From 6a4691a41fdc12158c75826caf80a2093c2b0354 Mon Sep 17 00:00:00 2001 From: krassowski <5832902+krassowski@users.noreply.github.com> Date: Wed, 27 Mar 2024 14:38:04 +0000 Subject: [PATCH] Get JupyterHub `groups` from Keycloak, support `oauthenticator` 16.3+ --- .../modules/kubernetes/services/jupyterhub/main.tf | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf index f99ef62eed..6f2e212cdb 100644 --- a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf +++ b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf @@ -157,11 +157,18 @@ resource "helm_release" "jupyterhub" { token_url = module.jupyterhub-openid-client.config.token_url userdata_url = module.jupyterhub-openid-client.config.userinfo_url login_service = "Keycloak" - username_key = "preferred_username" - claim_groups_key = "roles" + username_claim = "preferred_username" + claim_groups_key = "groups" allowed_groups = ["jupyterhub_admin", "jupyterhub_developer"] admin_groups = ["jupyterhub_admin"] + manage_groups = true + refresh_pre_spawn = true + validate_server_cert = false + + # deprecated, to be removed (replaced by validate_server_cert) tls_verify = false + # deprecated, to be removed (replaced by username_claim) + username_key = "preferred_username" } } }