From ed5f9c030d908ea058d986bd9971c061d2dd3cb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Fri, 12 Apr 2024 19:24:15 +0000
Subject: [PATCH] Fix token refresh for ownCloud
Access token is provided for rclone as file.
---
cesnet-central/deployments/fullhub.yaml | 64 ++++++++++++++-----------
1 file changed, 35 insertions(+), 29 deletions(-)
diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index 8f2738d..160012e 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -212,36 +212,42 @@ hub:
async def pre_spawn_hook(self, spawner):
await super(WebDavOIDCSpawner, self).pre_spawn_hook(spawner)
auth_state = await self.user.get_auth_state()
- if "access_token" in auth_state:
- volume_mounts = [
- {"mountPath": "/owncloud:shared", "name": "owncloud"},
- ]
- spawner.extra_containers.append(
- {
- "name": "owncloud",
- "image": "valtri/webdav-oidc-sidecar:nodaemon6",
- "env": [
- {"name": "WEBDAV_URL", "value": "https://webdav.egi.zcu.cz/webdav-oidc"},
- {"name": "WEBDAV_TOKEN", "value": auth_state["access_token"]},
- {"name": "MOUNT_PATH", "value": "/owncloud"},
- ],
- "resources": self.sidecar_resources,
- # "command": cmd,
- "securityContext": {
- "runAsUser": 1000,
- "fsUser": 1000,
- "fsGroup": 100,
- "privileged": True,
- "capabilities": {"add": ["SYS_ADMIN"]},
- },
- "volumeMounts": volume_mounts,
- "lifecycle": {
- "preStop": {
- "exec": {"command": ["umount", "-l", "/owncloud"]}
- },
+ # volume name as in EGI spawner
+ token_secret_volume_name = self._expand_user_properties(
+ self.token_secret_volume_name_template
+ )
+ token_path = os.path.join(self.token_mount_path, "access_token")
+ volume_mounts = [
+ {"mountPath": "/owncloud:shared", "name": "owncloud"},
+ {"mountPath": self.token_mount_path, "name": token_secret_volume_name, "readOnly": True},
+ ]
+ spawner.extra_containers.append(
+ {
+ "name": "owncloud",
+ "image": "valtri/webdav-rclone-sidecar:sha-a59194e",
+ "args": ["bearer_token_command=cat " + token_path],
+ "env": [
+ {"name": "WEBDAV_URL", "value": "https://webdav.egi.zcu.cz/webdav-oidc"},
+ {"name": "WEBDAV_VENDOR", "value": "other"},
+ {"name": "MOUNT_PATH", "value": "/owncloud"},
+ ],
+ "resources": self.sidecar_resources,
+ # "command": cmd,
+ "securityContext": {
+ "runAsUser": 1000,
+ "fsUser": 1000,
+ "fsGroup": 100,
+ "privileged": True,
+ "capabilities": {"add": ["SYS_ADMIN"]},
+ },
+ "volumeMounts": volume_mounts,
+ "lifecycle": {
+ "preStop": {
+ "exec": {"command": ["fusermount", "-u", "-z", "/owncloud"]}
},
- }
- )
+ },
+ }
+ )
c.JupyterHub.spawner_class = WebDavOIDCSpawner
--
GitLab