From 85de3f2607ff4f68eb18585d91f95f9fb437cb3f Mon Sep 17 00:00:00 2001 From: sean-morris Date: Wed, 12 Jun 2024 11:42:35 -0700 Subject: [PATCH] [CloudBank] Tuskegee Switched to GH Auth --- .../cloudbank/enc-tuskegee.secret.values.yaml | 16 +++--- .../clusters/cloudbank/tuskegee.values.yaml | 52 ++++--------------- 2 files changed, 17 insertions(+), 51 deletions(-) diff --git a/config/clusters/cloudbank/enc-tuskegee.secret.values.yaml b/config/clusters/cloudbank/enc-tuskegee.secret.values.yaml index 359551d71d..7a15ab59f2 100644 --- a/config/clusters/cloudbank/enc-tuskegee.secret.values.yaml +++ b/config/clusters/cloudbank/enc-tuskegee.secret.values.yaml @@ -1,20 +1,20 @@ jupyterhub: hub: config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:ks6gGT32/DnjnMgVkrWh1nVY9Lvk80mvK6M//5uL/6AWYhxW3FHYkvMSmixRMfYqcRiF,iv:WSFYUm4ltEh9vj62adxOb/emDy62m4QYerbuIDN6cfk=,tag:UO3sKDB5GXX/oM163P31lQ==,type:str] - client_secret: ENC[AES256_GCM,data:R775NB/a3joyf9A/w3hbpIvE0bxag05egVCHSayCdvxuqOCcRQ6Hms1+1uSYwF12VAMpKXVp6Idy85lBZA8suTRSivsTENpFgBwBccbNXsdPr5qc7Ow=,iv:/4r4qcOP5e2svftTS9jpk7AGkOs84Lh4r96nWJ355io=,tag:4iBjL7CsY9Di7EcMZ9SdDw==,type:str] + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:D/B4l4MN2CH4QSgINuBgEmmD4Qw=,iv:YxkF9j3TcEz+b9YaaPHKRlvTK65MeVVdyQtVfOCk09o=,tag:5fLzRRrGmBKeo+nL2pUBgA==,type:str] + client_secret: ENC[AES256_GCM,data:sh/Kmk5bJ3eZd7Snqs+9mU7Tn3TPRVBu2InnhEN3o8nemSRt7JNO9A==,iv:ZaXb3MzYrG7qyjrg2oavC1g59ezPZkeRarCuv9rMVxI=,tag:A2maLtPiXSVtoHBkjsIKEA==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-03-10T13:50:43Z" - enc: CiUA4OM7eHEOrOekx/0qLP0xvvuWwl5t/9vmlpzec0P4cvEA5uWgEkkALQgViL4/5Ji3v+RHapPIcCJmSigcZI86E888/zAM1qHbnk979I+9GjSzEWrty4xtd1jGsRu4v7AakWr+F3cm11NP2Bj9/Q9f + created_at: "2024-06-12T18:41:19Z" + enc: CiUA4OM7eHwqhJFy+6xXl1Je7s8Pn/WQwcW5Y2GDGWJ2qQuCpZjUEkkAWX/fcaVa8c84el2HghzEdrxx3d9Xr1ofov7RpIF6eszfcSzLfOHK/MjNTT3vwO3EeA6odU3/pNctgC+qJUvful4O3IudJNJJ azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-03-10T13:50:43Z" - mac: ENC[AES256_GCM,data:Un7C60hO2h41QDHeMa7ayqmeRwOUjGfPgjwj8dpaZzAZ1DDAbh66YzRFfjN9hppKM0tCRr49ao8NHCLL/uxa5Nwn/ffduRPchP4nbGsO7g1ZsA6CnnbM5Bca7bKXsvzGVTqvKSGdpUxmgBD9MtkZ8VCjl6lecgA5y/W5CiXAK7Q=,iv:xD2xcCTvKdjgHXycIggV5L8o42ZucLG5ZoUj8QjTRQU=,tag:nuVWQV5NBYw4Kea4HtIJtA==,type:str] + lastmodified: "2024-06-12T18:41:20Z" + mac: ENC[AES256_GCM,data:bkafUdk7aMReWiBDlic517aBv4MSYvHNCw/wWocRLamP7EtiwHiiplRx4ANcpwhrpaA/iHEnYA+/umJYWb2GBbHjuyge2L0NGIgc2LfCKjBvgWyT+3Xw15HMvCMpOWprCljadys9Z/wka7C1fI+BZKZNhYRbz2OMo+9z6TEeb9U=,iv:f0j3wRno0+g5WG95oXHMK0YPE5LcgCFTEByX9whz0HY=,tag:n/h1a1gURUEnEYGa1Q+9XQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/config/clusters/cloudbank/tuskegee.values.yaml b/config/clusters/cloudbank/tuskegee.values.yaml index fcd3225ddd..ba77ff4ffe 100644 --- a/config/clusters/cloudbank/tuskegee.values.yaml +++ b/config/clusters/cloudbank/tuskegee.values.yaml @@ -26,48 +26,14 @@ jupyterhub: hub: config: JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: "https://tuskegee.cloudbank.2i2c.cloud/hub/oauth_callback" - allowed_idps: - http://google.com/accounts/o8/id: - default: true - username_derivation: - username_claim: "email" - OAuthenticator: - # WARNING: Don't use allow_existing_users with config to allow an - # externally managed group of users, such as - # GitHubOAuthenticator.allowed_organizations, as it breaks a - # common expectations for an admin user. - # - # The broken expectation is that removing a user from the - # externally managed group implies that the user won't have - # access any more. In practice the user will still have - # access if it had logged in once before, as it then exists - # in JupyterHub's database of users. - # - allow_existing_users: True + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://tuskegee.cloudbank.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - TU-CSCI-Data8 + scope: + - read:org Authenticator: - # WARNING: Removing a user from admin_users or allowed_users doesn't - # revoke admin status or access. - # - # OAuthenticator.allow_existing_users allows any user in the - # JupyterHub database of users able to login. This includes - # any previously logged in user or user previously listed in - # allowed_users or admin_users, as such users are added to - # JupyterHub's database on startup. - # - # To revoke admin status or access for a user when - # allow_existing_users is enabled, first remove the user from - # admin_users or allowed_users, then deploy the change, and - # finally revoke the admin status or delete the user via the - # /hub/admin panel. - # admin_users: - - yasmeen.rawajfih@gmail.com - - Wu.fan01@gmail.com - - yanlisa@berkeley.edu - - deborah_nolan@berkeley.edu - - ericvd@berkeley.edu - - sean.smorris@berkeley.edu - - sean.smorris@gmail.com + - sean-morris + - rawajfihy