From bc81593b3b90c654a00a622e3311c36932674f36 Mon Sep 17 00:00:00 2001
From: sean-morris <sean.smorris@gmail.com>
Date: Mon, 3 Jun 2024 14:55:40 -0700
Subject: [PATCH] [CloudBank] Demo Hub to GH Auth

---
 config/clusters/cloudbank/cluster.yaml     |  2 +-
 config/clusters/cloudbank/demo.values.yaml | 26 ++++++++--------------
 2 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/config/clusters/cloudbank/cluster.yaml b/config/clusters/cloudbank/cluster.yaml
index 43577c6924..eb773ffdaa 100644
--- a/config/clusters/cloudbank/cluster.yaml
+++ b/config/clusters/cloudbank/cluster.yaml
@@ -107,7 +107,7 @@ hubs:
     helm_chart_values_files:
       - common.values.yaml
       - demo.values.yaml
-      - enc-demo.secret.values.yaml
+      - enc-demo-git.secret.values.yaml
   - name: fresno
     display_name: "Fresno City College"
     domain: fresno.cloudbank.2i2c.cloud
diff --git a/config/clusters/cloudbank/demo.values.yaml b/config/clusters/cloudbank/demo.values.yaml
index c36670feec..acffec9666 100644
--- a/config/clusters/cloudbank/demo.values.yaml
+++ b/config/clusters/cloudbank/demo.values.yaml
@@ -16,7 +16,7 @@ jupyterhub:
   custom:
     2i2c:
       add_staff_user_ids_to_admin_users: true
-      add_staff_user_ids_of_type: "google"
+      add_staff_user_ids_of_type: "github"
     homepage:
       templateVars:
         org:
@@ -35,25 +35,17 @@ jupyterhub:
   hub:
     config:
       JupyterHub:
-        authenticator_class: cilogon
-      CILogonOAuthenticator:
+        authenticator_class: github
+      GitHubOAuthenticator:
         oauth_callback_url: https://demo.cloudbank.2i2c.cloud/hub/oauth_callback
-        allowed_idps:
-          http://google.com/accounts/o8/id:
-            default: true
-            username_derivation:
-              username_claim: "email"
+        allowed_organizations:
+          - data-8:demo-hub-auth
+          - data-8
+        scope:
+          - read:org
       Authenticator:
         admin_users:
-          - ericvd@berkeley.edu
-          - sean.smorris@berkeley.edu
-          - kalkeab@gmail.com
-          - jhenryestrada@gmail.com
-        # NOTE: This demo hub may be temporarily opened up for broad access by
-        #       declaring `allow_all: true` for the google idp. If that is done,
-        #       username_pattern can then be used to constrain access.
-        #
-        # username_pattern: '^(.+@2i2c\.org|.+\.edu|kalkeab@gmail\.com|jhenryestrada@gmail\.com|deployment-service-check)$'
+          - sean-morris
   cull:
     # Cull after 30min of inactivity
     every: 300