search

aws / amazon-sagemaker-feedback

Amazon SageMaker Public Feedback Dashboard
Creative Commons Attribution Share Alike 4.0 International
4 stars 1 forks source link

Sagemaker Code Editor: install Gnome keyring and automatically unlock the keyring #74

Open michaelneely opened 2 months ago

michaelneely commented 2 months ago

Product Version

Product Category

Other

Description

Request

The built-in GitHub authentication in VSCode -- and applications like the GitHub command line -- pull user credentials from the system keyring. In the case of Linux-based systems, this would be the Gnome keyring.

I would like to request that the Gnome keyring be installed and unlocked in the appropriate location (probably the Sagemaker runtime image?) such that I can install and authenticate with the Github command line in my Code Editor applications' lifecycle config.

Motivation

This would allow me to interact with my GitHub repositories without needing to manually authenticate every time I start my Code Editor application.

This is what I would like to include in my lifecycle config:

# Install GH cli
sudo mkdir -p -m 755 /etc/apt/keyrings \
    && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
    && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
    && sudo apt update > /dev/null \
    && sudo apt install gh -y > /dev/null
# Authenticate
echo $(jq -r '.SecretString' <<< $(aws secretsmanager get-secret-value --secret-id $MY_GITHUB_TOKEN)) | gh auth login --with-token

I'm sure there are other use cases where users would appreciate the keyring present and unlocked (e.g., using the Python keyring module). This would also allow the Github CoPilot VSCode extension to work without requiring a manual sign in, should Microsoft ever publish that extension to the OpenVSX registry.

Why is this request currently impossible to implement?

I am unable to install and unlock the keyring in the lifecycle config because the default keyring is located in the user's home directory, which the lifecycle config script does not have access to.

Thank you.

Other Details

No response

arkaprava08 commented 2 months ago

This can currently be solved by custom images supported in CodeEditor that we launched a month back.

https://docs.aws.amazon.com/sagemaker/latest/dg/code-editor-custom-images.html

Please let us know if that unblocks you, in the meantime we will look into the issue and try to solve it for 1p image of codeeditor

michaelneely commented 2 months ago

Thanks @arkaprava08. I added the following to the entrypoint script and am able to start code editor with the keyring unlocked.

eval $(dbus-launch --auto-syntax)
mkdir -p ~/.cache
mkdir -p ~/.local/share/keyrings
eval "$(printf '\n' | gnome-keyring-daemon --unlock)"
eval "$(printf '\n' | /usr/bin/gnome-keyring-daemon --start)"

The GitHub CLI successfully saves my credentials in the keyring.