diff --git a/.github/linters/.tflint.hcl b/.github/linters/.tflint.hcl index 8e4efb4586..2fbb500c14 100644 --- a/.github/linters/.tflint.hcl +++ b/.github/linters/.tflint.hcl @@ -12,7 +12,7 @@ rule "terraform_unused_declarations" { } rule "terraform_typed_variables" { - enabled = false + enabled = true } rule "terraform_required_providers" { diff --git a/.github/linters/.tflint_shared_services.hcl b/.github/linters/.tflint_shared_services.hcl index 8f62c5ecaf..8b65d92f37 100644 --- a/.github/linters/.tflint_shared_services.hcl +++ b/.github/linters/.tflint_shared_services.hcl @@ -9,10 +9,6 @@ plugin "azurerm" { enabled = true } -rule "terraform_typed_variables" { - enabled = false -} - rule "azurerm_resource_missing_tags" { enabled = true tags = ["tre_id", "tre_shared_service_id"] diff --git a/.github/linters/.tflint_user_resources.hcl b/.github/linters/.tflint_user_resources.hcl index 80b4b6fb3c..ce0442f793 100644 --- a/.github/linters/.tflint_user_resources.hcl +++ b/.github/linters/.tflint_user_resources.hcl @@ -9,10 +9,6 @@ plugin "azurerm" { enabled = true } -rule "terraform_typed_variables" { - enabled = false -} - rule "azurerm_resource_missing_tags" { enabled = true tags = ["tre_id", "tre_workspace_id", "tre_workspace_service_id", "tre_user_resource_id"] diff --git a/.github/linters/.tflint_workspace_services.hcl b/.github/linters/.tflint_workspace_services.hcl index bff6a41309..553359ec53 100644 --- a/.github/linters/.tflint_workspace_services.hcl +++ b/.github/linters/.tflint_workspace_services.hcl @@ -9,10 +9,6 @@ plugin "azurerm" { enabled = true } -rule "terraform_typed_variables" { - enabled = false -} - rule "azurerm_resource_missing_tags" { enabled = true tags = ["tre_id", "tre_workspace_id", "tre_workspace_service_id"] diff --git a/CHANGELOG.md b/CHANGELOG.md index c5e9f0c1b4..7db41e0fbb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,17 +1,21 @@ ## 0.14.0 (Unreleased) + FEATURES: ENHANCEMENTS: BUG FIXES: -- Add temporary workaround for when id with last 4 chars exists ([#3667](https://github.com/microsoft/AzureTRE/pull/3667)) +* Add temporary workaround for when id with last 4 chars exists ([#3667](https://github.com/microsoft/AzureTRE/pull/3667)) +* Apply missing lifecycle blocks. ([#3670](https://github.com/microsoft/AzureTRE/issues/3670)) +* Outputs of type boolean are stored as strings ([#3655](https://github.com/microsoft/AzureTRE/pulls/3655)) ## 0.13.0 (August 9, 2023) BUG FIXES: * Custom actions fail on resources with a pipeline ([#3646](https://github.com/microsoft/AzureTRE/issues/3646)) +* Fix ability to debug resource processor locally ([#3426](https://github.com/microsoft/AzureTRE/issues/4426)) * Upgrade airlock and unrestricted workspaces to base workspace version 0.12.0 ([#3659](https://github.com/microsoft/AzureTRE/pull/3659)) COMPONENTS: @@ -45,6 +49,7 @@ COMPONENTS: | tre-shared-service-sonatype-nexus | 2.5.3 | | tre-shared-service-firewall | 1.1.1 | + ## 0.12.0 (July 27, 2023) FEATURES: diff --git a/api_app/models/domain/resource.py b/api_app/models/domain/resource.py index 2b9a12d6f9..36485fb07f 100644 --- a/api_app/models/domain/resource.py +++ b/api_app/models/domain/resource.py @@ -84,3 +84,4 @@ def parse_etag_to_remove_escaped_quotes(cls, value): class Output(AzureTREModel): Name: str = Field(title="", description="", alias="name") Value: Union[list, dict, str] = Field(None, title="", description="", alias="value") + Type: str = Field(title="", description="", alias="type") diff --git a/api_app/service_bus/deployment_status_updater.py b/api_app/service_bus/deployment_status_updater.py index dd14965ad6..8c09e83d77 100644 --- a/api_app/service_bus/deployment_status_updater.py +++ b/api_app/service_bus/deployment_status_updater.py @@ -7,6 +7,7 @@ from api.dependencies.database import get_db_client from api.routes.resource_helpers import get_timestamp +from models.domain.resource import Output from db.repositories.resources_history import ResourceHistoryRepository from models.domain.request_action import RequestAction from db.repositories.resource_templates import ResourceTemplateRepository @@ -244,7 +245,33 @@ def create_updated_resource_document(self, resource: dict, message: DeploymentSt # although outputs are likely to be relevant when resources are moving to "deployed" status, # lets not limit when we update them and have the resource process make that decision. - output_dict = {output.Name: output.Value.strip("'").strip('"') if isinstance(output.Value, str) else output.Value for output in message.outputs} + # need to convert porter outputs to dict so boolean values are converted to bools, not strings + output_dict = self.convert_outputs_to_dict(message.outputs) resource["properties"].update(output_dict) return resource + + def convert_outputs_to_dict(self, outputs_list: [Output]): + """ + Convert a list of Porter outputs to a dictionary + """ + + result_dict = {} + for msg in outputs_list: + if msg.Value is None: + continue + name = msg.Name + value = msg.Value + obj_type = msg.Type + + # + if obj_type == 'string' and isinstance(value, str): + value = value.strip("'").strip('"') + elif obj_type == 'boolean': + if isinstance(value, str): + value = value.strip("'").strip('"') + value = (value.lower() == 'true') + + result_dict[name] = value + + return result_dict diff --git a/api_app/tests_ma/test_service_bus/test_deployment_status_update.py b/api_app/tests_ma/test_service_bus/test_deployment_status_update.py index aeb7dd5b1e..c9b89643ca 100644 --- a/api_app/tests_ma/test_service_bus/test_deployment_status_update.py +++ b/api_app/tests_ma/test_service_bus/test_deployment_status_update.py @@ -1,6 +1,7 @@ import copy import json from unittest.mock import MagicMock, ANY +from pydantic import parse_obj_as import pytest import uuid @@ -11,7 +12,7 @@ from db.errors import EntityDoesNotExist from models.domain.workspace import Workspace -from models.domain.operation import Operation, OperationStep, Status +from models.domain.operation import DeploymentStatusUpdateMessage, Operation, OperationStep, Status from resources import strings from service_bus.deployment_status_updater import DeploymentStatusUpdater @@ -41,8 +42,13 @@ "status": Status.Deployed, "message": "test message", "outputs": [ - {"Name": "name1", "Value": "value1", "Type": "type1"}, - {"Name": "name2", "Value": "\"value2\"", "Type": "type2"} + {"Name": "string1", "Value": "value1", "Type": "string"}, + {"Name": "string2", "Value": "\"value2\"", "Type": "string"}, + {"Name": "boolean1", "Value": "True", "Type": "boolean"}, + {"Name": "boolean2", "Value": "true", "Type": "boolean"}, + {"Name": "boolean3", "Value": "\"true\"", "Type": "boolean"}, + {"Name": "list1", "Value": "['one', 'two']", "Type": "string"}, + {"Name": "list2", "Value": ['one', 'two'], "Type": "string"} ] } @@ -238,7 +244,15 @@ async def test_outputs_are_added_to_resource_item(app, resource_repo, operations resource.properties = {"exitingName": "exitingValue"} resource_repo.return_value.get_resource_dict_by_id.return_value = resource.dict() - new_params = {"name1": "value1", "name2": "value2"} + new_params = { + "string1": "value1", + "string2": "value2", + "boolean1": True, + "boolean2": True, + "boolean3": True, + "list1": "['one', 'two']", + "list2": ["one", "two"], + } expected_resource = resource expected_resource.properties = {**resource.properties, **new_params} @@ -385,3 +399,27 @@ async def test_multi_step_operation_ends_at_last_step(app, sb_sender_client, res # check it did _not_ enqueue another message sb_sender_client().get_queue_sender().send_messages.assert_not_called() + + +@patch('fastapi.FastAPI') +async def test_convert_outputs_to_dict(app): + # Test case 1: Empty list of outputs + outputs_list = [] + expected_result = {} + + status_updater = DeploymentStatusUpdater(app) + assert status_updater.convert_outputs_to_dict(outputs_list) == expected_result + + # Test case 2: List of outputs with mixed types + deployment_status_update_message = parse_obj_as(DeploymentStatusUpdateMessage, test_sb_message_with_outputs) + + expected_result = { + 'string1': 'value1', + 'string2': 'value2', + 'boolean1': True, + 'boolean2': True, + 'boolean3': True, + 'list1': "['one', 'two']", + 'list2': ['one', 'two'] + } + assert status_updater.convert_outputs_to_dict(deployment_status_update_message.outputs) == expected_result diff --git a/core/terraform/airlock/variables.tf b/core/terraform/airlock/variables.tf index 3a98198c90..3cf167705a 100644 --- a/core/terraform/airlock/variables.tf +++ b/core/terraform/airlock/variables.tf @@ -1,11 +1,27 @@ -variable "tre_id" {} -variable "location" {} -variable "resource_group_name" {} -variable "airlock_storage_subnet_id" {} -variable "airlock_events_subnet_id" {} -variable "enable_local_debugging" {} -variable "myip" {} -variable "api_principal_id" {} +variable "tre_id" { + type = string +} +variable "location" { + type = string +} +variable "resource_group_name" { + type = string +} +variable "airlock_storage_subnet_id" { + type = string +} +variable "airlock_events_subnet_id" { + type = string +} +variable "enable_local_debugging" { + type = bool +} +variable "myip" { + type = string +} +variable "api_principal_id" { + type = string +} variable "docker_registry_server" { type = string @@ -33,22 +49,45 @@ variable "airlock_app_service_plan_sku" { default = "P1v3" } -variable "airlock_processor_subnet_id" {} +variable "airlock_processor_subnet_id" { + type = string +} -variable "applicationinsights_connection_string" {} -variable "airlock_servicebus" {} -variable "tre_core_tags" {} +variable "applicationinsights_connection_string" { + type = string +} +variable "airlock_servicebus" { + type = object({ + id = string + default_primary_connection_string = string + }) +} +variable "tre_core_tags" { + type = map(string) +} variable "enable_malware_scanning" { type = bool description = "If False, Airlock requests will skip the malware scanning stage" } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} -variable "log_analytics_workspace_id" {} +variable "log_analytics_workspace_id" { + type = string +} -variable "blob_core_dns_zone_id" {} -variable "file_core_dns_zone_id" {} -variable "queue_core_dns_zone_id" {} -variable "table_core_dns_zone_id" {} +variable "blob_core_dns_zone_id" { + type = string +} +variable "file_core_dns_zone_id" { + type = string +} +variable "queue_core_dns_zone_id" { + type = string +} +variable "table_core_dns_zone_id" { + type = string +} diff --git a/core/terraform/appgateway/variables.tf b/core/terraform/appgateway/variables.tf index 0338daf200..1df1087e88 100644 --- a/core/terraform/appgateway/variables.tf +++ b/core/terraform/appgateway/variables.tf @@ -1,10 +1,28 @@ -variable "tre_id" {} -variable "location" {} -variable "resource_group_name" {} -variable "app_gw_subnet" {} -variable "shared_subnet" {} -variable "api_fqdn" {} -variable "keyvault_id" {} -variable "static_web_dns_zone_id" {} -variable "log_analytics_workspace_id" {} +variable "tre_id" { + type = string +} +variable "location" { + type = string +} +variable "resource_group_name" { + type = string +} +variable "app_gw_subnet" { + type = string +} +variable "shared_subnet" { + type = string +} +variable "api_fqdn" { + type = string +} +variable "keyvault_id" { + type = string +} +variable "static_web_dns_zone_id" { + type = string +} +variable "log_analytics_workspace_id" { + type = string +} diff --git a/core/terraform/azure-monitor/query.tf b/core/terraform/azure-monitor/query.tf index dc40fc4c41..7b37719836 100644 --- a/core/terraform/azure-monitor/query.tf +++ b/core/terraform/azure-monitor/query.tf @@ -3,6 +3,8 @@ resource "azurerm_log_analytics_query_pack" "tre" { resource_group_name = var.resource_group_name location = var.location tags = var.tre_core_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_log_analytics_query_pack_query" "rp_logs" { diff --git a/core/terraform/azure-monitor/variables.tf b/core/terraform/azure-monitor/variables.tf index 135f83cab4..6debd34f29 100644 --- a/core/terraform/azure-monitor/variables.tf +++ b/core/terraform/azure-monitor/variables.tf @@ -1,11 +1,33 @@ -variable "tre_id" {} -variable "location" {} -variable "resource_group_name" {} -variable "shared_subnet_id" {} -variable "azure_monitor_dns_zone_id" {} -variable "azure_monitor_oms_opinsights_dns_zone_id" {} -variable "azure_monitor_ods_opinsights_dns_zone_id" {} -variable "azure_monitor_agentsvc_dns_zone_id" {} -variable "blob_core_dns_zone_id" {} -variable "tre_core_tags" {} -variable "enable_local_debugging" {} +variable "tre_id" { + type = string +} +variable "location" { + type = string +} +variable "resource_group_name" { + type = string +} +variable "shared_subnet_id" { + type = string +} +variable "azure_monitor_dns_zone_id" { + type = string +} +variable "azure_monitor_oms_opinsights_dns_zone_id" { + type = string +} +variable "azure_monitor_ods_opinsights_dns_zone_id" { + type = string +} +variable "azure_monitor_agentsvc_dns_zone_id" { + type = string +} +variable "blob_core_dns_zone_id" { + type = string +} +variable "tre_core_tags" { + type = map(string) +} +variable "enable_local_debugging" { + type = bool +} diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf index 2623afe28b..fdb90fbf17 100644 --- a/core/terraform/cosmos_mongo.tf +++ b/core/terraform/cosmos_mongo.tf @@ -99,4 +99,6 @@ resource "azurerm_key_vault_secret" "cosmos_mongo_connstr" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } diff --git a/core/terraform/json-to-env.sh b/core/terraform/json-to-env.sh index e3fe6c7423..b6c17f534f 100755 --- a/core/terraform/json-to-env.sh +++ b/core/terraform/json-to-env.sh @@ -25,6 +25,10 @@ jq -r ' "path": "keyvault_name", "env_var": "KEYVAULT" }, + { + "path": "keyvault_uri", + "env_var": "KEYVAULT_URI" + }, { "path": "azure_tre_fqdn", "env_var": "FQDN" diff --git a/core/terraform/keyvault.tf b/core/terraform/keyvault.tf index e8ec876194..7d84e9418b 100644 --- a/core/terraform/keyvault.tf +++ b/core/terraform/keyvault.tf @@ -70,6 +70,8 @@ resource "azurerm_key_vault_secret" "api_client_id" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "api_client_secret" { @@ -80,6 +82,8 @@ resource "azurerm_key_vault_secret" "api_client_secret" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "auth_tenant_id" { @@ -90,6 +94,8 @@ resource "azurerm_key_vault_secret" "auth_tenant_id" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "application_admin_client_id" { @@ -100,6 +106,8 @@ resource "azurerm_key_vault_secret" "application_admin_client_id" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "application_admin_client_secret" { @@ -110,6 +118,8 @@ resource "azurerm_key_vault_secret" "application_admin_client_secret" { depends_on = [ azurerm_key_vault_access_policy.deployer ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_diagnostic_setting" "kv" { diff --git a/core/terraform/network/network_security_groups.tf b/core/terraform/network/network_security_groups.tf index d89d711d6b..50accf846b 100644 --- a/core/terraform/network/network_security_groups.tf +++ b/core/terraform/network/network_security_groups.tf @@ -101,6 +101,8 @@ resource "azurerm_network_security_group" "bastion" { source_address_prefix = "*" destination_address_prefix = "Internet" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet_network_security_group_association" "bastion" { @@ -141,6 +143,8 @@ resource "azurerm_network_security_group" "app_gw" { source_address_prefix = "Internet" destination_address_prefix = "*" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet_network_security_group_association" "app_gw" { @@ -156,6 +160,8 @@ resource "azurerm_network_security_group" "default_rules" { location = var.location resource_group_name = var.resource_group_name tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet_network_security_group_association" "shared" { diff --git a/core/terraform/network/variables.tf b/core/terraform/network/variables.tf index 0f0d8c4067..cf13c52078 100644 --- a/core/terraform/network/variables.tf +++ b/core/terraform/network/variables.tf @@ -1,5 +1,15 @@ -variable "tre_id" {} -variable "location" {} -variable "resource_group_name" {} -variable "core_address_space" {} -variable "arm_environment" {} +variable "tre_id" { + type = string +} +variable "location" { + type = string +} +variable "resource_group_name" { + type = string +} +variable "core_address_space" { + type = string +} +variable "arm_environment" { + type = string +} diff --git a/core/terraform/notebooks.tf b/core/terraform/notebooks.tf index 23ab97fa33..37214c7748 100644 --- a/core/terraform/notebooks.tf +++ b/core/terraform/notebooks.tf @@ -12,4 +12,6 @@ resource "azurerm_application_insights_workbook" "firewall" { display_name = "Azure Firewall Workbook ${var.tre_id}" data_json = data.http.firewall_workbook_json.response_body tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/core/terraform/outputs.tf b/core/terraform/outputs.tf index 5b7b6a0e54..7e02c66aa5 100644 --- a/core/terraform/outputs.tf +++ b/core/terraform/outputs.tf @@ -26,6 +26,10 @@ output "keyvault_name" { value = azurerm_key_vault.kv.name } +output "keyvault_uri" { + value = azurerm_key_vault.kv.vault_uri +} + output "service_bus_resource_id" { value = azurerm_servicebus_namespace.sb.id } diff --git a/core/terraform/resource_processor/vmss_porter/main.tf b/core/terraform/resource_processor/vmss_porter/main.tf index 6c7f6c939e..a9599527d2 100644 --- a/core/terraform/resource_processor/vmss_porter/main.tf +++ b/core/terraform/resource_processor/vmss_porter/main.tf @@ -38,6 +38,8 @@ resource "azurerm_key_vault_secret" "resource_processor_vmss_password" { value = random_password.password.result key_vault_id = var.key_vault_id tags = local.tre_core_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_user_assigned_identity" "vmss_msi" { diff --git a/core/terraform/resource_processor/vmss_porter/variables.tf b/core/terraform/resource_processor/vmss_porter/variables.tf index 37a0d22bdc..fcf7acab4c 100644 --- a/core/terraform/resource_processor/vmss_porter/variables.tf +++ b/core/terraform/resource_processor/vmss_porter/variables.tf @@ -1,24 +1,66 @@ -variable "tre_id" {} -variable "location" {} -variable "acr_id" {} -variable "resource_group_name" {} -variable "resource_processor_subnet_id" {} -variable "resource_processor_vmss_porter_image_repository" {} -variable "docker_registry_server" {} -variable "service_bus_namespace_id" {} -variable "service_bus_namespace_fqdn" {} -variable "service_bus_resource_request_queue" {} -variable "service_bus_deployment_status_update_queue" {} -variable "mgmt_storage_account_name" {} -variable "mgmt_resource_group_name" {} -variable "terraform_state_container_name" {} -variable "app_insights_connection_string" {} -variable "key_vault_name" {} -variable "key_vault_url" {} -variable "key_vault_id" {} -variable "resource_processor_number_processes_per_instance" {} -variable "resource_processor_vmss_sku" {} -variable "arm_environment" {} +variable "tre_id" { + type = string +} +variable "location" { + type = string +} +variable "acr_id" { + type = string +} +variable "resource_group_name" { + type = string +} +variable "resource_processor_subnet_id" { + type = string +} +variable "resource_processor_vmss_porter_image_repository" { + type = string +} +variable "docker_registry_server" { + type = string +} +variable "service_bus_namespace_id" { + type = string +} +variable "service_bus_namespace_fqdn" { + type = string +} +variable "service_bus_resource_request_queue" { + type = string +} +variable "service_bus_deployment_status_update_queue" { + type = string +} +variable "mgmt_storage_account_name" { + type = string +} +variable "mgmt_resource_group_name" { + type = string +} +variable "terraform_state_container_name" { + type = string +} +variable "app_insights_connection_string" { + type = string +} +variable "key_vault_name" { + type = string +} +variable "key_vault_url" { + type = string +} +variable "key_vault_id" { + type = string +} +variable "resource_processor_number_processes_per_instance" { + type = string +} +variable "resource_processor_vmss_sku" { + type = string +} +variable "arm_environment" { + type = string +} variable "subscription_id" { description = "The subscription id to create the resource processor permission/role. If not supplied will use the TF context." type = string diff --git a/core/version.txt b/core/version.txt index 732155f8df..de77196f44 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.8.3" +__version__ = "0.8.6" diff --git a/devops/scripts/setup_local_debugging.sh b/devops/scripts/setup_local_debugging.sh index cc5f0e011e..f0a8b6c6ed 100755 --- a/devops/scripts/setup_local_debugging.sh +++ b/devops/scripts/setup_local_debugging.sh @@ -13,6 +13,8 @@ private_env_path="./core/private.env" : "${AZURE_SUBSCRIPTION_ID?"Check AZURE_SUBSCRIPTION_ID is defined in ${private_env_path}"}" : "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID?"Check EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}" : "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}" +: "${KEYVAULT_URI?"Check KEYVAULT_URI is defined in ${private_env_path}"}" +: "${KEYVAULT?"Check KEYVAULT is defined in ${private_env_path}"}" set -o pipefail set -o nounset @@ -51,6 +53,12 @@ az eventgrid topic update \ --inbound-ip-rules "${IPADDR}" allow \ --ids "${EVENT_GRID_STATUS_CHANGED_TOPIC_RESOURCE_ID}" "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID}" +echo "Allow data ingestion to App Insights from public networks not connected through a Private Link Scope" +az monitor app-insights component update \ + --resource-group "${RESOURCE_GROUP_NAME}" \ + --app "appi-${TRE_ID}" \ + --ingestion-access enabled + # Get the object id of the currently logged-in identity if [[ -n ${ARM_CLIENT_ID:-} ]]; then @@ -115,15 +123,32 @@ az role assignment create \ --assignee "${RP_TESTING_SP_APP_ID}" \ --scope "${SERVICE_BUS_RESOURCE_ID}" + +# Assign get permissions on the keyvault +az keyvault set-policy \ + --name "${KEYVAULT}" \ + --spn "${RP_TESTING_SP_APP_ID}" \ + --secret-permissions get + + # Write the appId and secret to the private.env file which is used for RP debugging # First check if the env vars are there already and delete them sed -i '/ARM_CLIENT_ID/d' "${private_env_path}" sed -i '/ARM_CLIENT_SECRET/d' "${private_env_path}" +sed -i '/AAD_TENANT_ID/d' "${private_env_path}" +sed -i '/APPLICATION_ADMIN_CLIENT_ID/d' "${private_env_path}" +sed -i '/APPLICATION_ADMIN_CLIENT_SECRET/d' "${private_env_path}" # Append them to the TRE file so that the Resource Processor can use them tee -a "${private_env_path}" < dict: config["service_bus_namespace"] = os.environ["SERVICE_BUS_FULLY_QUALIFIED_NAMESPACE"] config["vmss_msi_id"] = os.environ.get("VMSS_MSI_ID", None) config["number_processes"] = os.environ.get("NUMBER_PROCESSES", "1") - config["key_vault_url"] = os.environ.get("KEY_VAULT_URL", os.environ.get("KEYVAULT", None)) + config["key_vault_url"] = os.environ.get("KEY_VAULT_URL", os.environ.get("KEYVAULT_URI", None)) config["arm_environment"] = os.environ.get("ARM_ENVIRONMENT", "public") config["azure_environment"] = os.environ.get("AZURE_ENVIRONMENT", "AzureCloud") config["aad_authority_url"] = os.environ.get("AAD_AUTHORITY_URL", "https://login.microsoftonline.com") @@ -45,6 +45,10 @@ def get_config(logger_adapter) -> dict: else: config["arm_client_secret"] = "" # referenced in the credential set + # when running in vscode devcontainer + if "DEVCONTAINER" in os.environ: + config["remote_containers_ipc"] = os.environ["REMOTE_CONTAINERS_IPC"] + # Create env dict for porter config["porter_env"] = { "HOME": os.environ["HOME"], @@ -69,6 +73,14 @@ def get_config(logger_adapter) -> dict: } ) + # when running in vscode devcontainer + if "DEVCONTAINER" in os.environ: + config["porter_env"].update( + { + "REMOTE_CONTAINERS_IPC": config["remote_containers_ipc"] + } + ) + # Load env vars for bundles def envvar_to_key(name: str) -> str: return name[len("RP_BUNDLE_"):].lower() diff --git a/templates/shared_services/admin-vm/porter.yaml b/templates/shared_services/admin-vm/porter.yaml index 4ee499acf7..a32187f47a 100644 --- a/templates/shared_services/admin-vm/porter.yaml +++ b/templates/shared_services/admin-vm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-admin-vm -version: 0.4.0 +version: 0.4.3 description: "An admin vm shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf index 8588111e34..3ef4b8734b 100644 --- a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf +++ b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "jumpbox_nic" { subnet_id = data.azurerm_subnet.shared.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_password" "password" { @@ -47,6 +49,8 @@ resource "azurerm_windows_virtual_machine" "jumpbox" { caching = "ReadWrite" storage_account_type = "Standard_LRS" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "jumpbox_credentials" { @@ -54,6 +58,8 @@ resource "azurerm_key_vault_secret" "jumpbox_credentials" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.keyvault.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "antimalware" { @@ -68,4 +74,6 @@ resource "azurerm_virtual_machine_extension" "antimalware" { settings = jsonencode({ "AntimalwareEnabled" = true }) + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/shared_services/cyclecloud/porter.yaml b/templates/shared_services/cyclecloud/porter.yaml index 4c9ab9b3e1..c6c6c0810d 100644 --- a/templates/shared_services/cyclecloud/porter.yaml +++ b/templates/shared_services/cyclecloud/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-cyclecloud -version: 0.5.1 +version: 0.5.4 description: "An Azure TRE Shared Service Template for Azure Cyclecloud" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/shared_services/cyclecloud/terraform/cyclecloud.tf b/templates/shared_services/cyclecloud/terraform/cyclecloud.tf index e89ee69a64..0ca360817b 100644 --- a/templates/shared_services/cyclecloud/terraform/cyclecloud.tf +++ b/templates/shared_services/cyclecloud/terraform/cyclecloud.tf @@ -79,6 +79,8 @@ resource "azurerm_key_vault_secret" "cyclecloud_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.core.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } data "azurerm_subscription" "primary" { @@ -102,6 +104,8 @@ resource "azurerm_network_interface" "cyclecloud" { subnet_id = data.azurerm_subnet.shared.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_zone" "cyclecloud" { @@ -118,6 +122,8 @@ resource "azurerm_private_dns_zone_virtual_network_link" "cyclecloud_core_vnet" private_dns_zone_name = azurerm_private_dns_zone.cyclecloud.name virtual_network_id = data.azurerm_virtual_network.core.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_a_record" "cyclecloud_vm" { @@ -127,5 +133,7 @@ resource "azurerm_private_dns_a_record" "cyclecloud_vm" { ttl = 300 records = [azurerm_network_interface.cyclecloud.private_ip_address] tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/shared_services/cyclecloud/terraform/storage.tf b/templates/shared_services/cyclecloud/terraform/storage.tf index 3c7e6f4429..c5f561a8dd 100644 --- a/templates/shared_services/cyclecloud/terraform/storage.tf +++ b/templates/shared_services/cyclecloud/terraform/storage.tf @@ -5,6 +5,8 @@ resource "azurerm_storage_account" "cyclecloud" { account_tier = "Standard" account_replication_type = "GRS" tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } data "azurerm_private_dns_zone" "blobcore" { diff --git a/templates/shared_services/cyclecloud/terraform/variables.tf b/templates/shared_services/cyclecloud/terraform/variables.tf index 330dea61e0..1c064dbb76 100644 --- a/templates/shared_services/cyclecloud/terraform/variables.tf +++ b/templates/shared_services/cyclecloud/terraform/variables.tf @@ -1,3 +1,9 @@ -variable "tre_id" {} -variable "tre_resource_id" {} -variable "arm_environment" {} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "arm_environment" { + type = string +} \ No newline at end of file diff --git a/templates/shared_services/databricks-auth/porter.yaml b/templates/shared_services/databricks-auth/porter.yaml index 3a9514fa59..b14922cedc 100644 --- a/templates/shared_services/databricks-auth/porter.yaml +++ b/templates/shared_services/databricks-auth/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-databricks-private-auth -version: 0.1.2 +version: 0.1.5 