Magpie: ensure that the MAGPIE_ADMIN_USERNAME variable is respected (…

…#418) ## Overview We checked that all username variables are respected in the source code. We checked that there are no instances of the default being hardcoded (the assumption being that no one would ever actually change the variable from the default). The only issue found was that the `MAGPIE_ADMIN_USERNAME` variable was not used to set the default value for `JUPYTERHUB_ADMIN_USERS` properly. ## Changes **Non-breaking changes** - Updates default value for `JUPYTERHUB_ADMIN_USERS` to respect other variable settings **Breaking changes** ## Related Issue / Discussion - Resolves #417 ## Additional Information Links to other issues or sources.  birdhouse_daccs_configs_branch: master birdhouse_skip_ci: false
bird-house · Jan 25, 2024 · 24950ba · 24950ba
2 parents 3cae728 + 1c8b615
commit 24950ba
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 9 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -45,6 +45,9 @@
   * Replace the LICENSE URL of the server node pointing
     at [Ouranosinc/pavics-sdi](https://github.com/Ouranosinc/pavics-sdi) instead
     of intended [bird-house/birdhouse-deploy](https://github.com/bird-house/birdhouse-deploy).
+- Magpie: ensure that the `MAGPIE_ADMIN_USERNAME` variable is respected
+  * When determining the `JUPYTERHUB_ADMIN_USERS` variable
+  * Double check that it is being respected everywhere else
 
 [2.0.5](https://github.com/bird-house/birdhouse-deploy/tree/2.0.5) (2024-01-22)
 ------------------------------------------------------------------------------------------------------------------

diff --git a/birdhouse/README.rst b/birdhouse/README.rst
@@ -148,7 +148,7 @@ instructions below.
 Manual instructions:
 
 * Go to
-  ``https://<PAVICS_FQDN>/magpie/ui/login`` and login with the ``admin`` user. The password should be in ``env.local``.
+  ``https://<PAVICS_FQDN>/magpie/ui/login`` and login with the ``MAGPIE_ADMIN_USERNAME`` user. The password should be in ``env.local``.
 
 * Then go to ``https://<PAVICS_FQDN>/magpie/ui/users/add``.
 

diff --git a/birdhouse/components/README.rst b/birdhouse/components/README.rst
@@ -304,7 +304,7 @@ birdhouse-deploy software stack and the machine that it is running on. It is hig
 make these routes available to anyone who does not have proper access permissions.
 
 Add existing users to the ``monitoring`` group to allow them access to the various monitoring WebUI.
-This way, we do not need to share the ``admin`` user account and do not have to add them to the
+This way, we do not need to share the ``MAGPIE_ADMIN_USERNAME`` user account and do not have to add them to the
 ``administrators`` group, which would give them too much permissions.
 
 

diff --git a/birdhouse/components/jupyterhub/default.env b/birdhouse/components/jupyterhub/default.env
@@ -68,9 +68,13 @@ export JUPYTERHUB_CRYPT_KEY=
 # JUPYTERHUB_CRYPT_KEY is set.
 export JUPYTERHUB_AUTHENTICATOR_REFRESH_AGE=60
 
+# Usernames that should be given admin access in jupyterhub
+export JUPYTERHUB_ADMIN_USERS='{\"${MAGPIE_ADMIN_USERNAME}\"}'  # python set syntax
+
 export DELAYED_EVAL="
   $DELAYED_EVAL
   JUPYTERHUB_USER_DATA_DIR
+  JUPYTERHUB_ADMIN_USERS
 "
 
