Search code examples
google-cloud-platformjupyter-notebookgoogle-cloud-vertex-aigcp-ai-platform-notebook

How can we disable the "Open Jupyterlab" button (proxy) on GCP Vertex AI Workbenches?

On our platform (GCP) we do not use external IPs and our users connect to their notebooks using ssh from their local machine. We want to disable the "Open JupyterLab" button found in the GCP console. From my understanding this service works with the use of the Inverting Proxy Server & Inverting Proxy Agent (see here).

There seems to be an option to pass no_proxy_access as true when creating a workbench (see here), but our users create the workbench themselves.

Is there a configuration we can place at a higher level to disable the proxy on all workbenches and what IAM permissions are needed to access to the proxy?

Solution

  • The "Open JupyterLab" button is enabled when user configure Proxy access and this options shows up in Google Cloud Console when there is a valid "proxy-url" metadata key in Notebook instance (GCE metadata)

    • In User Managed Notebooks anybody accessing Notebook via Proxy URL requires Service Account User role (ActAs permission) over the Service Account attached to the VM.

    • In Google Cloud GCE VM SSH access can be controlled by:

      • OS Login
      • Manual SSH Keys

    https://cloud.google.com/compute/docs/instances/ssh

    OS login is enabled by default for Notebooks and require Service Account User role over the VM.

    https://cloud.google.com/compute/docs/instances/access-overview

    If you want to disable OS login, you need to overwrite values

    • enable-oslogin: False
    • block-project-ssh-keys: False

    In summary:

    1. You need Service Account User to access Proxy URL or SSH. If you remove this role/permission you lose access to both: "Open Jupyter Lab" and SSH.

    2. You can remove Service Account User role to VM and have user use Manual SSH Keys

    3. Yoo can try to use post-startup-script and remove proxy-url metadata value automatically, this will disable Open Jupyter Lab button

    post_startup_script

    https://cloud.google.com/vertex-ai/docs/workbench/reference/rpc/google.cloud.notebooks.v1#google.cloud.notebooks.v1.Instance

    In summary, looks like there is no specific feature to control this option.

    Have you tried blocking by DNS name? *.notebooks.googleusercontent.com domains

    In the future, custom Org Policies may be a good fit, there is a new feature (that we are not integrated yet) for custom Org policies.

    https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services