Image Choice Restriction in ODH
by Alexander Feiszli
Hi All,
Here is an interesting scenario I am looking to set up.
I have an instance of ODH that I have modified to user Azure AD, rather
than OpenShift. The use case is that the process here for getting an
OpenShift login can be a little time-consuming, and Azure AD is integrated
with their on-prem AD so it's just all-around smoother.
Anyway, users are creating Notebook images that only certain users should
have access to. They would come pre-installed with certain ipynb files that
only particular AD Groups can use. The notebooks in this case function as
applications.
I would like to have a single hub, but different users should have access
to different sets of images, restricted by the AD group they are a part of.
I can think of two ways of handling this:
1. Restrict the list of images the user is able to see when at the
'spawn' page
2. Restrict the startup of the notebook server itself to users of a
particular AD Group
I am guessing there hasn't been much work by the ODH team with Azure
integration since the product is meant to work with OpenShift OAuth, but I
am wondering, has anyone worked on generally restricting access to certain
notebook images on a per-user or per-group basis, using whitelisting or
some other means?
Thanks,
Alex
5 years