WB CLI and AoU env variables

Author: pantherman594

src/aou-sas/.devcontainer.json

@@ -5,19 +5,7 @@
   "runServices": ["app", "wondershaper"],
   "shutdownAction": "none",
   "workspaceFolder": "/workspace",
-  "postCreateCommand": [
-    "./startupscript/post-startup.sh",
-    "aou",
-    "/data",
-    "${templateOption:cloud}",
-    "${templateOption:login}"
-  ],
-  "postStartCommand": [
-    "./startupscript/remount-on-restart.sh",
-    "aou",
-    "/data",
-    "${templateOption:cloud}",
-    "${templateOption:login}"
-  ],
+  "postCreateCommand": "./startupscript/post-startup.sh aou /data ${templateOption:cloud} ${templateOption:login} && ./setup-sas-env.sh aou /data",
+  "postStartCommand": "./startupscript/remount-on-restart.sh aou /data ${templateOption:cloud} ${templateOption:login} && ./setup-sas-env.sh aou /data",
   "remoteUser": "root"
 }

src/aou-sas/Dockerfile

@@ -6,16 +6,6 @@ USER root
 # This must be in the Dockerfile because it references a build context (load-envs).
 COPY --from=load-envs /dist/load-env /dist/load-env.sh /opt/sas/aou/
 
-###############################################################################
-# Package-manager compatibility
-# Workbench startup scripts (post-startup.sh, resource-mount.sh) expect
-# apt-get / apt.  These shims delegate to yum on this RHEL-based SAS image.
-###############################################################################
-RUN printf '#!/bin/bash\ncase "$1" in\n  update) exec yum makecache -y ;;\n  install) shift; exec yum install -y --allowerasing "$@" ;;\n  *) exec yum "$@" ;;\nesac\n' > /usr/local/bin/apt-get && \
-    chmod +x /usr/local/bin/apt-get && \
-    cp /usr/local/bin/apt-get /usr/local/bin/apt && \
-    chmod +x /usr/local/bin/apt
-
 ###############################################################################
 # Disable SAS-internal repos (unreachable outside SAS network) and enable
 # public UBI + EPEL repos so packages like jq, fuse, git can be resolved.
@@ -26,22 +16,14 @@ RUN dnf config-manager --set-disabled \
         sas-ubi-9-baseos sas-ubi-9-appstream sas-ubi-9-codeready-builder && \
     dnf config-manager --set-enabled \
         ubi-9-baseos-rpms ubi-9-appstream-rpms ubi-9-codeready-builder-rpms && \
-    rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
-    yum clean all
+    dnf clean all
 
 ###############################################################################
 # System packages required by Workbench startup scripts
 ###############################################################################
-RUN yum install -y --allowerasing curl fuse fuse-libs wget sudo git \
+RUN dnf install -y --allowerasing curl fuse fuse-libs wget sudo git \
         java-17-openjdk-headless && \
-    yum clean all
-
-###############################################################################
-# gcsfuse — GCS bucket mounting
-###############################################################################
-RUN printf '[gcsfuse]\nname=gcsfuse (packages.cloud.google.com)\nbaseurl=https://packages.cloud.google.com/yum/repos/gcsfuse-el7-x86_64\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=0\ngpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg\n       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\n' > /etc/yum.repos.d/gcsfuse.repo && \
-    yum install -y gcsfuse && \
-    yum clean all
+    dnf clean all
 
