oauthenticator 16: remove outdated comment about allowed_users

config/clusters/2i2c-aws-us/dask-staging.values.yaml

@@ -33,15 +33,6 @@ basehub:
         tag: "2022.06.02"
     hub:
       config:
-        Authenticator:
-          # This hub uses GitHub Org auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed orgs.
-          #
-          # You must always set admin_users, even if it is an empty list,
-          # otherwise `add_staff_user_ids_to_admin_users: true` will fail
-          # silently and no staff members will have admin access.
-          admin_users: []
         JupyterHub:
           authenticator_class: "github"
         GitHubOAuthenticator:
@@ -50,3 +41,8 @@ basehub:
             - 2i2c-org
           scope:
             - read:org
+        Authenticator:
+          # You must always set admin_users, even if it is an empty list,
+          # otherwise `add_staff_user_ids_to_admin_users: true` will fail
+          # silently and no staff members will have admin access.
+          admin_users: []

config/clusters/2i2c-aws-us/researchdelight.values.yaml

@@ -34,15 +34,15 @@ basehub:
       config:
         JupyterHub:
           authenticator_class: github
-        Authenticator:
-          enable_auth_state: true
         GitHubOAuthenticator:
           populate_teams_in_auth_state: true
           allowed_organizations:
             - 2i2c-org:hub-access-for-2i2c-staff
             - 2i2c-org:research-delight-team
           scope:
             - read:org
+        Authenticator:
+          enable_auth_state: true
     singleuser:
       image:
         name: quay.io/2i2c/researchdelight-image

config/clusters/2i2c-aws-us/staging.values.yaml

@@ -28,15 +28,6 @@ jupyterhub:
           url: https://2i2c.org
   hub:
     config:
-      Authenticator:
-        # This hub uses GitHub Org auth and so we don't set
-        # allowed_users in order to not deny access to valid members of
-        # the listed orgs.
-        #
-        # You must always set admin_users, even if it is an empty list,
-        # otherwise `add_staff_user_ids_to_admin_users: true` will fail
-        # silently and no staff members will have admin access.
-        admin_users: []
       JupyterHub:
         authenticator_class: "github"
       GitHubOAuthenticator:
@@ -45,3 +36,8 @@ jupyterhub:
           - 2i2c-org
         scope:
           - read:org
+      Authenticator:
+        # You must always set admin_users, even if it is an empty list,
+        # otherwise `add_staff_user_ids_to_admin_users: true` will fail
+        # silently and no staff members will have admin access.
+        admin_users: []

config/clusters/2i2c-uk/lis.values.yaml

@@ -49,17 +49,14 @@ jupyterhub:
     config:
       JupyterHub:
         authenticator_class: github
-      Authenticator:
-        # This hub uses GitHub Orgs auth and so we don't set
-        # allowed_users in order to not deny access to valid members of
-        # the listed orgs. These people should have admin access though.
-        admin_users:
-          - LaCrecerelle
-          - matthew-brett
       GitHubOAuthenticator:
+        oauth_callback_url: "https://ds.lis.2i2c.cloud/hub/oauth_callback"
         allowed_organizations:
           - 2i2c-org
           - lisacuk
         scope:
           - read:org
-        oauth_callback_url: "https://ds.lis.2i2c.cloud/hub/oauth_callback"
+      Authenticator:
+        admin_users:
+          - LaCrecerelle
+          - matthew-brett

config/clusters/awi-ciroh/common.values.yaml

@@ -33,21 +33,18 @@ basehub:
       config:
         JupyterHub:
           authenticator_class: github
-        Authenticator:
-          # This hub uses GitHub Orgs auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed orgs. These people should have admin access though.
-          admin_users:
-            - jameshalgren
-            - arpita0911patel
-            - karnesh
         GitHubOAuthenticator:
           allowed_organizations:
             - 2i2c-org
             - alabamawaterinstitute
             - NOAA-OWP
           scope:
             - read:org
+        Authenticator:
+          admin_users:
+            - jameshalgren
+            - arpita0911patel
+            - karnesh
     singleuser:
       image:
         # Image build repo: https://github.com/2i2c-org/awi-ciroh-image

config/clusters/leap/common.values.yaml

@@ -42,14 +42,6 @@ basehub:
         tag: "0.0.1-0.dev.git.6863.h406a3546"
       allowNamedServers: true
       config:
-        Authenticator:
-          enable_auth_state: true
-          # This hub uses GitHub Teams auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed teams. These people should have admin access though.
-          admin_users:
-            - rabernat
-            - jbusecke
         JupyterHub:
           authenticator_class: github
           # Announcement is a JupyterHub feature to present messages to users in
@@ -76,6 +68,11 @@ basehub:
             - 2i2c-org:hub-access-for-2i2c-staff
           scope:
             - read:org
+        Authenticator:
+          enable_auth_state: true
+          admin_users:
+            - rabernat
+            - jbusecke
     singleuser:
       image:
         name: pangeo/pangeo-notebook

config/clusters/linked-earth/common.values.yaml

@@ -33,18 +33,15 @@ basehub:
       config:
         JupyterHub:
           authenticator_class: github
-        Authenticator:
-          # This hub uses GitHub Orgs auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed orgs. These people should have admin access though.
-          admin_users:
-            - khider
         GitHubOAuthenticator:
           allowed_organizations:
             - 2i2c-org
             - LinkedEarth
           scope:
             - read:org
+        Authenticator:
+          admin_users:
+            - khider
     singleuser:
       image:
         # User image repo: https://quay.io/repository/linkedearth/pyleoclim

