From 408cd99a3af8c9cba3718e470a689df4e4c0f826 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Thu, 27 Jun 2024 16:44:30 -0700 Subject: [PATCH] [Cloudbank] LACC GithubOauth --- .../cloudbank/enc-lacc.secret.values.yaml | 16 +++--- config/clusters/cloudbank/lacc.values.yaml | 51 ++++--------------- 2 files changed, 17 insertions(+), 50 deletions(-) diff --git a/config/clusters/cloudbank/enc-lacc.secret.values.yaml b/config/clusters/cloudbank/enc-lacc.secret.values.yaml index 3759baf27e..13b503fe2b 100644 --- a/config/clusters/cloudbank/enc-lacc.secret.values.yaml +++ b/config/clusters/cloudbank/enc-lacc.secret.values.yaml @@ -1,20 +1,20 @@ jupyterhub: hub: config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:llZ3GJJ4M3Y/TSUrjVmiojDJmmvdGyvc06cONP82B/wCPZmp9XlcdnDzD272lJ/TN2xt,iv:/Tq9UMGSfgM2ldihhFIcGuufC9PqDCIvwnPiBMpe5Ec=,tag:O2B6vvEHWrq6sNGyZdPJ0g==,type:str] - client_secret: ENC[AES256_GCM,data:UIvoIoOSVdVtlImiunfbs9Bp/uRFr1wen1N41ZfhI32Xd6JclhQ3iRC4/q5U4dJgENCCR/5bA74BGOjF4CR7GjjGrvPn5K9RBApRV7trkW7cPKmYAZ0=,iv:SlPgs3WCSIQFkNIV0u/eVAH9g7ndBsFrZSa6Uszt68I=,tag:fFbTUrqedQL0YFbFisPYlA==,type:str] + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:YoioEfF9N0W9kfGBTBLpOfA0Gv4=,iv:087GNgdEeFXushR7JxwLOb9hlOyiiHZzEl2cGWkHTIs=,tag:TKk2x9EjlA+XtLxNmbE4sw==,type:str] + client_secret: ENC[AES256_GCM,data:ITuwVzCIJFn7llchaF99rgJHPUbifcq02HMl3c0E9xNHKAjWgPJMCQ==,iv:NU5xzpP85jdmfaShdvEzbQIhV+EWjBGnHu761Jzomms=,tag:PBoLJXK9LAYnfm1O293Vsw==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-03-10T13:54:15Z" - enc: CiUA4OM7eOcvzwYL4sZmciC3rC5oVZVOn9yFg3T7FKkm8ctBxOutEkkALQgViI6gQP44hbX+j8zQdUxd55552CIS9pz6swxwc5dLoIKnTjjQpbD9DBlhZITtjy659EUPmJBMULMAfA5TxbVzo6mZ0NBX + created_at: "2024-06-28T18:39:30Z" + enc: CiUA4OM7eD2V8B9jEkEUFhHXutBOLsUD6HnGAmqnztvXCBMq721wEkkAWX/fcUv2BDFefO63j9zfeVjqcXOwivPr36aISXIHAhO69nayHMuhND0pltMlGDeZA8QMy7pwfinxeJECvuGWyre6vxhi+KAy azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-03-10T13:54:16Z" - mac: ENC[AES256_GCM,data:x2wFpjECISD3zXpR+vecQIeyQmWf+vYThjss96a/hdJ7J/cuB6fRc3mg+BnmStJEHjrvJ2+OFCNT01w/k7XOvRh6qXXVzc24RrWN+kiGVnYowA50wA1JoDk/Nda9jm+YiBAoq+EfBheOKm2Ls+KSAeCIoflcH+sMYgPGgd1gZ+8=,iv:nw4f2LNNP5fw6eRa9g6fTb4WxVXewRlGOC09R2ckDxI=,tag:tKl1qjwxKooZK1Y2ZJWxbg==,type:str] + lastmodified: "2024-06-28T18:39:31Z" + mac: ENC[AES256_GCM,data:ieFPC9VI4BsESGh3Pwmv+p6GuS7nap+7dAfgj5cLw4OxxALCMpDB/V+CbPvrxWiNV3kXeZFAMp3vJWedCZlvLfUOysY3XNy74HiSICC28Z7V/4XaqSah9PQcWw/J61oJIZsulRpzboMT1PKco2EdIRuQYXWnuvx6vP8PJSYgnnA=,iv:bPOzjOY2WENezxtF4MfdG9AosOwVBNFh/YNnBO8lS9k=,tag:/pOv4PUdrG39SwXF6nsvig==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/config/clusters/cloudbank/lacc.values.yaml b/config/clusters/cloudbank/lacc.values.yaml index 9054bfee6b..65a0ec8e43 100644 --- a/config/clusters/cloudbank/lacc.values.yaml +++ b/config/clusters/cloudbank/lacc.values.yaml @@ -26,47 +26,14 @@ jupyterhub: hub: config: JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: "https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback" - allowed_idps: - http://google.com/accounts/o8/id: - default: true - username_derivation: - username_claim: "email" - OAuthenticator: - # WARNING: Don't use allow_existing_users with config to allow an - # externally managed group of users, such as - # GitHubOAuthenticator.allowed_organizations, as it breaks a - # common expectations for an admin user. - # - # The broken expectation is that removing a user from the - # externally managed group implies that the user won't have - # access any more. In practice the user will still have - # access if it had logged in once before, as it then exists - # in JupyterHub's database of users. - # - allow_existing_users: True + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - LACC-Statistical-Data-Analytics + scope: + - read:org Authenticator: - # WARNING: Removing a user from admin_users or allowed_users doesn't - # revoke admin status or access. - # - # OAuthenticator.allow_existing_users allows any user in the - # JupyterHub database of users able to login. This includes - # any previously logged in user or user previously listed in - # allowed_users or admin_users, as such users are added to - # JupyterHub's database on startup. - # - # To revoke admin status or access for a user when - # allow_existing_users is enabled, first remove the user from - # admin_users or allowed_users, then deploy the change, and - # finally revoke the admin status or delete the user via the - # /hub/admin panel. - # admin_users: - - PINEDAEM@laccd.edu - - LAMKT@laccd.edu - - sarvikb@lacitycollege.edu - - ericvd@berkeley.edu - - k_usovich@berkeley.edu - - sean.smorris@berkeley.edu + - sean-morris + - pineda0021