From 51bd1029919c8b5c156646bdf8e9d3e1f54659ae Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 11:54:07 +0200 Subject: [PATCH 1/5] Secure binder-staging under cilogon authentication --- .../clusters/2i2c/binder-staging.values.yaml | 32 ++++++++++++++++--- .../enc-binder-staging.secret.values.yaml | 20 ++++++++---- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 4886c219e0..062412b6e0 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -13,7 +13,8 @@ binderhub: token_url: https://us-central1-docker.pkg.dev/v2/token?service= BinderHub: # The URL set as jupyterhub.ingress.hosts[0] in this config - hub_url: https://hub.binder-staging.2i2c.cloud + auth_enabled: True + hub_url: https://binder-staging.hub.2i2c.cloud image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging- template_path: /etc/binderhub/custom/templates @@ -46,9 +47,32 @@ binderhub: jupyterhub: ingress: + enabled: true hosts: - - hub.binder-staging.2i2c.cloud + - binder-staging.hub.2i2c.cloud tls: - - secretName: https-auto-tls-binder + - secretName: https-auto-tls-hub-binder hosts: - - hub.binder-staging.2i2c.cloud + - binder-staging.hub.2i2c.cloud + hub: + redirectToServer: false + services: + binder: + oauth_client_id: service-binderhub + oauth_no_confirm: true + oauth_redirect_uri: "https://binder-staging.2i2c.cloud/oauth_callback" + config: + BinderSpawner: + auth_enabled: true + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" + username_claim: "email" + # Only show the option to login with Google + shown_idps: + - http://google.com/accounts/o8/id + Authenticator: + allowed_users: &binder_staging_users + - georgianaelena@2i2c.org + admin_users: *binder_staging_users diff --git a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml index 7538bf0164..75f0912059 100644 --- a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml +++ b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml @@ -1,18 +1,24 @@ binderhub: + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:lmo+SPm5Fg5EeGdcYRzSJWOUC/OQgRkjfxIgCGKoTnDVb9BW0ur20eYSf/n2MRYc4E5S,iv:WJNvfVSiPESgtRcNGFMCvfdgnDkgsUaK1DfWgWWYzNw=,tag:8uu6rctiLC/G8wPh6S6erQ==,type:str] + client_secret: ENC[AES256_GCM,data:Zjp3ZWB2lhQ2a7Dk6b3NpFSesIh4MSXyL07QuVr97yDDQ4zyTrPYFAtoUEPoic9BPjhlFoDTmAFwgnhl5XfEf4EXmwSXf8AywQmtG+nVyaniEvERWgc=,iv:n3yln+IOt9GDg4ZjpapC00X9nf0ZhmIyYEFQQ/0JyRU=,tag:kZGN/hzcqtbu0+bcYgpf9A==,type:str] registry: - username: ENC[AES256_GCM,data:SqV10MEVeCv0,iv:C+ueMwvNELqYMCdDz3AGcDcpbR89cYhdJcLtHL2IUGI=,tag:k788+6EmUtzFFh66d10IPw==,type:str] - password: ENC[AES256_GCM,data:7f5vvxgFcahSe8i7J7n1SaNlpnc0KUhG47OTonWQLJmeCaDWhpurRVM69fwcKC9l77OV5IW13rskld9TOH8L5p/GoVZrQ1GemBPRQ2yE3CebmIIr2+nD+h7QFN225hL4b1PAtG1CDcRzhf1itSFn6qxjgJBcaJDOTTb+RoCtUzcdkL6HeTL1BW+CN/zlQBMLyxmaRbLNo508fRI+qfYtNh7eOflA+1Madfjzrqc0UZha1wWtz2tLIG98tSLaPuI8xoMPRrjGeOrqoFXGQnRNjtgWj0l9j0uMdR+/O6X65UWl77yryWvxf4hoeL2trVz2weR1OFfZHgy96ZTaC/IIzAqzUHVHRj6oL38rPRQ+PmLfMMZterAZe4J19oVIBT53QNZ/GoCzvTX03Tg9XM4m0B/+xT11DZZR7B+duHBo/dh2dbcvI7ibH0kv7O6Ij7kyeJrzSlAj/WvBD9gXK5+l2xec8ZAqxNCHeMC+A3COT5yWFiQBig1Q9/8ToP3Qop4wtNyiIL5Ss7dW0jxTC+PzCxIBC2RgxRwZGk5frFgazOXHmV7kY/jZrQEGVPm1rtvN7y2J0LRXt7YjJs1HyhQ8wKLGzB8FbqcqHolHYNEkbJKTBomFIEC5yiWEyq6QS/De/FXc0HRd8EgYEUtpMM313fm2ymYP95HqkDPcX+aZklAFm+ZTPW9lyykM4kgj3MLpkxVdYyBJiFBc+NewRcOa73f2mziHNtVLbhUxdcO0voVjoFIsFeESoATUfRnK+/Ot15B0t1Hs3Rcmf9iCi9qPqgm/I0iIP+W/V0/KfprRqXMSZTuxJlpdvZQwa72uZZBtoZ1eZtzHy8F/u8V5+K+sjKD8BgDUx9MaaO0ExcI3ACsH0AbTuNmrg2VC0IQVnUVgbxfXJxcsgQsMmv2TORc6PDGGKUy8DFxb9jCGTUYX6ewgKRtyHYC+xFQEMHGOLV9WzPunC5MjSraLrCdNWzomXmVp/xP1k1ZBn7bVTZMeRfuPlu2HvHzCmZShCxUcE5MRf8eSkDwAuL9eTYZ91qx/6UxyL6TyluDUTCd/NZAhAVyUdgNS3xwgkgC6JwwVpSpYADNc+HoGGnhuyZXH7+vjDSASemHq4q4FoZ+a5YEdDY7ypaLJ3RXwo/Gz5LzrjsCZRPeKKP8gJYp8AaZqXYS+BISraCawHKKxyGXGPCnLz/OI8FmludKF/lBWI+2USzvg9yrQseWZtMGQn8GA7ZRFDu1UthoDEFuIor1V1WbCyHFbk1dVyLULxs7g23YSwLzr87/opkFvRarxbgAAJHOorHjOMEdK2pmJ0rQ6cBp4qtjxQ5+C9iTDcZcWGBe8Zt48u3lTL+RgoNR5U6tX2Djcnt+5/1CD3YibKsnKhgOTmJ57JYmsiGtEwU/3ct464Kw0MZk50C4nhfBpK4wqS/x+6AHFml/RAYtTBwUngm7PH29Z3BB3vunhjVkg7LdyihbnhV/CMMLMTR+wVAlwOqxId86WAN5qjF3SLWACCi+yGSQEZUDjCVkfyxzzRWRJG/IICEmJtK0xEYmvCr7fKMsLKIxDWOiC81MG1DgIAd4QwxnSQZByKbLbkOyhgAz6XIK2MAPPNdF0ouAERJk3jtIDFmZD7SVPPRI8sLt8WturSvln1YCSOpXO25g7AhkCwKYkF0ct209nR9NeAJwxMMiqYwoCgx8x0VpxXw67iudZXMfWGXhQXOhyjPXs3riNISNQCnBUVupwB3LJqNCcVTTTSA1vIYUFSVyTM68Yk03QLmMdw3yKewMI+We549hGmEfHGqmCtRkUMQgaouKMfSk5k5mGb7lHYFx3hXPQLHF97Gcga/QFX9619/4rHMqFdYqP0SQ1eoDz7Wb8FCiUTNptDR5lR6Scrh89tH90wbxLa65mbpfJDC/AEdqmnpNCvn0t1OnLvOB4DthNL+iW6YoWhrjTU9xOOrmE4ES52YWvBk/5eeZZG2Ryn3FVy1gxsQbTVBaZtR4SHXzwb6KRXgceY2d