 # add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here

diff --git a/birdhouse/default.env b/birdhouse/default.env
@@ -84,19 +84,19 @@ export SERVER_LICENSE_URL='${__DEFAULT__SERVER_LICENSE_URL}'
 # Those will not be set explicitly as defaults to ensure they are overridden explicitly by the instance.
 # These values would be detected only if the instance was configured using a copy of 'env.local.example'.
 export __DEFAULT__MAGPIE_SECRET="itzaseekrit"
-#export __DEFAULT__MAGPIE_ADMIN_USERNAME="admin"
+export __DEFAULT__MAGPIE_ADMIN_USERNAME="admin"
 export __DEFAULT__MAGPIE_ADMIN_PASSWORD="qwertyqwerty!"
-#export __DEFAULT__POSTGRES_PAVICS_USERNAME="postgres-pavics"
+export __DEFAULT__POSTGRES_PAVICS_USERNAME="postgres-pavics"
 export __DEFAULT__POSTGRES_PAVICS_PASSWORD="postgres-qwerty"
-#export __DEFAULT__POSTGRES_MAGPIE_USERNAME="postgres-magpie"
+export __DEFAULT__POSTGRES_MAGPIE_USERNAME="postgres-magpie"
 export __DEFAULT__POSTGRES_MAGPIE_PASSWORD="postgres-qwerty"
-#export __DEFAULT__GEOSERVER_ADMIN_USER="admingeo"
+export __DEFAULT__GEOSERVER_ADMIN_USER="admingeo"
 export __DEFAULT__GEOSERVER_ADMIN_PASSWORD="geoserverpass"
 #############################################################################
 # Deprecated vars (for components in the ./deprecated-components directory)
 #############################################################################
 export __DEFAULT__TOMCAT_NCWMS_PASSWORD="ncwmspass"
-#export __DEFAULT__CATALOG_USERNAME="admin-catalog"
+export __DEFAULT__CATALOG_USERNAME="admin-catalog"
 export __DEFAULT__CATALOG_PASSWORD="qwerty"
 export __DEFAULT__PHOENIX_PASSWORD="phoenix_pass"
 export __DEFAULT__PHOENIX_PASSWORD_HASH="sha256:123456789012:1234567890123456789012345678901234567890123456789012345678901234"

diff --git a/birdhouse/env.local.example b/birdhouse/env.local.example
@@ -24,7 +24,6 @@ export MAGPIE_ADMIN_PASSWORD="qwertyqwerty!"
 export TWITCHER_PROTECTED_PATH="/twitcher/ows/proxy"
 export SUPPORT_EMAIL="[email protected]"
 export CMIP5_THREDDS_ROOT="birdhouse/CMIP5/CCCMA"
-export JUPYTERHUB_ADMIN_USERS="{'admin'}"  # python set syntax
 export POSTGRES_PAVICS_USERNAME="postgres-pavics"
 export POSTGRES_PAVICS_PASSWORD="postgres-qwerty"
 export POSTGRES_MAGPIE_USERNAME="postgres-magpie"
@@ -426,6 +425,12 @@ export GEOSERVER_ADMIN_PASSWORD="geoserverpass"
 #c.Spawner.pre_spawn_hook = custom_create_dir_hook
 #"
 
+# Usernames that should be given admin access in jupyterhub
+# By default, only the MAGPIE_ADMIN_USERNAME user is given admin access. Update this variable only if you wish
+# to give additional users admin access by default.
+# Note that you can also give users admin access through the jupyterhub UI.
+#export JUPYTERHUB_ADMIN_USERS='{\"${MAGPIE_ADMIN_USERNAME}\", \"othername\"}'  # python set syntax
+
 # Extra PyWPS config for **all** WPS services (currently only Flyingpigeon, Finch and Raven supported).
 # export EXTRA_PYWPS_CONFIG="
 # [logging]

diff --git a/birdhouse/scripts/read-configs.include.sh b/birdhouse/scripts/read-configs.include.sh
@@ -258,7 +258,8 @@ process_delayed_eval() {
           continue
         fi
         v="`eval "echo \\$${i}"`"
-        eval 'export ${i}="`eval "echo ${v}"`"'
+        value=`eval "echo \"${v}\""`
+        eval 'export ${i}="${value}"'
         log DEBUG "delayed eval '$(env | grep -e "^${i}=")'"
         ALREADY_EVALED="
           $ALREADY_EVALED

diff --git a/tests/test_read_configs_include.py b/tests/test_read_configs_include.py
@@ -183,6 +183,12 @@ def test_delayed_eval_custom_value(self, read_config_include_file) -> None:
         assert (split_and_strip(get_command_stdout(proc))[-1] ==
                 "public.example.com - /my-data-root/jupyterhub_user_data - /my-geoserver-data")
 
+    def test_delayed_eval_quoting(self, read_config_include_file) -> None:
+        """Test that the delayed evaluation functions resolve quotation marks and braces properly"""
+        extra = {"EXTRA_TEST_VAR": "\"{'123'}\"", "DELAYED_EVAL": "$DELAYED_EVAL EXTRA_TEST_VAR"}
+        proc = self.run_func(read_config_include_file, extra, 'echo "${EXTRA_TEST_VAR}"')
+        assert split_and_strip(get_command_stdout(proc))[-1] == "{'123'}"
+
 
 class TestCreateComposeConfList:
     default_conf_list_order: list[str] = [