Token exchange with JWT + changes for EOSC

* token exchange with JWT * exctract EOSC primary group * enable debugging on development instance

Token exchange with JWT + changes for EOSC
23b95a05 · František Dvořák · c569178f · 23b95a05 · 23b95a05 · 23b95a05
Commit 23b95a05 authored Jul 17, 2024 by František Dvořák
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -110,8 +110,8 @@ hub:
      url: "http://jwt/"
      display: false
  image:
-    name: valtri/hub
+    name: eginotebooks/hub
-    tag: "eosc9-jwt"
+    tag: "sha-323c75e"
  config:
    Authenticator:
      enable_auth_state: true
@@ -129,7 +129,7 @@ hub:
      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
      client_id: "{{ secret['client_id'] }}"
      client_secret: "{{ secret['client_secret'] }}"
-      oauth_callback_url: "https://fullhub.eosc.zcu.cz/hub/oauth_callback"
+      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
      openid_configuration_url: "https://proxy.testing.eosc-federation.eu/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
@@ -138,7 +138,7 @@ hub:
    JupyterHub:
      admin_access: true
      authenticate_prometheus: false
-      authenticator_class: egi_notebooks_hub.egiauthenticator.EGICheckinAuthenticator
+      authenticator_class: egi_notebooks_hub.egiauthenticator.EOSCNodeAuthenticator
      # spawner_class: (in egi-notebooks-b2drop)
  extraConfig:
    egi-notebooks-welcome: |-
@@ -421,3 +421,6 @@ hub:
 {%- raw %}
        {% extends "login.html" %}
 {% endraw %}
+debug:
+  enabled: true
--- a/cesnet-central/inventory/99-all.yaml
+++ b/cesnet-central/inventory/99-all.yaml
@@ -14,6 +14,7 @@ all:
    site_name: cesnet-central
    vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
+    notebooks_hostname: fullhub.eosc.zcu.cz
    binder_hostname: replay.eosc.zcu.cz
    old_binder_hostname: binder.eosc.zcu.cz
    docker2_hostname: registry.eosc.zcu.cz


--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -127,8 +127,8 @@ hub:
      url: "http://jwt/"
      display: false
  image:
-    name: valtri/hub
+    name: eginotebooks/hub
-    tag: "eosc9-jwt"
+    tag: "sha-323c75e"
  config:
    Authenticator:
      enable_auth_state: true
@@ -155,7 +155,7 @@ hub:
    JupyterHub:
      admin_access: true
      authenticate_prometheus: false
-      authenticator_class: egi_notebooks_hub.egiauthenticator.EGICheckinAuthenticator
+      authenticator_class: egi_notebooks_hub.egiauthenticator.EOSCNodeAuthenticator
      # spawner_class: (in egi-notebooks-b2drop)
  extraConfig:
    egi-notebooks-welcome: |-