diff --git a/README.md b/README.md index b8e4f11..98d2183 100644 --- a/README.md +++ b/README.md @@ -212,14 +212,43 @@ helm install argo-events-stan nats/stan --set stan.nats.url=nats://argo-events-n ```bash helm upgrade --install {release} illumidesk/cluster --namespace kube-system -f {cluster-stage-custom-config}.yaml --debug --dry-run ``` - + +### AWS Resources(SecretsManager) IAM Steps + +1. Navigate to the `policy folder' and create a policy for Secrets Manager +2. Create a policy for secretsmananger using the policy document,`iam-policy-secrets-manager.json` + ``` + aws iam create-policy --policy-name AmazonEKS_SecretsManager_CSI_Driver_Policy --policy-document file://policy/iam-policy-secrets-manager.json + ``` +3. Get the region-code and oidc-id to pass into trust policy + ```bash + aws eks describe-cluster --name {cluster} --query "cluster.identity.oidc.issuer" --output text + ``` +4. Create aws resources role with appropriate trust policy + +aws iam create-role \ + --role-name AmazonEKS_Resources_Role \ + --assume-role-policy-document file://"policy/trust-aws-resources-policy-example.json" + +5. Attach efs csi driver IAM policy to the role created in the previous step + + ```bash + aws iam attach-role-policy \ + --policy-arn arn:aws:iam::{account_id}:policy/AmazonEKS_SecretsManager_CSI_Driver_Policy \ + --role-name AmazonEKS_Resources_Role + ``` + +6. Pass Role ARN to grader-setup-service service account and hub service account with the following annotation + +``` + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::860100747351:role/AmazonEKS_Resources_Role +``` ## Configuration | Parameter | Description | Default | | --------------------- | ------------------------------- | ------------- | | efsCSIDriver.enabled | Enables EFS CSI Driver | false | - | efsCSIDriver.region | region to pull csi driver images | us-west-2 | - | efsCSIDriver.region | efs csi driver image address | 602401143452 | | efsCSIDriver.passARN | enable pass csi arn to service account manifest | false | | efsCSIDriver.roleARN | pass csi arn to service account manifest | "" | diff --git a/charts/illumidesk/Chart.yaml b/charts/illumidesk/Chart.yaml index 0e854dd..f601180 100644 --- a/charts/illumidesk/Chart.yaml +++ b/charts/illumidesk/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: illumidesk -version: 6.2.0 +version: 6.4.0 appVersion: 1.3.0 description: An extention of the JupyterHub Chart with additional IllumiDesk resources icon: https://configs.illumidesk.com/images/illumidesk-80.png diff --git a/charts/illumidesk/templates/grader_pv.yaml b/charts/illumidesk/templates/grader_pv.yaml index 92654c7..5659de6 100644 --- a/charts/illumidesk/templates/grader_pv.yaml +++ b/charts/illumidesk/templates/grader_pv.yaml @@ -35,7 +35,9 @@ spec: storageClassName: efs-sc csi: driver: efs.csi.aws.com -{{ if ne .Values.allowEFS.illumideskCoursesAccessPoint "" }} +{{ if .Values.graderSetupService.singlePVC }} + volumeHandle: {{ .Values.allowEFS.volumeHandle }} +{{ else if ne .Values.allowEFS.illumideskCoursesAccessPoint "" }} volumeHandle: "{{ .Values.allowEFS.volumeHandle }}::{{ .Values.allowEFS.illumideskCoursesAccessPoint }}" {{ else}} volumeHandle: "{{ .Values.allowEFS.volumeHandle }}:/illumidesk-courses" diff --git a/charts/illumidesk/templates/grader_setup_service.yaml b/charts/illumidesk/templates/grader_setup_service.yaml index 2b15ce8..96dbb3a 100644 --- a/charts/illumidesk/templates/grader_setup_service.yaml +++ b/charts/illumidesk/templates/grader_setup_service.yaml @@ -5,6 +5,11 @@ kind: ServiceAccount metadata: name: illumidesk-account namespace: {{ .Release.Namespace }} +{{ if ne .Values.graderSetupService.roleARN "" }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.graderSetupService.roleARN }} +{{ end }} + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -129,20 +134,42 @@ spec: configMapKeyRef: name: hub-illumidesk-cm key: POSTGRES_NBGRADER_HOST + - name: AWS_SECRET_ARN + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm + key: AWS_SECRET_ARN + - name: AWS_REGION + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm + key: AWS_REGION - name: POSTGRES_NBGRADER_USER valueFrom: configMapKeyRef: name: hub-illumidesk-cm key: POSTGRES_NBGRADER_USER + - name: POSTGRES_NBGRADER_DB_NAME + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm + key: POSTGRES_NBGRADER_DATABASE + - name: CAMPUS_ID + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm + key: CAMPUS_ID - name: POSTGRES_NBGRADER_PASSWORD valueFrom: secretKeyRef: {{ if .Values.externalDatabase.enabled }} name: {{ .Values.externalDatabase.existingSecret }} + key: postgresql-password {{ else if .Values.postgresql.enabled }} name: {{ .Values.postgresql.existingSecret }} - {{ end }} key: postgresql-password + {{ end }} + - name: ILLUMIDESK_MNT_ROOT value: '/illumidesk-courses' - name: PORT @@ -165,21 +192,30 @@ spec: value: {{ .Release.Namespace }} - name: GRADER_PVC value: grader-pvc-{{ .Release.Namespace }} +{{ if not .Values.graderSetupService.singlePVC }} - name: GRADER_SHARED_PVC value: shared-pvc-{{ .Release.Namespace }} +{{ end }} - name: GRADER_IMAGE_PULL_POLICY value: {{ .Values.graderSetupService.graderSpawnerPullPolicy }} volumeMounts: - name: grader-pv-{{ .Release.Namespace }} mountPath: /illumidesk-courses subPath: illumidesk-courses +{{ if .Values.graderSetupService.singlePVC }} + - name: grader-pv-{{ .Release.Namespace }} + mountPath: /illumidesk-nb-exchange +{{ else }} - name: shared-pv-{{ .Release.Namespace }} mountPath: /illumidesk-nb-exchange +{{ end }} serviceAccountName: illumidesk-account volumes: +{{ if not .Values.graderSetupService.singlePVC }} - name: shared-pv-{{.Release.Namespace }} persistentVolumeClaim: claimName: shared-pvc-{{ .Release.Namespace }} +{{ end }} - name: grader-pv-{{ .Release.Namespace }} persistentVolumeClaim: claimName: grader-pvc-{{ .Release.Namespace }} diff --git a/charts/illumidesk/templates/illumidesk-config-map.yaml b/charts/illumidesk/templates/illumidesk-config-map.yaml index fd98a40..c9692d6 100644 --- a/charts/illumidesk/templates/illumidesk-config-map.yaml +++ b/charts/illumidesk/templates/illumidesk-config-map.yaml @@ -7,7 +7,11 @@ metadata: data: CUSTOM_AUTH_TYPE: {{ .Values.illumideskSettings.customAuthType | default "DUMMY" | quote }} JUPYTERHUB_API_URL: "http://hub.{{ .Release.Namespace }}.svc.cluster.local:8081/hub/api" + AWS_SECRET_ARN: {{ .Values.illumideskSettings.awsSecretARN | default "" | quote }} + AWS_REGION: {{ .Values.illumideskSettings.awsRegion | default "us-west-2" | quote }} ORGANIZATION_NAME: {{ .Release.Namespace }} + CAMPUS_ID: {{ .Values.illumideskSettings.campusId }} + POSTGRES_NBGRADER_DATABASE: {{ .Values.illumideskSettings.nbgrader_database | default "illumidesk" | quote }} OIDC_AUTHORIZE_URL: {{ .Values.illumideskSettings.oidcAuthorizeUrl | default "https://auth.illumidesk.com/authorize" | quote }} OIDC_TOKEN_URL: {{ .Values.illumideskSettings.oidcTokenUrl | default "https://auth.illumidesk.com/authorize" | quote }} OIDC_USERDATA_URL: {{ .Values.illumideskSettings.oidcUserDataUrl | default "https://auth.illumidesk.com/userinfo" | quote }} @@ -20,19 +24,19 @@ data: LTI13_AUTHORIZE_URL: {{ .Values.illumideskSettings.lti13AuthorizeUrl | default "https://illumidesk.instructure.com/api/lti/authorize_redirect" | quote }} LTI13_TOKEN_URL: {{ .Values.illumideskSettings.lti13TokenUrl | default "https://illumidesk.instructure.com/login/oauth2/token" | quote }} {{ if .Values.externalDatabase.enabled }} - POSTGRES_NBGRADER_HOST: {{ .Values.externalDatabase.host | quote }} - POSTGRES_JUPYTERHUB_HOST: {{ .Values.externalDatabase.host | quote }} - POSTGRES_JUPYTERHUB_DB: {{ .Values.externalDatabase.database | quote }} - POSTGRES_JUPYTERHUB_PORT: {{ .Values.externalDatabase.port | quote }} - POSTGRES_NBGRADER_USER: {{ .Values.externalDatabase.databaseUser | quote }} - POSTGRES_JUPYTERHUB_USER: {{ .Values.externalDatabase.databaseUser | quote }} + POSTGRES_NBGRADER_HOST: {{ .Values.externalDatabase.host | default "" | quote }} + POSTGRES_JUPYTERHUB_HOST: {{ .Values.externalDatabase.host | default "" | quote }} + POSTGRES_JUPYTERHUB_DB: {{ .Values.externalDatabase.database | default "" | quote }} + POSTGRES_JUPYTERHUB_PORT: {{ .Values.externalDatabase.port | default "5432" |quote }} + POSTGRES_NBGRADER_USER: {{ .Values.externalDatabase.databaseUser | default "" | quote }} + POSTGRES_JUPYTERHUB_USER: {{ .Values.externalDatabase.databaseUser | default "" | quote }} {{ else if .Values.postgresql.enabled }} POSTGRES_NBGRADER_HOST: "{{.Release.Namespace }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local" POSTGRES_JUPYTERHUB_HOST: "{{ .Release.Namespace }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local" - POSTGRES_JUPYTERHUB_DB: {{ .Values.postgresql.postgresqlDatabase | quote }} - POSTGRES_JUPYTERHUB_PORT: {{ .Values.postgresql.service.port | quote }} - POSTGRES_NBGRADER_USER: {{ .Values.postgresql.postgresqlUsername | quote }} - POSTGRES_JUPYTERHUB_USER: {{ .Values.postgresql.postgresqlUsername | quote }} + POSTGRES_JUPYTERHUB_DB: {{ .Values.postgresql.postgresqlDatabase | default "" | quote }} + POSTGRES_JUPYTERHUB_PORT: {{ .Values.postgresql.service.port | default "5432" | quote }} + POSTGRES_NBGRADER_USER: {{ .Values.postgresql.postgresqlUsername | default "" | quote }} + POSTGRES_JUPYTERHUB_USER: {{ .Values.postgresql.postgresqlUsername | default "" | quote }} {{ end }} diff --git a/charts/illumidesk/templates/illumidesk_secrets.yaml b/charts/illumidesk/templates/illumidesk_secrets.yaml index b669b1b..af5a241 100644 --- a/charts/illumidesk/templates/illumidesk_secrets.yaml +++ b/charts/illumidesk/templates/illumidesk_secrets.yaml @@ -9,7 +9,7 @@ stringData: {{ if .Values.externalDatabase.enabled }} postgresql-password: {{ .Values.externalDatabase.databasePassword }} {{ else if .Values.postgresql.enabled }} - postgresql-password: {{ .Values.postgresql.postgresqlPassword }} + postgresql-password: {{ .Values.postgresql.postgresqlPassword }} postgresql-postgres-password: {{ .Values.postgresql.postgresqlPassword }} {{ end }} diff --git a/charts/illumidesk/templates/shared_pv.yaml b/charts/illumidesk/templates/shared_pv.yaml index 9033e92..7867268 100644 --- a/charts/illumidesk/templates/shared_pv.yaml +++ b/charts/illumidesk/templates/shared_pv.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.graderSetupService.singlePVC }} {{ if or (.Values.allowNFS.enabled) (.Values.allowLocal.enabled) (.Values.allowEFS.enabled)}} apiVersion: v1 kind: PersistentVolume @@ -41,4 +42,6 @@ spec: volumeHandle: "{{ .Values.allowEFS.volumeHandle }}:/illumidesk-nb-exchange" {{ end }} {{ end }} +{{ end }} + {{ end }} \ No newline at end of file diff --git a/charts/illumidesk/templates/shared_pvc.yaml b/charts/illumidesk/templates/shared_pvc.yaml index 471b9b1..5e6e2d7 100644 --- a/charts/illumidesk/templates/shared_pvc.yaml +++ b/charts/illumidesk/templates/shared_pvc.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.graderSetupService.singlePVC }} {{ if or (.Values.allowNFS.enabled) (.Values.allowLocal.enabled) (.Values.allowEFS.enabled)}} kind: PersistentVolumeClaim apiVersion: v1 @@ -19,4 +20,6 @@ spec: resources: requests: storage: {{ .Values.graderSetupService.storageRequests | default "200Mi" | quote }} +{{ end }} + {{ end }} \ No newline at end of file diff --git a/charts/illumidesk/values.yaml b/charts/illumidesk/values.yaml index d775439..0b785eb 100644 --- a/charts/illumidesk/values.yaml +++ b/charts/illumidesk/values.yaml @@ -182,9 +182,44 @@ jupyterhub: configMapKeyRef: name: hub-illumidesk-cm # The ConfigMap this value comes from. key: POSTGRES_JUPYTERHUB_DB + POSTGRES_NBGRADER_PORT: + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm # The ConfigMap this value comes from. + key: POSTGRES_JUPYTERHUB_PORT + POSTGRES_NBGRADER_DATABASE: + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm # The ConfigMap this value comes from. + key: POSTGRES_NBGRADER_DATABASE + AWS_SECRET_ARN: + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm # The ConfigMap this value comes from. + key: AWS_SECRET_ARN + AWS_REGION: + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm # The ConfigMap this value comes from. + key: AWS_REGION LTI13_PRIVATE_KEY: "/srv/jupyterhub/rsa_private.key" # Mount Root ILLUMIDESK_MNT_ROOT: "/illumidesk-courses" + CAMPUS_ID: + valueFrom: + configMapKeyRef: + name: hub-illumidesk-cm # The ConfigMap this value comes from. + key: CAMPUS_ID + POSTGRES_NBGRADER_PASSWORD: + valueFrom: + secretKeyRef: + name: illumidesk-secret # The ConfigMap this value comes from. + key: postgresql-password + POSTGRES_JUPYTERHUB_PASSWORD: + valueFrom: + secretKeyRef: + name: illumidesk-secret # The ConfigMap this value comes from. + key: postgresql-password extraConfig: # The logo that appears on the top right of the control panel and end-user notebook'))s with Jupyter Classic. logoConfig: | @@ -194,8 +229,10 @@ jupyterhub: import os from illumidesk.authenticators.authenticator import setup_course_hook - from illumideskdummyauthenticator.authenticator import IllumiDeskDummyAuthenticator + from illumidesk.authenticators.authenticator import setup_user_hook_auth0 + from illumidesk.authenticators.authenticator import setup_course_hook_lti11 from oauthenticator.generic import GenericOAuthenticator + from secretsmanager.secretsmanager import SecretsManager custom_auth_type = os.environ.get('CUSTOM_AUTH_TYPE') c.JupyterHub.hub_connect_ip = 'hub' @@ -216,6 +253,7 @@ jupyterhub: or 'ild_test_consumer_key': os.environ.get('LTI_SHARED_SECRET') or 'ild_test_shared_secret' } + c.Authenticator.enable_auth_state = True elif custom_auth_type == 'DUMMY': c.JupyterHub.authenticator_class = 'illumideskdummyauthenticator.authenticator.IllumiDeskDummyAuthenticator' c.Authenticator.enable_auth_state = True @@ -243,9 +281,11 @@ jupyterhub: # User name key returned by user c.GenericOAuthenticator.username_key = 'nickname' - if custom_auth_type != 'AUTH0': + if custom_auth_type == 'LTI13': c.Authenticator.post_auth_hook = setup_course_hook + elif custom_auth_type == 'LTI11': + c.Authenticator.post_auth_hook = setup_course_hook_lti11 def userdata_hook(spawner, auth_state): if not auth_state: @@ -257,16 +297,26 @@ jupyterhub: spawner.log.debug('Assigned USER_ROLE env var to %s' % spawner.environment['USER_ROLE']) c.Spawner.auth_state_hook = userdata_hook + elif custom_auth_type == 'AUTH0': + c.Authenticator.post_auth_hook = setup_user_hook_auth0 c.Authenticator.enable_auth_state = True + aws_secret_arn = os.environ.get('AWS_SECRET_ARN') + region = os.environ.get('AWS_REGION') or 'us-west-2' + secretmanager = SecretsManager(aws_secret_arn, region_name=region) + if secretmanager.host == "": + secretmanager.host = os.environ.get('POSTGRES_JUPYTERHUB_HOST') - c.JupyterHub.db_url = 'postgresql://{user}:{password}@{host}:{port}/{db}'.format( - user=os.environ.get('POSTGRES_JUPYTERHUB_USER'), - password=os.environ.get('POSTGRES_JUPYTERHUB_PASSWORD'), - host=os.environ.get('POSTGRES_JUPYTERHUB_HOST'), - port=os.environ.get('POSTGRES_JUPYTERHUB_PORT'), - db=os.environ.get('POSTGRES_JUPYTERHUB_DB'), - ) + if aws_secret_arn == "" or aws_secret_arn is None: + c.JupyterHub.db_url = 'postgresql://{user}:{password}@{host}:{port}/{db}'.format( + user=os.environ.get('POSTGRES_JUPYTERHUB_USER'), + password=os.environ.get('POSTGRES_JUPYTERHUB_PASSWORD'), + host=os.environ.get('POSTGRES_JUPYTERHUB_HOST'), + port=os.environ.get('POSTGRES_JUPYTERHUB_PORT'), + db=os.environ.get('POSTGRES_JUPYTERHUB_DB'), + ) + else: + c.JupyterHub.db_url = secretmanager.rds_connection_string # Upgrade the database automatically on start c.JupyterHub.upgrade_db = True @@ -350,12 +400,6 @@ jupyterhub: cmd: start-singleuser.sh # Single user server extra environment variables # ref: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html#singleuser-extraenv - extraEnv: - # If yes, Instructs the startup script to change the $NB_USER home directory owner and group to the - # current value of $NB_UID and $NB_GID. - CHOWN_HOME: 'yes' - # The default editor for user's environment - Editor: vim # The GID the hub process should be using when touching any volumes mounted. fsGid: 0 # The UID the hub process should be running as. @@ -457,6 +501,8 @@ allowLocal: illumideskSettings: # Enables or disables the illumidesk settings options enabled: true + # Campus ID + campusId: 'test' # The custom authentication type. Should be one of DUMMY, LTI11, LTI13, or AUTH0. customAuthType: "DUMMY" # OIDC authorization URL @@ -481,10 +527,16 @@ illumideskSettings: lti13AuthorizeUrl: "" # LTI v1.3 token URL lti13TokenUrl: "" + # AWS Secrets Manager ARN + awsSecretARN: "" + # AWS Region + awsRegion: "us-west-2" ## Grader setup service ## graderSetupService: + # Role ARN required to fetch aws resources + roleARN: "" # Enables or disables the grader setup service enabled: false # The docker image to use for the grader setup service. If a registry other than @@ -524,3 +576,5 @@ graderSetupService: graderSpawnerMemLimit: "" # Max Storage allocated for Grader PV and PVCss graderSpawnerStorage: "2Gi" + # grader pvc only + singlePVC: false diff --git a/docs/illumidesk-6.3.0.tgz b/docs/illumidesk-6.3.0.tgz new file mode 100644 index 0000000..a57d1af Binary files /dev/null and b/docs/illumidesk-6.3.0.tgz differ diff --git a/docs/illumidesk-6.4.0.tgz b/docs/illumidesk-6.4.0.tgz new file mode 100644 index 0000000..c3b1a19 Binary files /dev/null and b/docs/illumidesk-6.4.0.tgz differ diff --git a/docs/index.yaml b/docs/index.yaml index 4aca8e8..24a7ccb 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -3,7 +3,7 @@ entries: cluster: - apiVersion: v2 appVersion: 0.2.0 - created: "2022-03-10T14:29:08.768443-05:00" + created: "2022-04-15T13:22:19.310379-04:00" description: Cluster based resources that the Illumidesk stack may need digest: 782f32c4713e214ecc82b46735d5176dc690d7cb9b87f1f0f26fd969a38f584e maintainers: @@ -15,7 +15,7 @@ entries: version: 0.2.0 - apiVersion: v2 appVersion: 0.1.0 - created: "2022-03-10T14:29:08.767417-05:00" + created: "2022-04-15T13:22:19.3101267-04:00" description: Cluster based resources that the Illumidesk stack may need digest: 1d5e27e07f4c697f1531ecefc5347aaa02ba0246e031d327119fb972c95dbef5 maintainers: @@ -27,7 +27,7 @@ entries: version: 0.1.0 - apiVersion: v2 appVersion: 0.0.3 - created: "2022-03-10T14:29:08.7661064-05:00" + created: "2022-04-15T13:22:19.3099863-04:00" description: Cluster based resources that the Illumidesk stack may need digest: b7783721fbc8498fbc10be8e7dd9a57870781fb7e47fe9c9fec648608a8de448 maintainers: @@ -39,7 +39,7 @@ entries: version: 0.0.3 - apiVersion: v2 appVersion: 0.0.2 - created: "2022-03-10T14:29:08.7656705-05:00" + created: "2022-04-15T13:22:19.309834-04:00" description: Cluster based resources that the Illumidesk stack may need digest: b6da0d18ffec6c5ef8f6fa62e438b40f84424fa100be4e8c4aad8aefeaf99ca5 maintainers: @@ -51,7 +51,7 @@ entries: version: 0.0.2 - apiVersion: v2 appVersion: 0.0.1 - created: "2022-03-10T14:29:08.7650865-05:00" + created: "2022-04-15T13:22:19.3095925-04:00" description: Cluster Level Resources that Illumidesk May Require digest: da06cd6a7683bb09e1424a24ee4b332c6a1750fcaf6a2bc7c6b95cd6de8d7a30 maintainers: @@ -64,7 +64,55 @@ entries: illumidesk: - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.4736717-05:00" + created: "2022-04-15T13:22:20.053049-04:00" + dependencies: + - import-values: + - child: rbac + parent: rbac + name: jupyterhub + repository: https://jupyterhub.github.io/helm-chart/ + version: 1.1.1 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 10.16.1 + description: An extention of the JupyterHub Chart with additional IllumiDesk resources + digest: 7553f50e414e3dd9b7be3031c0b490fad8b906661511b57f9120bd03b26e9d44 + icon: https://configs.illumidesk.com/images/illumidesk-80.png + maintainers: + - email: hello@illumidesk.com + name: IllumiDesk Team + name: illumidesk + urls: + - illumidesk-6.4.0.tgz + version: 6.4.0 + - apiVersion: v2 + appVersion: 1.3.0 + created: "2022-04-15T13:22:20.0440355-04:00" + dependencies: + - import-values: + - child: rbac + parent: rbac + name: jupyterhub + repository: https://jupyterhub.github.io/helm-chart/ + version: 1.1.1 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 10.16.1 + description: An extention of the JupyterHub Chart with additional IllumiDesk resources + digest: a9ccc3481a386d18982d21f38d6e4202431eef7e23cb860f3eb8132e3f7a5710 + icon: https://configs.illumidesk.com/images/illumidesk-80.png + maintainers: + - email: hello@illumidesk.com + name: IllumiDesk Team + name: illumidesk + urls: + - illumidesk-6.3.0.tgz + version: 6.3.0 + - apiVersion: v2 + appVersion: 1.3.0 + created: "2022-04-15T13:22:20.0340436-04:00" dependencies: - import-values: - child: rbac @@ -88,7 +136,7 @@ entries: version: 6.2.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.4664075-05:00" + created: "2022-04-15T13:22:20.0245839-04:00" dependencies: - import-values: - child: rbac @@ -112,7 +160,7 @@ entries: version: 6.1.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.459305-05:00" + created: "2022-04-15T13:22:20.0157716-04:00" dependencies: - import-values: - child: rbac @@ -136,7 +184,7 @@ entries: version: 6.0.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.2582982-05:00" + created: "2022-04-15T13:22:19.8047612-04:00" dependencies: - import-values: - child: rbac @@ -160,7 +208,7 @@ entries: version: 5.15.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.2502582-05:00" + created: "2022-04-15T13:22:19.795144-04:00" dependencies: - import-values: - child: rbac @@ -184,7 +232,7 @@ entries: version: 5.14.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.242561-05:00" + created: "2022-04-15T13:22:19.7856284-04:00" dependencies: - import-values: - child: rbac @@ -208,7 +256,7 @@ entries: version: 5.13.