bird-house · ChaamC · Jul 10, 2023 · Apr 20, 2023 · Apr 21, 2023 · May 23, 2023
@@ -15,7 +15,14 @@
 [Unreleased](https://github.com/bird-house/birdhouse-deploy/tree/master) (latest)
 ------------------------------------------------------------------------------------------------------------------
 
-[//]: # (list changes here, using '-' for each new entry, remove this when items are added)
+## Changes
+- Add Magpie webhook definitions for permission creation and deletion cases to be processed by Cowbird.
+- Add `USER_WORKSPACE_UID` and `USER_WORKSPACE_GID` env variables to manage ownership of the user workspaces used by
+  Cowbird, JupyterHub and others.
+- Update `magpie` service from [3.31.0](https://github.com/Ouranosinc/Magpie/tree/3.31.0)
+  to [3.34.0](https://github.com/Ouranosinc/Magpie/tree/3.34.0)
+- Update `cowbird` service from [1.1.1](https://github.com/Ouranosinc/cowbird/tree/1.1.1)
+  to [1.2.0](https://github.com/Ouranosinc/cowbird/tree/1.2.0)
 
 [1.27.0](https://github.com/bird-house/birdhouse-deploy/tree/1.27.0) (2023-07-06)
 ------------------------------------------------------------------------------------------------------------------
@@ -176,7 +183,6 @@
 
 - Licence: update copyright line with year and ownership
 
-
 [1.26.1](https://github.com/bird-house/birdhouse-deploy/tree/1.26.1) (2023-04-26)
 ------------------------------------------------------------------------------------------------------------------
 

@@ -47,3 +47,31 @@ webhooks:
     payload:
       event : "deleted"
       user_name : "{{user.name}}"
+  - name: cowbird_create_permission
+    action: create_user_permission
+    method: POST
+    url: http://cowbird:7000/webhooks/permissions
+    payload:
+      event : "created"
+      service_name: "{{service.name}}"
+      service_type: "{{service.type}}"
+      resource_id: "{{resource.id}}"
+      resource_full_name: "{{resource.name}}"
+      name: "{{permission.name}}"
+      access: "{{permission.access}}"
+      scope: "{{permission.scope}}"
+      user: "{{user.name}}"
+  - name: cowbird_delete_permission
+    action: delete_user_permission
+    method: POST
+    url: http://cowbird:7000/webhooks/permissions
+    payload:
+      event : "deleted"
+      service_name: "{{service.name}}"
+      service_type: "{{service.type}}"
+      resource_id: "{{resource.id}}"
+      resource_full_name: "{{resource.name}}"
+      name: "{{permission.name}}"
+      access: "{{permission.access}}"
+      scope: "{{permission.scope}}"
+      user: "{{user.name}}"
@@ -24,7 +24,7 @@ VARS="$VARS $EXTRA_VARS"
 # Cowbird Configuration
 # =====================
 
-export COWBIRD_VERSION="1.1.1"
+export COWBIRD_VERSION="1.2.0"
 
 # reuse the mongo instance provided by the core docker-compose
 # the 'host' is the mongo 'service' inter-docker network connection in this case

@@ -18,6 +18,11 @@ services:
       COWBIRD_SSL_VERIFY: "true"
       COWBIRD_CONFIG_PATH: /opt/local/src/cowbird/config/cowbird.yml
       COWBIRD_INI_FILE_PATH: /opt/local/src/cowbird/config/cowbird.ini
+      COWBIRD_FILESYSTEM_USER_UID: ${USER_WORKSPACE_UID}
+      COWBIRD_FILESYSTEM_USER_GID: ${USER_WORKSPACE_GID}
+      # root user
+      COWBIRD_FILESYSTEM_ADMIN_UID: 0
+      COWBIRD_FILESYSTEM_ADMIN_GID: 0
       WORKSPACE_DIR: /${USER_WORKSPACES}
     links:
       - "${COWBIRD_MONGODB_SERVICE}"
@@ -42,6 +47,11 @@ services:
       COWBIRD_SSL_VERIFY: "true"
       COWBIRD_CONFIG_PATH: /opt/local/src/cowbird/config/cowbird.yml
       COWBIRD_INI_FILE_PATH: /opt/local/src/cowbird/config/cowbird.ini
+      COWBIRD_FILESYSTEM_USER_UID: ${USER_WORKSPACE_UID}
+      COWBIRD_FILESYSTEM_USER_GID: ${USER_WORKSPACE_GID}
+      # root user
+      COWBIRD_FILESYSTEM_ADMIN_UID: 0
+      COWBIRD_FILESYSTEM_ADMIN_GID: 0
       WORKSPACE_DIR: /${USER_WORKSPACES}
     links:
       - "${COWBIRD_MONGODB_SERVICE}"

@@ -27,6 +27,8 @@ services:
       JUPYTER_GOOGLE_DRIVE_SETTINGS: ${JUPYTER_GOOGLE_DRIVE_SETTINGS}
       JUPYTERHUB_README: ${JUPYTERHUB_README}
       MOUNT_IMAGE_SPECIFIC_NOTEBOOKS: ${MOUNT_IMAGE_SPECIFIC_NOTEBOOKS}
+      USER_WORKSPACE_UID: ${USER_WORKSPACE_UID}
+      USER_WORKSPACE_GID: ${USER_WORKSPACE_GID}
     volumes:
       - ./config/jupyterhub/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py:ro
       - ./config/jupyterhub/custom_templates:/custom_templates:ro

@@ -112,7 +112,8 @@ def create_dir_hook(spawner):
     if not os.path.exists(jupyterhub_user_dir):
         os.mkdir(jupyterhub_user_dir, 0o755)
 
-    subprocess.call(["chown", "-R", "1000:1000", jupyterhub_user_dir])
+    subprocess.call(["chown", "-R", f"{os.environ['USER_WORKSPACE_UID']}:{os.environ['USER_WORKSPACE_GID']}",
+                     jupyterhub_user_dir])
 
     if os.environ['WORKSPACE_DIR'] != jupyterhub_data_dir:
         # Case for cowbird setup. The workspace directory should also have the user's ownership,
@@ -121,7 +122,8 @@ def create_dir_hook(spawner):
         if not os.path.exists(workspace_user_dir):
             raise FileNotFoundError(f"The user {username}'s workspace doesn't exist in the workspace directory, "
                                     "but should have been created by Cowbird already.")
-        subprocess.call(["chown", "1000:1000", workspace_user_dir])
+        subprocess.call(["chown", f"{os.environ['USER_WORKSPACE_UID']}:{os.environ['USER_WORKSPACE_GID']}",
+                         workspace_user_dir])
 
     if username == os.environ['JUPYTER_DEMO_USER']:
         # Restrict resources for the public demo user

@@ -5,7 +5,7 @@
 # are applied and must be added to the list of DELAYED_EVAL.
 
 # Tag version that will be used to update Magpie API, Magpie CLI, and matching Twitcher with Magpie Adapter
-export MAGPIE_VERSION=3.31.0
+export MAGPIE_VERSION=3.34.0
 
 export MAGPIE_DB_NAME="magpiedb"
 

@@ -50,3 +50,6 @@ export DEFAULT_CONF_DIRS='
   ./config/twitcher
   ./config/jupyterhub
 '
+
+export USER_WORKSPACE_UID=1000
+export USER_WORKSPACE_GID=1000