From fb442d6839206dfaca17d2f03debf007a7645cd5 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Thu, 22 Dec 2022 20:11:57 +0200 Subject: [PATCH 1/4] Porter v1 core changes (#2977) * porter v1 core * cr changes * some fixes * workflow triggers * api version * include porter's config.yaml --- .devcontainer/Dockerfile | 37 +++++-- .devcontainer/devcontainer.json | 4 +- .devcontainer/scripts/porter-v1.sh | 29 +++++ .dockerignore | 12 ++- .github/workflows/build_docker_images.yml | 4 +- .../workflows/build_validation_develop.yml | 4 +- .gitignore | 3 +- Makefile | 52 ++++++--- api_app/models/domain/resource.py | 4 +- .../service_bus/deployment_status_updater.py | 5 +- devops/scripts/porter_local_env.sh | 19 ++++ devops/scripts/setup_local_debugging.sh | 13 +++ resource_processor/_version.py | 2 +- resource_processor/resources/commands.py | 25 +++-- resource_processor/run.sh | 52 ++++++--- resource_processor/scripts/azure-cli.sh | 4 - resource_processor/scripts/porter-v1.sh | 27 +++++ resource_processor/shared/config.py | 26 ++++- resource_processor/vmss_porter/Dockerfile | 40 +++++-- resource_processor/vmss_porter/aad_auth.json | 6 +- .../vmss_porter/aad_auth_local_debugging.json | 6 +- .../vmss_porter/arm_auth_local_debugging.json | 10 +- resource_processor/vmss_porter/config.yaml | 14 +++ resource_processor/vmss_porter/runner.py | 23 +++- templates/core/terraform/cosmos_mongo.tf | 102 ++++++++++++++++++ templates/core/terraform/json-to-env.sh | 9 ++ templates/core/terraform/locals.tf | 3 + templates/core/terraform/outputs.tf | 13 +++ .../vmss_porter/cloud-config.yaml | 10 +- templates/core/terraform/statestore.tf | 2 +- templates/core/version.txt | 2 +- 31 files changed, 462 insertions(+), 100 deletions(-) create mode 100755 .devcontainer/scripts/porter-v1.sh create mode 100755 devops/scripts/porter_local_env.sh create mode 100755 resource_processor/scripts/porter-v1.sh create mode 100644 resource_processor/vmss_porter/config.yaml create mode 100644 templates/core/terraform/cosmos_mongo.tf diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index f0eb0dca07..5c7b9540f4 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -11,9 +11,10 @@ ARG USERNAME=vscode ARG USER_UID=1000 ARG USER_GID=$USER_UID +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + # Set up non-root user COPY .devcontainer/scripts/non-root-user.sh /tmp/ -SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN bash /tmp/non-root-user.sh "${USERNAME}" "${USER_UID}" "${USER_GID}" # Set env for tracking that we're running in a devcontainer @@ -24,7 +25,7 @@ ARG NODE_VERSION="lts/*" RUN su $USERNAME -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1" # Install terraform -ARG TERRAFORM_VERSION="1.3.5" +ARG TERRAFORM_VERSION="1.3.6" COPY .devcontainer/scripts/terraform.sh /tmp/ RUN bash /tmp/terraform.sh "${TERRAFORM_VERSION}" /usr/bin @@ -51,23 +52,39 @@ RUN if [ "${INTERACTIVE}" = "true" ]; then \ # Install Porter # Not using the script from https://cdn.porter.sh/latest/install-linux.sh # as it installs things we don't need and duplicates the binary. +# TODO: Remove Porter v0 ARG PORTER_MIRROR=https://cdn.porter.sh ARG PORTER_VERSION=v0.38.13 ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0-rc.1 ARG PORTER_AZ_MIXIN_VERSION=v0.7.3 ARG PORTER_AZURE_PLUGIN_VERSION=v0.11.2 -ARG PORTER_HOME=/home/$USERNAME/.porter/ +ARG PORTER_HOME_V0=/home/$USERNAME/.porter-v0/ COPY .devcontainer/scripts/porter.sh /tmp/ -RUN export PORTER_MIRROR=${PORTER_MIRROR} \ +RUN if [ "${INTERACTIVE}" = "true" ]; then \ + export PORTER_MIRROR=${PORTER_MIRROR} \ PORTER_VERSION=${PORTER_VERSION} \ PORTER_TERRAFORM_MIXIN_VERSION=${PORTER_TERRAFORM_MIXIN_VERSION} \ PORTER_AZ_MIXIN_VERSION=${PORTER_AZ_MIXIN_VERSION} \ - PORTER_DOCKER_MIXIN_VERSION=${PORTER_DOCKER_MIXIN_VERSION} \ PORTER_AZURE_PLUGIN_VERSION=${PORTER_AZURE_PLUGIN_VERSION} \ - PORTER_HOME=${PORTER_HOME} \ - && /tmp/porter.sh + PORTER_HOME=${PORTER_HOME_V0} \ + && /tmp/porter.sh ; fi + +# can't be in a non default path +# ARG PORTER_HOME_V1=/home/$USERNAME/.porter-v1/ +ARG PORTER_HOME_V1=/home/$USERNAME/.porter/ +ARG PORTER_VERSION=v1.0.4 +ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0 +ARG PORTER_AZ_MIXIN_VERSION=v1.0.0 +ARG PORTER_AZURE_PLUGIN_VERSION=v1.0.1 +COPY .devcontainer/scripts/porter-v1.sh /tmp/ +RUN export PORTER_VERSION=${PORTER_VERSION} \ + PORTER_TERRAFORM_MIXIN_VERSION=${PORTER_TERRAFORM_MIXIN_VERSION} \ + PORTER_AZ_MIXIN_VERSION=${PORTER_AZ_MIXIN_VERSION} \ + PORTER_AZURE_PLUGIN_VERSION=${PORTER_AZURE_PLUGIN_VERSION} \ + PORTER_HOME=${PORTER_HOME_V1} \ + && /tmp/porter-v1.sh -ENV PATH ${PORTER_HOME}:$PATH +ENV PATH ${PORTER_HOME_V1}:$PATH # Install requirements COPY ["requirements.txt", "/tmp/pip-tmp/" ] @@ -76,7 +93,7 @@ COPY ["resource_processor/vmss_porter/requirements.txt", "/tmp/pip-tmp/resource_ COPY ["docs/requirements.txt", "/tmp/pip-tmp/docs/"] COPY ["e2e_tests/requirements.txt", "/tmp/pip-tmp/e2e_tests/"] COPY ["airlock_processor/requirements.txt", "/tmp/pip-tmp/airlock_processor/"] -RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt && rm -rf /tmp/pip-tmp +RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt # Install azure-cli ARG AZURE_CLI_VERSION=2.37.0-1~bullseye @@ -84,7 +101,7 @@ COPY .devcontainer/scripts/azure-cli.sh /tmp/ RUN export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \ && /tmp/azure-cli.sh -ARG YQ_VERSION="v4.27.2" +ARG YQ_VERSION="v4.30.6" RUN curl -L --fail -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" \ && chmod +x /usr/local/bin/yq diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 7d188d76fd..b058b5586b 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -21,7 +21,9 @@ // Mounts the login details from the host machine to azcli works in the container "type=bind,source=${env:HOME}${env:USERPROFILE}/.azure,target=/home/vscode/.azure", // Mount docker socket for docker builds - "type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock" + "type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock", + // Mounts the github cli login details from the host machine to the container (~/.config/gh/hosts.yml) + "type=bind,source=${env:HOME}${env:USERPROFILE}/.config,target=/home/vscode/.config", ], "remoteUser": "vscode", "containerEnv": { diff --git a/.devcontainer/scripts/porter-v1.sh b/.devcontainer/scripts/porter-v1.sh new file mode 100755 index 0000000000..88e0c7ceca --- /dev/null +++ b/.devcontainer/scripts/porter-v1.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace + +export PORTER_HOME=${PORTER_HOME:-~/.porter} +export PORTER_MIRROR=${PORTER_MIRROR:-https://cdn.porter.sh} +PORTER_VERSION=${PORTER_VERSION:-latest} + +echo "Installing porter@$PORTER_VERSION to $PORTER_HOME from $PORTER_MIRROR" + +mkdir -p "$PORTER_HOME/runtimes" + +curl -fsSLo "$PORTER_HOME/porter" "$PORTER_MIRROR/$PORTER_VERSION/porter-linux-amd64" +chmod +x "$PORTER_HOME/porter" +ln -s "$PORTER_HOME/porter" "$PORTER_HOME/runtimes/porter-runtime" +echo "Installed $("${PORTER_HOME}"/porter version)" + +"${PORTER_HOME}/porter" mixin install exec --version "$PORTER_VERSION" +"${PORTER_HOME}/porter" mixin install terraform --version "$PORTER_TERRAFORM_MIXIN_VERSION" +"${PORTER_HOME}/porter" mixin install az --version "$PORTER_AZ_MIXIN_VERSION" + +"${PORTER_HOME}/porter" plugin install azure --version "$PORTER_AZURE_PLUGIN_VERSION" + +chown -R "${USERNAME}" "${PORTER_HOME}" + +echo "Installation complete." diff --git a/.dockerignore b/.dockerignore index 13fc736226..471ffa6e82 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,5 @@ # See https://docs.docker.com/engine/reference/builder/#dockerignore-file -# Put files here that you don't want copied into your bundle's invocation image +# Put files here that you need in the devcontainer's context .gitignore Dockerfile.tmpl @@ -18,8 +18,16 @@ cli/build cli/dist *.egg-info/ -.terraform +**/.terraform tfplan* *.log templates/workspace_services/guacamole/guacamole-server/guacamole-auth-azure/target + +**/node_modules +**/.cnab + +ui/app/build +site + +.git diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index 597f261417..6970c16878 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -3,7 +3,9 @@ name: Docker build on: # yamllint disable-line rule:truthy pull_request: - branches: [main] + branches: + - main + - 'feature/**' workflow_dispatch: # for each ref (branch/pr) run just the most recent, cancel diff --git a/.github/workflows/build_validation_develop.yml b/.github/workflows/build_validation_develop.yml index a97db01c8f..6fe3f8f1fa 100644 --- a/.github/workflows/build_validation_develop.yml +++ b/.github/workflows/build_validation_develop.yml @@ -3,7 +3,9 @@ name: Build Validation on: # yamllint disable-line rule:truthy pull_request: - branches: [main] + branches: + - main + - 'feature/**' # for each ref (branch/pr) run just the most recent, # cancel other pending/running ones diff --git a/.gitignore b/.gitignore index 649cd0c82f..13c564b900 100644 --- a/.gitignore +++ b/.gitignore @@ -115,8 +115,9 @@ templates/core/tre.env devops/auth.env private.env -# Config +# TRE Config config.yaml +!resource_processor/vmss_porter/config.yaml # Spyder project settings .spyderproject diff --git a/Makefile b/Makefile index 22d8d969a9..2b48a3c474 100644 --- a/Makefile +++ b/Makefile @@ -184,16 +184,22 @@ bundle-build: && if [ -d terraform ]; then terraform -chdir=terraform init -backend=false; terraform -chdir=terraform validate; fi \ && FULL_IMAGE_NAME_PREFIX=${FULL_IMAGE_NAME_PREFIX} IMAGE_NAME_PREFIX=${IMAGE_NAME_PREFIX} \ ${MAKEFILE_DIR}/devops/scripts/bundle_runtime_image_build.sh \ - && porter build --debug + && porter build $(MAKE) bundle-check-params bundle-install: bundle-check-params $(call target_title, "Deploying ${DIR} with Porter") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh porter,env \ && . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \ - && cd ${DIR} && porter install -p ./parameters.json \ - --cred ${MAKEFILE_DIR}/resource_processor/vmss_porter/arm_auth_local_debugging.json \ - --cred ${MAKEFILE_DIR}/resource_processor/vmss_porter/aad_auth_local_debugging.json \ + && cd ${DIR} \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh .env \ + && porter parameters apply parameters.json \ + && porter credentials apply ${MAKEFILE_DIR}/resource_processor/vmss_porter/aad_auth_local_debugging.json \ + && porter credentials apply ${MAKEFILE_DIR}/resource_processor/vmss_porter/arm_auth_local_debugging.json \ + && . ${MAKEFILE_DIR}/devops/scripts/porter_local_env.sh \ + && porter install --parameter-set $$(yq ".name" porter.yaml) \ + --credential-set arm_auth \ + --credential-set aad_auth \ --allow-docker-host-access --debug # Validates that the parameters file is synced with the bundle. @@ -213,18 +219,30 @@ bundle-check-params: bundle-uninstall: $(call target_title, "Uninstalling ${DIR} with Porter") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh porter,env \ - && cd ${DIR} && porter uninstall -p ./parameters.json \ - --cred ${MAKEFILE_DIR}/resource_processor/vmss_porter/arm_auth_local_debugging.json \ - --cred ${MAKEFILE_DIR}/resource_processor/vmss_porter/aad_auth_local_debugging.json \ + && . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \ + && cd ${DIR} \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh .env \ + && porter parameters apply parameters.json \ + && porter credentials apply ${MAKEFILE_DIR}/resource_processor/vmss_porter/aad_auth_local_debugging.json \ + && porter credentials apply ${MAKEFILE_DIR}/resource_processor/vmss_porter/arm_auth_local_debugging.json \ + && porter uninstall --parameter-set $$(yq ".name" porter.yaml) \ + --credential-set arm_auth \ + --credential-set aad_auth \ --allow-docker-host-access --debug bundle-custom-action: $(call target_title, "Performing:${ACTION} ${DIR} with Porter") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh porter,env \ - && cd ${DIR} && porter invoke --action ${ACTION} -p ./parameters.json \ - --cred ${MAKEFILE_DIR}/resource_processor/vmss_porter/arm_auth_local_debugging.json \ - --cred ${MAKEFILE_DIR}/resource_processor/vmss_porter/aad_auth_local_debugging.json \ - --allow-docker-host-access --debug + && . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \ + && cd ${DIR} + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh .env \ + && porter parameters apply parameters.json \ + && porter credentials apply ${MAKEFILE_DIR}/resource_processor/vmss_porter/aad_auth_local_debugging.json \ + && porter credentials apply ${MAKEFILE_DIR}/resource_processor/vmss_porter/arm_auth_local_debugging.json \ + && porter invoke --action ${ACTION} --parameter-set $$(yq ".name" porter.yaml) \ + --credential-set arm_auth \ + --credential-set aad_auth \ + --allow-docker-host-access --debug bundle-publish: $(call target_title, "Publishing ${DIR} bundle with Porter") \ @@ -234,7 +252,7 @@ bundle-publish: && cd ${DIR} \ && FULL_IMAGE_NAME_PREFIX=${FULL_IMAGE_NAME_PREFIX} \ ${MAKEFILE_DIR}/devops/scripts/bundle_runtime_image_push.sh \ - && porter publish --registry "$${ACR_NAME}.azurecr.io" --debug + && porter publish --registry "$${ACR_NAME}.azurecr.io" --force bundle-register: @# NOTE: ACR_NAME below comes from the env files, so needs the double '$$'. Others are set on command execution and don't @@ -290,11 +308,11 @@ build-and-deploy-ui: && if [ "$${DEPLOY_UI}" != "false" ]; then ${MAKEFILE_DIR}/devops/scripts/build_deploy_ui.sh; else echo "UI Deploy skipped as DEPLOY_UI is false"; fi \ prepare-for-e2e: - $(MAKE) workspace_bundle BUNDLE=base \ - && $(MAKE) workspace_service_bundle BUNDLE=guacamole \ - && $(MAKE) shared_service_bundle BUNDLE=gitea \ - && $(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-windowsvm \ - && $(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-linuxvm + $(MAKE) workspace_bundle BUNDLE=base + $(MAKE) workspace_service_bundle BUNDLE=guacamole + $(MAKE) shared_service_bundle BUNDLE=gitea + $(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-windowsvm + $(MAKE) user_resource_bundle WORKSPACE_SERVICE=guacamole BUNDLE=guacamole-azure-linuxvm test-e2e-smoke: $(call target_title, "Running E2E smoke tests") && \ diff --git a/api_app/models/domain/resource.py b/api_app/models/domain/resource.py index edf475f2cd..a180004f63 100644 --- a/api_app/models/domain/resource.py +++ b/api_app/models/domain/resource.py @@ -75,5 +75,5 @@ def parse_etag_to_remove_escaped_quotes(cls, value): class Output(AzureTREModel): - Name: str = Field(title="", description="") - Value: Union[list, dict, str] = Field(None, title="", description="") + Name: str = Field(title="", description="", alias="name") + Value: Union[list, dict, str] = Field(None, title="", description="", alias="value") diff --git a/api_app/service_bus/deployment_status_updater.py b/api_app/service_bus/deployment_status_updater.py index c2ddfffd7a..d236280719 100644 --- a/api_app/service_bus/deployment_status_updater.py +++ b/api_app/service_bus/deployment_status_updater.py @@ -81,10 +81,11 @@ async def process_message(self, msg): complete_message = await self.update_status_in_database(message) logging.info(f"Update status in DB for {message.operationId} - {message.status}") except (json.JSONDecodeError, ValidationError) as e: + # TODO: consider changing to false so the message will end up in dead letter queue/status complete_message = True logging.error(f"{strings.DEPLOYMENT_STATUS_MESSAGE_FORMAT_INCORRECT}: {msg.correlation_id} - {e}") - except Exception as e: - logging.info(f"Exception for: {msg.correlation_id} - {e}") + except Exception: + logging.exception(f"Exception processing message: {msg.correlation_id}") return complete_message diff --git a/devops/scripts/porter_local_env.sh b/devops/scripts/porter_local_env.sh new file mode 100755 index 0000000000..885db0e2bf --- /dev/null +++ b/devops/scripts/porter_local_env.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# This script adds missing env vars that are needed to run porter commands locally. +# If a bundle defines a parameter that isn't in the environment it will be added. +# When/if this issue will be address, we could remove the script: +# https://github.com/getporter/porter/issues/2474 + +set -o errexit +set -o pipefail +# set -o xtrace + +while read -r env_var_name; do + if [[ -z "${!env_var_name}" ]]; then + echo "${env_var_name} doesn't exist." + # shellcheck disable=SC2086 + declare -g $env_var_name= + export "${env_var_name?