oauthenticator 16: add allow_existing_users where allowed_users was c…

…onfigured
consideRatio · Sep 10, 2023 · 66056b9 · 66056b9
1 parent 65e892b
commit 66056b9
Show file tree

Hide file tree

Showing 15 changed files with 42 additions and 72 deletions.
diff --git a/config/clusters/2i2c/aup.values.yaml b/config/clusters/2i2c/aup.values.yaml
@@ -42,11 +42,9 @@ jupyterhub:
           http://github.com/login/oauth/authorize:
             username_derivation:
               username_claim: "preferred_username"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &aup_users
           - swalker
           - shaolintl

diff --git a/config/clusters/2i2c/neurohackademy.values.yaml b/config/clusters/2i2c/neurohackademy.values.yaml
@@ -55,20 +55,18 @@ jupyterhub:
     config:
       JupyterHub:
         authenticator_class: cilogon
-      Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
-        allowed_users: &neurohackademy_users
-          - arokem
-        admin_users: *neurohackademy_users
       CILogonOAuthenticator:
         oauth_callback_url: https://neurohackademy.2i2c.cloud/hub/oauth_callback
         allowed_idps:
           http://github.com/login/oauth/authorize:
             username_derivation:
               username_claim: "preferred_username"
+      OAuthenticator:
+        allow_existing_users: True
+      Authenticator:
+        allowed_users: &neurohackademy_users
+          - arokem
+        admin_users: *neurohackademy_users
     extraFiles:
       configurator-schema-default:
         data:

diff --git a/config/clusters/carbonplan/common.values.yaml b/config/clusters/carbonplan/common.values.yaml
@@ -192,11 +192,9 @@ basehub:
             http://github.com/login/oauth/authorize:
               username_derivation:
                 username_claim: "preferred_username"
+        OAuthenticator:
+          allow_existing_users: True
         Authenticator:
-          # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-          #        allow_existing_users=True, while in z3jh 3.0.0 this needs to
-          #        be configured explicitly.
-          #
           allowed_users: &users
             - maxrjones
           admin_users: *users

diff --git a/config/clusters/cloudbank/howard.values.yaml b/config/clusters/cloudbank/howard.values.yaml
@@ -36,11 +36,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &howard_users
           - [email protected]
           - [email protected]

diff --git a/config/clusters/cloudbank/lacc.values.yaml b/config/clusters/cloudbank/lacc.values.yaml
@@ -36,11 +36,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &lacc_users
           - [email protected]
           - [email protected]

diff --git a/config/clusters/cloudbank/palomar.values.yaml b/config/clusters/cloudbank/palomar.values.yaml
@@ -36,11 +36,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &palomar_users
           - [email protected]
           - [email protected]

diff --git a/config/clusters/cloudbank/sbcc-dev.values.yaml b/config/clusters/cloudbank/sbcc-dev.values.yaml
@@ -39,11 +39,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &sbcc_users
           - [email protected]
           - [email protected]

diff --git a/config/clusters/cloudbank/sbcc.values.yaml b/config/clusters/cloudbank/sbcc.values.yaml
@@ -39,11 +39,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &sbcc_users
           - [email protected]
           - [email protected]

diff --git a/config/clusters/cloudbank/staging.values.yaml b/config/clusters/cloudbank/staging.values.yaml
@@ -36,11 +36,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &staging_users
           - [email protected]
         admin_users: *staging_users
diff --git a/config/clusters/cloudbank/tuskegee.values.yaml b/config/clusters/cloudbank/tuskegee.values.yaml
@@ -36,11 +36,9 @@ jupyterhub:
           urn:mace:incommon:berkeley.edu:
             username_derivation:
               username_claim: "email"
+      OAuthenticator:
+        allow_existing_users: True
       Authenticator:
-        # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-        #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-        #        configured explicitly.
-        #
         allowed_users: &tuskegee_users
           - [email protected]
           - [email protected]

diff --git a/config/clusters/gridsst/common.values.yaml b/config/clusters/gridsst/common.values.yaml
@@ -36,18 +36,16 @@ basehub:
             url: https://science.nasa.gov/earth-science/focus-areas/climate-variability-and-change/ocean-physics
     hub:
       config:
+        JupyterHub:
+          authenticator_class: github
+        OAuthenticator:
+          allow_existing_users: True
         Authenticator:
-          # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-          #        allow_existing_users=True, while in z3jh 3.0.0 this needs to
-          #        be configured explicitly.
-          #
           allowed_users: &gridsst_users
             - alisonrgray
             - nikki-t
             - dgumustel
           admin_users: *gridsst_users
-        JupyterHub:
-          authenticator_class: github
     singleuser:
       profileList:
         # The mem-guarantees are here so k8s doesn't schedule other pods

diff --git a/config/clusters/jupyter-meets-the-earth/common.values.yaml b/config/clusters/jupyter-meets-the-earth/common.values.yaml
@@ -226,11 +226,9 @@ basehub:
             http://github.com/login/oauth/authorize:
               username_derivation:
                 username_claim: "preferred_username"
+        OAuthenticator:
+          allow_existing_users: True
         Authenticator:
-          # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-          #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-          #        configured explicitly.
-          #
           allowed_users: &users
             # This is just listing a few of the users/admins, a lot of
             # users has been added manually, see:

diff --git a/config/clusters/meom-ige/common.values.yaml b/config/clusters/meom-ige/common.values.yaml
@@ -90,11 +90,9 @@ basehub:
             http://github.com/login/oauth/authorize:
               username_derivation:
                 username_claim: "preferred_username"
+        OAuthenticator:
+          allow_existing_users: True
         Authenticator:
-          # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-          #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-          #        configured explicitly.
-          #
           allowed_users: &users
             - roxyboy
             - lesommer

diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml
@@ -58,16 +58,14 @@ basehub:
             http://github.com/login/oauth/authorize:
               username_derivation:
                 username_claim: "preferred_username"
+        OAuthenticator:
+          allow_existing_users: True
         Authenticator:
           admin_users: &users
             - amfriesz
             - jules32
             - erinmr
             - betolink
-          # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-          #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-          #        configured explicitly.
-          #
           allowed_users: *users
 dask-gateway:
   gateway:

diff --git a/config/clusters/pangeo-hubs/coessing.values.yaml b/config/clusters/pangeo-hubs/coessing.values.yaml
@@ -34,16 +34,6 @@ basehub:
         node.kubernetes.io/instance-type: n1-standard-2
     hub:
       config:
-        Authenticator:
-          admin_users: &admin_users
-            - [email protected]
-          # FIXME: In z2jh 3.0.0-beta.1, a truthy allowed_users implies
-          #        allow_existing_users=True, while in z3jh 3.0.0 this needs to be
-          #        configured explicitly.
-          #
-          allowed_users: *admin_users
-          # Delete any prior existing users in the db that don't pass username_pattern
-          delete_invalid_users: true
         JupyterHub:
           authenticator_class: cilogon
         CILogonOAuthenticator:
@@ -52,3 +42,11 @@ basehub:
             http://google.com/accounts/o8/id:
               username_derivation:
                 username_claim: "email"
+        OAuthenticator:
+          allow_existing_users: True
+        Authenticator:
+          admin_users: &admin_users
+            - [email protected]
+          allowed_users: *admin_users
+          # Delete any prior existing users in the db that don't pass username_pattern
+          delete_invalid_users: true