diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml
index 96f8e5a700fe1cd22fc71fb3431a48baf2aeb2f0..be41498e7919d50071b2bca952cc42db241c2481 100644
--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -50,7 +50,7 @@ singleuser:
k8s-app: cluster-ingress
image:
name: eginotebooks/single-user-eosc
- tag: "sha-7052495"
+ tag: "sha-d822021"
profileList:
- display_name: Small Environment - 2 vCPU / 4 GB RAM
description: >
@@ -59,8 +59,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
extra_annotations:
"egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
vo_claims:
@@ -71,8 +69,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
extra_annotations:
"egi.eu/flavor": "medium-environment-4-vcpu-8-gb-ram"
cpu_guarantee: 0.4
@@ -87,8 +83,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
cpu_guarantee: 0.8
cpu_limit: 8
mem_guarantee: 2G
@@ -166,6 +160,10 @@ hub:
name: eginotebooks/hub
# k8s-hub 4.0.0
tag: "sha-b20ead2"
+ loadRoles:
+ #user scopes required for user initiated sharing API
+ user:
+ scopes: ["self", "shares!user"]
config:
Authenticator:
enable_auth_state: true
@@ -321,6 +319,13 @@ hub:
c.JupyterHub.spawner_class = WebDavOIDCSpawner
c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
c.WebDavOIDCSpawner.http_timeout = 90
+
+ #Scopes for user sharing api extension to be able to
+ #use browser token for API queries
+ c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+ "access:servers!server",
+ "shares!server"
+ ]
{% endraw %}
templatePaths:
- /egi-notebooks-hub/ec-templates