Magpie: ensure that the MAGPIE_ADMIN_USERNAME variable is respected

CHANGES.md

@@ -43,6 +43,9 @@
   * Replace the LICENSE URL of the server node pointing
     at [Ouranosinc/pavics-sdi](https://github.com/Ouranosinc/pavics-sdi) instead
     of intended [bird-house/birdhouse-deploy](https://github.com/bird-house/birdhouse-deploy).
+- Magpie: ensure that the `MAGPIE_ADMIN_USERNAME` variable is respected
+  * When determining the `JUPYTERHUB_ADMIN_USERS` variable
+  * Double check that it is being respected everywhere else
 
 [2.0.2](https://github.com/bird-house/birdhouse-deploy/tree/2.0.2) (2023-12-15)
 ------------------------------------------------------------------------------------------------------------------

birdhouse/README.rst

@@ -148,7 +148,7 @@ instructions below.
 Manual instructions:
 
 * Go to
-  ``https://<PAVICS_FQDN>/magpie/ui/login`` and login with the ``admin`` user. The password should be in ``env.local``.
+  ``https://<PAVICS_FQDN>/magpie/ui/login`` and login with the ``MAGPIE_ADMIN_USERNAME`` user. The password should be in ``env.local``.
 
 * Then go to ``https://<PAVICS_FQDN>/magpie/ui/users/add``.
 

birdhouse/components/README.rst

@@ -304,7 +304,7 @@ birdhouse-deploy software stack and the machine that it is running on. It is hig
 make these routes available to anyone who does not have proper access permissions.
 
 Add existing users to the ``monitoring`` group to allow them access to the various monitoring WebUI.
-This way, we do not need to share the ``admin`` user account and do not have to add them to the
+This way, we do not need to share the ``MAGPIE_ADMIN_USERNAME`` user account and do not have to add them to the
 ``administrators`` group, which would give them too much permissions.
 
 

birdhouse/components/jupyterhub/default.env

@@ -68,9 +68,13 @@ export JUPYTERHUB_CRYPT_KEY=
 # JUPYTERHUB_CRYPT_KEY is set.
 export JUPYTERHUB_AUTHENTICATOR_REFRESH_AGE=60
 
+# Usernames that should be given admin access in jupyterhub
+export JUPYTERHUB_ADMIN_USERS='{\"${MAGPIE_ADMIN_USERNAME}\"}'  # python set syntax
+
 export DELAYED_EVAL="
   $DELAYED_EVAL
   JUPYTERHUB_USER_DATA_DIR
+  JUPYTERHUB_ADMIN_USERS
 "
 
 # add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here

birdhouse/default.env

@@ -84,19 +84,19 @@ export SERVER_LICENSE_URL='${__DEFAULT__SERVER_LICENSE_URL}'
 # Those will not be set explicitly as defaults to ensure they are overridden explicitly by the instance.
 # These values would be detected only if the instance was configured using a copy of 'env.local.example'.
 export __DEFAULT__MAGPIE_SECRET=itzaseekrit
-#export __DEFAULT__MAGPIE_ADMIN_USERNAME=admin
+export __DEFAULT__MAGPIE_ADMIN_USERNAME=admin
 export __DEFAULT__MAGPIE_ADMIN_PASSWORD=qwertyqwerty!
-#export __DEFAULT__POSTGRES_PAVICS_USERNAME=postgres-pavics
+export __DEFAULT__POSTGRES_PAVICS_USERNAME=postgres-pavics
 export __DEFAULT__POSTGRES_PAVICS_PASSWORD=postgres-qwerty
-#export __DEFAULT__POSTGRES_MAGPIE_USERNAME=postgres-magpie
+export __DEFAULT__POSTGRES_MAGPIE_USERNAME=postgres-magpie
 export __DEFAULT__POSTGRES_MAGPIE_PASSWORD=postgres-qwerty
-#export __DEFAULT__GEOSERVER_ADMIN_USER=admingeo
+export __DEFAULT__GEOSERVER_ADMIN_USER=admingeo
 export __DEFAULT__GEOSERVER_ADMIN_PASSWORD=geoserverpass
 #############################################################################
 # Deprecated vars (for components in the ./deprecated-components directory)
 #############################################################################
 export __DEFAULT__TOMCAT_NCWMS_PASSWORD=ncwmspass
-#export __DEFAULT__CATALOG_USERNAME=admin-catalog
+export __DEFAULT__CATALOG_USERNAME=admin-catalog
 export __DEFAULT__CATALOG_PASSWORD=qwerty
 export __DEFAULT__PHOENIX_PASSWORD=phoenix_pass
 export __DEFAULT__PHOENIX_PASSWORD_HASH=sha256:123456789012:1234567890123456789012345678901234567890123456789012345678901234

birdhouse/env.local.example

@@ -24,7 +24,6 @@ export MAGPIE_ADMIN_PASSWORD=qwertyqwerty!
 export TWITCHER_PROTECTED_PATH=/twitcher/ows/proxy
 export [email protected]
 export CMIP5_THREDDS_ROOT=birdhouse/CMIP5/CCCMA
-export JUPYTERHUB_ADMIN_USERS="{'admin'}"  # python set syntax
 export POSTGRES_PAVICS_USERNAME=postgres-pavics
 export POSTGRES_PAVICS_PASSWORD=postgres-qwerty
 export POSTGRES_MAGPIE_USERNAME=postgres-magpie
@@ -426,6 +425,12 @@ export GEOSERVER_ADMIN_PASSWORD=geoserverpass
 #c.Spawner.pre_spawn_hook = custom_create_dir_hook
 #"
 
+# Usernames that should be given admin access in jupyterhub
+# By default, only the MAGPIE_ADMIN_USERNAME user is given admin access. Update this variable only if you wish
+# to give additional users admin access by default.
+# Note that you can also give users admin access through the jupyterhub UI.
+#export JUPYTERHUB_ADMIN_USERS='{\"${MAGPIE_ADMIN_USERNAME}\", \"othername\"}'  # python set syntax
+
 # Extra PyWPS config for **all** WPS services (currently only Flyingpigeon, Finch and Raven supported).
 # export EXTRA_PYWPS_CONFIG="
 # [logging]

birdhouse/scripts/read-configs.include.sh

@@ -258,7 +258,8 @@ process_delayed_eval() {
           continue
         fi
         v="`eval "echo \\$${i}"`"
-        eval 'export ${i}="`eval "echo ${v}"`"'
+        value=`eval "echo \"${v}\""`
+        eval 'export ${i}="${value}"'
         log DEBUG "delayed eval '$(env | grep -e "^${i}=")'"
         ALREADY_EVALED="
           $ALREADY_EVALED

tests/test_read_configs_include.py

@@ -183,6 +183,12 @@ def test_delayed_eval_custom_value(self, read_config_include_file) -> None:
         assert (split_and_strip(get_command_stdout(proc))[-1] ==
                 "public.example.com - /my-data-root/jupyterhub_user_data - /my-geoserver-data")
 
+    def test_delayed_eval_quoting(self, read_config_include_file) -> None:
+        """Test that the delayed evaluation functions resolve quotation marks and braces properly"""
+        extra = {"EXTRA_TEST_VAR": "\"{'123'}\"", "DELAYED_EVAL": "$DELAYED_EVAL EXTRA_TEST_VAR"}
+        proc = self.run_func(read_config_include_file, extra, 'echo "${EXTRA_TEST_VAR}"')
+        assert split_and_strip(get_command_stdout(proc))[-1] == "{'123'}"
+
 
 class TestCreateComposeConfList:
     default_conf_list_order: list[str] = [