description: "An Azure TRE shared service for Azure Databricks authentication." registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/shared_services/databricks-auth/terraform/variables.tf b/templates/shared_services/databricks-auth/terraform/variables.tf index 8e0b626a1b..e6ebb1234b 100644 --- a/templates/shared_services/databricks-auth/terraform/variables.tf +++ b/templates/shared_services/databricks-auth/terraform/variables.tf @@ -8,4 +8,6 @@ variable "tre_resource_id" { description = "Unique TRE Resource ID" } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index c39c5b1297..880da4ac5a 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 1.1.1 +version: 1.1.3 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index bdfd9015a5..1f82da60ef 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 0.6.2 +version: 0.6.5 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index 0838b806bd..702c4d1288 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -168,6 +168,8 @@ resource "azurerm_key_vault_secret" "gitea_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_storage_share" "gitea" { diff --git a/templates/shared_services/gitea/terraform/mysql.tf b/templates/shared_services/gitea/terraform/mysql.tf index b457efa5db..42bea9c4ff 100644 --- a/templates/shared_services/gitea/terraform/mysql.tf +++ b/templates/shared_services/gitea/terraform/mysql.tf @@ -71,4 +71,6 @@ resource "azurerm_key_vault_secret" "db_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/shared_services/gitea/terraform/variables.tf b/templates/shared_services/gitea/terraform/variables.tf index 848a209c69..a71d12ee5b 100644 --- a/templates/shared_services/gitea/terraform/variables.tf +++ b/templates/shared_services/gitea/terraform/variables.tf @@ -30,4 +30,6 @@ variable "acr_name" { description = "Name of Azure Container Registry" } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/shared_services/sonatype-nexus-vm/porter.yaml b/templates/shared_services/sonatype-nexus-vm/porter.yaml index 2a3e36c60a..085ef5bd57 100644 --- a/templates/shared_services/sonatype-nexus-vm/porter.yaml +++ b/templates/shared_services/sonatype-nexus-vm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-sonatype-nexus -version: 2.5.3 +version: 2.5.6 description: "A Sonatype Nexus shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf b/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf index dcfdafdabf..df274bab6e 100644 --- a/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf +++ b/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "nexus" { subnet_id = data.azurerm_subnet.shared.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_zone_virtual_network_link" "nexus_core_vnet" { @@ -17,6 +19,8 @@ resource "azurerm_private_dns_zone_virtual_network_link" "nexus_core_vnet" { private_dns_zone_name = data.azurerm_private_dns_zone.nexus.name virtual_network_id = data.azurerm_virtual_network.core.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_dns_a_record" "nexus_vm" { @@ -26,6 +30,8 @@ resource "azurerm_private_dns_a_record" "nexus_vm" { ttl = 300 records = [azurerm_linux_virtual_machine.nexus.private_ip_address] tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "random_password" "nexus_vm_password" { @@ -59,6 +65,8 @@ resource "azurerm_key_vault_secret" "nexus_vm_password" { value = random_password.nexus_vm_password.result key_vault_id = data.azurerm_key_vault.kv.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "nexus_admin_password" { @@ -66,6 +74,8 @@ resource "azurerm_key_vault_secret" "nexus_admin_password" { value = random_password.nexus_admin_password.result key_vault_id = data.azurerm_key_vault.kv.id tags = local.tre_shared_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_user_assigned_identity" "nexus_msi" { @@ -222,4 +232,6 @@ resource "azurerm_virtual_machine_extension" "keyvault" { "msiClientId" : azurerm_user_assigned_identity.nexus_msi.client_id } }) + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index 98521a4b96..1d4b45d7b8 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.8.7 +version: 0.8.10 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/terraform/compute.tf b/templates/workspace_services/azureml/terraform/compute.tf index 37ad8bc8c9..549995e6ab 100644 --- a/templates/workspace_services/azureml/terraform/compute.tf +++ b/templates/workspace_services/azureml/terraform/compute.tf @@ -16,6 +16,8 @@ resource "azurerm_key_vault_secret" "aml_password" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 8ebc8146f3..9c11677381 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -56,6 +56,8 @@ resource "azapi_resource" "aml_service_endpoint_policy" { ] } }) + + lifecycle { ignore_changes = [tags] } } resource "azurerm_subnet" "aml" { diff --git a/templates/workspace_services/azureml/terraform/storage.tf b/templates/workspace_services/azureml/terraform/storage.tf index 1e58029a03..b85acf5bd8 100644 --- a/templates/workspace_services/azureml/terraform/storage.tf +++ b/templates/workspace_services/azureml/terraform/storage.tf @@ -9,7 +9,7 @@ resource "azurerm_storage_account" "aml" { default_action = "Deny" } - + lifecycle { ignore_changes = [tags] } } data "azurerm_private_dns_zone" "blobcore" { diff --git a/templates/workspace_services/azureml/terraform/variables.tf b/templates/workspace_services/azureml/terraform/variables.tf index 2ff78807fe..a47b5588ff 100644 --- a/templates/workspace_services/azureml/terraform/variables.tf +++ b/templates/workspace_services/azureml/terraform/variables.tf @@ -36,6 +36,10 @@ variable "auth_client_secret" { description = "Used to authenticate into the AAD Tenant to get app role members" } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} -variable "azure_environment" {} +variable "azure_environment" { + type = string +} diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml index 54851ec4ca..c9f57c6283 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml +++ b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-user-resource-aml-compute-instance -version: 0.5.4 +version: 0.5.7 description: "Azure Machine Learning Compute Instance" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf index 5ff10ccdfe..f00afd5ec0 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf @@ -26,4 +26,6 @@ resource "azapi_resource" "compute_instance" { } } }) + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/variables.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/variables.tf index 8ac575859d..d4c7295bf2 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/variables.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/variables.tf @@ -1,9 +1,21 @@ -variable "workspace_id" {} -variable "tre_id" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} variable "vm_size_sku" { - + type = string +} +variable "tre_resource_id" { + type = string +} +variable "parent_service_id" { + type = string +} +variable "auth_tenant_id" { + type = string } -variable "tre_resource_id" {} -variable "parent_service_id" {} -variable "auth_tenant_id" {} -variable "user_object_id" {} +variable "user_object_id" { + type = string +} \ No newline at end of file diff --git a/templates/workspace_services/databricks/porter.yaml b/templates/workspace_services/databricks/porter.yaml index 3fdc4b46f6..d54a446c1f 100644 --- a/templates/workspace_services/databricks/porter.yaml +++ b/templates/workspace_services/databricks/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-databricks -version: 1.0.0 +version: 1.0.3 description: "An Azure TRE service for Azure Databricks." registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/databricks/terraform/variables.tf b/templates/workspace_services/databricks/terraform/variables.tf index 9dde4b6094..e6851c35f1 100644 --- a/templates/workspace_services/databricks/terraform/variables.tf +++ b/templates/workspace_services/databricks/terraform/variables.tf @@ -23,4 +23,6 @@ variable "is_exposed_externally" { description = "If the databricks workspace is exposed externally or not." } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index 8e59a60efc..8bce9f56e4 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 0.8.2 +version: 0.8.5 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/gitea/terraform/gitea-webapp.tf b/templates/workspace_services/gitea/terraform/gitea-webapp.tf index fa942280e7..899f7e7921 100644 --- a/templates/workspace_services/gitea/terraform/gitea-webapp.tf +++ b/templates/workspace_services/gitea/terraform/gitea-webapp.tf @@ -176,6 +176,8 @@ resource "azurerm_key_vault_secret" "gitea_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_role_assignment" "gitea_acrpull_role" { diff --git a/templates/workspace_services/gitea/terraform/mysql.tf b/templates/workspace_services/gitea/terraform/mysql.tf index 8d13cc658f..ddd855edf4 100644 --- a/templates/workspace_services/gitea/terraform/mysql.tf +++ b/templates/workspace_services/gitea/terraform/mysql.tf @@ -71,4 +71,6 @@ resource "azurerm_key_vault_secret" "db_password" { depends_on = [ azurerm_key_vault_access_policy.gitea_policy ] + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/gitea/terraform/variables.tf b/templates/workspace_services/gitea/terraform/variables.tf index 8e7e1e01d1..105bb3e014 100644 --- a/templates/workspace_services/gitea/terraform/variables.tf +++ b/templates/workspace_services/gitea/terraform/variables.tf @@ -1,12 +1,26 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "id" {} -variable "mgmt_resource_group_name" {} -variable "mgmt_acr_name" {} -variable "aad_authority_url" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "id" { + type = string +} +variable "mgmt_resource_group_name" { + type = string +} +variable "mgmt_acr_name" { + type = string +} +variable "aad_authority_url" { + type = string +} variable "gitea_storage_limit" { type = number description = "Space allocated in GB for the Gitea data in Azure Files Share" default = 100 } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/workspace_services/guacamole/porter.yaml b/templates/workspace_services/guacamole/porter.yaml index 4235b99dce..5904433a8a 100644 --- a/templates/workspace_services/guacamole/porter.yaml +++ b/templates/workspace_services/guacamole/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole -version: 0.9.4 +version: 0.9.7 description: "An Azure TRE service for Guacamole" dockerfile: Dockerfile.tmpl registry: azuretre @@ -77,7 +77,7 @@ parameters: env: GUAC_DISABLE_UPLOAD - name: is_exposed_externally type: boolean - default: false + default: true env: IS_EXPOSED_EXTERNALLY description: "Determines if the web app will be available over public/internet or private networks" - name: aad_authority_url diff --git a/templates/workspace_services/guacamole/terraform/variables.tf b/templates/workspace_services/guacamole/terraform/variables.tf index d67d05c3da..26fcbb2f05 100644 --- a/templates/workspace_services/guacamole/terraform/variables.tf +++ b/templates/workspace_services/guacamole/terraform/variables.tf @@ -1,17 +1,68 @@ -variable "workspace_id" {} -variable "aad_authority_url" {} -variable "tre_id" {} -variable "mgmt_resource_group_name" {} -variable "mgmt_acr_name" {} -variable "image_name" {} -variable "image_tag" {} -variable "guac_disable_copy" {} -variable "guac_disable_paste" {} -variable "guac_enable_drive" {} -variable "guac_drive_name" {} -variable "guac_drive_path" {} -variable "guac_disable_download" {} -variable "guac_disable_upload" {} -variable "is_exposed_externally" {} -variable "tre_resource_id" {} -variable "arm_environment" {} +variable "workspace_id" { + type = string + description = "The workspace ID" +} +variable "aad_authority_url" { + type = string + description = "The Azure AD authority URL" +} +variable "tre_id" { + type = string + description = "The TRE ID" +} +variable "mgmt_resource_group_name" { + type = string + description = "The management resource group name" +} +variable "mgmt_acr_name" { + type = string + description = "The management ACR name" +} +variable "image_name" { + type = string + description = "The Guacamole image name" +} +variable "image_tag" { + type = string + description = "The Guacamole image tag" +} +variable "guac_disable_copy" { + type = bool + description = "Disable copy from the Guacamole workspace" +} +variable "guac_disable_paste" { + type = bool + description = "Disable paste to the Guacamole workspace" +} +variable "guac_enable_drive" { + type = bool + description = "Enable drive redirection" +} +variable "guac_drive_name" { + type = string + description = "The drive name" +} +variable "guac_drive_path" { + type = string + description = "The drive path" +} +variable "guac_disable_download" { + type = bool + description = "Disable download from the Guacamole workspace" +} +variable "guac_disable_upload" { + type = bool + description = "Disable upload to the Guacamole workspace" +} +variable "is_exposed_externally" { + type = bool + description = "Is the Guacamole workspace to be exposed externally?" +} +variable "tre_resource_id" { + type = string + description = "The workspace service ID" +} +variable "arm_environment" { + type = string + description = "The ARM cloud environment" +} diff --git a/templates/workspace_services/guacamole/terraform/web_app.tf b/templates/workspace_services/guacamole/terraform/web_app.tf index 01c598eeae..1642dbcfd1 100644 --- a/templates/workspace_services/guacamole/terraform/web_app.tf +++ b/templates/workspace_services/guacamole/terraform/web_app.tf @@ -148,6 +148,8 @@ resource "azurerm_private_endpoint" "guacamole" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_access_policy" "guacamole_policy" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml index 54d3858e9f..e6bb291784 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-export-reviewvm -version: 0.1.4 +version: 0.1.7 description: "An Azure TRE User Resource Template for reviewing Airlock export requests" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/variables.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/variables.tf index baa4d18db1..36cdb77b3c 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/variables.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/variables.tf @@ -1,10 +1,25 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "parent_service_id" {} -variable "tre_resource_id" {} -variable "image" {} -variable "vm_size" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "parent_service_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "image" { + type = string +} +variable "vm_size" { + type = string +} variable "image_gallery_id" { + type = string default = "" } -variable "airlock_request_sas_url" {} +variable "airlock_request_sas_url" { + type = string +} diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf index 7780f6f3f3..9efc1661f2 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/windowsvm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_network_security_group" "vm_nsg" { @@ -16,6 +18,8 @@ resource "azurerm_network_security_group" "vm_nsg" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_network_security_rule" "allow_outbound_airlock_exip_storage_pe" { @@ -146,6 +150,8 @@ resource "azurerm_windows_virtual_machine" "windowsvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "config_script" { @@ -161,6 +167,8 @@ resource "azurerm_virtual_machine_extension" "config_script" { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/configure.ps1; c:/azuredata/configure.ps1 \"" } PROT + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "windowsvm_password" { @@ -168,6 +176,8 @@ resource "azurerm_key_vault_secret" "windowsvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "template_file" "download_review_data_script" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml index 02e189e084..2df4c94418 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-import-reviewvm -version: 0.2.4 +version: 0.2.7 description: "An Azure TRE User Resource Template for reviewing Airlock import requests" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/variables.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/variables.tf index baa4d18db1..c6847da884 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/variables.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/variables.tf @@ -1,10 +1,25 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "parent_service_id" {} -variable "tre_resource_id" {} -variable "image" {} -variable "vm_size" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "parent_service_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "image" { + type = string +} +variable "vm_size" { + type = string +} variable "image_gallery_id" { + type = string default = "" } -variable "airlock_request_sas_url" {} +variable "airlock_request_sas_url" { + type = string +} \ No newline at end of file diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf index a064f987f4..75891d5018 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/terraform/windowsvm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_string" "username" { @@ -69,6 +71,8 @@ resource "azurerm_windows_virtual_machine" "windowsvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "config_script" { @@ -84,6 +88,8 @@ resource "azurerm_virtual_machine_extension" "config_script" { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/configure.ps1; c:/azuredata/configure.ps1 \"" } PROT + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "windowsvm_password" { @@ -91,6 +97,8 @@ resource "azurerm_key_vault_secret" "windowsvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "template_file" "download_review_data_script" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml index 5330af99b4..437e196282 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-linuxvm -version: 0.6.5 +version: 0.6.8 description: "An Azure TRE User Resource Template for Guacamole (Linux)" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf index d03476ce1a..247c4f77e0 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf @@ -8,6 +8,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_string" "username" { @@ -68,6 +70,8 @@ resource "azurerm_linux_virtual_machine" "linuxvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "template_cloudinit_config" "config" { @@ -135,6 +139,8 @@ resource "azurerm_key_vault_secret" "linuxvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } data "azurerm_storage_account" "stg" { diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/variables.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/variables.tf index 039498e60f..4908ae52a2 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/variables.