From 0fb27d131f24212d9e4688f83e5b308ba578cb97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jarom=C3=ADr=20Hradil?= <jaromir.hradil@cesnet.cz>
Date: Thu, 28 Nov 2024 09:36:47 +0100
Subject: [PATCH] Upgrading eosc images with user sharing extension on staging

---
 common/deployments/hub-staging.yaml | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml
index 96f8e5a..be41498 100644
--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -50,7 +50,7 @@ singleuser:
               k8s-app: cluster-ingress
   image:
     name: eginotebooks/single-user-eosc
-    tag: "sha-7052495"
+    tag: "sha-d822021"
   profileList:
     - display_name: Small Environment - 2 vCPU / 4 GB RAM
       description: >
@@ -59,8 +59,6 @@ singleuser:
       kubespawner_override:
         args:
           - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
-        environment:
-          JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
         extra_annotations:
           "egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
       vo_claims:
@@ -71,8 +69,6 @@ singleuser:
       kubespawner_override:
         args:
           - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
-        environment:
-          JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
         extra_annotations:
           "egi.eu/flavor": "medium-environment-4-vcpu-8-gb-ram"
         cpu_guarantee: 0.4
@@ -87,8 +83,6 @@ singleuser:
       kubespawner_override:
         args:
           - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
-        environment:
-          JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
         cpu_guarantee: 0.8
         cpu_limit: 8
         mem_guarantee: 2G
@@ -166,6 +160,10 @@ hub:
     name: eginotebooks/hub
     # k8s-hub 4.0.0
     tag: "sha-b20ead2"
+  loadRoles:
+    #user scopes required for user initiated sharing API
+    user:
+      scopes: ["self", "shares!user"]
   config:
     Authenticator:
       enable_auth_state: true
@@ -321,6 +319,13 @@ hub:
       c.JupyterHub.spawner_class = WebDavOIDCSpawner
       c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
       c.WebDavOIDCSpawner.http_timeout = 90
+
+      #Scopes for user sharing api extension to be able to
+      #use browser token for API queries
+      c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+        "access:servers!server", 
+        "shares!server"
+      ]
 {% endraw %}
   templatePaths:
     - /egi-notebooks-hub/ec-templates
-- 
GitLab