diff --git a/config/clusters/2i2c-jetstream2/staging.values.yaml b/config/clusters/2i2c-jetstream2/staging.values.yaml index 954006d6f..a5454c1e4 100644 --- a/config/clusters/2i2c-jetstream2/staging.values.yaml +++ b/config/clusters/2i2c-jetstream2/staging.values.yaml @@ -66,9 +66,42 @@ jupyterhub: capi.stackhpc.com/node-group: core config: JupyterHub: - authenticator_class: "github" + authenticator_class: github GitHubOAuthenticator: oauth_callback_url: "https://staging.js.2i2c.cloud/hub/oauth_callback" + populate_teams_in_auth_state: true + allowed_organizations: + - 2i2c-org:hub-access-for-2i2c-staff + scope: + - read:org + Authenticator: + enable_auth_state: true + manage_groups: true + services: + jupyterhub-groups-exporter: {} + loadRoles: + jupyterhub-groups-exporter: + services: + - jupyterhub-groups-exporter + scopes: + - users + - groups + extraConfig: + custom-auth-state-groups-key: | + async def custom_auth_state_groups_key(auth_state): + groups_list = [] + if auth_state is None: + print("Auth state is None") + return groups_list + else: + for team in auth_state["teams"]: + if f'{team["organization"]["login"]}:{team["slug"]}' not in c.GitHubOAuthenticator.allowed_organizations: + continue + else: + groups_list.append(f'{team["organization"]["login"]}:{team["slug"]}') + return groups_list + if c.GitHubOAuthenticator: + c.GitHubOAuthenticator.auth_state_groups_key = custom_auth_state_groups_key singleuser: defaultUrl: /lab nodeSelector: @@ -147,3 +180,9 @@ jupyterhub-home-nfs: volumeId: 694b2c04-6b08-4ebe-8cb9-74f7d42c1b1c quotaEnforcer: hardQuota: 1 # in GB + path: "/export/staging" +jupyterhub-groups-exporter: + enabled: true + config: + groupsExporter: + update_exporter_interval: 3600