From 817d197ffad463696b9b6f5ae55774751c0ca565 Mon Sep 17 00:00:00 2001 From: David Moore <35696285+damoodamoo@users.noreply.github.com> Date: Mon, 5 Dec 2022 17:23:37 +0000 Subject: [PATCH 1/2] API Sends REDACTED instead of real val to RP (#2941) fixed bug + test --- api_app/_version.py | 2 +- api_app/api/routes/resource_helpers.py | 4 ++-- .../tests_ma/test_api/test_routes/test_resource_helpers.py | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/api_app/_version.py b/api_app/_version.py index 906d362f7d..43c4ab0058 100644 --- a/api_app/_version.py +++ b/api_app/_version.py @@ -1 +1 @@ -__version__ = "0.6.0" +__version__ = "0.6.1" diff --git a/api_app/api/routes/resource_helpers.py b/api_app/api/routes/resource_helpers.py index 0b57835ce6..621c6a93b4 100644 --- a/api_app/api/routes/resource_helpers.py +++ b/api_app/api/routes/resource_helpers.py @@ -70,7 +70,7 @@ async def save_and_deploy_resource( def mask_sensitive_properties( properties: Dict[str, Any], template: ResourceTemplate ) -> dict: - updated_resource_parameters = properties + updated_resource_parameters = deepcopy(properties) flattened_template_props = {} @@ -113,7 +113,7 @@ def recurse_input_props(prop_dict: dict): if isinstance(prop, dict): recurse_input_props(prop) - recurse_input_props(properties) + recurse_input_props(updated_resource_parameters) return updated_resource_parameters diff --git a/api_app/tests_ma/test_api/test_routes/test_resource_helpers.py b/api_app/tests_ma/test_api/test_routes/test_resource_helpers.py index bf80031b21..8e1bd9b989 100644 --- a/api_app/tests_ma/test_api/test_routes/test_resource_helpers.py +++ b/api_app/tests_ma/test_api/test_routes/test_resource_helpers.py @@ -276,6 +276,8 @@ async def test_save_and_deploy_masks_secrets(self, send_deployment_message_mock, # Checking that the item saved had a secret redacted resource.properties["secret"] = strings.REDACTED_SENSITIVE_VALUE + resource.properties["prop_with_nested_secret"]["nested_secret"] = strings.REDACTED_SENSITIVE_VALUE + resource_repo.save_item.assert_called_once_with(resource) def test_sensitive_properties_get_masked(self, basic_resource_template): From a06ac2717b6eba38bd2471158b0cfaf9def266fc Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Tue, 6 Dec 2022 15:28:59 +0200 Subject: [PATCH 2/2] Auto upgrade firewall (#2942) * Auto update firewall * changelog --- CHANGELOG.md | 1 + devops/scripts/deploy_shared_service.sh | 44 ++++++++++++++++--------- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88ddf80f9c..9758d72b09 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ FEATURES: ENHANCEMENTS: * Remove Porter's Docker mixin as it's not in use ([#2889](https://github.com/microsoft/AzureTRE/pull/2889)) * Support template version update ([#2908](https://github.com/microsoft/AzureTRE/pull/2908)) +* Support updating the firewall when installing via makefile/CICD ([#2942](https://github.com/microsoft/AzureTRE/pull/2942)) BUG FIXES: * Private endpoints for AppInsights are now provisioning successfully and consistently ([#2841](https://github.com/microsoft/AzureTRE/pull/2841)) diff --git a/devops/scripts/deploy_shared_service.sh b/devops/scripts/deploy_shared_service.sh index d63670e6f0..d1d8766d15 100755 --- a/devops/scripts/deploy_shared_service.sh +++ b/devops/scripts/deploy_shared_service.sh @@ -51,6 +51,7 @@ fi deployed_shared_service=$(echo "${get_shared_services_result}" \ | jq -r ".sharedServices[] | select(.templateName == \"${template_name}\" and (.deploymentStatus != \"deleted\" or .deploymentStatus != \"deployment_failed\"))") +is_update=0 if [[ -n "${deployed_shared_service}" ]]; then # Get template version of the service already deployed deployed_version=$(echo "${deployed_shared_service}" | jq -r ".templateVersion") @@ -59,22 +60,23 @@ if [[ -n "${deployed_shared_service}" ]]; then echo "Shared service ${template_name} of version ${template_version} has already been deployed" exit 0 else - echo "Resource upgrade isn't currently implemented. See https://github.com/microsoft/AzureTRE/issues/141" - exit 0 + is_update=1 fi fi -# Add additional properties to the payload JSON string -additional_props="" -for index in "${!property_names[@]}"; do - name=${property_names[$index]} - value=${property_values[$index]} - additional_props="$additional_props, \"$name\": \"$value\"" -done +if [[ "${is_update}" -eq 0 ]]; then + + # Add additional properties to the payload JSON string + additional_props="" + for index in "${!property_names[@]}"; do + name=${property_names[$index]} + value=${property_values[$index]} + additional_props="$additional_props, \"$name\": \"$value\"" + done -echo "Not currently deployed - deploying..." -display_name="${template_name#tre-shared-service-}" -if ! deploy_result=$(cat << EOF | tre shared-services new --definition-file - + echo "Not currently deployed - deploying..." + display_name="${template_name#tre-shared-service-}" + if ! deploy_result=$(cat << EOF | tre shared-services new --definition-file - { "templateName": "${template_name}", "properties": { @@ -84,9 +86,19 @@ if ! deploy_result=$(cat << EOF | tre shared-services new --definition-file - } } EOF -); then - echo "Failed to deploy shared service:" - echo "${deploy_result}" - exit 1 + ); then + echo "Failed to deploy shared service:" + echo "${deploy_result}" + exit 1 + fi + +else + + echo "An older version is already deloyed. Trying to update..." + deployed_id=$(echo "${deployed_shared_service}" | jq -r ".id") + deployed_etag=$(echo "${deployed_shared_service}" | jq -r "._etag") + tre shared-service "${deployed_id}" update --etag "${deployed_etag}" --definition "{\"templateVersion\": \"${template_version}\"}" + fi + echo "Deployed shared service ""${template_name}"""