Output is_exposed_externally, for all resources with URI (#3656)

api_app/_version.py

@@ -1 +1 @@
-__version__ = "0.15.15"
+__version__ = "0.15.16"

api_app/models/domain/restricted_resource.py

@@ -9,7 +9,7 @@ class RestrictedProperties(AzureTREModel):
     description: str = ""
     overview: str = ""
     connection_uri: str = ""
-    internal_connection_uri: str = ""
+    is_exposed_externally: bool = True
 
 
 class RestrictedResource(AzureTREModel):

templates/shared_services/gitea/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-gitea
-version: 0.6.6
+version: 0.6.10
 description: "A Gitea shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -69,6 +69,16 @@ outputs:
     applyTo:
       - install
       - upgrade
+  - name: connection_uri
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: is_exposed_externally
+    type: boolean
+    applyTo:
+      - install
+      - upgrade
 
 install:
   - terraform:
@@ -87,6 +97,8 @@ install:
       outputs:
         - name: gitea_allowed_fqdns_list
         - name: address_prefixes
+        - name: connection_uri
+        - name: is_exposed_externally
 
 upgrade:
   - terraform:
@@ -105,6 +117,8 @@ upgrade:
       outputs:
         - name: gitea_allowed_fqdns_list
         - name: address_prefixes
+        - name: connection_uri
+        - name: is_exposed_externally
 
 uninstall:
   - terraform:

templates/shared_services/gitea/template_schema.json

@@ -26,6 +26,18 @@
       "description": "Long form description of the workspace service, in markdown syntax",
       "default": "The Gitea shared service is used for mirroring external Git repositories. For instructions on how to create Git mirrors see [https://docs.gitea.com/usage/repo-mirror](https://docs.gitea.com/usage/repo-mirror).",
       "updateable": true
+    },
+    "is_exposed_externally": {
+      "$id": "#/properties/is_exposed_externally",
+      "type": "boolean",
+      "title": "Expose externally",
+      "description": "Is the Gitea accessible from outside of the TRE network.",
+      "default": false
+    }
+  },
+  "uiSchema": {
+    "is_exposed_externally": {
+      "classNames": "tre-hidden"
     }
   },
   "pipeline": {

templates/shared_services/gitea/terraform/outputs.tf

@@ -9,3 +9,11 @@ output "address_prefixes" {
 output "gitea_allowed_fqdns_list" {
   value = jsonencode(local.gitea_allowed_fqdns_list)
 }
+
+output "connection_uri" {
+  value = "https://${azurerm_linux_web_app.gitea.default_hostname}"
+}
+
+output "is_exposed_externally" {
+  value = false
+}

templates/shared_services/sonatype-nexus-vm/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-sonatype-nexus
-version: 2.8.11
+version: 2.8.12
 description: "A Sonatype Nexus shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -62,6 +62,16 @@ outputs:
     applyTo:
       - install
       - upgrade
+  - name: connection_uri
+    type: string
+    applyTo:
+      - install
+      - upgrade
+  - name: is_exposed_externally
+    type: boolean
+    applyTo:
+      - install
+      - upgrade
 
 mixins:
   - exec
@@ -84,6 +94,8 @@ install:
         - name: workspace_vm_allowed_fqdns_list
         - name: nexus_allowed_fqdns_list
         - name: private_ip_addresses
+        - name: connection_uri
+        - name: is_exposed_externally
 
 upgrade:
   - terraform:
@@ -101,6 +113,9 @@ upgrade:
         - name: workspace_vm_allowed_fqdns_list
         - name: nexus_allowed_fqdns_list
         - name: private_ip_addresses
+        - name: connection_uri
+        - name: is_exposed_externally
+
 uninstall:
   - terraform:
       description: "Tear down shared service"

templates/shared_services/sonatype-nexus-vm/template_schema.json

@@ -32,7 +32,20 @@
     "ssl_cert_name": {
       "type": "string",
       "title": "SSL certificate name",
-      "description": "The name of the certificate to use (located in the core KeyVault) for configuring Nexus SSL"
+      "description": "The name of the certificate to use (located in the core KeyVault) for configuring Nexus SSL",
+      "default": "nexus-ssl"
+    },
+    "is_exposed_externally": {
+      "$id": "#/properties/is_exposed_externally",
+      "type": "boolean",
+      "title": "Expose externally",
+      "description": "Is the Sonatype Nexus accessible from outside of the TRE network.",
+      "default": false
+    }
+  },
+  "uiSchema": {
+    "is_exposed_externally": {
+      "classNames": "tre-hidden"
     }
   },
   "pipeline": {

templates/shared_services/sonatype-nexus-vm/terraform/outputs.tf

@@ -9,3 +9,11 @@ output "workspace_vm_allowed_fqdns_list" {
 output "private_ip_addresses" {
   value = jsonencode(azurerm_network_interface.nexus.private_ip_addresses)
 }
+
+output "connection_uri" {
+  value = "https://${data.azurerm_private_dns_zone.nexus.name}"
+}
+
+output "is_exposed_externally" {
+  value = false
+}