 ###############################################################################
 # Google Cloud SDK
@@ -66,6 +48,10 @@ RUN groupadd -g 1100 aougroup && \
 ###############################################################################
 RUN echo "-work /data/saswork" >> /opt/sas/viya/config/etc/workspaceserver/default/sasv9_usermods.cfg && \
     echo "-utilloc /data/utilloc" >> /opt/sas/viya/config/etc/workspaceserver/default/sasv9_usermods.cfg && \
+    echo 'if [ -f /data/.aou-env ]; then source /data/.aou-env; fi' >> \
+      /opt/sas/viya/config/etc/workspaceserver/default/workspaceserver_usermods.sh && \
+    echo 'if [ -f /data/.workbench-env ]; then source /data/.workbench-env; fi' >> \
+      /opt/sas/viya/config/etc/workspaceserver/default/workspaceserver_usermods.sh && \
     sed -Ei 's#^USERMODS=(.*)#USERMODS=-allowxcmd \1#g' \
       /opt/sas/viya/config/etc/spawner/default/spawner_usermods.sh
 
@@ -87,6 +73,11 @@ RUN PROXY_CONF=/etc/httpd/conf.d/dkrapro-proxy.conf && \
     sed -i '/AOU-CONFIGURED/a Header unset Content-Security-Policy' "${PROXY_CONF}" && \
     sed -i '/AOU-CONFIGURED/a Header edit Set-Cookie "^(.*SameSite=None.*)\$" "\$1; Secure"' "${PROXY_CONF}"
 
+###############################################################################
+# Create /data directory and chown to AoU user
+###############################################################################
+RUN mkdir -p /data && chown aou:aougroup /data
+
 # Wrapper entrypoint: copies the SAS license from Mikey Secrets (if active)
 # to /sasinside/ before handing off to the SAS entrypoint.
 COPY --from=wb-secret-receiver /dist/wb-secret-receiver /wb-secret-receiver

src/aou-sas/sas-pre-deploy.sh

@@ -23,6 +23,6 @@ chown -R aou:aougroup /data
 if [ -d /opt/sas/aou ]; then
   cp -n /opt/sas/aou/load-env /opt/sas/aou/load-env.sh /data/ 2>/dev/null || true
   chown aou:aougroup /data/load-env /data/load-env.sh 2>/dev/null || true
-  grep -q "load-env.sh" /data/.bashrc 2>/dev/null || \
-    echo "source /data/load-env.sh" >> /data/.bashrc
+  #grep -q "load-env.sh" /data/.bashrc 2>/dev/null || \
+  #  echo "source /data/load-env.sh" >> /data/.bashrc
 fi

src/aou-sas/setup-sas-env.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# setup-sas-env.sh — Populate environment files for SAS Studio sessions.
+#
+# Runs after post-startup.sh (or remount-on-restart.sh) to create env files
+# that the SAS workspace server sources on session start.
+#
+# - /data/.aou-env:       AoU CDR variables (from load-env)
+# - /data/.workbench-env: Workbench variables (extracted from .bashrc)
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+readonly USER_NAME="${1}"
+readonly DATA_DIR="${2}"
+
+if [ -f "${DATA_DIR}/load-env.sh" ]; then
+  sudo -u "${USER_NAME}" bash -c "source '${DATA_DIR}/load-env.sh'" || true
+fi
+
+# Extract export statements from .bashrc to get workbench environment variables
+grep '^export ' "${DATA_DIR}/.bashrc" > "${DATA_DIR}/.workbench-env" || true

startupscript/install-cli.sh

@@ -66,9 +66,11 @@ if ! command -v "${WORKBENCH_INSTALL_PATH}" &> /dev/null; then
 
   ${RUN_AS_LOGIN_USER} "curl -L https://storage.googleapis.com/${CLI_DISTRIBUTION_PATH#gs://}/download-install.sh | WORKBENCH_CLI_VERSION=${CLI_VERSION} bash"
   cp wb "${WORKBENCH_INSTALL_PATH}"
+  chmod 755 "${WORKBENCH_INSTALL_PATH}"
 
   # Copy 'wb' to its legacy 'terra' name.
   cp wb "${WORKBENCH_LEGACY_PATH}"
+  chmod 755 "${WORKBENCH_LEGACY_PATH}"
 fi
 
 # Set browser manual login since that's the only login supported from a Vertex AI Notebook VM