From 23b95a057910b78d19ffe344b3056842455230b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Wed, 17 Jul 2024 05:36:19 +0000
Subject: [PATCH] Token exchange with JWT + changes for EOSC

* token exchange with JWT
* exctract EOSC primary group
* enable debugging on development instance
---
 cesnet-central/deployments/fullhub.yaml | 11 +++++++----
 cesnet-central/inventory/99-all.yaml    |  1 +
 testing/deployments/hub.yaml            |  6 +++---
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index e06dd77..70149b5 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -110,8 +110,8 @@ hub:
       url: "http://jwt/"
       display: false
   image:
-    name: valtri/hub
-    tag: "eosc9-jwt"
+    name: eginotebooks/hub
+    tag: "sha-323c75e"
   config:
     Authenticator:
       enable_auth_state: true
@@ -129,7 +129,7 @@ hub:
       userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
       client_id: "{{ secret['client_id'] }}"
       client_secret: "{{ secret['client_secret'] }}"
-      oauth_callback_url: "https://fullhub.eosc.zcu.cz/hub/oauth_callback"
+      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
       openid_configuration_url: "https://proxy.testing.eosc-federation.eu/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
@@ -138,7 +138,7 @@ hub:
     JupyterHub:
       admin_access: true
       authenticate_prometheus: false
-      authenticator_class: egi_notebooks_hub.egiauthenticator.EGICheckinAuthenticator
+      authenticator_class: egi_notebooks_hub.egiauthenticator.EOSCNodeAuthenticator
       # spawner_class: (in egi-notebooks-b2drop)
   extraConfig:
     egi-notebooks-welcome: |-
@@ -421,3 +421,6 @@ hub:
 {%- raw %}
         {% extends "login.html" %}
 {% endraw %}
+
+debug:
+  enabled: true
diff --git a/cesnet-central/inventory/99-all.yaml b/cesnet-central/inventory/99-all.yaml
index 2b205c2..39412d4 100644
--- a/cesnet-central/inventory/99-all.yaml
+++ b/cesnet-central/inventory/99-all.yaml
@@ -14,6 +14,7 @@ all:
     site_name: cesnet-central
     vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
 
+    notebooks_hostname: fullhub.eosc.zcu.cz
     binder_hostname: replay.eosc.zcu.cz
     old_binder_hostname: binder.eosc.zcu.cz
     docker2_hostname: registry.eosc.zcu.cz
diff --git a/testing/deployments/hub.yaml b/testing/deployments/hub.yaml
index 00cc6dd..a28f0ba 100644
--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -127,8 +127,8 @@ hub:
       url: "http://jwt/"
       display: false
   image:
-    name: valtri/hub
-    tag: "eosc9-jwt"
+    name: eginotebooks/hub
+    tag: "sha-323c75e"
   config:
     Authenticator:
       enable_auth_state: true
@@ -155,7 +155,7 @@ hub:
     JupyterHub:
       admin_access: true
       authenticate_prometheus: false
-      authenticator_class: egi_notebooks_hub.egiauthenticator.EGICheckinAuthenticator
+      authenticator_class: egi_notebooks_hub.egiauthenticator.EOSCNodeAuthenticator
       # spawner_class: (in egi-notebooks-b2drop)
   extraConfig:
     egi-notebooks-welcome: |-
-- 
GitLab