7EwjPU3kW5zRMTIDxNFO1D98+wUE35tgIxs66sgrqCkBzwCKzpilL3Bw2QKqG9+COcMHJoWIOHp7MvVgFZocLdab/+dSKso3n7S4+nkRfhVGNFopDhztNYdS9yMm1BC1+X/eo0odtv2P1kQ/Ts0K6AZfAHI92owjfMnaetre+B29MNQvjbBWipAR3LEUcyCeFx96AfkSGiPhgxtuWKEBBrrnPeWyXqZyPSOCgNWusQY1sQvzNYysz4KsXC1MQKXaELzXMhCIu45l3wCobr3q5W+S3gf5O8K9ADe7AcKZPFHd4xJBLQWOa1en/1Cjxi5Gq11oCJXs7+4kV93R1iqQsGDh9NtelZVb1GwjkynuKRhe3lfhQuSt76Cv03GW7U4DG7xccai/koETnan8EDgW65JOkFKi/3fbyjJywQzeMpoMmGJGWVHujeDcc26onE6egCIrsig4Nf3DOS9zmU/HxTto4cVdMX7HV9FfRHJiFY/CHEwdExfGz6IIg2aDMlsALfp0XmLf8oVRt8nGXOCNJlhOLkAo1NvQq3aXxv/0JsjdPCuev1DfWWULQOIm/hQXBQMTe5g8woIUxIM9VDezDMOEsmzKWUR2qVv6msnJRhLU6Nf8oBS3QurQkUcJcK4nwuj/VSrJORGYoPE/V3POHT3QhsPDi0PKaZtzwqLeh4jrKdKtS5Gwu1LSg5Hwg+2dt0XFaV+1SXugnA+u2IZrqr57m/6X7lbmfHo0OYyjM3ZLyx3ivxAOFqdH9TIsp4/RIIBY2TAD0HTSlX4JShTZEXKOZ9GKpkYwWPnyXDgSjggPyDpOqzJjHIZ5G2+IZL66OvpLEztnEyPm/lgt/P5gqdtsbCDNJxDFMwpqRlh0M93Rr1r1DFo7uPVQZomUERLXpwHDVh3nbzjAmnnQVsVo7SlHT0NuY7uzX4BVFq1YM4JmO7IspGDALZZlst2L08P65jqqRAI1Qd9QI9slTnxn27a2fFC6LwtrXCseLImveGdCcHlAntERTKYqSfOrNWYBICm1yyOFde9tj/9r4Uoe/C7sxYEH1I0fZBmihtG+llZeNsFwDAteUXBKLKeuK47DZSVWtwyd4KXdoxRVvfUh/ZNA5I4HTPYCLY70BxMHBf9pfuAK18/wA+gweys31/Q==,iv:j1UJUS3ThiKxIUngJlE2jWvTtNxhX/AFhvpBSWO2v30=,tag:rWd9n5aOpX0HqmH0IOguig==,type:str] + password: ENC[AES256_GCM,data:4NDH2rvYvN8jXrMEQtlVgS+2PM/KZhCaTLqe9O8QtdD/zqHKoAZGQMtfDYytuj7QRqQQ4CT/06xrxLCSQmoYBYrLtn81MkUoUqNXdCPYcWmlQB5vnNwP5+mgUDiPgK/EJaIZEfBdzJr4RRJ1F9sQO642WsQo7h399VjjP8LUC31r1GE6+pLXQqhKMrQEp6fSxOptivvyEomAHR2et98LM+rkW6XgIdY9Skkz50tEiq53x0QbaQrKUvOHTSSPtmRjTWDmghlJ0TKQb4HVZsZAWLtNuQV1O3/HwRM4oKBb0Cm8Zkz1/b/Knsdbo9vLcyfr0UQoKnntkliknfhTBss/cm1327kIzcWpQOatUBWsuPLOUM2ttoAq6VBUzsst1vig5J5DDQ/PmV63gv2O2iPzpQLFhQVM1lin/XwOIDq0L761kmw+8NtrdaDKPYE+XAa+06FwLj60F/cN/fvSMfoajklagOXvrIRVqTLGm2L1pshU/Ik9IaJomKSkTaC8KdqvuJy7bDGtqpQR5aNXzGONzo9+hJ0jMHeNnY2HJikIcHfwhKeRW/Ilb+6vWjiWvmeH9vPD7AsPMym7lfC2Tbo3eOhQ0DZ7Dh7/o2zv0bL7lC3QwiIS7OCCbH7BGBhsYWKtSs6WRIMwsvAYhH5pK0R9QChOWliRNUHQA8ZT4jPyRaf6VI+V6/it5brzcvQy6+xm+UBff6NL5svIyPngO89PDljEHFEnfL6xV0M2QaPoqjDAOEeFyL7F0AHLleaa0NHwIyUTM/CPvwadFxD/o2dqFIvckfGYi1Y45Yc8tia2U3Pm0TZfLVc4i3CaRy21daI7zolf69dCePhDF7XXCO1ljT9BOXVKNRdcWIA0V5byjba3cbQ3vMEI2VXJL/gWF1Phpi45pvQdO/5tVbx6R1Ai0awxm6RbRU7cXF7qRb3hIlQQ4weu24uncbySSE3oH3PmJBiwtRvin5c3znoLPnqltqfftybHTbikaYVrAt80dZgw3W8UOsEex67igESpGTXBECxLC0i+3rwo7xiNxrJ+/SCf/CIc+bOi4sBImZz1i9LUdLx12hza7K5qDUM92cIMKg4dEGcGDef0UpDKvMNA0POweq3nV5XOqc7+/55XRjiWNZeZ6eAeOTr8NPOlNBcLNZYtOJkGR7wGzYzP9To0AHeXJkbISpdGHan7xED87FGOrBAstfPUVG2ZXYkuGyGY/JfuIoWjXXvExOtSkMTkXYZPWM5vIWOILJM5/tkRXBRC2y2Lb+qugaldhudLneyhC90SbMplEanBhfa+kDjQVGlWFxkp4navazcMYDvDTydAGlsfi4GYC3BZGx5Z/8hByZiGeoeuy1yRhATEDeJUOAxTvKR+TtgUp7Pt4nAeOCRcFwYuxSf8EGKt1+XXgjZFSZnjAPe66A+HN/bOIwXuM0fXB58Tc58aMY8x/wMSdPXH9b/wM48YQ6xP/4VysEBW5Dg2P5CXhqIp4YTdJvNo/JRykADv5wc5NQ95w5z/6xB2fczYbdXEhKXiowACMoXON1F/sL8HzA4JzTxpYaVkzKMR1T7OYXyMs4ZJx+sViUVyx/2dMdXRBivXKZznPFbGx6n6rApPTGmxEVe5cYc6eDNFxFj2nt/fhEYFiMkYcRjpnXf0KtjtXnkKhVDYSn5rKrDjagsY78atJ7CSCy0EAY14k+DhHmr3gNGyHIZ1+R07jl5kM8g0iLS/I5HUjays01vQvP0tHP39u25hOh8AphWtSQJwQOCEXR8A22DsT9dxoWtzidxPRwje9BMTpAGue+IaGip9fdQ3tN23YprYwrkjMRH+y4nATEYztzLOZ3ointQ3nVHw6mdvbqUczreMR3s4ahTkMviJapxjltSE98+kJEc/sGfTnUNpiYqMAQCSAJZhirvnxWLc7p0BtevwB5XqsEQupqUXT1fC1ZUK5G9YPHR45YQcRAoCQB9L8VUulo7lYdjRMqWH8JCPoh83jqVX9XxynaWNotrzjiKPpUP4tSjufL/5cMyXxVvlzxEAUMcIaOwXpXezIlRUxvNXP/oC50YSQpSJEtgC4hbZM3ZbbxDwbEckI1cueiGwMUElN1TuIjMEyz6dGdQPmEA+FBVeGIs/x5LZhghD6/66LeCNB6Tv3m9YCv+Zj+yL4Zkiw9gpT7IT+wbQznuV+/h0FuEg+aLJD9RDZIPAxShr7sJiAWmGEFvkbL/A0FRzia2QYFhe95RMh+qvV0MuPvtaHc77ke9QFihWLaQYKgOAOqDJN9pIa5Il5Un6tOTBuLmSB7cdgeG47tdm0rCvr/B8N4WkuOX7aKNcrGXSpr2q3mZ4J0iOni3k6Wmz5R59r5/mXwz/oEPOzqgiNg48GT5LHjRaZayT0ePt57PJf4I4VsRBbgy/Cw11iXR5rr1IV36cOrO0lIMgJ8BGBrDkLtwD+noGWWPp2ONZFatEgSCmiSyIbpF8pLLIXowYcyFzws0g8suf7xSjjgbvmhxzomQ4VvuODFBj2zy/G+IfzWTsvXLAmgi/uZOd4H9waX1Wzrgz8mbt5l9LdQFBrVHKSJKmaMEq9U3Kaj2S//wIuGCahA2CQ/AVbtM6x6GDCIvac5joMJ7nIzG95GDSJVE8A97McQVlA5DdN2VLEb/zEnCjcnmFfSaJXaZM/gw7LNJi7bGBKnIDzKtuzO54ki66/YZT4iYbJBDI3jTfzgYsprm+f6Dc9uXnZWE2ublS3CEerl40IyPapkL4kleUe5Wx6ZEloU3bzjsGbx7xUpK+xj6oirUhZlrJvlkwaqhJYa9yQaqd9dkQxJpOnvMfgtRne5bSGRw7qXi36qzmLg32ctRwqf+PIcGLZV4POiIM2SeDaCNqrr+rkUftRaD5OfG464Sx56Y8QA+5yq8r9o6oO603bfxYVPn9KGV4ltmOVIbkKqk/b6ianaNAIdsJA9WOfDFynxZ8N0Rpfgl0/auUcDeJRnKESJTXE3uextZ7pHMNirWcSE7IfqflSCuXq8uRgFliKONFJ7EKsx5CdplQRFUrMRXuKwoDOplHFlGuR5qa/8yDmh3C+IdYKBkOnE5jnxLK1KOV3CWKfLD9EMV5j+pI89A07WoC5/W/PAAwR3rn6YYwqLm+wehtNngrVYKT4xKYVUNOpTKpUSrM7Ok3EtTEiw==,iv:1q+DrCDVZVS5sjOXLSxDaqTNP63hV/gX6vEA0DLdWEQ=,tag:skYSdgTtLKi7nB5oKFHYHA==,type:str] + username: ENC[AES256_GCM,data:RcTIaMP0pi98,iv:nszUBWnX0RFxIyZtXabdcsKhfab6gq0FWS0bQchPRsM=,tag:ns2cbMp38GTRNrbg7yso3g==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-06-22T14:34:29Z" - enc: CiQA4OM7eFGhTSXEWGRC+ziKmycAB7N4nIMJD6lPYfSZCW//vIwSSQBq6cPrXydjRStxCoJhHa7W9K7HO6Kc87M6Zy6IcZpntGCm9UnlV+GVO0DPd/EbR40IXSUkPTKCC4CykPk5CDzU0reIGEPOSmc= + created_at: "2023-03-21T09:32:00Z" + enc: CiUA4OM7eGUo1x5cSQOKMOCKM2F+7MT5wWEd8zMnGxCRerQdCibVEkkALQgViN+uU1JfIwyrS5/ZeCobvHyAoR8rrG4RKwG9RBwlJnNL81MKzw7jDcvKJoxW+dgbGoDtJ4Sy/UZAZqD9ozTAlAeCPsXC azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-06-22T14:34:29Z" - mac: ENC[AES256_GCM,data:w0ViXYtNKTU/dWokv+Yl4lJ0SBahWqw/4dLCyV/kfwNKmuBSustKpR/2vZzjCFyyZDR+jXuILWnpfmYVpHZcfLNKhhZcJNhEQDpfT/e822MPEI+kHEUwfYcRozFrA8EtmsHnSmI+2rDRlEtNObD64+aV6gVLoIP4e+pGu8cq2f8=,iv:IkCeO7Q79AOXeVryBh1YJNlXyvfbYdFwuN3mNl7oj98=,tag:jeEdamZbIhUDJTUuXQz58A==,type:str] + lastmodified: "2023-03-21T09:32:40Z" + mac: ENC[AES256_GCM,data:eeZncNjDsKB7XVNx4dO7DFUx4Mvi5pooDuM3Sh0ulpdDhaJFNDiTDDPjWwSdujyIHU7D+WduyQXqpinyM8UzHdUW2P6Xmbrctvf5/bvsRwBOrFkEBY8ab9BDCz3lZJmzEW62fnqYJOvXJS0L2GdXGqNsP8bw0PAR0FZFBSNwT5s=,iv:OH74i3b67NXozQ5zD9/62SHTioIloaMvjH6XAYvPz8A=,tag:wWce+Pzyr//R69blNrSRSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.1 + version: 3.7.3 From ed176c06ffea55b35aa4500dae842b442b9002b4 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 11:56:16 +0200 Subject: [PATCH 2/5] Allow jupyterhub config in binderhub --- helm-charts/binderhub/values.schema.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/helm-charts/binderhub/values.schema.yaml b/helm-charts/binderhub/values.schema.yaml index 0bce03c743..648496f346 100644 --- a/helm-charts/binderhub/values.schema.yaml +++ b/helm-charts/binderhub/values.schema.yaml @@ -54,3 +54,6 @@ properties: global: type: object additionalProperties: true + jupyterhub: + type: object + additionalProperties: true From 21fd70f3a9339d8a82ad4335a73e3fd5082b1ae2 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 11:57:01 +0200 Subject: [PATCH 3/5] Don't skip 2i2c binder-staging --- .github/workflows/deploy-hubs.