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.2336574-05:00" + created: "2022-04-15T13:22:19.7768157-04:00" dependencies: - import-values: - child: rbac @@ -232,7 +280,7 @@ entries: version: 5.12.2 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.224313-05:00" + created: "2022-04-15T13:22:19.7669097-04:00" dependencies: - import-values: - child: rbac @@ -256,7 +304,7 @@ entries: version: 5.12.1 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.2158822-05:00" + created: "2022-04-15T13:22:19.7576243-04:00" dependencies: - import-values: - child: rbac @@ -280,7 +328,7 @@ entries: version: 5.12.0 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.2074441-05:00" + created: "2022-04-15T13:22:19.7482879-04:00" dependencies: - import-values: - child: rbac @@ -304,7 +352,7 @@ entries: version: 5.11.6 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.1983943-05:00" + created: "2022-04-15T13:22:19.7395264-04:00" dependencies: - import-values: - child: rbac @@ -328,7 +376,7 @@ entries: version: 5.11.5 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.1894677-05:00" + created: "2022-04-15T13:22:19.7300561-04:00" dependencies: - import-values: - child: rbac @@ -352,7 +400,7 @@ entries: version: 5.11.4 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.1789699-05:00" + created: "2022-04-15T13:22:19.720467-04:00" dependencies: - import-values: - child: rbac @@ -376,7 +424,7 @@ entries: version: 5.11.3 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.17001-05:00" + created: "2022-04-15T13:22:19.711621-04:00" dependencies: - import-values: - child: rbac @@ -400,7 +448,7 @@ entries: version: 5.11.2 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.160366-05:00" + created: "2022-04-15T13:22:19.7019206-04:00" dependencies: - import-values: - child: rbac @@ -427,7 +475,7 @@ entries: version: 5.11.1 - apiVersion: v2 appVersion: 1.3.0 - created: "2022-03-10T14:29:09.1504606-05:00" + created: "2022-04-15T13:22:19.6917447-04:00" dependencies: - import-values: - child: rbac @@ -454,7 +502,7 @@ entries: version: 5.11.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.1394368-05:00" + created: "2022-04-15T13:22:19.6821904-04:00" dependencies: - import-values: - child: rbac @@ -481,7 +529,7 @@ entries: version: 5.10.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.125973-05:00" + created: "2022-04-15T13:22:19.668588-04:00" dependencies: - import-values: - child: rbac @@ -508,7 +556,7 @@ entries: version: 5.10.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4511935-05:00" + created: "2022-04-15T13:22:20.0059291-04:00" dependencies: - import-values: - child: rbac @@ -532,7 +580,7 @@ entries: version: 5.9.8 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4436883-05:00" + created: "2022-04-15T13:22:19.9972125-04:00" dependencies: - import-values: - child: rbac @@ -556,7 +604,7 @@ entries: version: 5.9.7 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4356692-05:00" + created: "2022-04-15T13:22:19.9890508-04:00" dependencies: - import-values: - child: rbac @@ -580,7 +628,7 @@ entries: version: 5.9.6 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4279024-05:00" + created: "2022-04-15T13:22:19.979819-04:00" dependencies: - import-values: - child: rbac @@ -604,7 +652,7 @@ entries: version: 5.9.5 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4189059-05:00" + created: "2022-04-15T13:22:19.9708942-04:00" dependencies: - import-values: - child: rbac @@ -628,7 +676,7 @@ entries: version: 5.9.4 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4105681-05:00" + created: "2022-04-15T13:22:19.9628299-04:00" dependencies: - import-values: - child: rbac @@ -652,7 +700,7 @@ entries: version: 5.9.2 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.4021949-05:00" + created: "2022-04-15T13:22:19.9538348-04:00" dependencies: - import-values: - child: rbac @@ -676,7 +724,7 @@ entries: version: 5.9.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3943181-05:00" + created: "2022-04-15T13:22:19.9451181-04:00" dependencies: - import-values: - child: rbac @@ -700,7 +748,7 @@ entries: version: 5.9.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3859324-05:00" + created: "2022-04-15T13:22:19.937043-04:00" dependencies: - import-values: - child: rbac @@ -728,7 +776,7 @@ entries: version: 5.8.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3746146-05:00" + created: "2022-04-15T13:22:19.9233624-04:00" dependencies: - import-values: - child: rbac @@ -756,7 +804,7 @@ entries: version: 5.7.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3610139-05:00" + created: "2022-04-15T13:22:19.9098288-04:00" dependencies: - import-values: - child: rbac @@ -784,7 +832,7 @@ entries: version: 5.6.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3505097-05:00" + created: "2022-04-15T13:22:19.8958776-04:00" dependencies: - import-values: - child: rbac @@ -812,7 +860,7 @@ entries: version: 5.5.