From 9924aeed6639bd0176ea49935ba2a44fd2cbcafa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jarom=C3=ADr=20Hradil?= <jaromir.hradil@cesnet.cz>
Date: Tue, 26 Nov 2024 13:11:33 +0100
Subject: [PATCH] Upgrading to Hub 5 + enabling RTC and user-initiated sharing
 on production

---
 common/deployments/hub-production.yaml | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/common/deployments/hub-production.yaml b/common/deployments/hub-production.yaml
index d4242f3..d45a62a 100644
--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -50,7 +50,7 @@ singleuser:
               k8s-app: cluster-ingress
   image:
     name: eginotebooks/single-user-eosc
-    tag: "sha-dea4fa2"
+    tag: "sha-d822021"
   profileList:
     - display_name: Small Environment - 2 vCPU / 4 GB RAM
       description: >
@@ -130,12 +130,9 @@ singleuser:
         #
         /usr/local/bin/jupyterhub-wait-remote-home
 
-        # Disables RTC extension. To enable it set this env variable in kubespawner_override
-        # to JUPYTERHUB_ALLOW_TOKEN_IN_URL="1"
-        if [ -z "$JUPYTERHUB_ALLOW_TOKEN_IN_URL" ]; then
-          jupyter-labextension  disable @jupyter/collaboration-extension
-          jupyter-labextension lock @jupyter/collaboration-extension
-        fi
+        # Disables RTC and RTC ui extensions by default.
+        jupyter-labextension disable @jupyter/collaboration-extension
+        jupyter-labextension disable @jupyter/docprovider-extension
 
         cd .
         exec jupyterhub-singleuser \
@@ -161,8 +158,12 @@ hub:
   # keep k8s-hub version in sync with ../playbooks/notebooks.yaml
   image:
     name: eginotebooks/hub
-    # k8s-hub 3.3.8
-    tag: "sha-f5af1a3"
+    # k8s-hub 4.0.0
+    tag: "sha-b20ead2"
+  loadRoles:
+    #user scopes required for user initiated sharing API
+    user:
+      scopes: ["self", "shares!user"]
   config:
     Authenticator:
       enable_auth_state: true
@@ -320,6 +321,13 @@ hub:
       c.JupyterHub.spawner_class = WebDavOIDCSpawner
       c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
       c.WebDavOIDCSpawner.http_timeout = 90
+
+      #Scopes for user sharing api extension to be able to
+      #use browser token for API queries
+      c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+        "access:servers!server", 
+        "shares!server"
+      ]
 {% endraw %}
   templatePaths:
     - /egi-notebooks-hub/ec-templates
-- 
GitLab