config/clusters/m2lines/common.values.yaml

@@ -39,14 +39,6 @@ basehub:
     hub:
       allowNamedServers: true
       config:
-        Authenticator:
-          # This hub uses GitHub Teams auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed teams. These people should have admin access though.
-          admin_users:
-            - rabernat
-            - johannag126
-            - jbusecke
         JupyterHub:
           authenticator_class: github
         GitHubOAuthenticator:
@@ -55,6 +47,11 @@ basehub:
             - 2i2c-org:hub-access-for-2i2c-staff
           scope:
             - read:org
+        Authenticator:
+          admin_users:
+            - rabernat
+            - johannag126
+            - jbusecke
     singleuser:
       extraFiles:
         jupyter_notebook_config.json:

config/clusters/nasa-cryo/common.values.yaml

@@ -37,21 +37,6 @@ basehub:
     hub:
       allowNamedServers: true
       config:
-        Authenticator:
-          # We are restricting profiles based on GitHub Team membership and
-          # so need to persist auth state
-          enable_auth_state: true
-          # This hub uses GitHub Teams auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed teams. These people should have admin access though.
-          admin_users:
-            - tsnow03
-            - JessicaS11
-            - jdmillstein
-            - dfelikson
-            - fperez
-            - scottyhq
-            - jomey
         JupyterHub:
           authenticator_class: github
         GitHubOAuthenticator:
@@ -64,6 +49,19 @@ basehub:
             - CryoInTheCloud:cryocloudadvanced
           scope:
             - read:org
+        Authenticator:
+          # We are restricting profiles based on GitHub Team membership and
+          # so need to persist auth state
+          enable_auth_state: true
+          admin_users:
+            - tsnow03
+            - JessicaS11
+            - jdmillstein
+            - dfelikson
+            - fperez
+            - scottyhq
+            - jomey
+
     singleuser:
       extraFiles:
         # jupyter_server_config.json is defined by basehub, this entry adds to it

config/clusters/pangeo-hubs/common.values.yaml

@@ -38,15 +38,6 @@ basehub:
     hub:
       allowNamedServers: true
       config:
-        Authenticator:
-          # This hub uses GitHub Teams auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed teams. These people should have admin access though.
-          admin_users:
-            - rabernat
-            - jhamman
-            - scottyhq
-            - TomAugspurger
         JupyterHub:
           authenticator_class: github
         GitHubOAuthenticator:
@@ -55,6 +46,12 @@ basehub:
             - 2i2c-org:hub-access-for-2i2c-staff
           scope:
             - read:org
+        Authenticator:
+          admin_users:
+            - rabernat
+            - jhamman
+            - scottyhq
+            - TomAugspurger
     singleuser:
       extraEnv:
         GH_SCOPED_CREDS_CLIENT_ID: "Iv1.c90ee430400a347f"

config/clusters/qcl/common.values.yaml

@@ -36,13 +36,6 @@ jupyterhub:
   hub:
     allowNamedServers: true
     config:
-      Authenticator:
-        # This hub uses GitHub Teams auth and so we don't set
-        # allowed_users in order to not deny access to valid members of
-        # the listed teams. These people should have admin access though.
-        admin_users:
-          - gizmo404
-          - jtkmckenna
       JupyterHub:
         authenticator_class: github
       GitHubOAuthenticator:
@@ -51,6 +44,10 @@ jupyterhub:
           - QuantifiedCarbon:jupyterhub
         scope:
           - read:org
+      Authenticator:
+        admin_users:
+          - gizmo404
+          - jtkmckenna
   singleuser:
     image:
       # pangeo/pangeo-notebook is maintained at: https://github.com/pangeo-data/pangeo-docker-images

config/clusters/smithsonian/common.values.yaml

@@ -48,9 +48,6 @@ basehub:
             - read:org
         Authenticator:
           enable_auth_state: true
-          # This hub uses GitHub Orgs auth and so we don't set allowed_users in
-          # order to not deny access to valid members of the listed orgs. These
-          # people should have admin access though.
           admin_users:
             - MikeTrizna # Mike Trizna
             - rdikow # Rebecca Dikow

config/clusters/victor/common.values.yaml

@@ -34,13 +34,6 @@ basehub:
             url: https://people.climate.columbia.edu/projects/sponsor/National%20Science%20Foundation
     hub:
       config:
-        Authenticator:
-          # This hub uses GitHub Teams auth and so we don't set
-          # allowed_users in order to not deny access to valid members of
-          # the listed teams. These people should have admin access though.
-          admin_users:
-            - einatlev-ldeo
-            - SamKrasnoff
         JupyterHub:
           authenticator_class: github
         GitHubOAuthenticator:
@@ -49,6 +42,10 @@ basehub:
             - VICTOR-Community:victoraccess
           scope:
             - read:org
+        Authenticator:
+          admin_users:
+            - einatlev-ldeo
+            - SamKrasnoff
     singleuser:
       profileList:
         # The mem-guarantees are here so k8s doesn't schedule other pods