}" + fi +done < <(jq -r '.parameters[].source.env' parameters.json) diff --git a/devops/scripts/setup_local_debugging.sh b/devops/scripts/setup_local_debugging.sh index 64bbe32bf4..20936341ff 100755 --- a/devops/scripts/setup_local_debugging.sh +++ b/devops/scripts/setup_local_debugging.sh @@ -5,7 +5,9 @@ set -e : "${RESOURCE_GROUP_NAME?"Check RESOURCE_GROUP_NAME is defined in ./templates/core/private.env"}" : "${SERVICE_BUS_RESOURCE_ID?"Check SERVICE_BUS_RESOURCE_ID is defined in ./templates/core/private.env"}" : "${STATE_STORE_RESOURCE_ID?"Check STATE_STORE_RESOURCE_ID is defined in ./templates/core/private.env"}" +: "${COSMOSDB_MONGO_RESOURCE_ID?"Check COSMOSDB_MONGO_RESOURCE_ID is defined in ./templates/core/private.env"}" : "${COSMOSDB_ACCOUNT_NAME?"Check COSMOSDB_ACCOUNT_NAME is defined in ./templates/core/private.env"}" +: "${COSMOSDB_MONGO_ACCOUNT_NAME?"Check COSMOSDB_MONGO_ACCOUNT_NAME is defined in ./templates/core/private.env"}" : "${AZURE_SUBSCRIPTION_ID?"Check AZURE_SUBSCRIPTION_ID is defined in ./templates/core/private.env"}" : "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID?"Check EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID is defined in ./templates/core/private.env"}" : "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ./templates/core/private.env"}" @@ -28,6 +30,12 @@ az cosmosdb update \ --resource-group "${RESOURCE_GROUP_NAME}" \ --ip-range-filter "${IPADDR}" +echo "Adding local IP Address to ${COSMOSDB_MONGO_ACCOUNT_NAME}. This may take a while . . . " +az cosmosdb update \ + --name "${COSMOSDB_MONGO_ACCOUNT_NAME}" \ + --resource-group "${RESOURCE_GROUP_NAME}" \ + --ip-range-filter "${IPADDR}" + echo "Adding local IP Address to ${SERVICE_BUS_NAMESPACE}." az servicebus namespace network-rule add \ --resource-group "${RESOURCE_GROUP_NAME}" \ @@ -66,6 +74,11 @@ az role assignment create \ --assignee "${LOGGED_IN_OBJECT_ID}" \ --scope "${STATE_STORE_RESOURCE_ID}" +az role assignment create \ + --role "Contributor" \ + --assignee "${LOGGED_IN_OBJECT_ID}" \ + --scope "${COSMOSDB_MONGO_RESOURCE_ID}" + az role assignment create \ --role "EventGrid Data Sender" \ --assignee "${LOGGED_IN_OBJECT_ID}" \ diff --git a/resource_processor/_version.py b/resource_processor/_version.py index f658d0a64e..3d187266f1 100644 --- a/resource_processor/_version.py +++ b/resource_processor/_version.py @@ -1 +1 @@ -__version__ = "0.4.14" +__version__ = "0.5.0" diff --git a/resource_processor/resources/commands.py b/resource_processor/resources/commands.py index 97ab232342..dfcf27b899 100644 --- a/resource_processor/resources/commands.py +++ b/resource_processor/resources/commands.py @@ -8,13 +8,13 @@ def azure_login_command(config): - # Use a Service Principal when running locally - local_login = f"az login --service-principal --username {config['arm_client_id']} --password {config['arm_client_secret']} --tenant {config['arm_tenant_id']}" - - # Use the Managed Identity when in VMSS context - vmss_login = f"az login --identity -u {config['vmss_msi_id']}" + if config["vmss_msi_id"]: + # Use the Managed Identity when in VMSS context + command = f"az login --identity -u {config['vmss_msi_id']}" + else: + # Use a Service Principal when running locally + command = f"az login --service-principal --username {config['arm_client_id']} --password {config['arm_client_secret']} --tenant {config['arm_tenant_id']}" - command = vmss_login if config["vmss_msi_id"] else local_login return command @@ -63,22 +63,21 @@ async def build_porter_command(config, logger, msg_body, custom_action=False): installation_id = get_installation_id(msg_body) - command_line = [f"{azure_login_command(config)} && {azure_acr_login_command(config)} && porter " + command_line = [f"{azure_login_command(config)} && {azure_acr_login_command(config)} && porter" # If a custom action (i.e. not install, uninstall, upgrade) we need to use 'invoke' - f"{'invoke --action ' if custom_action else ''}" - f"{msg_body['action']} \"{installation_id}\" " + f"{' invoke --action' if custom_action else ''}" + f" {msg_body['action']} \"{installation_id}\"" f" --reference {config['registry_server']}/{msg_body['name']}:v{msg_body['version']}" f" {porter_parameters} --allow-docker-host-access --force" - f" --cred ./vmss_porter/arm_auth_local_debugging.json" - f" --cred ./vmss_porter/aad_auth.json" + f" --credential-set arm_auth" + f" --credential-set aad_auth" ] return command_line async def build_porter_command_for_outputs(msg_body): installation_id = get_installation_id(msg_body) - # we only need "real" outputs and use jq to remove the logs which are big - command_line = [f"porter installations output list --installation {installation_id} --output json | jq -c 'del (.[] | select(.Name==\"io.cnab.outputs.invocationImageLogs\"))'"] + command_line = [f"porter installations output list --installation {installation_id} --output json"] return command_line diff --git a/resource_processor/run.sh b/resource_processor/run.sh index a32efc1489..6072228e4f 100755 --- a/resource_processor/run.sh +++ b/resource_processor/run.sh @@ -1,20 +1,16 @@ #!/bin/bash -# Generate required configuration for Porter Azure plugin -if [[ -z "${MGMT_RESOURCE_GROUP_NAME}" ]]; then - >&2 echo "Environment variable for TRE management resource group name missing" -fi - -if [[ -z "${MGMT_STORAGE_ACCOUNT_NAME}" ]]; then - >&2 echo "Environment variable for TRE management storage account name missing" -fi +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace -if [[ -z "${KEY_VAULT_NAME}" ]]; then - >&2 echo "Environment variable for Key Vault name missing" -fi +# Generate required configuration for Porter Azure plugin +# TODO: remove with removal of porter v0 # Documentation here: - https://github.com/vdice/porter-bundles/tree/master/azure-keyvault -cat > /root/.porter/config.toml << EOF +cat > /"${PORTER_HOME_V0}"/config.toml << EOF default-storage = "azurestorage" default-secrets = "aad_auth" no-logs = true @@ -35,5 +31,37 @@ plugin = "azure.keyvault" vault = "${KEY_VAULT_NAME}" EOF +# TODO: remove with removal of porter v0 +echo "Azure cli login..." +az login --identity -u "${VMSS_MSI_ID}" + +echo "Checking if porter v0 state exists..." +exits=$(az storage table exists --account-name "${MGMT_STORAGE_ACCOUNT_NAME}" --name "porter" --auth-mode "login" --output tsv) +if [ "${exits}" = "True" ]; then + echo "v0 state exists. Checking if migration was completed once before..." + migration_complete_container_name="porter-migration-completed" + exits=$(az storage container exists --account-name "${MGMT_STORAGE_ACCOUNT_NAME}" --name "${migration_complete_container_name}" --auth-mode "login" --output tsv) + if [ "${exits}" = "False" ]; then + echo "${migration_complete_container_name} container doesn't exist. Running porter migration..." + porter storage migrate --old-home "${PORTER_HOME_V0}" --old-account "azurestorage" + echo "Porter migration complete. Creating ${migration_complete_container_name} container to prevert migrating again in the future..." + az storage container create --account-name "${MGMT_STORAGE_ACCOUNT_NAME}" --name "${migration_complete_container_name}" --auth-mode "login" --fail-on-exist + echo "Migration is done." + else + echo "${migration_complete_container_name} container is present. Skipping porter migration." + fi +else + echo "Porter v0 state doesn't exist." +fi + +echo "Azure cli logout..." +az logout + +# Can't be in the image since DB connection is needed. +echo "Applying credential sets..." +porter credentials apply vmss_porter/arm_auth_local_debugging.json +porter credentials apply vmss_porter/aad_auth.json + # Launch the runner +echo "Starting resource processor..." python -u vmss_porter/runner.py diff --git a/resource_processor/scripts/azure-cli.sh b/resource_processor/scripts/azure-cli.sh index 2def69d434..5d988f7448 100755 --- a/resource_processor/scripts/azure-cli.sh +++ b/resource_processor/scripts/azure-cli.sh @@ -14,7 +14,3 @@ AZ_REPO="$(lsb_release -cs)" echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list apt-get update apt-get -y install azure-cli="${AZURE_CLI_VERSION}" - -# apt cleanup -apt-get clean -y -rm -rf /var/lib/apt/lists/* diff --git a/resource_processor/scripts/porter-v1.sh b/resource_processor/scripts/porter-v1.sh new file mode 100755 index 0000000000..471f22d5c0 --- /dev/null +++ b/resource_processor/scripts/porter-v1.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace + +export PORTER_HOME=${PORTER_HOME:-~/.porter} +export PORTER_MIRROR=${PORTER_MIRROR:-https://cdn.porter.sh} +PORTER_VERSION=${PORTER_VERSION:-latest} + +echo "Installing porter@$PORTER_VERSION to $PORTER_HOME from $PORTER_MIRROR" + +mkdir -p "$PORTER_HOME/runtimes" + +curl -fsSLo "$PORTER_HOME/porter" "$PORTER_MIRROR/$PORTER_VERSION/porter-linux-amd64" +chmod +x "$PORTER_HOME/porter" +ln -s "$PORTER_HOME/porter" "$PORTER_HOME/runtimes/porter-runtime" +echo "Installed $("${PORTER_HOME}"/porter version)" + +"${PORTER_HOME}/porter" mixin install exec --version "$PORTER_VERSION" +"${PORTER_HOME}/porter" mixin install terraform --version "$PORTER_TERRAFORM_MIXIN_VERSION" +"${PORTER_HOME}/porter" mixin install az --version "$PORTER_AZ_MIXIN_VERSION" + +"${PORTER_HOME}/porter" plugin install azure --version "$PORTER_AZURE_PLUGIN_VERSION" + +echo "Installation complete." diff --git a/resource_processor/shared/config.py b/resource_processor/shared/config.py index 066d54e1df..1a2b9bdd75 100644 --- a/resource_processor/shared/config.py +++ b/resource_processor/shared/config.py @@ -17,6 +17,7 @@ def get_config(logger_adapter) -> dict: config["service_bus_namespace"] = os.environ["SERVICE_BUS_FULLY_QUALIFIED_NAMESPACE"] config["vmss_msi_id"] = os.environ.get("VMSS_MSI_ID", None) config["number_processes"] = os.environ.get("NUMBER_PROCESSES", "1") + config["key_vault_name"] = os.environ.get("KEY_VAULT_NAME", os.environ.get("KEYVAULT", None)) try: config["number_processes_int"] = int(config["number_processes"]) @@ -30,19 +31,38 @@ def get_config(logger_adapter) -> dict: config["arm_client_id"] = os.environ["ARM_CLIENT_ID"] config["arm_tenant_id"] = os.environ["AZURE_TENANT_ID"] - # Only set client secret if MSI is disabled - config["arm_client_secret"] = os.environ["ARM_CLIENT_SECRET"] if config["arm_use_msi"] == "false" else "" + if config["arm_use_msi"] == "false": + # These are needed when running locally + config["arm_client_secret"] = os.environ["ARM_CLIENT_SECRET"] + config["aad_tenant_id"] = os.environ["AAD_TENANT_ID"] + config["application_admin_client_id"] = os.environ["APPLICATION_ADMIN_CLIENT_ID"] + config["application_admin_client_secret"] = os.environ["APPLICATION_ADMIN_CLIENT_SECRET"] + + else: + config["arm_client_secret"] = "" # referenced in the credential set # Create env dict for porter config["porter_env"] = { "HOME": os.environ["HOME"], "PATH": os.environ["PATH"], + "KEY_VAULT_NAME": config["key_vault_name"], + + # These are needed since they are referenced as credentials in every bundle and also in arm_auth credential set. "ARM_CLIENT_ID": config["arm_client_id"], "ARM_CLIENT_SECRET": config["arm_client_secret"], "ARM_SUBSCRIPTION_ID": config["arm_subscription_id"], - "ARM_TENANT_ID": config["arm_tenant_id"] + "ARM_TENANT_ID": config["arm_tenant_id"], } + if config["arm_use_msi"] == "false": + config["porter_env"].update( + { + "AAD_TENANT_ID": config["aad_tenant_id"], + "APPLICATION_ADMIN_CLIENT_ID": config["application_admin_client_id"], + "APPLICATION_ADMIN_CLIENT_SECRET": config["application_admin_client_secret"], + } + ) + # Load env vars for bundles def envvar_to_key(name: str) -> str: return name[len("RP_BUNDLE_"):].lower() diff --git a/resource_processor/vmss_porter/Dockerfile b/resource_processor/vmss_porter/Dockerfile index 02839f3ca5..3a28885028 100644 --- a/resource_processor/vmss_porter/Dockerfile +++ b/resource_processor/vmss_porter/Dockerfile @@ -1,42 +1,62 @@ +# syntax=docker/dockerfile:1 FROM python:3.8-slim-bullseye SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache + # Install Azure CLI -ARG AZURE_CLI_VERSION=2.40.0-1~bullseye +ARG AZURE_CLI_VERSION=2.43.0-1~bullseye COPY scripts/azure-cli.sh /tmp/ -RUN export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \ +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \ && /tmp/azure-cli.sh +# TODO: remove v0 # Install Porter ARG PORTER_MIRROR=https://cdn.porter.sh ARG PORTER_VERSION=v0.38.13 ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0-rc.1 ARG PORTER_AZ_MIXIN_VERSION=v0.7.3 ARG PORTER_AZURE_PLUGIN_VERSION=v0.11.2 -ARG PORTER_HOME=/root/.porter/ +ARG PORTER_HOME=/root/.porter-v0/ COPY scripts/porter.sh /tmp/ RUN export PORTER_MIRROR=${PORTER_MIRROR} \ PORTER_VERSION=${PORTER_VERSION} \ PORTER_TERRAFORM_MIXIN_VERSION=${PORTER_TERRAFORM_MIXIN_VERSION} \ PORTER_AZ_MIXIN_VERSION=${PORTER_AZ_MIXIN_VERSION} \ - PORTER_DOCKER_MIXIN_VERSION=${PORTER_DOCKER_MIXIN_VERSION} \ PORTER_AZURE_PLUGIN_VERSION=${PORTER_AZURE_PLUGIN_VERSION} \ PORTER_HOME=${PORTER_HOME} \ && /tmp/porter.sh -ENV PATH ${PORTER_HOME}:$PATH +ENV PORTER_HOME_V0 ${PORTER_HOME} + +# can't be in a non default path +# ARG PORTER_HOME_V1=/home/$USERNAME/.porter-v1/ +ARG PORTER_HOME_V1=/root/.porter/ +ARG PORTER_VERSION=v1.0.4 +ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0 +ARG PORTER_AZ_MIXIN_VERSION=v1.0.0 +ARG PORTER_AZURE_PLUGIN_VERSION=v1.0.1 +COPY scripts/porter-v1.sh /tmp/ +RUN export PORTER_VERSION=${PORTER_VERSION} \ + PORTER_TERRAFORM_MIXIN_VERSION=${PORTER_TERRAFORM_MIXIN_VERSION} \ + PORTER_AZ_MIXIN_VERSION=${PORTER_AZ_MIXIN_VERSION} \ + PORTER_AZURE_PLUGIN_VERSION=${PORTER_AZURE_PLUGIN_VERSION} \ + PORTER_HOME=${PORTER_HOME_V1} \ + && /tmp/porter-v1.sh + +ENV PATH ${PORTER_HOME_V1}:$PATH # Install Docker -RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release --no-install-recommends \ +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release --no-install-recommends \ && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" \ | tee /etc/apt/sources.list.d/docker.list > /dev/null \ - && apt-get update && apt-get install -y docker-ce="5:20.10.21~3-0~debian-bullseye" docker-ce-cli="5:20.10.21~3-0~debian-bullseye" containerd.io="1.6.12-1" --no-install-recommends \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* + && apt-get update && apt-get install -y docker-ce="5:20.10.21~3-0~debian-bullseye" docker-ce-cli="5:20.10.21~3-0~debian-bullseye" containerd.io="1.6.12-1" --no-install-recommends -# Install jq -RUN apt-get update && apt-get install -y jq="1.6-2.1" --no-install-recommends && apt-get clean -y && rm -rf /var/lib/apt/lists/* +COPY ./vmss_porter/config.yaml ${PORTER_HOME_V1}/ ENV PYTHONPATH . diff --git a/resource_processor/vmss_porter/aad_auth.json b/resource_processor/vmss_porter/aad_auth.json index 0d694c1627..ec9defe58c 100644 --- a/resource_processor/vmss_porter/aad_auth.json +++ b/resource_processor/vmss_porter/aad_auth.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+b6c701f", + "schemaType": "CredentialSet", + "schemaVersion": "1.0.1", + "namespace": "", "name": "aad_auth", - "created": "2022-03-29T20:35:53.517982Z", - "modified": "2022-03-29T20:35:53.517982Z", "credentials": [ { "name": "auth_tenant_id", diff --git a/resource_processor/vmss_porter/aad_auth_local_debugging.json b/resource_processor/vmss_porter/aad_auth_local_debugging.json index 48bec7a4f3..d072391e47 100644 --- a/resource_processor/vmss_porter/aad_auth_local_debugging.json +++ b/resource_processor/vmss_porter/aad_auth_local_debugging.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+b6c701f", + "schemaType": "CredentialSet", + "schemaVersion": "1.0.1", + "namespace": "", "name": "aad_auth", - "created": "2022-03-29T20:35:53.517982Z", - "modified": "2022-03-29T20:35:53.517982Z", "credentials": [ { "name": "auth_tenant_id", diff --git a/resource_processor/vmss_porter/arm_auth_local_debugging.json b/resource_processor/vmss_porter/arm_auth_local_debugging.json index 1f2298a92e..8642c5caff 100755 --- a/resource_processor/vmss_porter/arm_auth_local_debugging.json +++ b/resource_processor/vmss_porter/arm_auth_local_debugging.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+b6c701f", - "name": "azure", - "created": "2021-06-03T11:31:05.7314113Z", - "modified": "2021-06-03T11:31:05.7314113Z", + "schemaType": "CredentialSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "arm_auth", "credentials": [ { "name": "azure_client_id", @@ -29,4 +29,4 @@ } } ] -} \ No newline at end of file +} diff --git a/resource_processor/vmss_porter/config.yaml b/resource_processor/vmss_porter/config.yaml new file mode 100644 index 0000000000..b0c7d068e2 --- /dev/null +++ b/resource_processor/vmss_porter/config.yaml @@ -0,0 +1,14 @@ +default-storage: mydb +default-secrets: mysecrets + +storage: + - name: mydb + plugin: mongodb + config: + url: ${secret.porter-db-connection-string} + +secrets: + - name: mysecrets + plugin: azure.keyvault + config: + vault: ${env.KEY_VAULT_NAME} diff --git a/resource_processor/vmss_porter/runner.py b/resource_processor/vmss_porter/runner.py index 2fb46357c2..c01d2966df 100644 --- a/resource_processor/vmss_porter/runner.py +++ b/resource_processor/vmss_porter/runner.py @@ -142,6 +142,7 @@ def service_bus_message_generator(sb_message: dict, status: str, deployment_mess message_dict["outputs"] = outputs resource_request_message = json.dumps(message_dict) + logger_adapter.info(f"Deployment Status Message: {resource_request_message}") return resource_request_message @@ -168,13 +169,25 @@ async def invoke_porter_action(msg_body: dict, sb_client: ServiceBusClient, mess # Handle command output if returncode != 0: - error_message = "Error context message = " + " ".join(err.split('\n')) + " ; Command executed: ".join(porter_command) - resource_request_message = service_bus_message_generator(msg_body, statuses.failed_status_string_for[action], error_message) + error_message = "Error message: " + " ".join(err.split('\n')) + "; Command executed: " + " ".join(porter_command) + + pass_despite_error = False + if "uninstall" == action and "could not find installation" in err: + message_logger_adapter.warning("The installation doesn't exist. Treating as a successful action to allow the flow to proceed.") + pass_despite_error = True + error_message = f"A success despite of underlying error. {error_message}" + + if pass_despite_error: + status_for_sb_message = statuses.pass_status_string_for[action] + else: + status_for_sb_message = statuses.failed_status_string_for[action] + + resource_request_message = service_bus_message_generator(msg_body, status_for_sb_message, error_message) # Post message on sb queue to notify receivers of action failure await sb_sender.send_messages(ServiceBusMessage(body=resource_request_message, correlation_id=msg_body["id"], session_id=msg_body["operationId"])) message_logger_adapter.info(f"{installation_id}: Porter action failed with error = {error_message}") - return False + return pass_despite_error else: # Get the outputs @@ -209,8 +222,8 @@ async def get_porter_outputs(msg_body: dict, message_logger_adapter: logging.Log # loop props individually to try to deserialise to dict/list, as all TF outputs are strings, but we want the pure value for i in range(0, len(outputs_json)): - if "{" in outputs_json[i]['Value'] or "[" in outputs_json[i]['Value']: - outputs_json[i]['Value'] = json.loads(outputs_json[i]['Value'].replace("\\", "")) + if "{" in outputs_json[i]['value'] or "[" in outputs_json[i]['value']: + outputs_json[i]['value'] = json.loads(outputs_json[i]['value'].replace("\\", "")) message_logger_adapter.info(f"Got outputs as json: {outputs_json}") except ValueError: diff --git a/templates/core/terraform/cosmos_mongo.tf b/templates/core/terraform/cosmos_mongo.tf new file mode 100644 index 0000000000..872d852c29 --- /dev/null +++ b/templates/core/terraform/cosmos_mongo.tf @@ -0,0 +1,102 @@ +resource "azurerm_cosmosdb_account" "mongo" { + name = "cosmos-mongo-${var.tre_id}" + location = azurerm_resource_group.core.location + resource_group_name = azurerm_resource_group.core.name + offer_type = "Standard" + kind = "MongoDB" + enable_automatic_failover = false + mongo_server_version = 4.2 + ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" + + capabilities { + name = "EnableServerless" + } + + capabilities { + name = "EnableMongo" + } + + capabilities { + name = "DisableRateLimitingResponses" + } + + capabilities { + name = "mongoEnableDocLevelTTL" + } + + consistency_policy { + consistency_level = "BoundedStaleness" + max_interval_in_seconds = 5 + max_staleness_prefix = 100 + } + + geo_location { + location = var.location + failover_priority = 0 + } + + tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_cosmosdb_mongo_database" "mongo" { + name = "porter" + resource_group_name = azurerm_resource_group.core.name + account_name = azurerm_cosmosdb_account.mongo.name +} + +resource "azurerm_management_lock" "mongo" { + count = var.stateful_resources_locked ? 