From 8b3399f23b2858cbda7a9e0fa8023c98613978ec Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 10 Sep 2023 19:18:42 +0200 Subject: [PATCH] oauthenticator 16: remove outdated comment about allowed_users --- .../2i2c-aws-us/dask-staging.values.yaml | 14 ++++------ .../2i2c-aws-us/researchdelight.values.yaml | 4 +-- .../clusters/2i2c-aws-us/staging.values.yaml | 14 ++++------ config/clusters/2i2c-uk/lis.values.yaml | 13 ++++----- config/clusters/awi-ciroh/common.values.yaml | 13 ++++----- config/clusters/leap/common.values.yaml | 13 ++++----- .../clusters/linked-earth/common.values.yaml | 9 ++---- config/clusters/m2lines/common.values.yaml | 13 ++++----- config/clusters/nasa-cryo/common.values.yaml | 28 +++++++++---------- .../clusters/pangeo-hubs/common.values.yaml | 15 ++++------ config/clusters/qcl/common.values.yaml | 11 +++----- .../clusters/smithsonian/common.values.yaml | 3 -- config/clusters/victor/common.values.yaml | 11 +++----- 13 files changed, 62 insertions(+), 99 deletions(-) diff --git a/config/clusters/2i2c-aws-us/dask-staging.values.yaml b/config/clusters/2i2c-aws-us/dask-staging.values.yaml index 49def94b2c..6b2569467d 100644 --- a/config/clusters/2i2c-aws-us/dask-staging.values.yaml +++ b/config/clusters/2i2c-aws-us/dask-staging.values.yaml @@ -33,15 +33,6 @@ basehub: tag: "2022.06.02" hub: config: - Authenticator: - # This hub uses GitHub Org auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed orgs. - # - # You must always set admin_users, even if it is an empty list, - # otherwise `add_staff_user_ids_to_admin_users: true` will fail - # silently and no staff members will have admin access. - admin_users: [] JupyterHub: authenticator_class: "github" GitHubOAuthenticator: @@ -50,3 +41,8 @@ basehub: - 2i2c-org scope: - read:org + Authenticator: + # You must always set admin_users, even if it is an empty list, + # otherwise `add_staff_user_ids_to_admin_users: true` will fail + # silently and no staff members will have admin access. + admin_users: [] diff --git a/config/clusters/2i2c-aws-us/researchdelight.values.yaml b/config/clusters/2i2c-aws-us/researchdelight.values.yaml index a4c4c0532c..0e7ba535df 100644 --- a/config/clusters/2i2c-aws-us/researchdelight.values.yaml +++ b/config/clusters/2i2c-aws-us/researchdelight.values.yaml @@ -34,8 +34,6 @@ basehub: config: JupyterHub: authenticator_class: github - Authenticator: - enable_auth_state: true GitHubOAuthenticator: populate_teams_in_auth_state: true allowed_organizations: @@ -43,6 +41,8 @@ basehub: - 2i2c-org:research-delight-team scope: - read:org + Authenticator: + enable_auth_state: true singleuser: image: name: quay.io/2i2c/researchdelight-image diff --git a/config/clusters/2i2c-aws-us/staging.values.yaml b/config/clusters/2i2c-aws-us/staging.values.yaml index 13e68094d4..8992c8403c 100644 --- a/config/clusters/2i2c-aws-us/staging.values.yaml +++ b/config/clusters/2i2c-aws-us/staging.values.yaml @@ -28,15 +28,6 @@ jupyterhub: url: https://2i2c.org hub: config: - Authenticator: - # This hub uses GitHub Org auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed orgs. - # - # You must always set admin_users, even if it is an empty list, - # otherwise `add_staff_user_ids_to_admin_users: true` will fail - # silently and no staff members will have admin access. - admin_users: [] JupyterHub: authenticator_class: "github" GitHubOAuthenticator: @@ -45,3 +36,8 @@ jupyterhub: - 2i2c-org scope: - read:org + Authenticator: + # You must always set admin_users, even if it is an empty list, + # otherwise `add_staff_user_ids_to_admin_users: true` will fail + # silently and no staff members will have admin access. + admin_users: [] diff --git a/config/clusters/2i2c-uk/lis.values.yaml b/config/clusters/2i2c-uk/lis.values.yaml index 87c0ea6207..8c6e3d943b 100644 --- a/config/clusters/2i2c-uk/lis.values.yaml +++ b/config/clusters/2i2c-uk/lis.values.yaml @@ -49,17 +49,14 @@ jupyterhub: config: JupyterHub: authenticator_class: github - Authenticator: - # This hub uses GitHub Orgs auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed orgs. These people should have admin access though. - admin_users: - - LaCrecerelle - - matthew-brett GitHubOAuthenticator: + oauth_callback_url: "https://ds.lis.2i2c.cloud/hub/oauth_callback" allowed_organizations: - 2i2c-org - lisacuk scope: - read:org - oauth_callback_url: "https://ds.lis.2i2c.cloud/hub/oauth_callback" + Authenticator: + admin_users: + - LaCrecerelle + - matthew-brett diff --git a/config/clusters/awi-ciroh/common.values.yaml b/config/clusters/awi-ciroh/common.values.yaml index 344f2982cd..e05c6c001d 100644 --- a/config/clusters/awi-ciroh/common.values.yaml +++ b/config/clusters/awi-ciroh/common.values.yaml @@ -33,14 +33,6 @@ basehub: config: JupyterHub: authenticator_class: github - Authenticator: - # This hub uses GitHub Orgs auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed orgs. These people should have admin access though. - admin_users: - - jameshalgren - - arpita0911patel - - karnesh GitHubOAuthenticator: allowed_organizations: - 2i2c-org @@ -48,6 +40,11 @@ basehub: - NOAA-OWP scope: - read:org + Authenticator: + admin_users: + - jameshalgren + - arpita0911patel + - karnesh singleuser: image: # Image build repo: https://github.com/2i2c-org/awi-ciroh-image diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index eea8fb49c0..50b9d09de4 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -42,14 +42,6 @@ basehub: tag: "0.0.1-0.dev.git.7080.h0da36d1e" allowNamedServers: true config: - Authenticator: - enable_auth_state: true - # This hub uses GitHub Teams auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed teams. These people should have admin access though. - admin_users: - - rabernat - - jbusecke JupyterHub: authenticator_class: github # Announcement is a JupyterHub feature to present messages to users in @@ -76,6 +68,11 @@ basehub: - 2i2c-org:hub-access-for-2i2c-staff scope: - read:org + Authenticator: + enable_auth_state: true + admin_users: + - rabernat + - jbusecke singleuser: image: name: pangeo/pangeo-notebook diff --git a/config/clusters/linked-earth/common.values.yaml b/config/clusters/linked-earth/common.values.yaml index 1354a071e2..9daf307323 100644 --- a/config/clusters/linked-earth/common.values.yaml +++ b/config/clusters/linked-earth/common.values.yaml @@ -33,18 +33,15 @@ basehub: config: JupyterHub: authenticator_class: github - Authenticator: - # This hub uses GitHub Orgs auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed orgs. These people should have admin access though. - admin_users: - - khider GitHubOAuthenticator: allowed_organizations: - 2i2c-org - LinkedEarth scope: - read:org + Authenticator: + admin_users: + - khider singleuser: image: # User image repo: https://quay.io/repository/linkedearth/pyleoclim diff --git a/config/clusters/m2lines/common.values.yaml b/config/clusters/m2lines/common.values.yaml index d624a11e24..08ab1f3824 100644 --- a/config/clusters/m2lines/common.values.yaml +++ b/config/clusters/m2lines/common.values.yaml @@ -39,14 +39,6 @@ basehub: hub: allowNamedServers: true config: - Authenticator: - # This hub uses GitHub Teams auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed teams. These people should have admin access though. - admin_users: - - rabernat - - johannag126 - - jbusecke JupyterHub: authenticator_class: github GitHubOAuthenticator: @@ -55,6 +47,11 @@ basehub: - 2i2c-org:hub-access-for-2i2c-staff scope: - read:org + Authenticator: + admin_users: + - rabernat + - johannag126 + - jbusecke singleuser: extraFiles: jupyter_notebook_config.json: diff --git a/config/clusters/nasa-cryo/common.values.yaml b/config/clusters/nasa-cryo/common.values.yaml index be071fb353..7385424507 100644 --- a/config/clusters/nasa-cryo/common.values.yaml +++ b/config/clusters/nasa-cryo/common.values.yaml @@ -37,21 +37,6 @@ basehub: hub: allowNamedServers: true config: - Authenticator: - # We are restricting profiles based on