templates/workspace_services/gitea/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-workspace-service-gitea
-version: 0.8.6
+version: 0.8.7
 description: "A Gitea workspace service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -70,11 +70,16 @@ mixins:
       clientVersion: 1.3.6
 
 outputs:
-  - name: internal_connection_uri
+  - name: connection_uri
     type: string
     applyTo:
       - install
       - upgrade
+  - name: is_exposed_externally
+    type: boolean
+    applyTo:
+      - install
+      - upgrade
   - name: authentication_callback_uri
     type: string
     applyTo:
@@ -103,7 +108,8 @@ install:
         container_name: ${ bundle.parameters.tfstate_container_name }
         key: tre-workspace-service-gitea-${ bundle.parameters.id }
       outputs:
-        - name: internal_connection_uri
+        - name: connection_uri
+        - name: is_exposed_externally
         - name: authentication_callback_uri
         - name: workspace_address_space
 
@@ -124,7 +130,8 @@ upgrade:
         container_name: ${ bundle.parameters.tfstate_container_name }
         key: tre-workspace-service-gitea-${ bundle.parameters.id }
       outputs:
-        - name: internal_connection_uri
+        - name: connection_uri
+        - name: is_exposed_externally
         - name: authentication_callback_uri
         - name: workspace_address_space
 

templates/workspace_services/gitea/template_schema.json

@@ -27,6 +27,18 @@
       "description": "Long form description of the workspace service, in markdown syntax",
       "default": "Gitea is a lightweight DevOps platform. Features include code hosting, code review, CI/CD, project management and package management. Documentation can be found here: [https://docs.gitea.com/](https://docs.gitea.com/).",
       "updateable": true
+    },
+    "is_exposed_externally": {
+      "$id": "#/properties/is_exposed_externally",
+      "type": "boolean",
+      "title": "Expose externally",
+      "description": "Is Gitea accessible from outside of the TRE network.",
+      "default": false
+    }
+  },
+  "uiSchema": {
+    "is_exposed_externally": {
+      "classNames": "tre-hidden"
     }
   },
   "pipeline": {

templates/workspace_services/gitea/terraform/outputs.tf

@@ -6,10 +6,14 @@ output "authentication_callback_uri" {
   value = "https://${azurerm_linux_web_app.gitea.default_hostname}/user/oauth2/oidc/callback"
 }
 
-output "internal_connection_uri" {
+output "connection_uri" {
   value = "https://${azurerm_linux_web_app.gitea.default_hostname}/"
 }
 
 output "workspace_address_space" {
   value = jsonencode(data.azurerm_virtual_network.ws.address_space)
 }
+
+output "is_exposed_externally" {
+  value = false
+}

templates/workspace_services/mlflow/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-service-mlflow
-version: 0.7.6
+version: 0.7.7
 description: "An Azure TRE service for MLflow machine learning lifecycle"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
@@ -61,11 +61,16 @@ parameters:
     default: "public"
 
 outputs:
-  - name: internal_connection_uri
+  - name: connection_uri
     type: string
     applyTo:
       - install
       - upgrade
+  - name: is_exposed_externally
+    type: boolean
+    applyTo:
+      - install
+      - upgrade
 
 mixins:
   - exec
@@ -88,7 +93,8 @@ install:
         container_name: ${ bundle.parameters.tfstate_container_name }
         key: tre-service-mlflow-${ bundle.parameters.id }
       outputs:
-        - name: internal_connection_uri
+        - name: connection_uri
+        - name: is_exposed_externally
 
 upgrade:
   - terraform:
@@ -106,7 +112,8 @@ upgrade:
         container_name: ${ bundle.parameters.tfstate_container_name }
         key: tre-service-mlflow-${ bundle.parameters.id }
       outputs:
-        - name: internal_connection_uri
+        - name: connection_uri
+        - name: is_exposed_externally
 
 uninstall:
   - terraform:

templates/workspace_services/mlflow/template_schema.json

@@ -25,6 +25,18 @@
       "title": "Workspace Service Overview",
       "description": "Long form description of the workspace service, in markdown syntax",
       "default": "MLflow is an open source platform to manage the ML lifecycle, including experimentation, reproducibility, deployment, and a central model registry. Documentation can be found here: [https://mlflow.org/docs/latest/index.html](https://mlflow.org/docs/latest/index.html)"
+    },
+    "is_exposed_externally": {
+      "$id": "#/properties/is_exposed_externally",
+      "type": "boolean",
+      "title": "Expose externally",
+      "description": "Is MLflow accessible from outside of the workspace network.",
+      "default": false
+    }
+  },
+  "uiSchema": {
+    "is_exposed_externally": {
+      "classNames": "tre-hidden"
     }
   }
 }

templates/workspace_services/mlflow/terraform/outputs.tf

@@ -1,3 +1,7 @@
-output "internal_connection_uri" {
+output "connection_uri" {
   value = "https://${azurerm_linux_web_app.mlflow.default_hostname}"
 }
+
+output "is_exposed_externally" {
+  value = false
+}