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3358535-05:00" + created: "2022-04-15T13:22:19.8835711-04:00" dependencies: - import-values: - child: rbac @@ -840,7 +888,7 @@ entries: version: 5.4.2 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3230415-05:00" + created: "2022-04-15T13:22:19.869416-04:00" dependencies: - import-values: - child: rbac @@ -868,7 +916,7 @@ entries: version: 5.4.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.3118307-05:00" + created: "2022-04-15T13:22:19.8569179-04:00" dependencies: - import-values: - child: rbac @@ -896,7 +944,7 @@ entries: version: 5.4.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.2980404-05:00" + created: "2022-04-15T13:22:19.8442371-04:00" dependencies: - import-values: - child: rbac @@ -924,7 +972,7 @@ entries: version: 5.3.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.2836207-05:00" + created: "2022-04-15T13:22:19.8312004-04:00" dependencies: - import-values: - child: rbac @@ -952,7 +1000,7 @@ entries: version: 5.3.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.2695227-05:00" + created: "2022-04-15T13:22:19.8179874-04:00" dependencies: - import-values: - child: rbac @@ -980,7 +1028,7 @@ entries: version: 5.2.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.1126945-05:00" + created: "2022-04-15T13:22:19.6542652-04:00" dependencies: - import-values: - child: rbac @@ -1008,7 +1056,7 @@ entries: version: 5.1.2 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0991608-05:00" + created: "2022-04-15T13:22:19.6400871-04:00" dependencies: - import-values: - child: rbac @@ -1036,7 +1084,7 @@ entries: version: 5.1.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0879439-05:00" + created: "2022-04-15T13:22:19.6278441-04:00" dependencies: - import-values: - child: rbac @@ -1064,7 +1112,7 @@ entries: version: 5.1.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0745164-05:00" + created: "2022-04-15T13:22:19.6145064-04:00" dependencies: - import-values: - child: rbac @@ -1092,7 +1140,7 @@ entries: version: 5.0.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0613165-05:00" + created: "2022-04-15T13:22:19.600388-04:00" dependencies: - import-values: - child: rbac @@ -1120,7 +1168,7 @@ entries: version: 4.0.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0496435-05:00" + created: "2022-04-15T13:22:19.587793-04:00" dependencies: - import-values: - child: rbac @@ -1148,7 +1196,7 @@ entries: version: 3.5.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0389109-05:00" + created: "2022-04-15T13:22:19.5762326-04:00" dependencies: - import-values: - child: rbac @@ -1176,7 +1224,7 @@ entries: version: 3.4.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0273907-05:00" + created: "2022-04-15T13:22:19.5632278-04:00" dependencies: - import-values: - child: rbac @@ -1204,7 +1252,7 @@ entries: version: 3.3.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0158585-05:00" + created: "2022-04-15T13:22:19.5511232-04:00" dependencies: - import-values: - child: rbac @@ -1232,7 +1280,7 @@ entries: version: 3.2.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:09.0023483-05:00" + created: "2022-04-15T13:22:19.5389956-04:00" dependencies: - import-values: - child: rbac @@ -1260,7 +1308,7 @@ entries: version: 3.1.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9902309-05:00" + created: "2022-04-15T13:22:19.5275047-04:00" dependencies: - import-values: - child: rbac @@ -1288,7 +1336,7 @@ entries: version: 3.0.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9780088-05:00" + created: "2022-04-15T13:22:19.5151506-04:00" dependencies: - import-values: - child: rbac @@ -1316,7 +1364,7 @@ entries: version: 2.3.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9660348-05:00" + created: "2022-04-15T13:22:19.5034343-04:00" dependencies: - import-values: - child: rbac @@ -1344,7 +1392,7 @@ entries: version: 2.2.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9566285-05:00" + created: "2022-04-15T13:22:19.4914539-04:00" dependencies: - import-values: - child: rbac @@ -1372,7 +1420,7 @@ entries: version: 2.1.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9431016-05:00" + created: "2022-04-15T13:22:19.4795615-04:00" dependencies: - import-values: - child: rbac @@ -1400,7 +1448,7 @@ entries: version: 2.0.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9298663-05:00" + created: "2022-04-15T13:22:19.467679-04:00" dependencies: - import-values: - child: rbac @@ -1428,7 +1476,7 @@ entries: version: 2.0.