diff --git a/eosc-devel/deployments/fullhub.yaml b/eosc-devel/deployments/fullhub.yaml
index 8113e5efd042dfe404b6637fe130a1d116e69ecf..6b9e35f90842784eadab37d98548c0b8a64135e7 100644
--- a/eosc-devel/deployments/fullhub.yaml
+++ b/eosc-devel/deployments/fullhub.yaml
@@ -50,28 +50,8 @@ singleuser:
k8s-app: cluster-ingress
image:
name: eginotebooks/single-user-eosc
- tag: "sha-7052495"
+ tag: "sha-d822021"
profileList:
- - display_name: Small Environment - 2 vCPU / 4 GB RAM (non-collaboratice)
- description: >
- The notebook environment includes Python, R, Julia and Octave kernels. Non-collaborative.
- default: true
- kubespawner_override:
- args:
- - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- extra_annotations:
- "egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
- - display_name: Small Environment - 2 vCPU / 4 GB RAM (collaboratice)
- description: >
- The notebook environment includes Python, R, Julia and Octave kernels. Collaborative.
- kubespawner_override:
- args:
- - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
- image: "valtri/single-user:jupyter-4e-collab"
- extra_annotations:
- "egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
- display_name: Small Environment - 2 vCPU / 4 GB RAM
description: >
The notebook environment includes Python, R, Julia and Octave kernels.
@@ -181,6 +161,11 @@ hub:
name: eginotebooks/hub
# k8s-hub 4.0.0
tag: "sha-b20ead2"
+ loadRoles:
+ #user roles required for user initiated sharing API
+ user:
+ scopes: ["self", "shares!user"]
+
config:
Authenticator:
enable_auth_state: true
@@ -232,7 +217,7 @@ hub:
class WebDavOIDCSpawner(OnedataSpawner):
# ownCloud Infinite Scale parameters
# (https://owncloud.dev/apis/http/graph/spaces/#list-my-spaces-get-medrives)
- OCIS_URL = "https://ocis-testing.apps.bst2-test.paas.psnc.pl"
+ OCIS_URL = "https://ocis.aaitest.owncloud.works"
# personal space
OCIS_PERSONAL_SPACE = "/graph/v1.0/me/drives?%24filter=driveType+eq+personal"
# shared space
@@ -278,7 +263,7 @@ hub:
{"name": "WEBDAV_VENDOR", "value": "owncloud"},
# XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
# quicker directory cache and polling
- {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
+ {"name": "MOUNT_OPTS", "value": "--file-perms=0700 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
{"name": "MOUNT_PATH", "value": "/owncloud" + subpath},
# default mode is "full"
{"name": "VFS_CACHE_MODE", "value": "full"},
@@ -337,6 +322,13 @@ hub:
c.JupyterHub.spawner_class = WebDavOIDCSpawner
c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
c.WebDavOIDCSpawner.http_timeout = 90
+
+ #Scopes for user sharing api extension to be able to
+ #use browser token for API queries
+ c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+ "access:servers!server",
+ "shares!server"
+ ]
{% endraw %}
templatePaths:
- /egi-notebooks-hub/ec-templates
diff --git a/eosc-testing/deployments/hub.yaml b/eosc-testing/deployments/hub.yaml
index b349199f71f4c9decab4e47cd04b1574549f0215..fe3e8d186da287cdac94f43be5e91f6912db1e14 100644
--- a/eosc-testing/deployments/hub.yaml
+++ b/eosc-testing/deployments/hub.yaml
@@ -51,7 +51,7 @@ singleuser:
k8s-app: cluster-ingress
image:
name: eginotebooks/single-user-eosc
- tag: "sha-7052495"
+ tag: "sha-d822021"
profileList:
- display_name: Small Environment - 2 vCPU / 4 GB RAM
description: >
@@ -60,8 +60,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
extra_annotations:
"egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
vo_claims:
@@ -72,8 +70,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
extra_annotations:
"egi.eu/flavor": "medium-environment-4-vcpu-8-gb-ram"
cpu_guarantee: 0.4
@@ -88,8 +84,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
cpu_guarantee: 0.8
cpu_limit: 8
mem_guarantee: 2G
@@ -167,6 +161,11 @@ hub:
name: eginotebooks/hub
# k8s-hub 4.0.0
tag: "sha-b20ead2"
+ loadRoles:
+ #user roles required for user initiated sharing API
+ user:
+ scopes: ["self", "shares!user"]
+
config:
Authenticator:
enable_auth_state: true
@@ -217,7 +216,7 @@ hub:
class WebDavOIDCSpawner(OnedataSpawner):
# ownCloud Infinite Scale parameters
# (https://owncloud.dev/apis/http/graph/spaces/#list-my-spaces-get-medrives)
- OCIS_URL = "https://ocis-testing.apps.bst2-test.paas.psnc.pl"
+ OCIS_URL = "https://ocis.aaitest.owncloud.works"
# personal space
OCIS_PERSONAL_SPACE = "/graph/v1.0/me/drives?%24filter=driveType+eq+personal"
# shared space
@@ -263,7 +262,7 @@ hub:
{"name": "WEBDAV_VENDOR", "value": "owncloud"},
# XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
# quicker directory cache and polling
- {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
+ {"name": "MOUNT_OPTS", "value": "--file-perms=0700 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
{"name": "MOUNT_PATH", "value": "/owncloud" + subpath},
# default mode is "full"
{"name": "VFS_CACHE_MODE", "value": "full"},
@@ -322,6 +321,13 @@ hub:
c.JupyterHub.spawner_class = WebDavOIDCSpawner
c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
c.WebDavOIDCSpawner.http_timeout = 90
+
+ #Scopes for user sharing api extension to be able to
+ #use browser token for API queries
+ c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+ "access:servers!server",
+ "shares!server"
+ ]
{% endraw %}
templatePaths:
- /egi-notebooks-hub/ec-templates