From 4735ad1c6f1c6cec947d1e26edecd8bf20ddcd29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Thu, 4 Apr 2024 21:53:58 +0000
Subject: [PATCH] Integration of ownCloud WebDAV using OIDC

---
 cesnet-central/deployments/fullhub.yaml | 46 +++++++++++++++++++++++--
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index f0e5d35..f252d43 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -35,14 +35,20 @@ singleuser:
         # sizeLimit problematic in this environment,
         # not needed for remote mounts
         empty_dir:
+      - name: owncloud
+        # sizeLimit problematic in this environment,
+        # not needed for remote mounts
+        empty_dir:
     extraVolumeMounts:
       - name: cvmfs-host
         mountPath: "/cvmfs:shared"
       - name: b2drop
         mountPath: '/mnt/b2drop:shared'
+      - name: owncloud
+        mountPath: '/mnt/owncloud:shared'
   lifecycleHooks:
     postStart:
-      exec: { "command": ["/bin/sh", "-c", "ln -snf /mnt/b2drop $HOME/b2drop; ln -snf /cvmfs $HOME/cvmfs; mkdir -p /home/jovyan/.notebookCheckpoints"] }
+      exec: { "command": ["/bin/sh", "-c", "ln -snf /mnt/b2drop $HOME/b2drop; ln -snf /mnt/owncloud $HOME/owncloud; ln -snf /cvmfs $HOME/cvmfs; mkdir -p /home/jovyan/.notebookCheckpoints"] }
   memory:
     limit: 6G
     guarantee: 128M
@@ -202,7 +208,43 @@ hub:
                            'b2drop-pwd': formdata.get('b2drop-pwd', [None])[0]})
               return data
 
-      c.JupyterHub.spawner_class = B2DropSpawner
+      class WebDavOIDCSpawner(B2DropSpawner):
+          async def pre_spawn_hook(self, spawner):
+              await super(WebDavOIDCSpawner, self).pre_spawn_hook(spawner)
+              auth_state = await self.user.get_auth_state()
+              if "access_token" in auth_state:
+                  volume_mounts = [
+                    {"mountPath": "/owncloud:shared", "name": "owncloud"},
+                  ]
+                  spawner.extra_containers.append(
+                    {
+                        "name": "owncloud",
+                        "image": "valtri/webdav-oidc-sidecar:unpriv3",
+                        "env": [
+                            {"name": "WEBDAV_URL", "value": "https://webdav.egi.zcu.cz/webdav-oidc"},
+                            {"name": "WEBDAV_TOKEN", "value": auth_state["access_token"]},
+                            {"name": "MOUNT_PATH", "value": "/owncloud"},
+                        ],
+                        "resources": self.sidecar_resources,
+                        # "command": cmd,
+                        "securityContext": {
+                            "runAsUser": 1000,
+                            "fsUser": 1000,
+                            "fsGroup": 100,
+                            "privileged": True,
+                            "capabilities": {"add": ["SYS_ADMIN"]},
+                        },
+                        "volumeMounts": volume_mounts,
+                        "lifecycle": {
+                            "preStop": {
+                                "exec": {"command": ["umount", "-l", "/owncloud"]}
+                            },
+                        },
+                    }
+                  )
+
+
+      c.JupyterHub.spawner_class = WebDavOIDCSpawner
       c.B2DropSpawner.http_timeout = 60
       c.B2DropSpawner.args = ["--FileCheckpoints.checkpoint_dir='/home/jovyan/.notebookCheckpoints'"]
       c.B2DropSpawner.profile_form_template = """
-- 
GitLab