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index fb70d1c146..6a2cbdb1f0 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -215,10 +215,10 @@ jobs: run: | deployer deploy ${{ matrix.jobs.cluster_name }} dask-staging - # - name: Upgrade binder-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists - # if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' - # run: | - # deployer deploy ${{ matrix.jobs.cluster_name }} binder-staging + - name: Upgrade binder-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists + if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' + run: | + deployer deploy ${{ matrix.jobs.cluster_name }} binder-staging # Retry action: https://github.com/marketplace/actions/retry-step - name: Run health check for dask-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists From eb04aa290cd4dd5a61c056037dadb517509ca5e6 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 12:01:10 +0200 Subject: [PATCH 4/5] Add entire 2i2c as admins --- config/clusters/2i2c/binder-staging.values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 062412b6e0..0d76a83211 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -74,5 +74,13 @@ binderhub: - http://google.com/accounts/o8/id Authenticator: allowed_users: &binder_staging_users + - choldgraf@2i2c.org + - colliand@2i2c.org + - erik@2i2c.org + - damianavila@2i2c.org - georgianaelena@2i2c.org + - jmunroe@2i2c.org + - pnasrat@2i2c.org + - sgibson@2i2c.org + - yuvipanda@2i2c.org admin_users: *binder_staging_users From eda8e8d7a8282e6274fa0ce10d824d5d9bad99d2 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Mar 2023 12:19:45 +0200 Subject: [PATCH 5/5] Use allowed_domain --- .../clusters/2i2c/binder-staging.values.yaml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 0d76a83211..856cb9ef3a 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -68,19 +68,12 @@ binderhub: authenticator_class: cilogon CILogonOAuthenticator: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" - username_claim: "email" # Only show the option to login with Google shown_idps: - http://google.com/accounts/o8/id - Authenticator: - allowed_users: &binder_staging_users - - choldgraf@2i2c.org - - colliand@2i2c.org - - erik@2i2c.org - - damianavila@2i2c.org - - georgianaelena@2i2c.org - - jmunroe@2i2c.org - - pnasrat@2i2c.org - - sgibson@2i2c.org - - yuvipanda@2i2c.org - admin_users: *binder_staging_users + allowed_idps: + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + allowed_domains: + - "2i2c.org"