oauth_no_confirm: true - oauth_redirect_uri: "https://binder-staging.2i2c.cloud/hub/oauth_callback" - JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: "https://binder-staging.2i2c.cloud/hub/oauth_callback" - allowed_idps: - - http://google.com/accounts/o8/id: - username_derivation: - username_claim: email - Authenticator: - username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' - delete_invalid_users: true - singleuser: - cmd: jupyterhub-singleuser initContainers: - name: git-clone-templates image: alpine/git From 5dfc0ff0f22451b77183954faa0f5731abc722c1 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Mar 2023 12:51:04 +0200 Subject: [PATCH 15/18] Add missing config and set admins --- .../clusters/2i2c/binder-staging.values.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 68435c5a7f..14813bacca 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -60,11 +60,27 @@ binderhub: oauth_client_id: service-binderhub oauth_no_confirm: true oauth_redirect_uri: "https://binder-staging.2i2c.cloud/oauth_callback" + loadRoles: + user: + scopes: + - self + - "access:services" config: BinderSpawner: auth_enabled: true JupyterHub: authenticator_class: cilogon + Authenticator: + admin_users: + - choldgraf@2i2c.org + - colliand@2i2c.org + - erik@2i2c.org + - damianavila@2i2c.org + - georgianaelena@2i2c.org + - jmunroe@2i2c.org + - pnasrat@2i2c.org + - sgibson@2i2c.org + - yuvipanda@2i2c.org CILogonOAuthenticator: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" # Only show the option to login with Google @@ -76,3 +92,6 @@ binderhub: username_claim: "email" allowed_domains: - "2i2c.org" + singleuser: + # to make notebook servers aware of hub + cmd: jupyterhub-singleuser From 73d27bbdf5de38f51aca6203a591cd29d0773161 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Mar 2023 12:51:38 +0200 Subject: [PATCH 16/18] Don't deploy generated config for binderhubs --- deployer/hub.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployer/hub.py b/deployer/hub.py index f189df8d5b..17b8eb8e6b 100644 --- a/deployer/hub.py +++ b/deployer/hub.py @@ -137,6 +137,8 @@ def get_generated_config(self): # config may need to be nested as well. if self.spec["helm_chart"] == "daskhub": generated_config = {"basehub": generated_config} + elif self.spec["helm_chart"] == "binderhub": + generated_config = {} return generated_config From 1790d3e2b9712e97c91ba84fdecc4a1ead334642 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Mar 2023 12:53:00 +0200 Subject: [PATCH 17/18] This prop was added to accomodate the generated config. But that is not needed --- helm-charts/binderhub/values.schema.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/helm-charts/binderhub/values.schema.yaml b/helm-charts/binderhub/values.schema.yaml index 648496f346..0bce03c743 100644 --- a/helm-charts/binderhub/values.schema.yaml +++ b/helm-charts/binderhub/values.schema.yaml @@ -54,6 +54,3 @@ properties: global: type: object additionalProperties: true - jupyterhub: - type: object - additionalProperties: true From 7e3f9e3283f2ac1137a0f1db44c1dbc7532cf630 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Mar 2023 12:53:25 +0200 Subject: [PATCH 18/18] Match daskhub version with the one in the deployer and other hubs --- helm-charts/binderhub/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/binderhub/Chart.yaml b/helm-charts/binderhub/Chart.yaml index 71e5a8fafe..f53befa5ea 100644 --- a/helm-charts/binderhub/Chart.yaml +++ b/helm-charts/binderhub/Chart.yaml @@ -8,5 +8,5 @@ dependencies: version: "1.0.0-0.dev.git.3009.h9046454" repository: "https://jupyterhub.github.io/helm-chart/" - name: dask-gateway - version: "2022.10.0" + version: "2023.1.0" repository: "https://helm.dask.org/"