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.916079-05:00" + created: "2022-04-15T13:22:19.4558911-04:00" dependencies: - import-values: - child: rbac @@ -1456,7 +1504,7 @@ entries: version: 1.0.1 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.9022241-05:00" + created: "2022-04-15T13:22:19.4444181-04:00" dependencies: - import-values: - child: rbac @@ -1484,7 +1532,7 @@ entries: version: 1.0.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.8924379-05:00" + created: "2022-04-15T13:22:19.4326135-04:00" dependencies: - import-values: - child: rbac @@ -1512,7 +1560,7 @@ entries: version: 0.6.0 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.881542-05:00" + created: "2022-04-15T13:22:19.4218199-04:00" dependencies: - import-values: - child: rbac @@ -1540,7 +1588,7 @@ entries: version: 0.5.2 - apiVersion: v2 appVersion: 1.2.0 - created: "2022-03-10T14:29:08.8708879-05:00" + created: "2022-04-15T13:22:19.4105204-04:00" dependencies: - import-values: - child: rbac @@ -1568,7 +1616,7 @@ entries: version: 0.5.1 - apiVersion: v2 appVersion: 1.1.0 - created: "2022-03-10T14:29:08.8566081-05:00" + created: "2022-04-15T13:22:19.3987958-04:00" dependencies: - import-values: - child: rbac @@ -1596,7 +1644,7 @@ entries: version: 0.5.0 - apiVersion: v2 appVersion: 1.0.0 - created: "2022-03-10T14:29:08.8465152-05:00" + created: "2022-04-15T13:22:19.3877328-04:00" dependencies: - import-values: - child: rbac @@ -1624,7 +1672,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 1.0.0 - created: "2022-03-10T14:29:08.8337218-05:00" + created: "2022-04-15T13:22:19.3762062-04:00" dependencies: - import-values: - child: rbac @@ -1652,7 +1700,7 @@ entries: version: 0.4.0 - apiVersion: v2 appVersion: 0.10.0 - created: "2022-03-10T14:29:08.8230235-05:00" + created: "2022-04-15T13:22:19.3631822-04:00" dependencies: - import-values: - child: rbac @@ -1680,7 +1728,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.1.1 - created: "2022-03-10T14:29:08.8107496-05:00" + created: "2022-04-15T13:22:19.351555-04:00" dependencies: - import-values: - child: rbac @@ -1708,7 +1756,7 @@ entries: version: 0.2.0 - apiVersion: v2 appVersion: 0.1.1 - created: "2022-03-10T14:29:08.8008505-05:00" + created: "2022-04-15T13:22:19.3401384-04:00" dependencies: - import-values: - child: rbac @@ -1736,7 +1784,7 @@ entries: version: 0.1.1 - apiVersion: v2 appVersion: 0.1.0 - created: "2022-03-10T14:29:08.7893496-05:00" + created: "2022-04-15T13:22:19.3297483-04:00" dependencies: - import-values: - child: rbac @@ -1763,7 +1811,7 @@ entries: - illumidesk-0.1.0.tgz version: 0.1.0 - apiVersion: v2 - created: "2022-03-10T14:29:08.7784828-05:00" + created: "2022-04-15T13:22:19.3203471-04:00" dependencies: - import-values: - child: rbac @@ -1789,4 +1837,4 @@ entries: urls: - illumidesk-0.0.1.tgz version: 0.0.1 -generated: "2022-03-10T14:29:08.7640701-05:00" +generated: "2022-04-15T13:22:19.3088177-04:00" diff --git a/policy/iam-policy-secrets-manager.json b/policy/iam-policy-secrets-manager.json new file mode 100644 index 0000000..b67e5ab --- /dev/null +++ b/policy/iam-policy-secrets-manager.json @@ -0,0 +1,20 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds" + ], + "Resource": "arn:aws:secretsmanager:us-west-2:860100747351:secret:*" + }, + { + "Effect": "Allow", + "Action": "secretsmanager:ListSecrets", + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/policy/trust-aws-resources-policy-example.json b/policy/trust-aws-resources-policy-example.json new file mode 100644 index 0000000..ee80df1 --- /dev/null +++ b/policy/trust-aws-resources-policy-example.json @@ -0,0 +1,19 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::{account-id}:oidc-provider/oidc.eks.{region-code}.amazonaws.com/id/{oidc-id}" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringLike": { + "oidc.eks.region-code.amazonaws.com/id/oidc-id:sub": "system:serviceaccount:*:*", + "oidc.eks.region-code.amazonaws.com/id/oidc-id:aud": "sts.amazonaws.com" + + } + } + } + ] +} \ No newline at end of file diff --git a/policy/trust-aws-secrets-manager-policy-example.json b/policy/trust-aws-secrets-manager-policy-example.json new file mode 100644 index 0000000..9d277b9 --- /dev/null +++ b/policy/trust-aws-secrets-manager-policy-example.json @@ -0,0 +1,10 @@ +import psycopg2 + +def postgres_test(): + + try: + conn = psycopg2.connect("dbname='illumidesk' user='postgres' host='illumidesk-staging-serverless.cluster-c2vgovpu6gzj.us-east-1.rds.amazonaws.com' password='Kwanso123' connect_timeout=1 ") + conn.close() + return True + except: + return False \ No newline at end of file