GitHub Team membership and - # so need to persist auth state - enable_auth_state: true - # This hub uses GitHub Teams auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed teams. These people should have admin access though. - admin_users: - - tsnow03 - - JessicaS11 - - jdmillstein - - dfelikson - - fperez - - scottyhq - - jomey JupyterHub: authenticator_class: github GitHubOAuthenticator: @@ -64,6 +49,19 @@ basehub: - CryoInTheCloud:cryocloudadvanced scope: - read:org + Authenticator: + # We are restricting profiles based on GitHub Team membership and + # so need to persist auth state + enable_auth_state: true + admin_users: + - tsnow03 + - JessicaS11 + - jdmillstein + - dfelikson + - fperez + - scottyhq + - jomey + singleuser: extraFiles: # jupyter_server_config.json is defined by basehub, this entry adds to it diff --git a/config/clusters/pangeo-hubs/common.values.yaml b/config/clusters/pangeo-hubs/common.values.yaml index 2c4bef29bf..e9d9dc23b8 100644 --- a/config/clusters/pangeo-hubs/common.values.yaml +++ b/config/clusters/pangeo-hubs/common.values.yaml @@ -38,15 +38,6 @@ basehub: hub: allowNamedServers: true config: - Authenticator: - # This hub uses GitHub Teams auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed teams. These people should have admin access though. - admin_users: - - rabernat - - jhamman - - scottyhq - - TomAugspurger JupyterHub: authenticator_class: github GitHubOAuthenticator: @@ -55,6 +46,12 @@ basehub: - 2i2c-org:hub-access-for-2i2c-staff scope: - read:org + Authenticator: + admin_users: + - rabernat + - jhamman + - scottyhq + - TomAugspurger singleuser: extraEnv: GH_SCOPED_CREDS_CLIENT_ID: "Iv1.c90ee430400a347f" diff --git a/config/clusters/qcl/common.values.yaml b/config/clusters/qcl/common.values.yaml index c2975441b7..d0d9ac70ad 100644 --- a/config/clusters/qcl/common.values.yaml +++ b/config/clusters/qcl/common.values.yaml @@ -36,13 +36,6 @@ jupyterhub: hub: allowNamedServers: true config: - Authenticator: - # This hub uses GitHub Teams auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed teams. These people should have admin access though. - admin_users: - - gizmo404 - - jtkmckenna JupyterHub: authenticator_class: github GitHubOAuthenticator: @@ -51,6 +44,10 @@ jupyterhub: - QuantifiedCarbon:jupyterhub scope: - read:org + Authenticator: + admin_users: + - gizmo404 + - jtkmckenna singleuser: image: # pangeo/pangeo-notebook is maintained at: https://github.com/pangeo-data/pangeo-docker-images diff --git a/config/clusters/smithsonian/common.values.yaml b/config/clusters/smithsonian/common.values.yaml index 499066f1ff..3a8aba9abc 100644 --- a/config/clusters/smithsonian/common.values.yaml +++ b/config/clusters/smithsonian/common.values.yaml @@ -48,9 +48,6 @@ basehub: - read:org Authenticator: enable_auth_state: true - # This hub uses GitHub Orgs auth and so we don't set allowed_users in - # order to not deny access to valid members of the listed orgs. These - # people should have admin access though. admin_users: - MikeTrizna # Mike Trizna - rdikow # Rebecca Dikow diff --git a/config/clusters/victor/common.values.yaml b/config/clusters/victor/common.values.yaml index 47136ec38c..4efda07888 100644 --- a/config/clusters/victor/common.values.yaml +++ b/config/clusters/victor/common.values.yaml @@ -34,13 +34,6 @@ basehub: url: https://people.climate.columbia.edu/projects/sponsor/National%20Science%20Foundation hub: config: - Authenticator: - # This hub uses GitHub Teams auth and so we don't set - # allowed_users in order to not deny access to valid members of - # the listed teams. These people should have admin access though. - admin_users: - - einatlev-ldeo - - SamKrasnoff JupyterHub: authenticator_class: github GitHubOAuthenticator: @@ -49,6 +42,10 @@ basehub: - VICTOR-Community:victoraccess scope: - read:org + Authenticator: + admin_users: + - einatlev-ldeo + - SamKrasnoff singleuser: profileList: # The mem-guarantees are here so k8s doesn't schedule other pods