Integration of ownCloud WebDAV using OIDC

4735ad1c · František Dvořák · 81937821 · 4735ad1c
Commit 4735ad1c authored 1 year ago by František Dvořák
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -35,14 +35,20 @@ singleuser:
        # sizeLimit problematic in this environment,
        # not needed for remote mounts
        empty_dir:
+      - name: owncloud
+        # sizeLimit problematic in this environment,
+        # not needed for remote mounts
+        empty_dir:
    extraVolumeMounts:
      - name: cvmfs-host
        mountPath: "/cvmfs:shared"
      - name: b2drop
        mountPath: '/mnt/b2drop:shared'
+      - name: owncloud
+        mountPath: '/mnt/owncloud:shared'
  lifecycleHooks:
    postStart:
-      exec: { "command": ["/bin/sh", "-c", "ln -snf /mnt/b2drop $HOME/b2drop; ln -snf /cvmfs $HOME/cvmfs; mkdir -p /home/jovyan/.notebookCheckpoints"] }
+      exec: { "command": ["/bin/sh", "-c", "ln -snf /mnt/b2drop $HOME/b2drop; ln -snf /mnt/owncloud $HOME/owncloud; ln -snf /cvmfs $HOME/cvmfs; mkdir -p /home/jovyan/.notebookCheckpoints"] }
  memory:
    limit: 6G
    guarantee: 128M
@@ -202,7 +208,43 @@ hub:
                           'b2drop-pwd': formdata.get('b2drop-pwd', [None])[0]})
              return data
-      c.JupyterHub.spawner_class = B2DropSpawner
+      class WebDavOIDCSpawner(B2DropSpawner):
+          async def pre_spawn_hook(self, spawner):
+              await super(WebDavOIDCSpawner, self).pre_spawn_hook(spawner)
+              auth_state = await self.user.get_auth_state()
+              if "access_token" in auth_state:
+                  volume_mounts = [
+                    {"mountPath": "/owncloud:shared", "name": "owncloud"},
+                  ]
+                  spawner.extra_containers.append(
+                    {
+                        "name": "owncloud",
+                        "image": "valtri/webdav-oidc-sidecar:unpriv3",
+                        "env": [
+                            {"name": "WEBDAV_URL", "value": "https://webdav.egi.zcu.cz/webdav-oidc"},
+                            {"name": "WEBDAV_TOKEN", "value": auth_state["access_token"]},
+                            {"name": "MOUNT_PATH", "value": "/owncloud"},
+                        ],
+                        "resources": self.sidecar_resources,
+                        # "command": cmd,
+                        "securityContext": {
+                            "runAsUser": 1000,
+                            "fsUser": 1000,
+                            "fsGroup": 100,
+                            "privileged": True,
+                            "capabilities": {"add": ["SYS_ADMIN"]},
+                        },
+                        "volumeMounts": volume_mounts,
+                        "lifecycle": {
+                            "preStop": {
+                                "exec": {"command": ["umount", "-l", "/owncloud"]}
+                            },
+                        },
+                    }
+                  )
+      c.JupyterHub.spawner_class = WebDavOIDCSpawner
      c.B2DropSpawner.http_timeout = 60
      c.B2DropSpawner.args = ["--FileCheckpoints.checkpoint_dir='/home/jovyan/.notebookCheckpoints'"]
      c.B2DropSpawner.profile_form_template = """