1 : 0 + name = "mongo-lock" + scope = azurerm_cosmosdb_mongo_database.mongo.id + lock_level = "CanNotDelete" + notes = "Locked to prevent accidental deletion" +} + +resource "azurerm_private_dns_zone" "mongo" { + name = "privatelink.mongo.cosmos.azure.com" + resource_group_name = azurerm_resource_group.core.name + tags = local.tre_core_tags + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_private_dns_zone_virtual_network_link" "mongo" { + name = "cosmos_mongo_dns_link" + resource_group_name = azurerm_resource_group.core.name + private_dns_zone_name = azurerm_private_dns_zone.mongo.name + virtual_network_id = module.network.core_vnet_id + tags = local.tre_core_tags + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_private_endpoint" "mongo" { + name = "pe-${azurerm_cosmosdb_account.mongo.name}" + location = azurerm_resource_group.core.location + resource_group_name = azurerm_resource_group.core.name + subnet_id = module.network.resource_processor_subnet_id + tags = local.tre_core_tags + lifecycle { ignore_changes = [tags] } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.mongo.id] + } + + private_service_connection { + name = "psc-${azurerm_cosmosdb_account.mongo.name}" + private_connection_resource_id = azurerm_cosmosdb_account.mongo.id + is_manual_connection = false + subresource_names = ["MongoDB"] + } +} + +resource "azurerm_key_vault_secret" "cosmos_mongo_connstr" { + name = "porter-db-connection-string" + value = azurerm_cosmosdb_account.mongo.connection_strings[0] + key_vault_id = azurerm_key_vault.kv.id + tags = local.tre_core_tags + depends_on = [ + azurerm_key_vault_access_policy.deployer + ] +} diff --git a/templates/core/terraform/json-to-env.sh b/templates/core/terraform/json-to-env.sh index 40f6659f45..6843b8f727 100755 --- a/templates/core/terraform/json-to-env.sh +++ b/templates/core/terraform/json-to-env.sh @@ -49,10 +49,19 @@ jq -r ' "path": "state_store_resource_id", "env_var": "STATE_STORE_RESOURCE_ID" }, + { + "path": "cosmosdb_mongo_resource_id", + "env_var": "COSMOSDB_MONGO_RESOURCE_ID" + }, + { "path": "state_store_account_name", "env_var": "COSMOSDB_ACCOUNT_NAME" }, + { + "path": "cosmosdb_mongo_account_name", + "env_var": "COSMOSDB_MONGO_ACCOUNT_NAME" + }, { "path": "state_store_endpoint", "env_var": "STATE_STORE_ENDPOINT" diff --git a/templates/core/terraform/locals.tf b/templates/core/terraform/locals.tf index 118442d0c9..9f7386b36d 100644 --- a/templates/core/terraform/locals.tf +++ b/templates/core/terraform/locals.tf @@ -9,4 +9,7 @@ locals { "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs" ] docker_registry_server = "${var.acr_name}.azurecr.io" + + # https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal + azure_portal_cosmos_ips = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26" } diff --git a/templates/core/terraform/outputs.tf b/templates/core/terraform/outputs.tf index d435f095ac..636e47a39b 100644 --- a/templates/core/terraform/outputs.tf +++ b/templates/core/terraform/outputs.tf @@ -42,14 +42,27 @@ output "state_store_resource_id" { value = azurerm_cosmosdb_account.tre_db_account.id } +output "cosmosdb_mongo_resource_id" { + value = azurerm_cosmosdb_account.mongo.id +} + output "state_store_endpoint" { value = azurerm_cosmosdb_account.tre_db_account.endpoint } +output "cosmosdb_mongo_endpoint" { + value = azurerm_cosmosdb_account.mongo.connection_strings[0] + sensitive = true +} + output "state_store_account_name" { value = azurerm_cosmosdb_account.tre_db_account.name } +output "cosmosdb_mongo_account_name" { + value = azurerm_cosmosdb_account.mongo.name +} + output "app_insights_connection_string" { value = module.azure_monitor.app_insights_connection_string sensitive = true diff --git a/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml b/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml index 550efcc81c..afdcf28352 100644 --- a/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml +++ b/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml @@ -59,18 +59,24 @@ write_files: set -o errexit used_percent=$(df / --output=pcent | tail -1 | sed 's/[^0-9]//g') echo "Used disk space percent: $${used_percent}" - if (( used_percent > 70 )); then + if (( used_percent > 75 )); then echo "Free space too low, pruning..." docker system prune -f fi permissions: '0755' runcmd: + # Those are useful live debug commands. Check the docs for details + # TODO: add link to docs + - printf '\nalias dlf="docker logs --since 1m --follow"' >> /etc/bash.bashrc + - printf '\nalias dlf1='\''dlf $(docker ps -q | head -n 1)'\''' >> /etc/bash.bashrc + - printf '\nalias rpstatus='\''tmux new-session -d "watch docker ps"; tmux split-window -p 100 -v "docker logs --since 1m --follow resource_processor1"; tmux split-window -v -p 90; tmux -2 attach-session -d'\''\n' >> /etc/bash.bashrc + - export DEBIAN_FRONTEND=noninteractive - az login --identity -u ${vmss_msi_id} - az acr login --name ${docker_registry_server} - docker run -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock --restart always --env-file .env - --name resource_processor_vmss_porter1 + --name resource_processor1 --log-driver local ${docker_registry_server}/${resource_processor_vmss_porter_image_repository}:${resource_processor_vmss_porter_image_tag} diff --git a/templates/core/terraform/statestore.tf b/templates/core/terraform/statestore.tf index f1b89c5097..8727baaf0b 100644 --- a/templates/core/terraform/statestore.tf +++ b/templates/core/terraform/statestore.tf @@ -5,7 +5,7 @@ resource "azurerm_cosmosdb_account" "tre_db_account" { offer_type = "Standard" kind = "GlobalDocumentDB" enable_automatic_failover = false - ip_range_filter = var.enable_local_debugging ? local.myip : null + ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" tags = local.tre_core_tags consistency_policy { diff --git a/templates/core/version.txt b/templates/core/version.txt index 50becf4230..3d187266f1 100644 --- a/templates/core/version.txt +++ b/templates/core/version.txt @@ -1 +1 @@ -__version__ = "0.4.49" +__version__ = "0.5.0" From 0908e1785d1a1e09ba9f13f3c765ae129699d01a Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 26 Dec 2022 09:58:43 +0200 Subject: [PATCH 2/4] Update templates for Porter v1 (#2985) * templates change for porter v1 * fix exit code when retrying * fix guacamole * certbot doesn't need to install python * debug porter explain * cleanup * lint * rp version * cr comments * fix base workflow conflict --- .devcontainer/Dockerfile | 2 +- .github/workflows/deploy_tre_reusable.yml | 12 +- Makefile | 5 +- resource_processor/_version.py | 2 +- resource_processor/vmss_porter/config.yaml | 1 + .../shared_services/admin-vm/Dockerfile.tmpl | 16 +- .../shared_services/admin-vm/parameters.json | 8 +- .../shared_services/admin-vm/porter.yaml | 50 +++-- .../airlock_notifier/Dockerfile.tmpl | 27 +-- .../airlock_notifier/parameters.json | 8 +- .../airlock_notifier/porter.yaml | 62 +++--- .../shared_services/certs/Dockerfile.tmpl | 34 +-- .../shared_services/certs/parameters.json | 8 +- templates/shared_services/certs/porter.yaml | 97 ++++----- .../cyclecloud/Dockerfile.tmpl | 24 +-- .../cyclecloud/parameters.json | 8 +- .../shared_services/cyclecloud/porter.yaml | 92 ++++---- .../shared_services/firewall/Dockerfile.tmpl | 16 +- .../shared_services/firewall/parameters.json | 14 +- .../shared_services/firewall/porter.yaml | 63 +++--- .../firewall/terraform/.terraform.lock.hcl | 28 +-- .../firewall/terraform/firewall.tf | 10 +- .../firewall/terraform/providers.tf | 2 +- .../firewall/terraform/variables.tf | 6 - .../shared_services/gitea/Dockerfile.tmpl | 16 +- .../shared_services/gitea/parameters.json | 8 +- templates/shared_services/gitea/porter.yaml | 56 +++-- .../gitea/terraform/.terraform.lock.hcl | 30 +-- .../gitea/terraform/gitea-webapp.tf | 2 +- .../shared_services/gitea/terraform/main.tf | 2 +- .../sonatype-nexus-vm/Dockerfile.tmpl | 18 +- .../sonatype-nexus-vm/parameters.json | 8 +- .../sonatype-nexus-vm/porter.yaml | 53 +++-- .../azureml/Dockerfile.tmpl | 35 +--- .../azureml/parameters.json | 8 +- .../workspace_services/azureml/porter.yaml | 111 +++++----- .../aml_compute/Dockerfile.tmpl | 10 +- .../aml_compute/parameters.json | 8 +- .../user_resources/aml_compute/porter.yaml | 75 ++++--- .../workspace_services/gitea/Dockerfile.tmpl | 16 +- .../workspace_services/gitea/parameters.json | 8 +- .../workspace_services/gitea/porter.yaml | 59 +++--- .../guacamole/Dockerfile.tmpl | 16 +- .../guacamole/parameters.json | 8 +- .../workspace_services/guacamole/porter.yaml | 113 +++++----- .../guacamole/terraform/.terraform.lock.hcl | 30 +-- .../guacamole/terraform/providers.tf | 2 +- .../guacamole/terraform/web_app.tf | 2 +- .../Dockerfile.tmpl | 16 +- .../parameters.json | 8 +- .../porter.yaml | 120 +++++------ .../Dockerfile.tmpl | 16 +- .../parameters.json | 8 +- .../porter.yaml | 126 +++++------ .../guacamole-azure-linuxvm/Dockerfile.tmpl | 16 +- .../guacamole-azure-linuxvm/parameters.json | 8 +- .../guacamole-azure-linuxvm/porter.yaml | 136 ++++++------ .../guacamole-azure-windowsvm/Dockerfile.tmpl | 16 +- .../guacamole-azure-windowsvm/parameters.json | 8 +- .../guacamole-azure-windowsvm/porter.yaml | 136 ++++++------ .../innereye/Dockerfile.tmpl | 34 +-- .../innereye/parameters.json | 10 +- .../innereye/parameters_service_azureml.json | 4 +- .../workspace_services/innereye/porter.yaml | 76 ++++--- .../innereye/terraform/.terraform.lock.hcl | 52 ++--- .../workspace_services/mlflow/Dockerfile.tmpl | 16 +- .../workspace_services/mlflow/parameters.json | 8 +- .../workspace_services/mlflow/porter.yaml | 59 +++--- .../workspace_services/mysql/Dockerfile.tmpl | 16 +- .../workspace_services/mysql/parameters.json | 14 +- .../workspace_services/mysql/porter.yaml | 47 ++--- .../airlock-import-review/Dockerfile.tmpl | 33 ++- .../airlock-import-review/parameters.json | 8 +- .../airlock-import-review/porter.yaml | 186 +++++++++-------- templates/workspaces/base/.env.sample | 1 + templates/workspaces/base/Dockerfile.tmpl | 24 +-- templates/workspaces/base/parameters.json | 8 +- templates/workspaces/base/porter.yaml | 196 +++++++++--------- .../workspaces/base/template_schema.json | 2 +- .../workspaces/unrestricted/Dockerfile.tmpl | 31 ++- .../workspaces/unrestricted/parameters.json | 8 +- templates/workspaces/unrestricted/porter.yaml | 191 ++++++++--------- 82 files changed, 1361 insertions(+), 1566 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 5c7b9540f4..1f9b71d204 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -43,7 +43,7 @@ RUN apt-get update && apt-get install -y ca-certificates curl gnupg lsb-release # Install Certbot RUN if [ "${INTERACTIVE}" = "true" ]; then \ - apt-get update && apt-get install -y python3 python3-venv libaugeas0 --no-install-recommends \ + apt-get update && apt-get install -y libaugeas0 --no-install-recommends \ && python3 -m venv /opt/certbot/ \ && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \ && /opt/certbot/bin/pip install --no-cache-dir certbot \ diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index efc1c149cb..a3bc9914f9 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -206,8 +206,12 @@ jobs: # failure in the first attempt indicates a new ACR, so we need to try again after it's been created if: steps.ci_cache_cr_login.outcome != 'success' run: | - # shellcheck disable=SC2034,SC2015 - for i in {1..3}; do az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && break || sleep 10; done + # shellcheck disable=SC2034,SC2015,SC2125 + for i in {1..3}; do + az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && ec=0 && break || ec=\$? && sleep 10 + done + # shellcheck disable=SC2242 + (exit \$ec) - name: Push cached devcontainer run: docker image push ${{ env.CI_CACHE_ACR_URI }}/tredev:${{ secrets.DEVCONTAINER_TAG }} @@ -359,7 +363,7 @@ jobs: # Although porter publish will build automatically, our makefile build target includes logic that should run COMMAND: >- for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }} - && break || sleep 30; done + && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec) DEVCONTAINER_TAG: ${{ secrets.DEVCONTAINER_TAG }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}} @@ -392,7 +396,7 @@ jobs: # Although porter publish will build automatically, our makefile build target includes logic that should run COMMAND: >- for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }} - && break || sleep 30; done + && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec) DEVCONTAINER_TAG: ${{ secrets.DEVCONTAINER_TAG }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}} diff --git a/Makefile b/Makefile index 2b48a3c474..eec65016c5 100644 --- a/Makefile +++ b/Makefile @@ -210,10 +210,11 @@ bundle-check-params: && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,porter \ && cd ${DIR} \ && if [ ! -f "parameters.json" ]; then echo "Error - please create a parameters.json file."; exit 1; fi \ - && if ! porter explain -ojson > /dev/null; then echo "Error - porter explain issue!"; exit 1; fi \ + && if [ "$$(jq -r '.name' parameters.json)" != "$$(yq eval '.name' porter.yaml)" ]; then echo "Error - ParameterSet name isn't equal to bundle's name."; exit 1; fi \ + && if ! porter explain; then echo "Error - porter explain issue!"; exit 1; fi \ && comm_output=$$(set -o pipefail && comm -3 --output-delimiter=: <(porter explain -ojson | jq -r '.parameters[].name | select (. != "arm_use_msi")' | sort) <(jq -r '.parameters[].name | select(. != "arm_use_msi")' parameters.json | sort)) \ && if [ ! -z "$${comm_output}" ]; \ - then echo -e "*** Add to params ***:*** Remove from params ***\n$$comm_output" | column -t -s ":" -n; exit 1; \ + then echo -e "*** Add to params ***:*** Remove from params ***\n$$comm_output" | column -t -s ":"; exit 1; \ else echo "parameters.json file up-to-date."; fi bundle-uninstall: diff --git a/resource_processor/_version.py b/resource_processor/_version.py index 3d187266f1..dd9b22cccc 100644 --- a/resource_processor/_version.py +++ b/resource_processor/_version.py @@ -1 +1 @@ -__version__ = "0.5.0" +__version__ = "0.5.1" diff --git a/resource_processor/vmss_porter/config.yaml b/resource_processor/vmss_porter/config.yaml index b0c7d068e2..aa5cbccc92 100644 --- a/resource_processor/vmss_porter/config.yaml +++ b/resource_processor/vmss_porter/config.yaml @@ -1,3 +1,4 @@ +--- default-storage: mydb default-secrets: mysecrets diff --git a/templates/shared_services/admin-vm/Dockerfile.tmpl b/templates/shared_services/admin-vm/Dockerfile.tmpl index 709aaecfc4..b65cd5d821 100644 --- a/templates/shared_services/admin-vm/Dockerfile.tmpl +++ b/templates/shared_services/admin-vm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}// diff --git a/templates/shared_services/admin-vm/parameters.json b/templates/shared_services/admin-vm/parameters.json index 0da340c125..6fa9207444 100755 --- a/templates/shared_services/admin-vm/parameters.json +++ b/templates/shared_services/admin-vm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-admin-vm", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/admin-vm/porter.yaml b/templates/shared_services/admin-vm/porter.yaml index e0520fbffb..e7501a8230 100644 --- a/templates/shared_services/admin-vm/porter.yaml +++ b/templates/shared_services/admin-vm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-admin-vm -version: 0.2.0 +version: 0.3.0 description: "An admin vm shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -42,46 +43,43 @@ parameters: mixins: - terraform: - clientVersion: 1.2.9 + clientVersion: 1.3.6 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-admin-vm upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-admin-vm uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-admin-vm diff --git a/templates/shared_services/airlock_notifier/Dockerfile.tmpl b/templates/shared_services/airlock_notifier/Dockerfile.tmpl index eb79413804..2a1734ee08 100644 --- a/templates/shared_services/airlock_notifier/Dockerfile.tmpl +++ b/templates/shared_services/airlock_notifier/Dockerfile.tmpl @@ -1,28 +1,21 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# PORTER_INIT -ARG BUNDLE_DIR +SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN apt-get update \ - && apt-get install --no-install-recommends -y zip \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y zip --no-install-recommends -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ -WORKDIR $BUNDLE_DIR/app +WORKDIR "${BUNDLE_DIR}/app" RUN zip -r /cnab/app/LogicApp.zip . diff --git a/templates/shared_services/airlock_notifier/parameters.json b/templates/shared_services/airlock_notifier/parameters.json index 59261f21ec..a61b746732 100755 --- a/templates/shared_services/airlock_notifier/parameters.json +++ b/templates/shared_services/airlock_notifier/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-airlock-notifier", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/airlock_notifier/porter.yaml b/templates/shared_services/airlock_notifier/porter.yaml index 68e099c78b..7bd48c034a 100644 --- a/templates/shared_services/airlock_notifier/porter.yaml +++ b/templates/shared_services/airlock_notifier/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-airlock-notifier -version: 0.2.3 +version: 0.3.0 description: "A shared service notifying on Airlock Operations" registry: azuretre dockerfile: Dockerfile.tmpl @@ -56,27 +57,27 @@ parameters: mixins: - exec - - az + - az: + clientVersion: 2.37.0 - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - tre_url: "{{ bundle.parameters.tre_url }}" - smtp_server_address: "{{ bundle.parameters.smtp_server_address }}" - smtp_username: "{{ bundle.parameters.smtp_username }}" - smtp_password: "{{ bundle.parameters.smtp_password }}" - smtp_from_email: "{{ bundle.parameters.smtp_from_email }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + tre_url: ${ bundle.parameters.tre_url } + smtp_server_address: ${ bundle.parameters.smtp_server_address } + smtp_username: ${ bundle.parameters.smtp_username } + smtp_password: ${ bundle.parameters.smtp_password } + smtp_from_email: ${ bundle.parameters.smtp_from_email } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-airlock-notifier" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-airlock-notifier outputs: - name: airlock_notifier_logic_app_name - name: airlock_notifier_logic_app_resource_group_name @@ -87,7 +88,7 @@ install: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Deploy logic app" @@ -97,9 +98,9 @@ install: - source - config-zip flags: - name: "{{ bundle.outputs.airlock_notifier_logic_app_name }}" - resource-group: "{{ bundle.outputs.airlock_notifier_logic_app_resource_group_name }}" - subscription: "{{ bundle.credentials.azure_subscription_id }}" + name: ${ bundle.outputs.airlock_notifier_logic_app_name } + resource-group: ${ bundle.outputs.airlock_notifier_logic_app_resource_group_name } + subscription: ${ bundle.credentials.azure_subscription_id } src: LogicApp.zip @@ -114,17 +115,16 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - tre_url: "{{ bundle.parameters.tre_url }}" - smtp_server_address: "{{ bundle.parameters.smtp_server_address }}" - smtp_username: "{{ bundle.parameters.smtp_username }}" - smtp_password: "{{ bundle.parameters.smtp_password }}" - smtp_from_email: "{{ bundle.parameters.smtp_from_email }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + tre_url: ${ bundle.parameters.tre_url } + smtp_server_address: ${ bundle.parameters.smtp_server_address } + smtp_username: ${ bundle.parameters.smtp_username } + smtp_password: ${ bundle.parameters.smtp_password } + smtp_from_email: ${ bundle.parameters.smtp_from_email } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-airlock-notifier" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-airlock-notifier diff --git a/templates/shared_services/certs/Dockerfile.tmpl b/templates/shared_services/certs/Dockerfile.tmpl index c9d2b82817..b869054494 100644 --- a/templates/shared_services/certs/Dockerfile.tmpl +++ b/templates/shared_services/certs/Dockerfile.tmpl @@ -1,40 +1,22 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM python:3.8-slim-bullseye -ARG BUNDLE_DIR +# PORTER_INIT SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install Azure CLI -# It's useless to specify azcli version since the mixin installs the latest anyway -RUN apt-get update \ - && apt-get install -y --no-install-recommends ca-certificates jq curl apt-transport-https lsb-release gnupg \ - && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \ - && AZ_REPO=$(lsb_release -cs) \ - && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \ - && apt-get update && apt-get -y --no-install-recommends install azure-cli \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache # Install Certbot # Some of the tools' versions seem to depend on the base image so proboably best not to specify them. -RUN apt-get update \ - && apt-get install -y --no-install-recommends python3 python3-venv libaugeas0 \ +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install -y --no-install-recommends libaugeas0 \ && python3 -m venv /opt/certbot/ \ && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \ - && /opt/certbot/bin/pip install --no-cache-dir certbot \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* + && /opt/certbot/bin/pip install --no-cache-dir certbot -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/certs/parameters.json b/templates/shared_services/certs/parameters.json index 68a9dd9d66..4243e339d3 100755 --- a/templates/shared_services/certs/parameters.json +++ b/templates/shared_services/certs/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-certs", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/certs/porter.yaml b/templates/shared_services/certs/porter.yaml index 6324e1515b..c8beec1a54 100755 --- a/templates/shared_services/certs/porter.yaml +++ b/templates/shared_services/certs/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-certs -version: 0.2.2 +version: 0.3.0 description: "An Azure TRE shared service to generate certificates for a specified internal domain using Letsencrypt" registry: azuretre dockerfile: Dockerfile.tmpl @@ -46,27 +47,27 @@ parameters: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - domain_prefix: "{{ bundle.parameters.domain_prefix }}" - cert_name: "{{ bundle.parameters.cert_name }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + domain_prefix: ${ bundle.parameters.domain_prefix } + cert_name: ${ bundle.parameters.cert_name } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-certs" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-certs outputs: - name: fqdn - name: application_gateway_name @@ -79,19 +80,19 @@ install: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Generate certificate" command: bash arguments: - ./scripts/letsencrypt.sh flags: - fqdn: "{{ bundle.outputs.fqdn }}" - application_gateway_name: "{{ bundle.outputs.application_gateway_name }}" - storage_account_name: "{{ bundle.outputs.storage_account_name }}" - resource_group_name: "{{ bundle.outputs.resource_group_name }}" - keyvault_name: "{{ bundle.outputs.keyvault_name }}" - cert_name: "{{ bundle.parameters.cert_name }}" + fqdn: ${ bundle.outputs.fqdn } + application_gateway_name: ${ bundle.outputs.application_gateway_name } + storage_account_name: ${ bundle.outputs.storage_account_name } + resource_group_name: ${ bundle.outputs.resource_group_name } + keyvault_name: ${ bundle.outputs.keyvault_name } + cert_name: ${ bundle.parameters.cert_name } upgrade: - exec: @@ -103,33 +104,33 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - domain_prefix: "{{ bundle.parameters.domain_prefix }}" - cert_name: "{{ bundle.parameters.cert_name }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + domain_prefix: ${ bundle.parameters.domain_prefix } + cert_name: ${ bundle.parameters.cert_name } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-certs" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-certs renew: - terraform: arguments: - "output" description: "Get Terraform output variables" + vars: + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-certs" - tre_resource_id: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-certs outputs: - name: fqdn - name: application_gateway_name @@ -142,16 +143,16 @@ renew: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Renew certificate" command: bash arguments: - ./scripts/letsencrypt.sh flags: - fqdn: "{{ bundle.outputs.fqdn }}" - application_gateway_name: "{{ bundle.outputs.application_gateway_name }}" - storage_account_name: "{{ bundle.outputs.storage_account_name }}" - resource_group_name: "{{ bundle.outputs.resource_group_name }}" - keyvault_name: "{{ bundle.outputs.keyvault_name }}" - cert_name: "{{ bundle.parameters.cert_name }}" + fqdn: ${ bundle.outputs.fqdn } + application_gateway_name: ${ bundle.outputs.application_gateway_name } + storage_account_name: ${ bundle.outputs.storage_account_name } + resource_group_name: ${ bundle.outputs.resource_group_name } + keyvault_name: ${ bundle.outputs.keyvault_name } + cert_name: ${ bundle.parameters.cert_name } diff --git a/templates/shared_services/cyclecloud/Dockerfile.tmpl b/templates/shared_services/cyclecloud/Dockerfile.tmpl index 86c7ceedb9..ec7bd78507 100644 --- a/templates/shared_services/cyclecloud/Dockerfile.tmpl +++ b/templates/shared_services/cyclecloud/Dockerfile.tmpl @@ -1,26 +1,16 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache # Install Git -RUN apt-get update \ - && apt-get install --no-install-recommends -y git \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install --no-install-recommends -y git -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/cyclecloud/parameters.json b/templates/shared_services/cyclecloud/parameters.json index 880bf50432..ea839388f5 100755 --- a/templates/shared_services/cyclecloud/parameters.json +++ b/templates/shared_services/cyclecloud/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "cyclecloud", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-cyclecloud", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/cyclecloud/porter.yaml b/templates/shared_services/cyclecloud/porter.yaml index 5a6b20ce76..2e6c043d19 100644 --- a/templates/shared_services/cyclecloud/porter.yaml +++ b/templates/shared_services/cyclecloud/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-cyclecloud -version: 0.3.0 +version: 0.4.0 description: "An Azure TRE Shared Service Template for Azure Cyclecloud" registry: azuretre dockerfile: Dockerfile.tmpl @@ -48,24 +49,25 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Cyclecloud shared service" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: connection_uri @@ -73,17 +75,17 @@ upgrade: - terraform: description: "Update Cyclecloud shared service" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: connection_uri @@ -91,17 +93,17 @@ uninstall: - terraform: description: "Delete the Cyclecloud shared service" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -109,10 +111,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -121,14 +123,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -136,10 +138,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -148,11 +150,11 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } diff --git a/templates/shared_services/firewall/Dockerfile.tmpl b/templates/shared_services/firewall/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/shared_services/firewall/Dockerfile.tmpl +++ b/templates/shared_services/firewall/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/firewall/parameters.json b/templates/shared_services/firewall/parameters.json index 3314d1fa25..a10b6e1ddb 100755 --- a/templates/shared_services/firewall/parameters.json +++ b/templates/shared_services/firewall/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-firewall", "parameters": [ { "name": "tre_id", @@ -45,12 +45,6 @@ "source": { "env": "NETWORK_RULE_COLLECTIONS" } - }, - { - "name": "stateful_resources_locked", - "source": { - "env": "STATEFUL_RESOURCES_LOCKED" - } } ] } diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index 28b862a7ae..dad7d6d76c 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 0.6.3 +version: 0.7.0 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -44,59 +45,49 @@ parameters: type: string default: "W10=" # b64 for [] description: "Network rule collection array" - - name: stateful_resources_locked - env: STATEFUL_RESOURCES_LOCKED - type: boolean - default: true mixins: - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - api_driven_rule_collections_b64: "{{ bundle.parameters.rule_collections }}" - api_driven_network_rule_collections_b64: "{{ bundle.parameters.network_rule_collections }}" - stateful_resources_locked: "{{ bundle.parameters.stateful_resources_locked }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + api_driven_rule_collections_b64: ${ bundle.parameters.rule_collections } + api_driven_network_rule_collections_b64: ${ bundle.parameters.network_rule_collections } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-firewall" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-firewall upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - api_driven_rule_collections_b64: "{{ bundle.parameters.rule_collections }}" - api_driven_network_rule_collections_b64: "{{ bundle.parameters.network_rule_collections }}" - stateful_resources_locked: "{{ bundle.parameters.stateful_resources_locked }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + api_driven_rule_collections_b64: ${ bundle.parameters.rule_collections } + api_driven_network_rule_collections_b64: ${ bundle.parameters.network_rule_collections } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-firewall" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-firewall uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - api_driven_rule_collections_b64: "{{ bundle.parameters.rule_collections }}" - api_driven_network_rule_collections_b64: "{{ bundle.parameters.network_rule_collections }}" - stateful_resources_locked: "{{ bundle.parameters.stateful_resources_locked }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + api_driven_rule_collections_b64: ${ bundle.parameters.rule_collections } + api_driven_network_rule_collections_b64: ${ bundle.parameters.network_rule_collections } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-firewall" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-firewall diff --git a/templates/shared_services/firewall/terraform/.terraform.lock.hcl b/templates/shared_services/firewall/terraform/.terraform.lock.hcl index 731e74bbab..4be435ce82 100644 --- a/templates/shared_services/firewall/terraform/.terraform.lock.hcl +++ b/templates/shared_services/firewall/terraform/.terraform.lock.hcl @@ -2,21 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.16.0" - constraints = "3.16.0" + version = "3.33.0" + constraints = "3.33.0" hashes = [ - "h1:cBZXnJ4WErrhAzoQ1IMUMkpRlUmr8KQ2a0vLKH6B2a8=", - "zh:02aecc67db3f7cf19bd39ed454824422c43a5dc9f18b44d9547bb79ba66e0beb", - "zh:1775b033e3a29395087d731387efc926251232c4469a6c262f7039669e2f3aed", - "zh:1b955c3134b8fa61486383fee609bc99e46883c9b5148cb8d3bdc3d6d25b1e5e", - "zh:1ca04c35917fcf9f15aa2f24ef52b823575efa213fcb6d241cd189fddb032268", - "zh:20663ca219acc95d1de2129aac941f08eca1093c61cd6775e9c0b239b70a573e", - "zh:28427df342789f106ce500a489c750d7971d67cb58c495274878dc55d52452fe", - "zh:2a2e0755b9ebedbb4dd55de53191ce02e0a5511648610bf816532cd1614f2d7a", - "zh:5cc4c086ff081379070ea8177025a92a53e3c7bec2eabbf8182efa146e05b371", - "zh:5df50ae712c2b6e850b5953d5b89a29aca98ef1ae5fac4cb9225080ac319207c", - "zh:944ec6ceac2a1af58b58c270db90992d5f32614714647f6086ebc42789fa0f15", - "zh:f1e2df2f7db13b234d2cfa5d7c70054df4039532829be6ce8ed11c6f99ba0cf5", + "h1:pXB6SKE4NKdf+LepsQjrLcBnVTL5ejeKvx/kyojai6c=", + "zh:136d9c642746d8d84e62ecd8ab0c7dc015eac504c1f068e06fad438ae222d934", + "zh:266e64b8e32a94ddcc20954ebad1d8ff3921d318addf576e981b1390e5d5ba79", + "zh:3bd84a1e5b3bbe34a5870f271d6a5bf9b35a4c924db32b450a1fb53bc910c37a", + "zh:3c6604041472bb4691b502877cf9d886ed9f973fbadf11389ec9499fdc66045e", + "zh:680c00a73c8054c36a58115a44d02d1ebb675c2ad3afaaab2d74a01f978f16ce", + "zh:6dab47ef64f90e43b75ed240a974c4119f5268be4433f3c1c3e97559e7ef2f38", + "zh:9f73f19fdc340c443693dc03f1a145c6bd0ee5fd425eab7473d06abbe39b99d7", + "zh:9ff008b6737e880f191b4be6dfcef95ff019969dd787c44a58c2d7d6aaf6623b", + "zh:be297f1515e9ac63886e3e092a0bcd10aa8aa2b69c2b0995ce4e069176b07a95", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb29a566e7698cfae477f3efa3bba38526ec8343355763178c6e9c96e51399f3", + "zh:fbc3b625733ce5f0970fa8d9743f6db51064c168d6be5fc7a5e3d1a54af28bb7", ] } diff --git a/templates/shared_services/firewall/terraform/firewall.tf b/templates/shared_services/firewall/terraform/firewall.tf index 15c7c7e927..e5aa50f3a7 100644 --- a/templates/shared_services/firewall/terraform/firewall.tf +++ b/templates/shared_services/firewall/terraform/firewall.tf @@ -26,14 +26,6 @@ resource "azurerm_firewall" "fw" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_management_lock" "fw" { - count = var.stateful_resources_locked ? 