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/variables.tf @@ -1,13 +1,28 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "parent_service_id" {} -variable "tre_resource_id" {} -variable "image" {} -variable "vm_size" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "parent_service_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "image" { + type = string +} +variable "vm_size" { + type = string +} variable "shared_storage_access" { type = bool } -variable "shared_storage_name" {} +variable "shared_storage_name" { + type = string +} variable "image_gallery_id" { + type = string default = "" } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml index db889ca8bb..67997dd161 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-guacamole-windowsvm -version: 0.7.5 +version: 0.7.8 description: "An Azure TRE User Resource Template for Guacamole (Windows 10)" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/variables.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/variables.tf index 039498e60f..4908ae52a2 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/variables.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/variables.tf @@ -1,13 +1,28 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "parent_service_id" {} -variable "tre_resource_id" {} -variable "image" {} -variable "vm_size" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "parent_service_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "image" { + type = string +} +variable "vm_size" { + type = string +} variable "shared_storage_access" { type = bool } -variable "shared_storage_name" {} +variable "shared_storage_name" { + type = string +} variable "image_gallery_id" { + type = string default = "" } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf index 699f92487e..575f8a7efd 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/windowsvm.tf @@ -9,6 +9,8 @@ resource "azurerm_network_interface" "internal" { subnet_id = data.azurerm_subnet.services.id private_ip_address_allocation = "Dynamic" } + + lifecycle { ignore_changes = [tags] } } resource "random_string" "username" { @@ -79,6 +81,8 @@ resource "azurerm_windows_virtual_machine" "windowsvm" { } tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_virtual_machine_extension" "config_script" { @@ -94,6 +98,8 @@ resource "azurerm_virtual_machine_extension" "config_script" { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command \"cp c:/azuredata/customdata.bin c:/azuredata/configure.ps1; c:/azuredata/configure.ps1 \"" } PROT + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "windowsvm_password" { @@ -101,4 +107,6 @@ resource "azurerm_key_vault_secret" "windowsvm_password" { value = "${random_string.username.result}\n${random_password.password.result}" key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_user_resources_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/health-services/porter.yaml b/templates/workspace_services/health-services/porter.yaml index 6a04c11720..e944335d12 100644 --- a/templates/workspace_services/health-services/porter.yaml +++ b/templates/workspace_services/health-services/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-health -version: 0.2.1 +version: 0.2.4 description: "An Azure Data Health Services workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/health-services/terraform/main.tf b/templates/workspace_services/health-services/terraform/main.tf index ecd68dabf5..0189b5e456 100644 --- a/templates/workspace_services/health-services/terraform/main.tf +++ b/templates/workspace_services/health-services/terraform/main.tf @@ -25,6 +25,8 @@ resource "azurerm_healthcare_fhir_service" "fhir" { type = "SystemAssigned" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_healthcare_dicom_service" "dicom" { @@ -37,6 +39,8 @@ resource "azurerm_healthcare_dicom_service" "dicom" { identity { type = "SystemAssigned" } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_endpoint" "health_services_private_endpoint" { diff --git a/templates/workspace_services/health-services/terraform/variables.tf b/templates/workspace_services/health-services/terraform/variables.tf index 974eb07c47..72547d6a74 100644 --- a/templates/workspace_services/health-services/terraform/variables.tf +++ b/templates/workspace_services/health-services/terraform/variables.tf @@ -48,4 +48,6 @@ variable "auth_client_secret" { description = "Used to authenticate into the AAD Tenant to get app role members" } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} \ No newline at end of file diff --git a/templates/workspace_services/innereye/porter.yaml b/templates/workspace_services/innereye/porter.yaml index 03b72d9b2d..9c5b9133fc 100644 --- a/templates/workspace_services/innereye/porter.yaml +++ b/templates/workspace_services/innereye/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-innereye -version: 0.6.1 +version: 0.6.4 description: "An Azure TRE service for InnerEye Deep Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl index 093801a738..1260ac6c2c 100644 --- a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl @@ -21,40 +21,41 @@ provider "registry.terraform.io/hashicorp/azurerm" { } provider "registry.terraform.io/hashicorp/external" { - version = "2.2.3" + version = "2.3.1" hashes = [ - "h1:uvOYRWcVIqOZSl8YjjaB18yZFz1AWIt2CnK7O45rckg=", - "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", - "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", - "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", - "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387", - "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a", - "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32", - "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79", + "h1:bROCw6g5D/3fFnWeJ01L4IrdnJl1ILU8DGDgXCtYzaY=", + "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54", + "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee", + "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd", + "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2", + "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353", - "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f", - "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a", - "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a", + "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df", + "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e", + "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326", + "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05", + "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8", + "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417", ] } provider "registry.terraform.io/hashicorp/local" { - version = "2.2.3" + version = "2.4.0" + constraints = "2.4.0" hashes = [ - "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", - "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", - "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa", - "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238", + "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", + "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", + "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", + "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797", - "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb", - "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3", - "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c", - "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8", - "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e", - "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9", - "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd", + "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", + "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", + "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", + "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", + "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", + "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", + "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", + "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", ] } diff --git a/templates/workspace_services/innereye/terraform/compute.tf b/templates/workspace_services/innereye/terraform/compute.tf index 5e83dc2cee..6953569913 100644 --- a/templates/workspace_services/innereye/terraform/compute.tf +++ b/templates/workspace_services/innereye/terraform/compute.tf @@ -46,6 +46,8 @@ resource "azurerm_resource_group_template_deployment" "deploy_compute_cluster" { }) deployment_mode = "Incremental" + + lifecycle { ignore_changes = [tags] } } data "azurerm_container_registry" "aml" { diff --git a/templates/workspace_services/innereye/terraform/main.tf b/templates/workspace_services/innereye/terraform/main.tf index d4d5d07e4c..6aadeaf4c8 100644 --- a/templates/workspace_services/innereye/terraform/main.tf +++ b/templates/workspace_services/innereye/terraform/main.tf @@ -9,6 +9,10 @@ terraform { source = "hashicorp/random" version = "=3.4.2" } + local = { + source = "hashicorp/local" + version = "=2.4.0" + } } backend "azurerm" { } diff --git a/templates/workspace_services/innereye/terraform/variables.tf b/templates/workspace_services/innereye/terraform/variables.tf index 5ecfa1cf4c..e3e825896d 100644 --- a/templates/workspace_services/innereye/terraform/variables.tf +++ b/templates/workspace_services/innereye/terraform/variables.tf @@ -1,12 +1,30 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "tre_resource_id" {} -variable "arm_tenant_id" {} -variable "arm_client_id" {} -variable "arm_client_secret" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "arm_tenant_id" { + type = string +} +variable "arm_client_id" { + type = string +} +variable "arm_client_secret" { + type = string +} variable "arm_use_msi" { type = bool } -variable "inference_sp_client_id" {} -variable "inference_sp_client_secret" {} -variable "arm_environment" {} +variable "inference_sp_client_id" { + type = string +} +variable "inference_sp_client_secret" { + type = string +} +variable "arm_environment" { + type = string +} diff --git a/templates/workspace_services/innereye/terraform/web_app.tf b/templates/workspace_services/innereye/terraform/web_app.tf index a177af4221..137d61a649 100644 --- a/templates/workspace_services/innereye/terraform/web_app.tf +++ b/templates/workspace_services/innereye/terraform/web_app.tf @@ -47,6 +47,8 @@ resource "azurerm_app_service" "inference" { type = "Custom" value = random_uuid.inference_auth_key.result } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_app_service_virtual_network_swift_connection" "inference" { @@ -77,4 +79,6 @@ resource "azurerm_private_endpoint" "inference" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/mlflow/porter.yaml b/templates/workspace_services/mlflow/porter.yaml index 10b7cb6569..8b8939133a 100644 --- a/templates/workspace_services/mlflow/porter.yaml +++ b/templates/workspace_services/mlflow/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-mlflow -version: 0.7.2 +version: 0.7.5 description: "An Azure TRE service for MLflow machine learning lifecycle" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspace_services/mlflow/terraform/postgresql.tf b/templates/workspace_services/mlflow/terraform/postgresql.tf index b45d31cfb9..a71d4acb7a 100644 --- a/templates/workspace_services/mlflow/terraform/postgresql.tf +++ b/templates/workspace_services/mlflow/terraform/postgresql.tf @@ -25,6 +25,8 @@ resource "azurerm_key_vault_secret" "postgresql_admin_username" { value = random_string.username.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "postgresql_admin_password" { @@ -32,6 +34,8 @@ resource "azurerm_key_vault_secret" "postgresql_admin_password" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_postgresql_server" "mlflow" { @@ -54,6 +58,8 @@ resource "azurerm_postgresql_server" "mlflow" { public_network_access_enabled = false ssl_enforcement_enabled = true ssl_minimal_tls_version_enforced = "TLS1_2" + + lifecycle { ignore_changes = [tags] } } resource "azurerm_postgresql_database" "mlflow" { diff --git a/templates/workspace_services/mlflow/terraform/variables.tf b/templates/workspace_services/mlflow/terraform/variables.tf index f2c9d40151..a57e8d750d 100644 --- a/templates/workspace_services/mlflow/terraform/variables.tf +++ b/templates/workspace_services/mlflow/terraform/variables.tf @@ -1,13 +1,25 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "tre_resource_id" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} -variable "mgmt_acr_name" {} -variable "mgmt_resource_group_name" {} +variable "mgmt_acr_name" { + type = string +} +variable "mgmt_resource_group_name" { + type = string +} variable "is_exposed_externally" { type = bool description = "Is the webapp available on the public internet" default = false } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/workspace_services/mlflow/terraform/web_app.tf b/templates/workspace_services/mlflow/terraform/web_app.tf index a65f35057b..553e82a431 100644 --- a/templates/workspace_services/mlflow/terraform/web_app.tf +++ b/templates/workspace_services/mlflow/terraform/web_app.tf @@ -132,6 +132,8 @@ resource "azurerm_private_endpoint" "mlflow" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_access_policy" "mlflow" { diff --git a/templates/workspace_services/mysql/porter.yaml b/templates/workspace_services/mysql/porter.yaml index d87e0c3fe0..643c340d7d 100644 --- a/templates/workspace_services/mysql/porter.yaml +++ b/templates/workspace_services/mysql/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-mysql -version: 0.4.1 +version: 0.4.4 description: "A MySQL workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/mysql/terraform/mysql.tf b/templates/workspace_services/mysql/terraform/mysql.tf index 8ea87e00c9..9c0f387392 100644 --- a/templates/workspace_services/mysql/terraform/mysql.tf +++ b/templates/workspace_services/mysql/terraform/mysql.tf @@ -62,4 +62,6 @@ resource "azurerm_key_vault_secret" "db_password" { value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id tags = local.workspace_service_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspace_services/mysql/terraform/variables.tf b/templates/workspace_services/mysql/terraform/variables.tf index 20fbbd5589..ac7359d6dc 100644 --- a/templates/workspace_services/mysql/terraform/variables.tf +++ b/templates/workspace_services/mysql/terraform/variables.tf @@ -1,8 +1,18 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "tre_resource_id" {} -variable "sql_sku" {} -variable "db_name" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "sql_sku" { + type = string +} +variable "db_name" { + type = string +} variable "storage_mb" { type = number validation { @@ -10,4 +20,6 @@ variable "storage_mb" { error_message = "The storage value is out of range." } } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/workspace_services/ohdsi/porter.yaml b/templates/workspace_services/ohdsi/porter.yaml index 4140ca2b05..855fb19b18 100644 --- a/templates/workspace_services/ohdsi/porter.yaml +++ b/templates/workspace_services/ohdsi/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-service-ohdsi -version: 0.2.0 +version: 0.2.3 description: "An OHDSI workspace service" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/ohdsi/terraform/atlas_database.tf b/templates/workspace_services/ohdsi/terraform/atlas_database.tf index 8dc7b059e5..fbbd4e46bb 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_database.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_database.tf @@ -18,6 +18,8 @@ resource "azurerm_key_vault_secret" "postgres_admin_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.postgres_admin_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "postgres_webapi_admin_password" { @@ -25,6 +27,8 @@ resource "azurerm_key_vault_secret" "postgres_webapi_admin_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.postgres_webapi_admin_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "postgres_webapi_app_password" { @@ -32,6 +36,8 @@ resource "azurerm_key_vault_secret" "postgres_webapi_app_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.postgres_webapi_app_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_network_security_group" "postgres" { @@ -161,6 +167,8 @@ resource "azurerm_postgresql_flexible_server" "postgres" { depends_on = [ terraform_data.postgres_subnet_wait, ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_postgresql_flexible_server_database" "db" { diff --git a/templates/workspace_services/ohdsi/terraform/atlas_security.tf b/templates/workspace_services/ohdsi/terraform/atlas_security.tf index 131a7b9efd..0dd1fc3083 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_security.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_security.tf @@ -8,6 +8,8 @@ resource "azurerm_key_vault_secret" "atlas_security_admin_password" { key_vault_id = data.azurerm_key_vault.ws.id value = random_password.atlas_security_admin_password.result tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "terraform_data" "deployment_atlas_security" { diff --git a/templates/workspace_services/ohdsi/terraform/atlas_ui.tf b/templates/workspace_services/ohdsi/terraform/atlas_ui.tf index e15b643015..d4e4c38eea 100644 --- a/templates/workspace_services/ohdsi/terraform/atlas_ui.tf +++ b/templates/workspace_services/ohdsi/terraform/atlas_ui.tf @@ -71,6 +71,8 @@ resource "azurerm_linux_web_app" "atlas_ui" { ] tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_endpoint" "atlas_ui_private_endpoint" { @@ -91,6 +93,8 @@ resource "azurerm_private_endpoint" "atlas_ui_private_endpoint" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_diagnostic_setting" "atlas_ui" { diff --git a/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf b/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf index 534f880980..6e1d96c35e 100644 --- a/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf +++ b/templates/workspace_services/ohdsi/terraform/ohdsi_web_api.tf @@ -3,6 +3,8 @@ resource "azurerm_key_vault_secret" "jdbc_connection_string_webapi_admin" { key_vault_id = data.azurerm_key_vault.ws.id value = "jdbc:postgresql://${azurerm_postgresql_flexible_server.postgres.fqdn}:5432/${local.postgres_webapi_database_name}?user=${local.postgres_webapi_admin_username}&password=${azurerm_key_vault_secret.postgres_webapi_admin_password.value}&sslmode=require" tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_user_assigned_identity" "ohdsi_webapi_id" { @@ -10,6 +12,8 @@ resource "azurerm_user_assigned_identity" "ohdsi_webapi_id" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_access_policy" "ohdsi_webapi" { @@ -112,6 +116,8 @@ resource "azurerm_linux_web_app" "ohdsi_webapi" { depends_on = [ terraform_data.deployment_ohdsi_webapi_init ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_private_endpoint" "webapi_private_endpoint" { @@ -132,6 +138,8 @@ resource "azurerm_private_endpoint" "webapi_private_endpoint" { name = module.terraform_azurerm_environment_configuration.private_links["privatelink.azurewebsites.net"] private_dns_zone_ids = [data.azurerm_private_dns_zone.azurewebsites.id] } + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_diagnostic_setting" "ohdsi_webapi" { diff --git a/templates/workspace_services/ohdsi/terraform/variables.tf b/templates/workspace_services/ohdsi/terraform/variables.tf index 26c9f8d505..fd78e18be0 100644 --- a/templates/workspace_services/ohdsi/terraform/variables.tf +++ b/templates/workspace_services/ohdsi/terraform/variables.tf @@ -1,7 +1,15 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "tre_resource_id" {} -variable "arm_environment" {} +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "arm_environment" { + type = string +} variable "address_space" { type = string description = "Address space for PostgreSQL's subnet" diff --git a/templates/workspaces/airlock-import-review/porter.yaml b/templates/workspaces/airlock-import-review/porter.yaml index 3a7ffe0f13..94a55488bf 100644 --- a/templates/workspaces/airlock-import-review/porter.yaml +++ b/templates/workspaces/airlock-import-review/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-airlock-import-review -version: 0.11.2 +version: 0.11.6 description: "A workspace to do Airlock Data Import Reviews for Azure TRE" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 4919472af0..9156afe8ed 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-base -version: 1.4.4 +version: 1.4.7 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/workspaces/base/terraform/aad/aad.tf b/templates/workspaces/base/terraform/aad/aad.tf index ca6c26b8af..031f32b5a0 100644 --- a/templates/workspaces/base/terraform/aad/aad.tf +++ b/templates/workspaces/base/terraform/aad/aad.tf @@ -110,6 +110,8 @@ resource "azurerm_key_vault_secret" "client_id" { value = azuread_application.workspace.application_id key_vault_id = var.key_vault_id tags = var.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } } resource "azurerm_key_vault_secret" "client_secret" { @@ -117,6 +119,8 @@ resource "azurerm_key_vault_secret" "client_secret" { value = azuread_service_principal_password.workspace.value key_vault_id = var.key_vault_id tags = var.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } } resource "azuread_app_role_assignment" "workspace_owner" { diff --git a/templates/workspaces/base/terraform/aad/variables.tf b/templates/workspaces/base/terraform/aad/variables.tf index dd750dc3ac..7858625107 100644 --- a/templates/workspaces/base/terraform/aad/variables.tf +++ b/templates/workspaces/base/terraform/aad/variables.tf @@ -1,8 +1,18 @@ -variable "key_vault_id" {} -variable "workspace_resource_name_suffix" {} -variable "workspace_owner_object_id" {} -variable "tre_workspace_tags" {} +variable "key_vault_id" { + type = string +} +variable "workspace_resource_name_suffix" { + type = string +} +variable "workspace_owner_object_id" { + type = string +} +variable "tre_workspace_tags" { + type = map(string) +} variable "aad_redirect_uris_b64" { type = string # list of objects like [{"name": "my uri 1", "value": "https://..."}, {}] } -variable "create_aad_groups" {} +variable "create_aad_groups" { + type = string +} diff --git a/templates/workspaces/base/terraform/airlock/variables.tf b/templates/workspaces/base/terraform/airlock/variables.tf index 81fd12fa0f..a1a5909d38 100644 --- a/templates/workspaces/base/terraform/airlock/variables.tf +++ b/templates/workspaces/base/terraform/airlock/variables.tf @@ -1,9 +1,27 @@ -variable "location" {} -variable "tre_id" {} -variable "ws_resource_group_name" {} -variable "enable_local_debugging" {} -variable "services_subnet_id" {} -variable "airlock_processor_subnet_id" {} -variable "short_workspace_id" {} -variable "tre_workspace_tags" {} -variable "arm_environment" {} +variable "location" { + type = string +} +variable "tre_id" { + type = string +} +variable "ws_resource_group_name" { + type = string +} +variable "enable_local_debugging" { + type = bool +} +variable "services_subnet_id" { + type = string +} +variable "airlock_processor_subnet_id" { + type = string +} +variable "short_workspace_id" { + type = string +} +variable "tre_workspace_tags" { + type = map(string) +} +variable "arm_environment" { + type = string +} \ No newline at end of file diff --git a/templates/workspaces/base/terraform/appserviceplan.tf b/templates/workspaces/base/terraform/appserviceplan.tf index 5cbafd84c6..f3c1c51423 100644 --- a/templates/workspaces/base/terraform/appserviceplan.tf +++ b/templates/workspaces/base/terraform/appserviceplan.tf @@ -7,4 +7,6 @@ resource "azurerm_service_plan" "workspace" { os_type = "Linux" sku_name = var.app_service_plan_sku tags = local.tre_workspace_tags + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf b/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf index 88ee111771..49acc8a4fe 100644 --- a/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf +++ b/templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf @@ -73,6 +73,8 @@ resource "azapi_resource" "ampls_workspace" { "id" ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_private_link_scoped_service" "ampls_log_anaytics" { @@ -124,6 +126,8 @@ resource "azapi_resource" "appinsights" { "id", "properties.ConnectionString", ] + + lifecycle { ignore_changes = [tags] } } resource "azurerm_monitor_private_link_scoped_service" "ampls_app_insights" { diff --git a/templates/workspaces/base/terraform/azure-monitor/variables.tf b/templates/workspaces/base/terraform/azure-monitor/variables.tf index ceb7423811..9b9f4845dc 100644 --- a/templates/workspaces/base/terraform/azure-monitor/variables.tf +++ b/templates/workspaces/base/terraform/azure-monitor/variables.tf @@ -1,13 +1,39 @@ -variable "tre_id" {} -variable "location" {} -variable "resource_group_name" {} -variable "resource_group_id" {} -variable "tre_workspace_tags" {} -variable "workspace_subnet_id" {} -variable "azure_monitor_dns_zone_id" {} -variable "azure_monitor_oms_opinsights_dns_zone_id" {} -variable "azure_monitor_ods_opinsights_dns_zone_id" {} -variable "azure_monitor_agentsvc_dns_zone_id" {} -variable "blob_core_dns_zone_id" {} -variable "tre_resource_id" {} -variable "enable_local_debugging" {} +variable "tre_id" { + type = string +} +variable "location" { + type = string +} +variable "resource_group_name" { + type = string +} +variable "resource_group_id" { + type = string +} +variable "tre_workspace_tags" { + type = map(string) +} +variable "workspace_subnet_id" { + type = string +} +variable "azure_monitor_dns_zone_id" { + type = string +} +variable "azure_monitor_oms_opinsights_dns_zone_id" { + type = string +} +variable "azure_monitor_ods_opinsights_dns_zone_id" { + type = string +} +variable "azure_monitor_agentsvc_dns_zone_id" { + type = string +} +variable "blob_core_dns_zone_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "enable_local_debugging" { + type = bool +} diff --git a/templates/workspaces/base/terraform/keyvault.tf b/templates/workspaces/base/terraform/keyvault.tf index 0441c45f01..6f74b4b974 100644 --- a/templates/workspaces/base/terraform/keyvault.tf +++ b/templates/workspaces/base/terraform/keyvault.tf @@ -118,6 +118,8 @@ resource "azurerm_key_vault_secret" "aad_tenant_id" { azurerm_key_vault_access_policy.resource_processor, terraform_data.wait_for_dns_vault ] + + lifecycle { ignore_changes = [tags] } } # This secret only gets written if Terraform is not responsible for @@ -133,6 +135,8 @@ resource "azurerm_key_vault_secret" "client_id" { azurerm_key_vault_access_policy.resource_processor, terraform_data.wait_for_dns_vault ] + + lifecycle { ignore_changes = [tags] } } data "azurerm_key_vault_secret" "client_secret" { @@ -154,4 +158,6 @@ resource "azurerm_key_vault_secret" "client_secret" { azurerm_key_vault_access_policy.resource_processor, terraform_data.wait_for_dns_vault ] + + lifecycle { ignore_changes = [tags] } } diff --git a/templates/workspaces/base/terraform/network/variables.tf b/templates/workspaces/base/terraform/network/variables.tf index 200cb4016a..8111fa0e1b 100644 --- a/templates/workspaces/base/terraform/network/variables.tf +++ b/templates/workspaces/base/terraform/network/variables.tf @@ -1,7 +1,21 @@ -variable "location" {} -variable "tre_id" {} -variable "address_spaces" {} -variable "ws_resource_group_name" {} -variable "tre_workspace_tags" {} -variable "tre_resource_id" {} -variable "arm_environment" {} +variable "location" { + type = string +} +variable "tre_id" { + type = string +} +variable "address_spaces" { + type = string +} +variable "ws_resource_group_name" { + type = string +} +variable "tre_workspace_tags" { + type = map(string) +} +variable "tre_resource_id" { + type = string +} +variable "arm_environment" { + type = string +} diff --git a/templates/workspaces/base/terraform/variables.tf b/templates/workspaces/base/terraform/variables.tf index 3977257b2b..567d468ede 100644 --- a/templates/workspaces/base/terraform/variables.tf +++ b/templates/workspaces/base/terraform/variables.tf @@ -119,4 +119,6 @@ variable "workspace_owner_object_id" { description = "The Object Id of the user that you wish to be the Workspace Owner. E.g. the TEST_AUTOMATION_ACCOUNT." } -variable "arm_environment" {} +variable "arm_environment" { + type = string +} diff --git a/templates/workspaces/unrestricted/porter.yaml b/templates/workspaces/unrestricted/porter.yaml index 7748b7f521..1c0b9b553f 100644 --- a/templates/workspaces/unrestricted/porter.yaml +++ b/templates/workspaces/unrestricted/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-unrestricted -version: 0.10.2 +version: 0.10.4 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre