Add resources for Vertex AI notebook runtime templates and associated IAM bindings

[rjw57]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The existing google_notebooks_runtime resource allows creation of notebook runtimes. However, a google_notebooks_runtime_template resource corresponding to the Runtime Template REST resource is not provided.

We'd like to investigate Colab Enterprise for interactive runbooks and would like to configure a runtime template configured with a service account used for administration which our console users have impersonation permissions for. We'd prefer notebooks created with the default runtime template to use this service account rather than end-user credentials.

This functionality is present in the v1 Vertex AI API via custom runtime templates and is, AFAICT, GA aside from the idleShutdownConfig property.

New or Affected Resource(s)

• google_notebooks_runtime_template
• google_notebooks_runtime_template_iam

Potential Terraform Configuration

resource "google_notebooks_runtime_template" "default" {
  name         = "my-default-template"
  display_name = "Default template"

  is_default = true

  machine_spec {
    machine_type = "e2-standard-2"
  }

  data_persistent_disk_spec {
    disk_size_gb = 50
  }

  service_account = "deployer@my-project.iam.gserviceaccount.com"

  euc_config {
    euc_disabled = true
  }

  notebook_runtime_type = "ONE_CLICK"
}

resource "google_notebooks_runtime_template_iam_member" "runtime_user" {
  project  = google_notebooks_runtime_template.default.project
  location = google_notebooks_runtime_template.default.location

  runtime_template_name = google_notebooks_runtime_template.default.name

  role   = "roles/aiplatform.notebookRuntimeUser"
  member = "user:jane@example.com"
}

References

• https://cloud.google.com/colab/docs/create-runtime-template
• https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.notebookRuntimeTemplates
• https://cloud.google.com/colab/docs/manage-access-runtime-template
• https://cloud.google.com/vertex-ai/docs/general/access-control#aiplatform.notebookRuntimeUser

b/310896821

[bcreddy-gcp]

I think you have few of the resources mixed up here. google_notebooks_runtime is for Managed notebooks while colab runtimes and colab runtime templates are different resources. Neither colab runtimes nor colab runtime templates have Terraform support as of today.

[rjw57]

So, these resources are for https://cloud.google.com/vertex-ai/docs/workbench/reference/rest/v1/projects.locations.runtimes and there is not currently terraform support for, e.g., https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.notebookRuntimes?

[bcreddy-gcp]

That's right.

[yu-iskw]

I would like to use the resources too. Do we have any obstacles to implement them? If we can start the implementation, I would love to contribute.