1 : 0 - name = azurerm_firewall.fw.name - scope = azurerm_firewall.fw.id - lock_level = "CanNotDelete" - notes = "Locked to prevent accidental deletion" -} - data "azurerm_monitor_diagnostic_categories" "firewall" { resource_id = azurerm_firewall.fw.id } @@ -45,7 +37,7 @@ resource "azurerm_monitor_diagnostic_setting" "firewall" { log_analytics_destination_type = "AzureDiagnostics" dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.firewall.logs + for_each = data.azurerm_monitor_diagnostic_categories.firewall.log_category_types content { category = log.value enabled = contains(local.firewall_diagnostic_categories_enabled, log.value) ? true : false diff --git a/templates/shared_services/firewall/terraform/providers.tf b/templates/shared_services/firewall/terraform/providers.tf index d5ee42eeda..c395cbf420 100644 --- a/templates/shared_services/firewall/terraform/providers.tf +++ b/templates/shared_services/firewall/terraform/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.16.0" + version = "=3.33.0" } } diff --git a/templates/shared_services/firewall/terraform/variables.tf b/templates/shared_services/firewall/terraform/variables.tf index 1c5e184718..9ac2916b11 100644 --- a/templates/shared_services/firewall/terraform/variables.tf +++ b/templates/shared_services/firewall/terraform/variables.tf @@ -8,12 +8,6 @@ variable "tre_resource_id" { description = "Resource ID" } -variable "stateful_resources_locked" { - type = bool - default = true - description = "Used to add locks on resources with state" -} - variable "api_driven_rule_collections_b64" { type = string default = "W10=" #b64 for [] diff --git a/templates/shared_services/gitea/Dockerfile.tmpl b/templates/shared_services/gitea/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/shared_services/gitea/Dockerfile.tmpl +++ b/templates/shared_services/gitea/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/gitea/parameters.json b/templates/shared_services/gitea/parameters.json index 1dce60b974..afaf29d52f 100755 --- a/templates/shared_services/gitea/parameters.json +++ b/templates/shared_services/gitea/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-gitea", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index 053204e612..04ae38860b 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 0.4.0 +version: 0.5.0 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -49,7 +50,7 @@ parameters: mixins: - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 outputs: - name: gitea_allowed_fqdns_list @@ -68,17 +69,16 @@ outputs: install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + acr_name: ${ bundle.parameters.mgmt_acr_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-gitea" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-gitea outputs: - name: gitea_allowed_fqdns_list - name: address_prefixes @@ -86,17 +86,16 @@ install: upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + acr_name: ${ bundle.parameters.mgmt_acr_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-gitea" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-gitea outputs: - name: gitea_allowed_fqdns_list - name: address_prefixes @@ -104,14 +103,13 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + acr_name: ${ bundle.parameters.mgmt_acr_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-gitea" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-gitea diff --git a/templates/shared_services/gitea/terraform/.terraform.lock.hcl b/templates/shared_services/gitea/terraform/.terraform.lock.hcl index b6e2cb7fd6..7addb0336b 100644 --- a/templates/shared_services/gitea/terraform/.terraform.lock.hcl +++ b/templates/shared_services/gitea/terraform/.terraform.lock.hcl @@ -2,28 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.20.0" - constraints = "3.20.0" + version = "3.33.0" + constraints = "3.33.0" hashes = [ - "h1:heH/4bYgajEFQ+fwSV9Zduvpyb7eTCQUv+gl201EFg8=", - "zh:0d534bb2fed67b5b58d3adb2b0be7a9986f62b34f40eae450dafc9454fb54db8", - "zh:19f6d5f196a35500e0f1ae9d9baee44f49b90858524338a7b8aaec06d3e3a047", - "zh:1d042648d2eaffde8858a8006b944374599c5e8c2f834ae74b97adedd1468142", - "zh:278ebac38cf3c1e6df4bc5de00e931bfc04298607f428aa84a932bbf26dee421", - "zh:48f29b802e2de7e6dd2452a012c633686fce5d7ad3eadb490a7b8c0967a9ebfa", - "zh:731bf2e97c4a519723682beb2e85e065bf0bf53b2f50e2ff7b15b39ea74e37ff", - "zh:7c8187ebca19ca8f6ef82d3d79a418ccfa6574bb99e63cc930fa46ff938a7921", - "zh:82fdb2052601f6fa925195e77506fb609ce8bb4a6f6e94cf6a5058252ef570d4", - "zh:995ca23bb3765a16c6b3138b468d920acff5742b22492324c836579e3344ea40", - "zh:a970131232ad41203382f6fa3f0014a22767cbfe28cd7562346184ea6e678d63", - "zh:bf5036675a7f0b8691fe393e2782a76c7943ba17eec7255e16a31c7547436a48", + "h1:pXB6SKE4NKdf+LepsQjrLcBnVTL5ejeKvx/kyojai6c=", + "zh:136d9c642746d8d84e62ecd8ab0c7dc015eac504c1f068e06fad438ae222d934", + "zh:266e64b8e32a94ddcc20954ebad1d8ff3921d318addf576e981b1390e5d5ba79", + "zh:3bd84a1e5b3bbe34a5870f271d6a5bf9b35a4c924db32b450a1fb53bc910c37a", + "zh:3c6604041472bb4691b502877cf9d886ed9f973fbadf11389ec9499fdc66045e", + "zh:680c00a73c8054c36a58115a44d02d1ebb675c2ad3afaaab2d74a01f978f16ce", + "zh:6dab47ef64f90e43b75ed240a974c4119f5268be4433f3c1c3e97559e7ef2f38", + "zh:9f73f19fdc340c443693dc03f1a145c6bd0ee5fd425eab7473d06abbe39b99d7", + "zh:9ff008b6737e880f191b4be6dfcef95ff019969dd787c44a58c2d7d6aaf6623b", + "zh:be297f1515e9ac63886e3e092a0bcd10aa8aa2b69c2b0995ce4e069176b07a95", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb29a566e7698cfae477f3efa3bba38526ec8343355763178c6e9c96e51399f3", + "zh:fbc3b625733ce5f0970fa8d9743f6db51064c168d6be5fc7a5e3d1a54af28bb7", ] } provider "registry.terraform.io/hashicorp/local" { version = "2.2.3" - constraints = "~> 2.2.0" + constraints = "2.2.3" hashes = [ "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index a02528ee7d..112dc9f02b 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -128,7 +128,7 @@ resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.webapp.logs + for_each = data.azurerm_monitor_diagnostic_categories.webapp.log_category_types content { category = log.value enabled = contains(local.webapp_diagnostic_categories_enabled, log.value) ? true : false diff --git a/templates/shared_services/gitea/terraform/main.tf b/templates/shared_services/gitea/terraform/main.tf index 5d53db19fd..2a9b6bc7e4 100644 --- a/templates/shared_services/gitea/terraform/main.tf +++ b/templates/shared_services/gitea/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.20.0" + version = "=3.33.0" } local = { source = "hashicorp/local" diff --git a/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl b/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl index 45ef111a50..3452b48f1d 100644 --- a/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl +++ b/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl @@ -1,21 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/sonatype-nexus-vm/parameters.json b/templates/shared_services/sonatype-nexus-vm/parameters.json index 27ffcae78c..bc13b3e6fc 100755 --- a/templates/shared_services/sonatype-nexus-vm/parameters.json +++ b/templates/shared_services/sonatype-nexus-vm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-sonatype-nexus", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/sonatype-nexus-vm/porter.yaml b/templates/shared_services/sonatype-nexus-vm/porter.yaml index 079b4a31e4..9288dda720 100644 --- a/templates/shared_services/sonatype-nexus-vm/porter.yaml +++ b/templates/shared_services/sonatype-nexus-vm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-sonatype-nexus -version: 2.2.4 +version: 2.3.0 description: "A Sonatype Nexus shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -61,22 +62,22 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - ssl_cert_name: "{{ bundle.parameters.ssl_cert_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + ssl_cert_name: ${ bundle.parameters.ssl_cert_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-sonatype-nexus-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-sonatype-nexus-vm outputs: - name: workspace_vm_allowed_fqdns_list - name: nexus_allowed_fqdns_list @@ -85,16 +86,15 @@ install: upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - ssl_cert_name: "{{ bundle.parameters.ssl_cert_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + ssl_cert_name: ${ bundle.parameters.ssl_cert_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-sonatype-nexus-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-sonatype-nexus-vm outputs: - name: workspace_vm_allowed_fqdns_list - name: nexus_allowed_fqdns_list @@ -102,13 +102,12 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - ssl_cert_name: "{{ bundle.parameters.ssl_cert_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + ssl_cert_name: ${ bundle.parameters.ssl_cert_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-sonatype-nexus-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-sonatype-nexus-vm diff --git a/templates/workspace_services/azureml/Dockerfile.tmpl b/templates/workspace_services/azureml/Dockerfile.tmpl index 01bb786ac0..066447dd2d 100644 --- a/templates/workspace_services/azureml/Dockerfile.tmpl +++ b/templates/workspace_services/azureml/Dockerfile.tmpl @@ -1,33 +1,16 @@ -FROM debian:stretch-slim +# syntax=docker/dockerfile-upstream:1.4.0 +FROM debian:bullseye-slim -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# PORTER_INIT -# Install Azure CLI -RUN apt-get update \ - && apt-get install --no-install-recommends -y ca-certificates jq curl apt-transport-https lsb-release gnupg \ - && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \ - && AZ_REPO=$(lsb_release -cs) \ - && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \ - && apt-get update && apt-get install --no-install-recommends -y azure-cli \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN az extension add --name azure-firewall +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install --no-install-recommends -y jq -ARG BUNDLE_DIR - -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle - -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/azureml/parameters.json b/templates/workspace_services/azureml/parameters.json index 60ab5b8ed6..0e77f0980d 100755 --- a/templates/workspace_services/azureml/parameters.json +++ b/templates/workspace_services/azureml/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "azureml", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-azureml", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index b582052d27..ab6acfe35c 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.5.6 +version: 0.6.0 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -95,30 +96,34 @@ outputs: mixins: - terraform: - clientVersion: 1.3.3 + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 + extensions: + - azure-firewall install: - terraform: description: "Deploy Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-azureml-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-azureml-${ bundle.parameters.id } outputs: - name: azureml_workspace_name - name: azureml_acr_id @@ -132,24 +137,24 @@ upgrade: - terraform: description: "Upgrade Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-azureml-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-azureml-${ bundle.parameters.id } outputs: - name: azureml_workspace_name - name: azureml_acr_id @@ -163,21 +168,21 @@ uninstall: - terraform: description: "Delete the Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-azureml-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-azureml-${ bundle.parameters.id } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl b/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl index 86fc334c03..3452b48f1d 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl +++ b/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl @@ -1,9 +1,9 @@ -FROM debian:stretch-slim +# syntax=docker/dockerfile-upstream:1.4.0 +FROM debian:bullseye-slim -ARG BUNDLE_DIR - -COPY . $BUNDLE_DIR +# PORTER_INIT # PORTER_MIXINS -WORKDIR $BUNDLE_DIR +# Use the BUNDLE_DIR build argument to copy files into the bundle +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json b/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json index 5208909e27..afa9df266a 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json +++ b/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "avd-aad", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-user-resource-aml-compute-instance", "parameters": [ { "name": "id", diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml index 54388f216e..7729c4e290 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml +++ b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-user-resource-aml-compute-instance -version: 0.4.1 +version: 0.5.0 description: "Azure Machine Learning Compute Instance" registry: azuretre dockerfile: Dockerfile.tmpl @@ -51,48 +52,56 @@ parameters: mixins: - exec - - az + - az: + clientVersion: 2.37.0 - terraform: - clientVersion: 1.2.8 + clientVersion: 1.3.6 install: - terraform: description: "Deploy service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - vm_size_sku: "{{ bundle.parameters.vm_size }}" - auth_tenant_id: "{{ bundle.parameters.auth_tenant_id }}" - user_object_id: "{{ bundle.parameters.user_object_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + parent_service_id: ${ bundle.parameters.parent_service_id } + vm_size_sku: ${ bundle.parameters.vm_size } + auth_tenant_id: ${ bundle.parameters.auth_tenant_id } + user_object_id: ${ bundle.parameters.user_object_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-user-resource-aml-compute-instance-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-user-resource-aml-compute-instance-${ bundle.parameters.id } + +upgrade: + - exec: + description: "Upgrade shared service" + command: echo + arguments: + - "This shared service does not implement upgrade action" uninstall: - terraform: description: "Uninstall service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - vm_size_sku: "{{ bundle.parameters.vm_size }}" - auth_tenant_id: "{{ bundle.parameters.auth_tenant_id }}" - user_object_id: "{{ bundle.parameters.user_object_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + parent_service_id: ${ bundle.parameters.parent_service_id } + vm_size_sku: ${ bundle.parameters.vm_size } + auth_tenant_id: ${ bundle.parameters.auth_tenant_id } + user_object_id: ${ bundle.parameters.user_object_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-user-resource-aml-compute-instance-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-user-resource-aml-compute-instance-${ bundle.parameters.id } diff --git a/templates/workspace_services/gitea/Dockerfile.tmpl b/templates/workspace_services/gitea/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/gitea/Dockerfile.tmpl +++ b/templates/workspace_services/gitea/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/gitea/parameters.json b/templates/workspace_services/gitea/parameters.json index 08f1678c99..1f4b1fcd44 100755 --- a/templates/workspace_services/gitea/parameters.json +++ b/templates/workspace_services/gitea/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-service-gitea", "parameters": [ { "name": "id", diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index 5c6d95bd52..baed865a2b 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 0.6.0 +version: 0.7.0 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -59,7 +60,7 @@ parameters: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 outputs: - name: internal_connection_uri @@ -82,16 +83,16 @@ install: - terraform: description: "Deploy Gitea workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-gitea-${ bundle.parameters.id } outputs: - name: internal_connection_uri - name: authentication_callback_uri @@ -101,16 +102,16 @@ upgrade: - terraform: description: "Deploy Gitea workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-gitea-${ bundle.parameters.id } outputs: - name: internal_connection_uri - name: authentication_callback_uri @@ -120,13 +121,13 @@ uninstall: - terraform: description: "Tear down Gitead workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-gitea-${ bundle.parameters.id } diff --git a/templates/workspace_services/guacamole/Dockerfile.tmpl b/templates/workspace_services/guacamole/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/parameters.json b/templates/workspace_services/guacamole/parameters.json index 37f452c75f..0373d4233d 100755 --- a/templates/workspace_services/guacamole/parameters.json +++ b/templates/workspace_services/guacamole/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole", "parameters": [ { "name": "id", diff --git a/templates/workspace_services/guacamole/porter.yaml b/templates/workspace_services/guacamole/porter.yaml index 7bdeb04e6a..75cf11092c 100644 --- a/templates/workspace_services/guacamole/porter.yaml +++ b/templates/workspace_services/guacamole/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole -version: 0.5.2 +version: 0.6.0 description: "An Azure TRE service for Guacamole" dockerfile: Dockerfile.tmpl registry: azuretre @@ -113,31 +114,31 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy Guacamole Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - image_name: "{{ bundle.custom.runtime_image.name }}" - image_tag: "{{ bundle.parameters.image_tag }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - guac_disable_copy: "{{ bundle.parameters.guac_disable_copy }}" - guac_disable_paste: "{{ bundle.parameters.guac_disable_paste }}" - guac_enable_drive: "{{ bundle.parameters.guac_enable_drive }}" - guac_drive_name: "{{ bundle.parameters.guac_drive_name }}" - guac_drive_path: "{{ bundle.parameters.guac_drive_path }}" - guac_disable_download: "{{ bundle.parameters.guac_disable_download }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - tre_resource_id: "{{ bundle.parameters.id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + image_name: ${ bundle.custom.runtime_image.name } + image_tag: ${ bundle.parameters.image_tag } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } + guac_disable_copy: ${ bundle.parameters.guac_disable_copy } + guac_disable_paste: ${ bundle.parameters.guac_disable_paste } + guac_enable_drive: ${ bundle.parameters.guac_enable_drive } + guac_drive_name: ${ bundle.parameters.guac_drive_name } + guac_drive_path: ${ bundle.parameters.guac_drive_path } + guac_disable_download: ${ bundle.parameters.guac_disable_download } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-guacamole-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-guacamole-${ bundle.parameters.id } outputs: - name: connection_uri - name: authentication_callback_uri @@ -147,25 +148,25 @@ upgrade: - terraform: description: "Upgrade Guacamole Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - image_name: "{{ bundle.custom.runtime_image.name }}" - image_tag: "{{ bundle.parameters.image_tag }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - guac_disable_copy: "{{ bundle.parameters.guac_disable_copy }}" - guac_disable_paste: "{{ bundle.parameters.guac_disable_paste }}" - guac_enable_drive: "{{ bundle.parameters.guac_enable_drive }}" - guac_drive_name: "{{ bundle.parameters.guac_drive_name }}" - guac_drive_path: "{{ bundle.parameters.guac_drive_path }}" - guac_disable_download: "{{ bundle.parameters.guac_disable_download }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - tre_resource_id: "{{ bundle.parameters.id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + image_name: ${ bundle.custom.runtime_image.name } + image_tag: ${ bundle.parameters.image_tag } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } + guac_disable_copy: ${ bundle.parameters.guac_disable_copy } + guac_disable_paste: ${ bundle.parameters.guac_disable_paste } + guac_enable_drive: ${ bundle.parameters.guac_enable_drive } + guac_drive_name: ${ bundle.parameters.guac_drive_name } + guac_drive_path: ${ bundle.parameters.guac_drive_path } + guac_disable_download: ${ bundle.parameters.guac_disable_download } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-guacamole-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-guacamole-${ bundle.parameters.id } outputs: - name: connection_uri - name: authentication_callback_uri @@ -176,22 +177,22 @@ uninstall: - terraform: description: "Delete the Guacamole Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - image_name: "{{ bundle.custom.runtime_image.name }}" - image_tag: "{{ bundle.parameters.image_tag }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - guac_disable_copy: "{{ bundle.parameters.guac_disable_copy }}" - guac_disable_paste: "{{ bundle.parameters.guac_disable_paste }}" - guac_enable_drive: "{{ bundle.parameters.guac_enable_drive }}" - guac_drive_name: "{{ bundle.parameters.guac_drive_name }}" - guac_drive_path: "{{ bundle.parameters.guac_drive_path }}" - guac_disable_download: "{{ bundle.parameters.guac_disable_download }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - tre_resource_id: "{{ bundle.parameters.id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + image_name: ${ bundle.custom.runtime_image.name } + image_tag: ${ bundle.parameters.image_tag } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } + guac_disable_copy: ${ bundle.parameters.guac_disable_copy } + guac_disable_paste: ${ bundle.parameters.guac_disable_paste } + guac_enable_drive: ${ bundle.parameters.guac_enable_drive } + guac_drive_name: ${ bundle.parameters.guac_drive_name } + guac_drive_path: ${ bundle.parameters.guac_drive_path } + guac_disable_download: ${ bundle.parameters.guac_disable_download } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-guacamole-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-guacamole-${ bundle.parameters.id } diff --git a/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl b/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl index 0fab3fe254..e1f266c4f9 100644 --- a/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl @@ -2,28 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.16.0" - constraints = "3.16.0" + version = "3.33.0" + constraints = "3.33.0" hashes = [ - "h1:cBZXnJ4WErrhAzoQ1IMUMkpRlUmr8KQ2a0vLKH6B2a8=", - "zh:02aecc67db3f7cf19bd39ed454824422c43a5dc9f18b44d9547bb79ba66e0beb", - "zh:1775b033e3a29395087d731387efc926251232c4469a6c262f7039669e2f3aed", - "zh:1b955c3134b8fa61486383fee609bc99e46883c9b5148cb8d3bdc3d6d25b1e5e", - "zh:1ca04c35917fcf9f15aa2f24ef52b823575efa213fcb6d241cd189fddb032268", - "zh:20663ca219acc95d1de2129aac941f08eca1093c61cd6775e9c0b239b70a573e", - "zh:28427df342789f106ce500a489c750d7971d67cb58c495274878dc55d52452fe", - "zh:2a2e0755b9ebedbb4dd55de53191ce02e0a5511648610bf816532cd1614f2d7a", - "zh:5cc4c086ff081379070ea8177025a92a53e3c7bec2eabbf8182efa146e05b371", - "zh:5df50ae712c2b6e850b5953d5b89a29aca98ef1ae5fac4cb9225080ac319207c", - "zh:944ec6ceac2a1af58b58c270db90992d5f32614714647f6086ebc42789fa0f15", - "zh:f1e2df2f7db13b234d2cfa5d7c70054df4039532829be6ce8ed11c6f99ba0cf5", + "h1:pXB6SKE4NKdf+LepsQjrLcBnVTL5ejeKvx/kyojai6c=", + "zh:136d9c642746d8d84e62ecd8ab0c7dc015eac504c1f068e06fad438ae222d934", + "zh:266e64b8e32a94ddcc20954ebad1d8ff3921d318addf576e981b1390e5d5ba79", + "zh:3bd84a1e5b3bbe34a5870f271d6a5bf9b35a4c924db32b450a1fb53bc910c37a", + "zh:3c6604041472bb4691b502877cf9d886ed9f973fbadf11389ec9499fdc66045e", + "zh:680c00a73c8054c36a58115a44d02d1ebb675c2ad3afaaab2d74a01f978f16ce", + "zh:6dab47ef64f90e43b75ed240a974c4119f5268be4433f3c1c3e97559e7ef2f38", + "zh:9f73f19fdc340c443693dc03f1a145c6bd0ee5fd425eab7473d06abbe39b99d7", + "zh:9ff008b6737e880f191b4be6dfcef95ff019969dd787c44a58c2d7d6aaf6623b", + "zh:be297f1515e9ac63886e3e092a0bcd10aa8aa2b69c2b0995ce4e069176b07a95", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb29a566e7698cfae477f3efa3bba38526ec8343355763178c6e9c96e51399f3", + "zh:fbc3b625733ce5f0970fa8d9743f6db51064c168d6be5fc7a5e3d1a54af28bb7", ] } provider "registry.terraform.io/hashicorp/local" { version = "2.2.3" - constraints = "~> 2.2.0" + constraints = "2.2.3" hashes = [ "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", diff --git a/templates/workspace_services/guacamole/terraform/providers.tf b/templates/workspace_services/guacamole/terraform/providers.tf index 03b581db15..5bda25b6b4 100644 --- a/templates/workspace_services/guacamole/terraform/providers.tf +++ b/templates/workspace_services/guacamole/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.16.0" + version = "=3.33.0" } local = { source = "hashicorp/local" diff --git a/templates/workspace_services/guacamole/terraform/web_app.tf b/templates/workspace_services/guacamole/terraform/web_app.tf index c441e868a4..3cfe317657 100644 --- a/templates/workspace_services/guacamole/terraform/web_app.tf +++ b/templates/workspace_services/guacamole/terraform/web_app.tf @@ -99,7 +99,7 @@ resource "azurerm_monitor_diagnostic_setting" "guacamole" { log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.guacamole.logs + for_each = data.azurerm_monitor_diagnostic_categories.guacamole.log_category_types content { category = log.value enabled = contains(local.guacamole_diagnostic_categories_enabled, log.value) ? true : false diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json index b343e558a2..9e0d3c1d66 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-win-export-reviewvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-export-reviewvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml index c4a7231873..f36b823797 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-export-reviewvm -version: 0.0.6 +version: 0.1.0 description: "An Azure TRE User Resource Template for reviewing Airlock export requests" dockerfile: Dockerfile.tmpl registry: azuretre @@ -91,25 +92,26 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.8 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - airlock_request_sas_url: "{{ bundle.parameters.airlock_request_sas_url }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + airlock_request_sas_url: ${ bundle.parameters.airlock_request_sas_url } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -120,18 +122,18 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -143,26 +145,26 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -170,10 +172,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -182,14 +184,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -197,10 +199,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -209,14 +211,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -224,10 +226,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -239,13 +241,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json index 8bcba5abee..c530fcd9fc 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-win-import-reviewvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-import-reviewvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml index c2caee1766..e6ed74f1df 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-import-reviewvm -version: 0.1.3 +version: 0.2.0 description: "An Azure TRE User Resource Template for reviewing Airlock import requests" dockerfile: Dockerfile.tmpl registry: azuretre @@ -100,26 +101,27 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.8 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" - airlock_request_sas_url: "{{ bundle.parameters.airlock_request_sas_url }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + image_gallery_id: ${ bundle.parameters.image_gallery_id } + airlock_request_sas_url: ${ bundle.parameters.airlock_request_sas_url } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -130,19 +132,19 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + image_gallery_id: ${ bundle.parameters.image_gallery_id } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -154,27 +156,27 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + image_gallery_id: ${ bundle.parameters.image_gallery_id } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -182,10 +184,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -194,14 +196,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -209,10 +211,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -221,14 +223,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -236,10 +238,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -251,13 +253,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json index f902d15470..8f7091b643 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-linux-linuxvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-linuxvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml index 70c80f50cd..20c3a39fba 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-linuxvm -version: 0.5.3 +version: 0.6.0 description: "An Azure TRE User Resource Template for Guacamole (Linux)" dockerfile: Dockerfile.tmpl registry: azuretre @@ -117,27 +118,28 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Linux VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -148,20 +150,20 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Linux VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -173,28 +175,28 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -202,10 +204,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -214,14 +216,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -229,10 +231,10 @@ stop: - "output" description: "Get VM resource_id from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -241,14 +243,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -256,10 +258,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -271,13 +273,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json index bb659f0d3f..b228a33945 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-win-windowsvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-windowsvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml index 229409eaf6..289d610e47 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-windowsvm -version: 0.5.3 +version: 0.6.0 description: "An Azure TRE User Resource Template for Guacamole (Windows 10)" dockerfile: Dockerfile.tmpl registry: azuretre @@ -111,27 +112,28 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.8 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Windows VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -142,20 +144,20 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Windows VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -167,28 +169,28 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -196,10 +198,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -208,14 +210,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -223,10 +225,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -235,14 +237,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -250,10 +252,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -265,13 +267,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/innereye/Dockerfile.tmpl b/templates/workspace_services/innereye/Dockerfile.tmpl index 7b24eb34b8..5c38b6c04b 100644 --- a/templates/workspace_services/innereye/Dockerfile.tmpl +++ b/templates/workspace_services/innereye/Dockerfile.tmpl @@ -1,18 +1,14 @@ -FROM debian:stretch-slim +FROM debian:bullseye-slim + +# PORTER_INIT SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install Azure CLI -# It's useless to specify azcli version since the mixin installs the latest anyway -RUN apt-get update \ - && apt-get install --no-install-recommends -y ca-certificates jq curl apt-transport-https lsb-release gnupg \ - && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \ - && AZ_REPO=$(lsb_release -cs) \ - && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \ - && apt-get update && apt-get --no-install-recommends -y install azure-cli \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN az extension add --name azure-firewall +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install --no-install-recommends -y jq curl ca-certificates RUN export PORTER_HOME=/home/"${USER}"/.porter \ && curl -L https://cdn.porter.sh/latest/install-linux.sh | bash \ @@ -20,21 +16,7 @@ RUN export PORTER_HOME=/home/"${USER}"/.porter \ ENV PATH /home/$USER/.porter/:$PATH -ARG BUNDLE_DIR - -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle - -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/innereye/parameters.json b/templates/workspace_services/innereye/parameters.json index 47b94cb20e..3baa535047 100755 --- a/templates/workspace_services/innereye/parameters.json +++ b/templates/workspace_services/innereye/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "innereye", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-innereye", "parameters": [ { "name": "id", @@ -59,4 +59,4 @@ } } ] -} \ No newline at end of file +} diff --git a/templates/workspace_services/innereye/parameters_service_azureml.json b/templates/workspace_services/innereye/parameters_service_azureml.json index fa249f56d9..5d83055130 100755 --- a/templates/workspace_services/innereye/parameters_service_azureml.json +++ b/templates/workspace_services/innereye/parameters_service_azureml.json @@ -1,5 +1,5 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", + "schemaVersion": "1.0.1", "name": "service-azureml", "created": "2021-06-03T11:54:54.0225968Z", "modified": "2021-06-03T11:54:54.0225968Z", @@ -47,4 +47,4 @@ } } ] -} \ No newline at end of file +} diff --git a/templates/workspace_services/innereye/porter.yaml b/templates/workspace_services/innereye/porter.yaml index b8d7b46b99..c56b686fec 100644 --- a/templates/workspace_services/innereye/porter.yaml +++ b/templates/workspace_services/innereye/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-innereye -version: 0.4.1 +version: 0.5.0 description: "An Azure TRE service for InnerEye Deep Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -49,9 +50,12 @@ parameters: mixins: - exec - - az + - az: + clientVersion: 2.37.0 + extensions: + - azure-firewall - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - az: @@ -60,40 +64,34 @@ install: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id}}" + username: ${ bundle.credentials.azure_client_id} - az: description: "acr login" arguments: - acr - login flags: - name: "{{ bundle.parameters.mgmt_acr_name }}" + name: ${ bundle.parameters.mgmt_acr_name } - exec: description: "Install Azure ML service" command: ./install_service_azureml.sh - terraform: description: "Deploy service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - inference_sp_client_id: - "{{ bundle.parameters.inference_sp_client_id }}" - inference_sp_client_secret: - "{{ bundle.parameters.inference_sp_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: - "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + inference_sp_client_id: ${ bundle.parameters.inference_sp_client_id } + inference_sp_client_secret: ${ bundle.parameters.inference_sp_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: - "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: - "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: - "tre-service-innereye-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-innereye-${ bundle.parameters.id } outputs: - name: azureml_compute_cluster_name @@ -108,21 +106,17 @@ uninstall: - terraform: description: "Tear down workspace" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - inference_sp_client_id: "{{ bundle.parameters.inference_sp_client_id }}" - inference_sp_client_secret: - "{{ bundle.parameters.inference_sp_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: - "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + inference_sp_client_id: ${ bundle.parameters.inference_sp_client_id } + inference_sp_client_secret: ${ bundle.parameters.inference_sp_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: - "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: - "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-innereye-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-innereye-${ bundle.parameters.id } diff --git a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl index 1570913c6a..093801a738 100644 --- a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl @@ -21,21 +21,21 @@ provider "registry.terraform.io/hashicorp/azurerm" { } provider "registry.terraform.io/hashicorp/external" { - version = "2.2.2" + version = "2.2.3" hashes = [ - "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=", - "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca", - "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28", - "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b", - "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39", + "h1:uvOYRWcVIqOZSl8YjjaB18yZFz1AWIt2CnK7O45rckg=", + "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", + "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", + "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", + "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387", + "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a", + "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32", + "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327", - "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955", - "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb", - "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0", - "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a", - "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372", - "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809", + "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353", + "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f", + "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a", + "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a", ] } @@ -59,21 +59,21 @@ provider "registry.terraform.io/hashicorp/local" { } provider "registry.terraform.io/hashicorp/null" { - version = "3.1.1" + version = "3.2.1" hashes = [ - "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=", - "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", - "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", - "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", + "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", - "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", - "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", - "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", - "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", - "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", - "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", - "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", ] } diff --git a/templates/workspace_services/mlflow/Dockerfile.tmpl b/templates/workspace_services/mlflow/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/mlflow/Dockerfile.tmpl +++ b/templates/workspace_services/mlflow/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/mlflow/parameters.json b/templates/workspace_services/mlflow/parameters.json index b4cb27c8c0..13b40e70e5 100644 --- a/templates/workspace_services/mlflow/parameters.json +++ b/templates/workspace_services/mlflow/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "azureml", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-mlflow", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/mlflow/porter.yaml b/templates/workspace_services/mlflow/porter.yaml index 92c7d3c53a..b23f427bda 100644 --- a/templates/workspace_services/mlflow/porter.yaml +++ b/templates/workspace_services/mlflow/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-mlflow -version: 0.5.6 +version: 0.6.0 description: "An Azure TRE service for MLflow machine learning lifecycle" dockerfile: Dockerfile.tmpl registry: azuretre @@ -65,22 +66,22 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-mlflow-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-mlflow-${ bundle.parameters.id } outputs: - name: internal_connection_uri @@ -88,16 +89,16 @@ upgrade: - terraform: description: "Deploy workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-mlflow-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-mlflow-${ bundle.parameters.id } outputs: - name: internal_connection_uri @@ -105,13 +106,13 @@ uninstall: - terraform: description: "Tear down workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-mlflow-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-mlflow-${ bundle.parameters.id } diff --git a/templates/workspace_services/mysql/Dockerfile.tmpl b/templates/workspace_services/mysql/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/mysql/Dockerfile.tmpl +++ b/templates/workspace_services/mysql/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/mysql/parameters.json b/templates/workspace_services/mysql/parameters.json index 26cdd530f4..d0be3f15b1 100644 --- a/templates/workspace_services/mysql/parameters.json +++ b/templates/workspace_services/mysql/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-service-mysql", "parameters": [ { "name": "tre_id", @@ -51,6 +51,12 @@ "source": { "env": "DB_NAME" } + }, + { + "name": "workspace_id", + "source": { + "env": "WORKSPACE_ID" + } } ] } diff --git a/templates/workspace_services/mysql/porter.yaml b/templates/workspace_services/mysql/porter.yaml index 510e661021..ce228a3917 100644 --- a/templates/workspace_services/mysql/porter.yaml +++ b/templates/workspace_services/mysql/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-service-mysql -version: 0.2.0 +version: 0.3.0 description: "A MySQL workspace service" registry: azuretre dockerfile: Dockerfile.tmpl @@ -52,7 +53,7 @@ parameters: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 outputs: - name: mysql_fqdn @@ -63,19 +64,18 @@ outputs: install: - terraform: description: "Deploy MySQL workspace service" - input: false vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - sql_sku: "{{ bundle.parameters.sql_sku }}" - storage_mb: "{{ bundle.parameters.storage_mb }}" - db_name: "{{ bundle.parameters.db_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + sql_sku: ${ bundle.parameters.sql_sku } + storage_mb: ${ bundle.parameters.storage_mb } + db_name: ${ bundle.parameters.db_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-mysql-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-mysql-${ bundle.parameters.id } outputs: - name: mysql_fqdn upgrade: @@ -87,16 +87,15 @@ upgrade: uninstall: - terraform: description: "Tear down MySQL workspace service" - input: false vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - sql_sku: "{{ bundle.parameters.sql_sku }}" - storage_mb: "{{ bundle.parameters.storage_mb }}" - db_name: "{{ bundle.parameters.db_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + sql_sku: ${ bundle.parameters.sql_sku } + storage_mb: ${ bundle.parameters.storage_mb } + db_name: ${ bundle.parameters.db_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-mysql-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-mysql-${ bundle.parameters.id } diff --git a/templates/workspaces/airlock-import-review/Dockerfile.tmpl b/templates/workspaces/airlock-import-review/Dockerfile.tmpl index a2bf7a4b68..1894018a3f 100644 --- a/templates/workspaces/airlock-import-review/Dockerfile.tmpl +++ b/templates/workspaces/airlock-import-review/Dockerfile.tmpl @@ -1,35 +1,28 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -ARG AZURE_TRE_VERSION="0.4.3" +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache + +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y jq="1.6-2.1" curl ca-certificates patch --no-install-recommends -RUN apt-get update \ - && apt-get install --no-install-recommends jq ca-certificates curl patch -y \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +ARG AZURE_TRE_VERSION="0.4.3" -WORKDIR $BUNDLE_DIR +WORKDIR ${BUNDLE_DIR} # Copy all files from base workspace (note: some of them will be overwritten with the following COPY command) RUN curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \ - && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ + && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ && rm -rf azuretre.tar.gz -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ # Apply patch with the difference from the base workspace -RUN patch -p0 < $BUNDLE_DIR/workspace_base.diff +RUN patch -p0 < "${BUNDLE_DIR}"/workspace_base.diff diff --git a/templates/workspaces/airlock-import-review/parameters.json b/templates/workspaces/airlock-import-review/parameters.json index b2629fa035..87ae0e99b7 100755 --- a/templates/workspaces/airlock-import-review/parameters.json +++ b/templates/workspaces/airlock-import-review/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "airlock_import_review", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-airlock-import-review", "parameters": [ { "name": "address_space", diff --git a/templates/workspaces/airlock-import-review/porter.yaml b/templates/workspaces/airlock-import-review/porter.yaml index 5815fb5c75..51447e4a75 100644 --- a/templates/workspaces/airlock-import-review/porter.yaml +++ b/templates/workspaces/airlock-import-review/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-airlock-import-review -version: 0.5.0 +version: 0.6.0 description: "A workspace to do Airlock Data Import Reviews for Azure TRE" dockerfile: Dockerfile.tmpl registry: azuretre @@ -132,38 +133,39 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -173,84 +175,86 @@ install: - name: sp_id upgrade: - # TODO: fix with https://github.com/microsoft/AzureTRE/issues/2114 - # - terraform: - # description: "Upgrade workspace" - # vars: - # tre_id: "{{ bundle.parameters.tre_id }}" - # tre_resource_id: "{{ bundle.parameters.id }}" - # location: "{{ bundle.parameters.azure_location }}" - # address_space: "{{ bundle.parameters.address_space }}" - # enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - # register_aad_application: "{{ bundle.parameters.register_aad_application }}" - # auth_client_id: "{{ bundle.credentials.auth_client_id }}" - # auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - # auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - # workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - # client_id: "{{ bundle.parameters.client_id }}" - # client_secret: "{{ bundle.parameters.client_secret }}" - # scope_id: "{{ bundle.parameters.scope_id }}" - # sp_id: "{{ bundle.parameters.sp_id }}" - # app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - # app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - # aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - # backendConfig: - # resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - # storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - # container_name: "{{ bundle.parameters.tfstate_container_name }}" - # key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" - # outputs: - # - name: app_role_id_workspace_owner - # - name: app_role_id_workspace_researcher - # - name: client_id - # - name: scope_id - # - name: sp_id + - terraform: + description: "Deploy workspace" + vars: + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } + outputs: + - name: app_role_id_workspace_owner + - name: app_role_id_workspace_researcher + - name: app_role_id_workspace_airlock_manager + - name: client_id + - name: scope_id + - name: sp_id - az: description: "AAD Application Admin Login" arguments: - login flags: service-principal: "" - username: "'{{bundle.credentials.auth_client_id}}'" - password: "'{{bundle.credentials.auth_client_secret}}'" - tenant: "'{{bundle.credentials.auth_tenant_id}}'" + username: '${ bundle.credentials.auth_client_id }' + password: '${ bundle.credentials.auth_client_secret }' + tenant: '${ bundle.credentials.auth_tenant_id }' allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: "{{ bundle.parameters.client_id }}" - aad-redirect-uris-b64: "{{ bundle.parameters.aad_redirect_uris }}" - # always update with the script since we don't run TF for upgrade - # might need to change when https://github.com/microsoft/AzureTRE/issues/2114 is resolved. - register-aad-application: "false" - # register-aad-application: "{{ bundle.parameters.register_aad_application }}" + workspace-api-client-id: '${ bundle.parameters.client_id }' + aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' + register-aad-application: '${ bundle.parameters.register_aad_application }' uninstall: - terraform: description: "Tear down workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } diff --git a/templates/workspaces/base/.env.sample b/templates/workspaces/base/.env.sample index 0af46d28a2..df96d05cc7 100644 --- a/templates/workspaces/base/.env.sample +++ b/templates/workspaces/base/.env.sample @@ -30,3 +30,4 @@ SHARED_STORAGE_QUOTA=50 ENABLE_LOCAL_DEBUGGING=true AAD_REDIRECT_URIS="W10=" +WORKSPACE_APP_SERVICE_PLAN_SKU=S1 diff --git a/templates/workspaces/base/Dockerfile.tmpl b/templates/workspaces/base/Dockerfile.tmpl index 10bf45f029..cefd0d0448 100644 --- a/templates/workspaces/base/Dockerfile.tmpl +++ b/templates/workspaces/base/Dockerfile.tmpl @@ -1,24 +1,16 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# Install jq -RUN apt-get update && \ - apt-get install -y jq="1.6-2.1" --no-install-recommends && \ - apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y jq="1.6-2.1" --no-install-recommends -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspaces/base/parameters.json b/templates/workspaces/base/parameters.json index 15f8a61b4d..8228c2b067 100755 --- a/templates/workspaces/base/parameters.json +++ b/templates/workspaces/base/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-base", "parameters": [ { "name": "address_spaces", diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 2c00584a27..bb3b88cff6 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -1,4 +1,5 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-base version: 0.8.0 description: "A base Azure TRE workspace" @@ -139,44 +140,45 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.3.5 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_spaces: "{{ bundle.parameters.address_spaces }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - create_aad_groups: "{{ bundle.parameters.create_aad_groups }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -189,37 +191,37 @@ upgrade: - terraform: description: "Upgrade workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_spaces: "{{ bundle.parameters.address_spaces }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - create_aad_groups: "{{ bundle.parameters.create_aad_groups }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -233,49 +235,49 @@ upgrade: - login flags: service-principal: "" - username: "'{{bundle.credentials.auth_client_id}}'" - password: "'{{bundle.credentials.auth_client_secret}}'" - tenant: "'{{bundle.credentials.auth_tenant_id}}'" + username: '${ bundle.credentials.auth_client_id }' + password: '${ bundle.credentials.auth_client_secret }' + tenant: '${ bundle.credentials.auth_tenant_id }' allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: "{{ bundle.parameters.client_id }}" - aad-redirect-uris-b64: "{{ bundle.parameters.aad_redirect_uris }}" - register-aad-application: "{{ bundle.parameters.register_aad_application }}" + workspace-api-client-id: '${ bundle.parameters.client_id }' + aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' + register-aad-application: '${ bundle.parameters.register_aad_application }' uninstall: - terraform: description: "Tear down workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_spaces: "{{ bundle.parameters.address_spaces }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - create_aad_groups: "{{ bundle.parameters.create_aad_groups }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } diff --git a/templates/workspaces/base/template_schema.json b/templates/workspaces/base/template_schema.json index cf539371e7..2ae9c9d504 100644 --- a/templates/workspaces/base/template_schema.json +++ b/templates/workspaces/base/template_schema.json @@ -3,7 +3,7 @@ "$id": "https://github.com/microsoft/AzureTRE/templates/workspaces/base/template_schema.json", "type": "object", "title": "Base Workspace", - "description": "This workspace template is the foundation for TRE workspaces and workspace services.", + "description": "This workspace template is the foundation for TRE workspaces.", "required": [ "auth_type", "address_space_size" diff --git a/templates/workspaces/unrestricted/Dockerfile.tmpl b/templates/workspaces/unrestricted/Dockerfile.tmpl index 2621da44e2..cad6523486 100644 --- a/templates/workspaces/unrestricted/Dockerfile.tmpl +++ b/templates/workspaces/unrestricted/Dockerfile.tmpl @@ -1,32 +1,25 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -ARG AZURE_TRE_VERSION="0.4.2" +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache + +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y jq="1.6-2.1" curl ca-certificates patch --no-install-recommends -RUN apt-get update \ - && apt-get install --no-install-recommends jq ca-certificates curl -y \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +ARG AZURE_TRE_VERSION="0.4.2" WORKDIR $BUNDLE_DIR +# Copy all files from base workspace (note: some of them will be overwritten with the following COPY command) RUN curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \ - && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ + && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ && rm -rf azuretre.tar.gz -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle - -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspaces/unrestricted/parameters.json b/templates/workspaces/unrestricted/parameters.json index 25cab304ae..0edb66fe87 100755 --- a/templates/workspaces/unrestricted/parameters.json +++ b/templates/workspaces/unrestricted/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-unrestricted", "parameters": [ { "name": "address_space", diff --git a/templates/workspaces/unrestricted/porter.yaml b/templates/workspaces/unrestricted/porter.yaml index a631a74c31..f8ca3735df 100644 --- a/templates/workspaces/unrestricted/porter.yaml +++ b/templates/workspaces/unrestricted/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-unrestricted -version: 0.5.0 +version: 0.6.0 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre @@ -135,39 +136,40 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.1.7 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -177,86 +179,87 @@ install: - name: sp_id upgrade: - # TODO: fix with https://github.com/microsoft/AzureTRE/issues/2114 - # - terraform: - # description: "Upgrade workspace" - # vars: - # tre_id: "{{ bundle.parameters.tre_id }}" - # tre_resource_id: "{{ bundle.parameters.id }}" - # location: "{{ bundle.parameters.azure_location }}" - # address_space: "{{ bundle.parameters.address_space }}" - # shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - # enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - # register_aad_application: "{{ bundle.parameters.register_aad_application }}" - # auth_client_id: "{{ bundle.credentials.auth_client_id }}" - # auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - # auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - # workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - # client_id: "{{ bundle.parameters.client_id }}" - # client_secret: "{{ bundle.parameters.client_secret }}" - # scope_id: "{{ bundle.parameters.scope_id }}" - # sp_id: "{{ bundle.parameters.sp_id }}" - # app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - # app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - # aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - # backendConfig: - # resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - # storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - # container_name: "{{ bundle.parameters.tfstate_container_name }}" - # key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" - # outputs: - # - name: app_role_id_workspace_owner - # - name: app_role_id_workspace_researcher - # - name: client_id - # - name: scope_id - # - name: sp_id + - terraform: + description: "Deploy workspace" + vars: + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } + outputs: + - name: app_role_id_workspace_owner + - name: app_role_id_workspace_researcher + - name: app_role_id_workspace_airlock_manager + - name: client_id + - name: scope_id + - name: sp_id - az: description: "AAD Application Admin Login" arguments: - login flags: service-principal: "" - username: "'{{bundle.credentials.auth_client_id}}'" - password: "'{{bundle.credentials.auth_client_secret}}'" - tenant: "'{{bundle.credentials.auth_tenant_id}}'" + username: '${ bundle.credentials.auth_client_id }' + password: '${ bundle.credentials.auth_client_secret }' + tenant: '${ bundle.credentials.auth_tenant_id }' allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: "{{ bundle.parameters.client_id }}" - aad-redirect-uris-b64: "{{ bundle.parameters.aad_redirect_uris }}" - # always update with the script since we don't run TF for upgrade - # might need to change when https://github.com/microsoft/AzureTRE/issues/2114 is resolved. - register-aad-application: "false" - # register-aad-application: "{{ bundle.parameters.register_aad_application }}" + workspace-api-client-id: '${ bundle.parameters.client_id }' + aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' + register-aad-application: '${ bundle.parameters.register_aad_application }' uninstall: - terraform: description: "Tear down workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } From edf0bfec71a16f9a771cc2d597e2e1dbeab132cb Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 26 Dec 2022 11:10:10 +0200 Subject: [PATCH 3/4] Update docs for porter v1 (#2992) update docs for porter v1 --- .devcontainer/Dockerfile | 2 +- CHANGELOG.md | 4 ++-- .../service_bus/deployment_status_updater.py | 2 +- docs/azure-tre-overview/architecture.md | 17 ++++++++--------- .../tre-resources-breakdown.md | 4 ++-- docs/tre-developers/resource-processor.md | 2 +- docs/troubleshooting-faq/troubleshooting-rp.md | 11 +++++++++-- resource_processor/run.sh | 4 ++-- resource_processor/vmss_porter/Dockerfile | 2 +- .../vmss_porter/cloud-config.yaml | 4 ++-- 10 files changed, 29 insertions(+), 23 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1f9b71d204..34fbf40a53 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -52,7 +52,7 @@ RUN if [ "${INTERACTIVE}" = "true" ]; then \ # Install Porter # Not using the script from https://cdn.porter.sh/latest/install-linux.sh # as it installs things we don't need and duplicates the binary. -# TODO: Remove Porter v0 +# TODO: Remove Porter v0 https://github.com/microsoft/AzureTRE/issues/2990 ARG PORTER_MIRROR=https://cdn.porter.sh ARG PORTER_VERSION=v0.38.13 ARG PORTER_TERRAFORM_MIXIN_VERSION=v1.0.0-rc.1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 39a5119fa3..f4a3352f65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,9 @@ **BREAKING CHANGES & MIGRATIONS**: * The model for `reviewUserResources` in airlock requests has changed from being a list to a dictionary. A migration has been added to update your existing requests automatically; please make sure you run the migrations as part of updating your API and UI. * Note that any in-flight requests that have review resources deployed will show `UNKNOWN[i]` for the user key of that resource and in the UI users will be prompted to deploy a new resource. [#2883](https://github.com/microsoft/AzureTRE/pull/2883) -* Env files consolidation - The files /templates/core/.env, /devops/.env, /devops/auth.env are no longer used. The settings and configuration that they contain has been consolidated into a single file config.yaml that lives in the root folder of the project. - +* Env files consolidation ([#2944](https://github.com/microsoft/AzureTRE/pull/2944)) - The files /templates/core/.env, /devops/.env, /devops/auth.env are no longer used. The settings and configuration that they contain has been consolidated into a single file config.yaml that lives in the root folder of the project. Use the script devops/scripts/env_to_yaml_config.sh to migrate /templates/core/.env, /devops/.env, and /devops/auth.env to the new config.yaml file. +* Upgrade to Porter v1 ([#TBD](https://github.com/microsoft/AzureTRE/pull/TBD)). You should upgrade all custom template definitions and rebuild them. FEATURES: * Support review VMs for multiple reviewers for each airlock request [#2883](https://github.com/microsoft/AzureTRE/pull/2883) diff --git a/api_app/service_bus/deployment_status_updater.py b/api_app/service_bus/deployment_status_updater.py index d236280719..b877220d95 100644 --- a/api_app/service_bus/deployment_status_updater.py +++ b/api_app/service_bus/deployment_status_updater.py @@ -81,7 +81,7 @@ async def process_message(self, msg): complete_message = await self.update_status_in_database(message) logging.info(f"Update status in DB for {message.operationId} - {message.status}") except (json.JSONDecodeError, ValidationError) as e: - # TODO: consider changing to false so the message will end up in dead letter queue/status + # TODO: should move to dead letter queue https://github.com/microsoft/AzureTRE/issues/2991 complete_message = True logging.error(f"{strings.DEPLOYMENT_STATUS_MESSAGE_FORMAT_INCORRECT}: {msg.correlation_id} - {e}") except Exception: diff --git a/docs/azure-tre-overview/architecture.md b/docs/azure-tre-overview/architecture.md index 75d4f95606..89abf8f147 100644 --- a/docs/azure-tre-overview/architecture.md +++ b/docs/azure-tre-overview/architecture.md @@ -50,19 +50,19 @@ To automate Porter it needs a place to live in Azure TRE. The home chosen for Po [![Resource Processor overview](../assets/resource-processor-overview.jpg)](../assets/resource-processor-overview.jpg) -During the deployment of Resource Processor itself it is given the credentials of a managed identity with the privileges to modify and deploy resources to the subscription associated with the Azure TRE instance. Resource Processor later then uses these credentials to receive and send Service Bus messages, authorizes Porter to deploy Porter bundles and to access the storage account to update installation data. +During the deployment of Resource Processor itself it is given the credentials of a managed identity with the privileges to modify and deploy resources to the subscription associated with the Azure TRE instance. Resource Processor then uses these credentials to receive and send Service Bus messages, authorizes Porter to access its state (stored in Cosmos-MongoDB) and deploy bundles. The logic in Resource Processor is written in Python. The Resource Processor implementation is located in [`resource_processor` folder](https://github.com/microsoft/AzureTRE/blob/main/resource_processor/) of the repository. -The [TRE Administrator](user-roles.md#tre-administrator) can register a Porter bundle to use the Composition Service to provision instances of the Workspace Templates. +The [TRE Administrator](user-roles.md#tre-administrator) can register a Porter bundle that will be used to provision instances of bundle (template). This requires: 1. The Porter bundle to be pushed to the Azure Container Registry (ACR). -1. Registering the Workspace through the API. +1. Registering the Template through the API. -Details on how to [register a Workspace Template](../tre-admins/registering-templates.md). +Details on how to [register a Template](../tre-admins/registering-templates.md). ## Provisioning a Workspace @@ -91,10 +91,10 @@ The flow to provision a Workspace is as follows (the flow is the same for all ki ```bash # simplified for readability - porter --reference .azurecr.io/bundles/: --params key=value --cred + porter --reference .azurecr.io/bundles/: --params key=value --cred # Example - porter install --reference msfttreacr.azurecr.io/bundles/BaseWorkspaceTemplate:1.0 --params param1=value1 --cred arm_auth_local_debugging.json + porter install --reference msfttreacr.azurecr.io/bundles/BaseWorkspaceTemplate:1.0 --params param1=value1 --cred arm_auth ``` Deployments are carried out against the Azure Subscription using a User Assigned Managed Identity. The `arm_auth_local_debugging.json` tells Porter where the credential information can be found and for the Resource Processor they are set as environment variables. @@ -103,8 +103,7 @@ The flow to provision a Workspace is as follows (the flow is the same for all ki 1. The Porter Docker bundle is pulled from the Azure Container Registry (ACR) and executed. 1. The Porter bundle executes against Azure Resource Manager to provision Azure resources. Any kind of infrastructure of code frameworks like ARM, Terraform, or Pulumi can be used or scripted via PowerShell or Azure CLI. -1. Porter stores state and outputs in Azure Storage Containers. State for keeping persistent state between executions of a bundled with the same Workspace. -1. For the time being, the Porter bundle updates Firewall rules directly setting egress rules. An enhancement to implement a Shared Firewall services is planned ([#882](https://github.com/microsoft/AzureTRE/issues/882)). -1. The Resource Processor sends events to the `deploymentstatus` queue on state changes and informs if the deployment succeeded or failed. +1. Porter stores state (like outputs) in Cosmos-MongoDB. +1. The Resource Processor sends events to the `deploymentstatus` queue on status changes and informs if the deployment succeeded or failed. 1. The API receives the status of the Porter bundle execution. 1. The API updates the status of the Porter bundle execution in the Configuration Store. diff --git a/docs/azure-tre-overview/tre-resources-breakdown.md b/docs/azure-tre-overview/tre-resources-breakdown.md index 0a43174a23..cb2272a6bb 100644 --- a/docs/azure-tre-overview/tre-resources-breakdown.md +++ b/docs/azure-tre-overview/tre-resources-breakdown.md @@ -13,7 +13,7 @@ Once an Azure TRE has been [provisioned](../../tre-admins/setup-instructions/pre | Name | Azure Service | Description | Additional links |---|---|---|---| -| {MGMT_STORAGE_ACCOUNT_NAME} | Storage Account | [Azure TRE Terraform and Porter state](../../tre-admins/setup-instructions/pre-deployment-steps) | [Storage Blobs](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-overview) +| {MGMT_STORAGE_ACCOUNT_NAME} | Storage Account | [Azure TRE Terraform](../../tre-admins/setup-instructions/pre-deployment-steps) | [Storage Blobs](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-overview) | {ACR_NAME} | Container Registry | [Azure TRE container images (Porter bundles)](../architecture/#composition-service) | [Container Registry](https://docs.microsoft.com/en-gb/azure/container-registry/container-registry-intro) ## Azure TRE Resource Group @@ -42,7 +42,7 @@ Once an Azure TRE has been [provisioned](../../tre-admins/setup-instructions/pre | id-vmss-{TRE_ID} | Managed Identity | User-managed identity for TRE Resource Processer (VMSS) | [Managed Identities](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) | sb-{TRE_ID} | Service Bus Namespace | Messaging for TRE API | [Service Bus](https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-overview) | stappinsights{TRE_ID} | Storage Account | Storage for TRE Application Insights telemetry logs | [Storage Blobs](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-overview) -| stg{TRE_ID} | Storage Account | Files shares for TRE services such as Porter, Gitea, Nexus | [Storage Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) +| stg{TRE_ID} | Storage Account | Files shares for TRE services such as Gitea, Nexus | [Storage Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) | stweb{TRE_ID} | Storage Account | Storage for [Azure TRE Let's Encrypt](../../tre-admins/setup-instructions/deploying-azure-tre) | [Storage Blob](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-overview) | vm-{TRE_ID} | Virtual Machine | [Azure TRE VM (jumpbox)](https://microsoft.github.io/AzureTRE/tre-admins/setup-instructions/configuring-shared-services) | [Windows Virtual Machine](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview) | vm-{TRE_ID} | Virtual Machine Scale Set | [Azure TRE Resource Processor](../../tre-developers/resource-processor) | [Virtual Machine Scale Sets](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview) diff --git a/docs/tre-developers/resource-processor.md b/docs/tre-developers/resource-processor.md index 742efffdb0..158549c81e 100644 --- a/docs/tre-developers/resource-processor.md +++ b/docs/tre-developers/resource-processor.md @@ -128,7 +128,7 @@ Furthermore, Porter provides a set of [mixins](https://porter.sh/mixins/) - anal ### Porter Azure plugin -Resource Processor uses [Porter Azure plugin](https://github.com/getporter/azure-plugins) to store Porter data in TRE management storage account. The storage table, named `porter`, is created during the bootstrapping phase of TRE deployment. The `/resource_processor/run.sh` script generates a `config.toml` file in Porter home folder to enable the Azure plugin when the image is started. +Resource Processor uses [Porter Azure plugin](https://github.com/getporter/azure-plugins) to access secrets in Azure Key Vault. ### Porter bundle inputs diff --git a/docs/troubleshooting-faq/troubleshooting-rp.md b/docs/troubleshooting-faq/troubleshooting-rp.md index 73c4dcbab8..e30fc30271 100644 --- a/docs/troubleshooting-faq/troubleshooting-rp.md +++ b/docs/troubleshooting-faq/troubleshooting-rp.md @@ -40,8 +40,15 @@ To start a processor container manually: docker run -v /var/run/docker.sock:/var/run/docker.sock --env-file .env --name resource_processor_vmss_porter_debug [runner_image:tag] ``` -!!! info - All logs from the resource processor should also be transferred to the App Insights instance, so it is not necessary to follow the progress by logging into the instance. Logging into the instance and starting a container manually however, is helpful in live debugging. +## Logs + +All logs from the resource processor are transferred to the App Insights instance, so it is not usually necessary to follow the progress by logging into the instance. + +Logging into the instance and starting a container manually however, is helpful in live debugging. +When doing so, you can use the following aliases to monitor progress: +* rpstatus - a split screen with `docker ps` to show what containers are running (a bundle action run in its own container), the Resource Processor logs, and a _free_ section for you to type any other command you wish (see below). +* dlf - runs `docker logs --since 1m --follow`, you should use with the name/id of the container you want to view, e.g. `dlf my_container` +* dlf1 - same as `dlf` but will auto select the last container in the `docker ps` list (usually the last one started). ## Updating the running container diff --git a/resource_processor/run.sh b/resource_processor/run.sh index 6072228e4f..74f47f97af 100755 --- a/resource_processor/run.sh +++ b/resource_processor/run.sh @@ -8,7 +8,7 @@ set -o nounset # Generate required configuration for Porter Azure plugin -# TODO: remove with removal of porter v0 +# TODO: Remove porter v0 https://github.com/microsoft/AzureTRE/issues/2990 # Documentation here: - https://github.com/vdice/porter-bundles/tree/master/azure-keyvault cat > /"${PORTER_HOME_V0}"/config.toml << EOF default-storage = "azurestorage" @@ -31,7 +31,7 @@ plugin = "azure.keyvault" vault = "${KEY_VAULT_NAME}" EOF -# TODO: remove with removal of porter v0 +# TODO: Remove porter v0 https://github.com/microsoft/AzureTRE/issues/2990 echo "Azure cli login..." az login --identity -u "${VMSS_MSI_ID}" diff --git a/resource_processor/vmss_porter/Dockerfile b/resource_processor/vmss_porter/Dockerfile index 3a28885028..ad839f1250 100644 --- a/resource_processor/vmss_porter/Dockerfile +++ b/resource_processor/vmss_porter/Dockerfile @@ -12,7 +12,7 @@ RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/ export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \ && /tmp/azure-cli.sh -# TODO: remove v0 +# TODO: Remove porter v0 https://github.com/microsoft/AzureTRE/issues/2990 # Install Porter ARG PORTER_MIRROR=https://cdn.porter.sh ARG PORTER_VERSION=v0.38.13 diff --git a/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml b/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml index afdcf28352..51c0afe20f 100644 --- a/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml +++ b/templates/core/terraform/resource_processor/vmss_porter/cloud-config.yaml @@ -66,8 +66,8 @@ write_files: permissions: '0755' runcmd: - # Those are useful live debug commands. Check the docs for details - # TODO: add link to docs + # Those are useful live debug commands. Check the docs for details: + # (https://microsoft.github.io/AzureTRE/troubleshooting-faq/troubleshooting-rp/#Logs) - printf '\nalias dlf="docker logs --since 1m --follow"' >> /etc/bash.bashrc - printf '\nalias dlf1='\''dlf $(docker ps -q | head -n 1)'\''' >> /etc/bash.bashrc - printf '\nalias rpstatus='\''tmux new-session -d "watch docker ps"; tmux split-window -p 100 -v "docker logs --since 1m --follow resource_processor1"; tmux split-window -v -p 90; tmux -2 attach-session -d'\''\n' >> /etc/bash.bashrc From 4d60e706cb396ef04f20e3bb846c1da12d5a3b90 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Mon, 26 Dec 2022 09:21:55 +0000 Subject: [PATCH 4/4] changelog --- CHANGELOG.md | 2 +- api_app/_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4a3352f65..934ba7133e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ * Note that any in-flight requests that have review resources deployed will show `UNKNOWN[i]` for the user key of that resource and in the UI users will be prompted to deploy a new resource. [#2883](https://github.com/microsoft/AzureTRE/pull/2883) * Env files consolidation ([#2944](https://github.com/microsoft/AzureTRE/pull/2944)) - The files /templates/core/.env, /devops/.env, /devops/auth.env are no longer used. The settings and configuration that they contain has been consolidated into a single file config.yaml that lives in the root folder of the project. Use the script devops/scripts/env_to_yaml_config.sh to migrate /templates/core/.env, /devops/.env, and /devops/auth.env to the new config.yaml file. -* Upgrade to Porter v1 ([#TBD](https://github.com/microsoft/AzureTRE/pull/TBD)). You should upgrade all custom template definitions and rebuild them. +* Upgrade to Porter v1 ([#3014](https://github.com/microsoft/AzureTRE/pull/3014)). You should upgrade all custom template definitions and rebuild them. FEATURES: * Support review VMs for multiple reviewers for each airlock request [#2883](https://github.com/microsoft/AzureTRE/pull/2883) diff --git a/api_app/_version.py b/api_app/_version.py index 49e0fc1e09..777f190df0 100644 --- a/api_app/_version.py +++ b/api_app/_version.py @@ -1 +1 @@ -__version__ = "0.7.0" +__version__ = "0.8.0"