Update cowbird config with permission webhook cases

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.27.0
+current_version = 1.27.1
 commit = True
 tag = False
 tag_name = {new_version}
@@ -30,11 +30,11 @@ search = {current_version}
 replace = {new_version}
 
 [bumpversion:file:RELEASE.txt]
-search = {current_version} 2023-07-06T16:40:21Z
+search = {current_version} 2023-07-10T19:20:25Z
 replace = {new_version} {utcnow:%Y-%m-%dT%H:%M:%SZ}
 
 [bumpversion:part:releaseTime]
-values = 2023-07-06T16:40:21Z
+values = 2023-07-10T19:20:25Z
 
 [bumpversion:file(version):birdhouse/config/canarie-api/docker_configuration.py.template]
 search = 'version': '{current_version}'

CHANGES.md

@@ -17,6 +17,18 @@
 
 [//]: # (list changes here, using '-' for each new entry, remove this when items are added)
 
+[1.27.1](https://github.com/bird-house/birdhouse-deploy/tree/1.27.1) (2023-07-10)
+------------------------------------------------------------------------------------------------------------------
+
+## Changes
+- Add Magpie webhook definitions for permission creation and deletion cases to be processed by Cowbird.
+- Add `USER_WORKSPACE_UID` and `USER_WORKSPACE_GID` env variables to manage ownership of the user workspaces used by
+  Cowbird, JupyterHub and others.
+- Update `magpie` service from [3.31.0](https://github.com/Ouranosinc/Magpie/tree/3.31.0)
+  to [3.34.0](https://github.com/Ouranosinc/Magpie/tree/3.34.0)
+- Update `cowbird` service from [1.1.1](https://github.com/Ouranosinc/cowbird/tree/1.1.1)
+  to [1.2.0](https://github.com/Ouranosinc/cowbird/tree/1.2.0)
+
 [1.27.0](https://github.com/bird-house/birdhouse-deploy/tree/1.27.0) (2023-07-06)
 ------------------------------------------------------------------------------------------------------------------
 
@@ -176,7 +188,6 @@
 
 - Licence: update copyright line with year and ownership
 
-
 [1.26.1](https://github.com/bird-house/birdhouse-deploy/tree/1.26.1) (2023-04-26)
 ------------------------------------------------------------------------------------------------------------------
 

Makefile

@@ -1,7 +1,7 @@
 # Generic variables
 override SHELL       := bash
 override APP_NAME    := birdhouse-deploy
-override APP_VERSION := 1.27.0
+override APP_VERSION := 1.27.1
 
 # utility to remove comments after value of an option variable
 override clean_opt = $(shell echo "$(1)" | $(_SED) -r -e "s/[ '$'\t'']+$$//g")

README.rst

@@ -14,13 +14,13 @@ for a full-fledged production platform.
     * - releases
       - | |latest-version| |commits-since|
 
-.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.27.0.svg
+.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/1.27.1.svg
     :alt: Commits since latest release
-    :target: https://github.com/bird-house/birdhouse-deploy/compare/1.27.0...master
+    :target: https://github.com/bird-house/birdhouse-deploy/compare/1.27.1...master
 
-.. |latest-version| image:: https://img.shields.io/badge/tag-1.27.0-blue.svg?style=flat
+.. |latest-version| image:: https://img.shields.io/badge/tag-1.27.1-blue.svg?style=flat
     :alt: Latest Tag
-    :target: https://github.com/bird-house/birdhouse-deploy/tree/1.27.0
+    :target: https://github.com/bird-house/birdhouse-deploy/tree/1.27.1
 
 .. |readthedocs| image:: https://readthedocs.org/projects/birdhouse-deploy/badge/?version=latest
     :alt: ReadTheDocs Build Status (latest version)

RELEASE.txt

@@ -1 +1 @@
-1.27.0 2023-07-06T16:40:21Z
+1.27.1 2023-07-10T19:20:25Z

birdhouse/components/cowbird/config/magpie/config.yml.template

@@ -47,3 +47,31 @@ webhooks:
     payload:
       event : "deleted"
       user_name : "{{user.name}}"
+  - name: cowbird_create_permission
+    action: create_user_permission
+    method: POST
+    url: http://cowbird:7000/webhooks/permissions
+    payload:
+      event : "created"
+      service_name: "{{service.name}}"
+      service_type: "{{service.type}}"
+      resource_id: "{{resource.id}}"
+      resource_full_name: "{{resource.name}}"
+      name: "{{permission.name}}"
+      access: "{{permission.access}}"
+      scope: "{{permission.scope}}"
+      user: "{{user.name}}"
+  - name: cowbird_delete_permission
+    action: delete_user_permission
+    method: POST
+    url: http://cowbird:7000/webhooks/permissions
+    payload:
+      event : "deleted"
+      service_name: "{{service.name}}"
+      service_type: "{{service.type}}"
+      resource_id: "{{resource.id}}"
+      resource_full_name: "{{resource.name}}"
+      name: "{{permission.name}}"
+      access: "{{permission.access}}"
+      scope: "{{permission.scope}}"
+      user: "{{user.name}}"

birdhouse/components/cowbird/default.env

@@ -24,7 +24,7 @@ VARS="$VARS $EXTRA_VARS"
 # Cowbird Configuration
 # =====================
 
-export COWBIRD_VERSION="1.1.1"
+export COWBIRD_VERSION="1.2.0"
 
 # reuse the mongo instance provided by the core docker-compose
 # the 'host' is the mongo 'service' inter-docker network connection in this case

birdhouse/components/cowbird/docker-compose-extra.yml

@@ -18,6 +18,11 @@ services:
       COWBIRD_SSL_VERIFY: "true"
       COWBIRD_CONFIG_PATH: /opt/local/src/cowbird/config/cowbird.yml
       COWBIRD_INI_FILE_PATH: /opt/local/src/cowbird/config/cowbird.ini
+      COWBIRD_FILESYSTEM_USER_UID: ${USER_WORKSPACE_UID}
+      COWBIRD_FILESYSTEM_USER_GID: ${USER_WORKSPACE_GID}
+      # root user
+      COWBIRD_FILESYSTEM_ADMIN_UID: 0
+      COWBIRD_FILESYSTEM_ADMIN_GID: 0
       WORKSPACE_DIR: /${USER_WORKSPACES}
     links:
       - "${COWBIRD_MONGODB_SERVICE}"
@@ -42,6 +47,11 @@ services:
       COWBIRD_SSL_VERIFY: "true"
       COWBIRD_CONFIG_PATH: /opt/local/src/cowbird/config/cowbird.yml
       COWBIRD_INI_FILE_PATH: /opt/local/src/cowbird/config/cowbird.ini
+      COWBIRD_FILESYSTEM_USER_UID: ${USER_WORKSPACE_UID}
+      COWBIRD_FILESYSTEM_USER_GID: ${USER_WORKSPACE_GID}
+      # root user
+      COWBIRD_FILESYSTEM_ADMIN_UID: 0
+      COWBIRD_FILESYSTEM_ADMIN_GID: 0
       WORKSPACE_DIR: /${USER_WORKSPACES}
     links:
       - "${COWBIRD_MONGODB_SERVICE}"

birdhouse/config/canarie-api/docker_configuration.py.template

@@ -109,8 +109,8 @@ SERVICES = {
             # NOTE:
             #   Below version and release time auto-managed by 'make VERSION=x.y.z bump'.
             #   Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'.
-            'version': '1.27.0',
-            'releaseTime': '2023-07-06T16:40:21Z',
+            'version': '1.27.1',
+            'releaseTime': '2023-07-10T19:20:25Z',
             'institution': 'Ouranos',
             'researchSubject': 'Climatology',
             'supportEmail': '${SUPPORT_EMAIL}',
@@ -142,8 +142,8 @@ PLATFORMS = {
             # NOTE:
             #   Below version and release time auto-managed by 'make VERSION=x.y.z bump'.
             #   Do NOT modify it manually. See 'Tagging policy' in 'birdhouse/README.rst'.
-            'version': '1.27.0',
-            'releaseTime': '2023-07-06T16:40:21Z',
+            'version': '1.27.1',
+            'releaseTime': '2023-07-10T19:20:25Z',
             'institution': 'Ouranos',
             'researchSubject': 'Climatology',
             'supportEmail': '${SUPPORT_EMAIL}',

birdhouse/config/jupyterhub/docker-compose-extra.yml

@@ -27,6 +27,8 @@ services:
       JUPYTER_GOOGLE_DRIVE_SETTINGS: ${JUPYTER_GOOGLE_DRIVE_SETTINGS}
       JUPYTERHUB_README: ${JUPYTERHUB_README}
       MOUNT_IMAGE_SPECIFIC_NOTEBOOKS: ${MOUNT_IMAGE_SPECIFIC_NOTEBOOKS}
+      USER_WORKSPACE_UID: ${USER_WORKSPACE_UID}
+      USER_WORKSPACE_GID: ${USER_WORKSPACE_GID}
     volumes:
       - ./config/jupyterhub/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py:ro
       - ./config/jupyterhub/custom_templates:/custom_templates:ro

birdhouse/config/jupyterhub/jupyterhub_config.py.template

@@ -112,7 +112,8 @@ def create_dir_hook(spawner):
     if not os.path.exists(jupyterhub_user_dir):
         os.mkdir(jupyterhub_user_dir, 0o755)
 
-    subprocess.call(["chown", "-R", "1000:1000", jupyterhub_user_dir])
+    subprocess.call(["chown", "-R", f"{os.environ['USER_WORKSPACE_UID']}:{os.environ['USER_WORKSPACE_GID']}",
+                     jupyterhub_user_dir])
 
     if os.environ['WORKSPACE_DIR'] != jupyterhub_data_dir:
         # Case for cowbird setup. The workspace directory should also have the user's ownership,
@@ -121,7 +122,8 @@ def create_dir_hook(spawner):
         if not os.path.exists(workspace_user_dir):
             raise FileNotFoundError(f"The user {username}'s workspace doesn't exist in the workspace directory, "
                                     "but should have been created by Cowbird already.")
-        subprocess.call(["chown", "1000:1000", workspace_user_dir])
+        subprocess.call(["chown", f"{os.environ['USER_WORKSPACE_UID']}:{os.environ['USER_WORKSPACE_GID']}",
+                         workspace_user_dir])
 
     if username == os.environ['JUPYTER_DEMO_USER']:
         # Restrict resources for the public demo user

birdhouse/config/magpie/default.env

@@ -5,7 +5,7 @@
 # are applied and must be added to the list of DELAYED_EVAL.
 
 # Tag version that will be used to update Magpie API, Magpie CLI, and matching Twitcher with Magpie Adapter
-export MAGPIE_VERSION=3.31.0
+export MAGPIE_VERSION=3.34.0
 
 export MAGPIE_DB_NAME="magpiedb"
 

birdhouse/default.env

@@ -50,3 +50,6 @@ export DEFAULT_CONF_DIRS='
   ./config/twitcher
   ./config/jupyterhub
 '
+
+export USER_WORKSPACE_UID=1000
+export USER_WORKSPACE_GID=1000

docs/source/conf.py

@@ -69,9 +69,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '1.27.0'
+version = '1.27.1'
 # The full version, including alpha/beta/rc tags.
-release = '1.27.0'
+release = '1.27.1'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.