Closed seanpoulter-foci closed 4 weeks ago
The rad-lab module provides the rights required to anyone in the trusted_users or trusted_groups.
resource "google_project_iam_member" "role_notebooks_admin" {
for_each = toset(concat(formatlist("user:%s", var.trusted_users), formatlist("group:%s", var.trusted_groups)))
project = local.project.project_id
member = each.value
role = "roles/notebooks.admin"
}
local.proejct.project_id will be the project_prefix when the create_project is set to false.
project = (var.create_project
? try(module.project_radlab_ds_analytics.0, null)
: try(data.google_project.existing_project.0, null)
)
All that needs to be done is to set the trusted_users in the composition. I think this can be done with a varmap
varmap:
account:
region: us-west-1
owners:
- example-owner-1
- example-owner-2
So we don't have to fight with the transformations.
Here is the link to the roles/notebook.admin permissions
https://cloud.google.com/iam/docs/understanding-roles#ai-notebooks-roles
Thanks Dan. Setting the trusted_users
in the Workspace
manifest from k9s
resolves the error.
Outcome
We should be able to provide an end-to-end demo of the Rad Lab modules, and open the notebook without errors.
Problem
We can create instances of the Rad Lab module templates 🎉
These Entities have links to View Managed Notebooks on Google Cloud.
View Managed Notebooks on Google Cloud
If we follow the link we'll be able to open the JupyterLab notebook:
This results in a permissions error:
Technical Notes
The docs for the Data Science and GenAI Rad Lab modules state: