From 873f2d8bf88b930ca9cf93078a72ac289af90cd1 Mon Sep 17 00:00:00 2001 From: Anat Balzam Date: Mon, 25 Jul 2022 08:51:29 +0000 Subject: [PATCH 1/6] Initial airlock manager role --- .../scripts/aad/create_workspace_application.sh | 16 ++++++++++++++++ docs/tre-admins/identities/workspace.md | 1 + templates/workspaces/base/porter.yaml | 4 ++++ templates/workspaces/base/terraform/aad/aad.tf | 10 ++++++++++ .../workspaces/base/terraform/aad/outputs.tf | 4 ++++ templates/workspaces/base/terraform/outputs.tf | 4 ++++ templates/workspaces/base/terraform/variables.tf | 5 +++++ 7 files changed, 44 insertions(+) diff --git a/devops/scripts/aad/create_workspace_application.sh b/devops/scripts/aad/create_workspace_application.sh index f2df88c974..36a43381e0 100755 --- a/devops/scripts/aad/create_workspace_application.sh +++ b/devops/scripts/aad/create_workspace_application.sh @@ -122,6 +122,7 @@ source "${DIR}/update_resource_access.sh" # Default of new UUIDs researcherRoleId=$(cat /proc/sys/kernel/random/uuid) ownerRoleId=$(cat /proc/sys/kernel/random/uuid) +airlockManagerRoleId=$(cat /proc/sys/kernel/random/uuid) userImpersonationScopeId=$(cat /proc/sys/kernel/random/uuid) appObjectId="" @@ -132,9 +133,11 @@ if [ -n "${existingApp}" ]; then researcherRoleId=$(echo "$existingApp" | jq -r '.appRoles[] | select(.value == "WorkspaceResearcher").id') ownerRoleId=$(echo "$existingApp" | jq -r '.appRoles[] | select(.value == "WorkspaceOwner").id') + airlockManagerRoleId=$(echo "$existingApp" | jq -r '.appRoles[] | select(.value == "AirlockManager").id') userImpersonationScopeId=$(echo "$existingApp" | jq -r '.api.oauth2PermissionScopes[] | select(.value == "user_impersonation").id') if [[ -z "${researcherRoleId}" ]]; then researcherRoleId=$(cat /proc/sys/kernel/random/uuid); fi if [[ -z "${ownerRoleId}" ]]; then ownerRoleId=$(cat /proc/sys/kernel/random/uuid); fi + if [[ -z "${airlockManagerRoleId}" ]]; then airlockManagerRoleId=$(cat /proc/sys/kernel/random/uuid); fi if [[ -z "${userImpersonationScopeId}" ]]; then userImpersonationScopeId=$(cat /proc/sys/kernel/random/uuid); fi fi @@ -181,6 +184,15 @@ appDefinition=$(jq -c . << JSON "isEnabled": true, "origin": "Application", "value": "WorkspaceResearcher" + }, + { + "id": "${airlockManagerRoleId}", + "allowedMemberTypes": [ "User", "Application" ], + "description": "Provides airlock managers access to the Workspace and ability to review airlock requests", + "displayName": "Airlock Manager", + "isEnabled": true, + "origin": "Application", + "value": "AirlockManager" }], "signInAudience": "AzureADMyOrg", "requiredResourceAccess": [ @@ -310,6 +322,10 @@ if [[ -n ${automationClientId} ]]; then { "id": "${ownerRoleId}", "type": "Role" + }, + { + "id": "${airlockManagerRoleId}", + "type": "Role" } ], "resourceAppId": "${workspaceAppId}" diff --git a/docs/tre-admins/identities/workspace.md b/docs/tre-admins/identities/workspace.md index 8faa6f6e7f..bab8e47ff6 100644 --- a/docs/tre-admins/identities/workspace.md +++ b/docs/tre-admins/identities/workspace.md @@ -9,6 +9,7 @@ Access to workspaces is also controlled using app registrations - one per worksp | ------------ | ----------- | -------------------- | ----- | | Workspace Owner | Provides workspace owners access to the Workspace. | Users/Groups,Applications | `WorkspaceOwner` | | Workspace Researcher | Provides researchers access to the Workspace. | Users/Groups,Applications | `WorkspaceResearcher` | +| Airlock Manager | Provides airlock managers access to the Workspace and ability to review airlock requests. | Users/Groups,Applications | `AirlockManager` | ## Microsoft Graph Permissions | Name | Type* | Admin consent required | TRE usage | diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 05c213d7da..c895377456 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -89,6 +89,10 @@ parameters: type: string default: "" description: "The id of the application role WorkspaceResearcher in the identity provider" + - name: app_role_id_airlock_manager + type: string + default: "" + description: "The id of the application role AirlockManager in the identity provider" - name: aad_redirect_uris type: string description: "List of redirect URIs in {name:value} format" diff --git a/templates/workspaces/base/terraform/aad/aad.tf b/templates/workspaces/base/terraform/aad/aad.tf index 2ecdaf1f2f..7524fbcad8 100644 --- a/templates/workspaces/base/terraform/aad/aad.tf +++ b/templates/workspaces/base/terraform/aad/aad.tf @@ -3,6 +3,7 @@ data "azuread_client_config" "current" {} resource "random_uuid" "oauth2_user_impersonation_id" {} resource "random_uuid" "app_role_workspace_owner_id" {} resource "random_uuid" "app_role_workspace_researcher_id" {} +resource "random_uuid" "app_role_airlock_manager_id" {} resource "azuread_application" "workspace" { display_name = var.workspace_resource_name_suffix @@ -43,6 +44,15 @@ resource "azuread_application" "workspace" { value = "WorkspaceResearcher" } + app_role { + allowed_member_types = ["User", "Application"] + description = "Provides airlock managers access to the Workspace and ability to review airlock requests." + display_name = "Airlock Manager" + enabled = true + id = random_uuid.app_role_airlock_manager_id.result + value = "AirlockManager" + } + feature_tags { enterprise = true } diff --git a/templates/workspaces/base/terraform/aad/outputs.tf b/templates/workspaces/base/terraform/aad/outputs.tf index 8c84927878..4ea16f1f46 100644 --- a/templates/workspaces/base/terraform/aad/outputs.tf +++ b/templates/workspaces/base/terraform/aad/outputs.tf @@ -6,6 +6,10 @@ output "app_role_workspace_researcher_id" { value = random_uuid.app_role_workspace_researcher_id.result } +output "app_role_airlock_manager_id" { + value = random_uuid.app_role_airlock_manager_id.result +} + output "client_id" { value = azuread_application.workspace.application_id } diff --git a/templates/workspaces/base/terraform/outputs.tf b/templates/workspaces/base/terraform/outputs.tf index 5ba52ed6a8..f757719e03 100644 --- a/templates/workspaces/base/terraform/outputs.tf +++ b/templates/workspaces/base/terraform/outputs.tf @@ -13,6 +13,10 @@ output "app_role_id_workspace_researcher" { value = var.register_aad_application ? module.aad[0].app_role_workspace_researcher_id : var.app_role_id_workspace_researcher } +output "app_role_id_airlock_manager" { + value = var.register_aad_application ? module.aad[0].app_role_airlock_manager_id : var.app_role_id_airlock_manager +} + output "client_id" { value = var.register_aad_application ? module.aad[0].client_id : var.client_id } diff --git a/templates/workspaces/base/terraform/variables.tf b/templates/workspaces/base/terraform/variables.tf index e3e89f74ef..28abd2b977 100644 --- a/templates/workspaces/base/terraform/variables.tf +++ b/templates/workspaces/base/terraform/variables.tf @@ -82,6 +82,11 @@ variable "app_role_id_workspace_researcher" { default = "" description = "The id of the application role WorkspaceResearcher in the identity provider, this is passed in so that we may return it as an output." } +variable "app_role_id_airlock_manager" { + type = string + default = "" + description = "The id of the application role AirlockManager in the identity provider, this is passed in so that we may return it as an output." +} variable "client_id" { type = string default = "" From 8605b995e73706c5cb94f0cad289f2ed77d1ce4c Mon Sep 17 00:00:00 2001 From: Anat Balzam Date: Wed, 17 Aug 2022 14:25:53 +0000 Subject: [PATCH 2/6] Initial implementation sql service --- .../workspace_services/sql/.dockerignore | 7 ++ templates/workspace_services/sql/.env.sample | 5 + templates/workspace_services/sql/.gitignore | 1 + .../workspace_services/sql/Dockerfile.tmpl | 25 +++++ .../workspace_services/sql/parameters.json | 56 ++++++++++ templates/workspace_services/sql/porter.yaml | 102 ++++++++++++++++++ .../sql/template_schema.json | 40 +++++++ .../sql/terraform/locals.tf | 14 +++ .../workspace_services/sql/terraform/main.tf | 55 ++++++++++ .../workspace_services/sql/terraform/mysql.tf | 62 +++++++++++ .../sql/terraform/outputs.tf | 3 + .../sql/terraform/variables.tf | 12 +++ 12 files changed, 382 insertions(+) create mode 100644 templates/workspace_services/sql/.dockerignore create mode 100644 templates/workspace_services/sql/.env.sample create mode 100644 templates/workspace_services/sql/.gitignore create mode 100644 templates/workspace_services/sql/Dockerfile.tmpl create mode 100644 templates/workspace_services/sql/parameters.json create mode 100644 templates/workspace_services/sql/porter.yaml create mode 100644 templates/workspace_services/sql/template_schema.json create mode 100644 templates/workspace_services/sql/terraform/locals.tf create mode 100644 templates/workspace_services/sql/terraform/main.tf create mode 100644 templates/workspace_services/sql/terraform/mysql.tf create mode 100644 templates/workspace_services/sql/terraform/outputs.tf create mode 100644 templates/workspace_services/sql/terraform/variables.tf diff --git a/templates/workspace_services/sql/.dockerignore b/templates/workspace_services/sql/.dockerignore new file mode 100644 index 0000000000..01f9314130 --- /dev/null +++ b/templates/workspace_services/sql/.dockerignore @@ -0,0 +1,7 @@ +# See https://docs.docker.com/engine/reference/builder/#dockerignore-file +# Put files here that you don't want copied into your bundle's invocation image +.gitignore +Dockerfile.tmpl + +# Local .terraform directories +**/.terraform/* diff --git a/templates/workspace_services/sql/.env.sample b/templates/workspace_services/sql/.env.sample new file mode 100644 index 0000000000..4a86bf8ed4 --- /dev/null +++ b/templates/workspace_services/sql/.env.sample @@ -0,0 +1,5 @@ +ID="__CHANGE_ME__" +WORKSPACE_ID="__CHANGE_ME__" +SQL_SKU="__CHANGE_ME__" +STORAGE_MB="__CHANGE_ME__" +DB_NAME="__CHANGE_ME__" diff --git a/templates/workspace_services/sql/.gitignore b/templates/workspace_services/sql/.gitignore new file mode 100644 index 0000000000..e08a3e22b9 --- /dev/null +++ b/templates/workspace_services/sql/.gitignore @@ -0,0 +1 @@ +.cnab/ diff --git a/templates/workspace_services/sql/Dockerfile.tmpl b/templates/workspace_services/sql/Dockerfile.tmpl new file mode 100644 index 0000000000..1df0a94283 --- /dev/null +++ b/templates/workspace_services/sql/Dockerfile.tmpl @@ -0,0 +1,25 @@ +FROM debian:buster-slim + +ARG BUNDLE_DIR + +# This is a template Dockerfile for the bundle's invocation image +# You can customize it to use different base images, install tools and copy configuration files. +# +# Porter will use it as a template and append lines to it for the mixins +# and to set the CMD appropriately for the CNAB specification. +# +# Add the following line to porter.yaml to instruct Porter to use this template +# dockerfile: Dockerfile.tmpl + +# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line +# another location in this file. If you remove that line, the mixins generated content is appended to this file. +# PORTER_MIXINS + +# Use the BUNDLE_DIR build argument to copy files into the bundle +COPY . $BUNDLE_DIR + +# Mirror plugins to prevent network access at runtime +# Remove when available from https://github.com/getporter/terraform-mixin/issues/90 +WORKDIR $BUNDLE_DIR/terraform +RUN terraform init -backend=false \ + && terraform providers mirror /usr/local/share/terraform/plugins diff --git a/templates/workspace_services/sql/parameters.json b/templates/workspace_services/sql/parameters.json new file mode 100644 index 0000000000..26cdd530f4 --- /dev/null +++ b/templates/workspace_services/sql/parameters.json @@ -0,0 +1,56 @@ +{ + "schemaVersion": "1.0.0-DRAFT+TODO", + "name": "base", + "created": "2021-06-04T13:37:29.5071039+03:00", + "modified": "2021-06-04T13:37:29.5071039+03:00", + "parameters": [ + { + "name": "tre_id", + "source": { + "env": "TRE_ID" + } + }, + { + "name": "id", + "source": { + "env": "ID" + } + }, + { + "name": "tfstate_container_name", + "source": { + "env": "TERRAFORM_STATE_CONTAINER_NAME" + } + }, + { + "name": "tfstate_resource_group_name", + "source": { + "env": "MGMT_RESOURCE_GROUP_NAME" + } + }, + { + "name": "tfstate_storage_account_name", + "source": { + "env": "MGMT_STORAGE_ACCOUNT_NAME" + } + }, + { + "name": "sql_sku", + "source": { + "env": "SQL_SKU" + } + }, + { + "name": "storage_mb", + "source": { + "env": "STORAGE_MB" + } + }, + { + "name": "db_name", + "source": { + "env": "DB_NAME" + } + } + ] +} diff --git a/templates/workspace_services/sql/porter.yaml b/templates/workspace_services/sql/porter.yaml new file mode 100644 index 0000000000..9d9d11abbc --- /dev/null +++ b/templates/workspace_services/sql/porter.yaml @@ -0,0 +1,102 @@ +--- +name: tre-workspace-service-mysql +version: 0.1.0 +description: "A MySQL workspace service" +registry: azuretre +dockerfile: Dockerfile.tmpl + +credentials: + - name: azure_tenant_id + env: ARM_TENANT_ID + - name: azure_subscription_id + env: ARM_SUBSCRIPTION_ID + - name: azure_client_id + env: ARM_CLIENT_ID + - name: azure_client_secret + env: ARM_CLIENT_SECRET +parameters: + - name: workspace_id + type: string + - name: tre_id + type: string + + # the following are added automatically by the resource processor + - name: id + type: string + description: "Resource ID" + env: id + - name: tfstate_resource_group_name + type: string + description: "Resource group containing the Terraform state storage account" + - name: tfstate_storage_account_name + type: string + description: "The name of the Terraform state storage account" + - name: tfstate_container_name + env: tfstate_container_name + type: string + default: "tfstate" + description: "The name of the Terraform state storage container" + - name: arm_use_msi + env: ARM_USE_MSI + default: false + - name: sql_sku + type: string + default: "GP | 5GB 2vCores" + - name: storage_mb + type: integer + default: 5120 + - name: db_name + type: string + default: tredb + +mixins: + - exec + - terraform: + clientVersion: 1.2.6 + +outputs: + - name: mysql_fqdn + type: string + applyTo: + - install + +install: + - terraform: + description: "Deploy MySQL workspace service" + input: false + vars: + workspace_id: "{{ bundle.parameters.workspace_id }}" + tre_id: "{{ bundle.parameters.tre_id }}" + id: "{{ bundle.parameters.id }}" + sql_sku: "{{ bundle.parameters.sql_sku }}" + storage_mb: "{{ bundle.parameters.storage_mb }}" + db_name: "{{ bundle.parameters.db_name }}" + backendConfig: + resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" + storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" + container_name: "{{ bundle.parameters.tfstate_container_name }}" + key: "tre-workspace-service-mysql-{{ bundle.parameters.id }}" + outputs: + - name: mysql_fqdn +upgrade: + - exec: + description: "Upgrade shared service" + command: echo + arguments: + - "This shared service does not implement upgrade action" +uninstall: + - terraform: + description: "Tear down MySQL workspace service" + input: false + vars: + workspace_id: "{{ bundle.parameters.workspace_id }}" + tre_id: "{{ bundle.parameters.tre_id }}" + id: "{{ bundle.parameters.id }}" + sql_sku: "{{ bundle.parameters.sql_sku }}" + storage_mb: "{{ bundle.parameters.storage_mb }}" + db_name: "{{ bundle.parameters.db_name }}" + backendConfig: + resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" + storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" + container_name: "{{ bundle.parameters.tfstate_container_name }}" + key: "tre-workspace-service-mysql-{{ bundle.parameters.id }}" diff --git a/templates/workspace_services/sql/template_schema.json b/templates/workspace_services/sql/template_schema.json new file mode 100644 index 0000000000..baa6dcca38 --- /dev/null +++ b/templates/workspace_services/sql/template_schema.json @@ -0,0 +1,40 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/sql/template_schema.json", + "type": "object", + "title": "MySQL Workspace Service", + "description": "Provides MySQL within the workspace", + "required": [ + "sql_sku", + "storage_mb", + "db_name" + ], + "properties": { + "sql_sku": { + "$id": "#/properties/sql_sku", + "type": "string", + "title": "MySQL server SKU", + "description": "MySQL server SKU", + "enum": [ + "GP | 5GB 2vCores", + "GP | 5GB 4vCores", + "GP | 5GB 6vCores", + "GP | 5GB 8vCores" + ], + "default": "GP | 5GB 2vCores" + }, + "storage_mb": { + "$id": "#/properties/storage_mb", + "type": "number", + "title": "Max storage allowed for a server", + "description": "Max storage allowed for a server", + "default": 5120 + }, + "db_name": { + "$id": "#/properties/db_name", + "type": "string", + "title": "Database name", + "description": "Database name" + } + } +} diff --git a/templates/workspace_services/sql/terraform/locals.tf b/templates/workspace_services/sql/terraform/locals.tf new file mode 100644 index 0000000000..71f275b553 --- /dev/null +++ b/templates/workspace_services/sql/terraform/locals.tf @@ -0,0 +1,14 @@ +locals { + short_service_id = substr(var.id, -4, -1) + short_workspace_id = substr(var.workspace_id, -4, -1) + workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}" + service_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_service_id}" + keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}") + core_resource_group_name = "rg-${var.tre_id}" + sql_sku = { + "GP | 5GB 2vCores" = { value = "GP_Gen5_2" }, + "GP | 5GB 4vCores" = { value = "GP_Gen5_4" }, + "GP | 5GB 6vCores" = { value = "GP_Gen5_6" }, + "GP | 5GB 8vCores" = { value = "GP_Gen5_8" } + } +} diff --git a/templates/workspace_services/sql/terraform/main.tf b/templates/workspace_services/sql/terraform/main.tf new file mode 100644 index 0000000000..9624788824 --- /dev/null +++ b/templates/workspace_services/sql/terraform/main.tf @@ -0,0 +1,55 @@ +# Azure Provider source and version being used +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=3.5.0" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features { + key_vault { + # Don't purge on destroy (this would fail due to purge protection being enabled on keyvault) + purge_soft_delete_on_destroy = false + purge_soft_deleted_secrets_on_destroy = false + purge_soft_deleted_certificates_on_destroy = false + purge_soft_deleted_keys_on_destroy = false + # When recreating an environment, recover any previously soft deleted secrets - set to true by default + recover_soft_deleted_key_vaults = true + recover_soft_deleted_secrets = true + recover_soft_deleted_certificates = true + recover_soft_deleted_keys = true + } + } +} + +data "azurerm_client_config" "current" {} + +data "azurerm_resource_group" "ws" { + name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_virtual_network" "ws" { + name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" + resource_group_name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_key_vault" "ws" { + name = local.keyvault_name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_subnet" "services" { + name = "ServicesSubnet" + virtual_network_name = data.azurerm_virtual_network.ws.name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_private_dns_zone" "mysql" { + name = "privatelink.mysql.database.azure.com" + resource_group_name = local.core_resource_group_name +} diff --git a/templates/workspace_services/sql/terraform/mysql.tf b/templates/workspace_services/sql/terraform/mysql.tf new file mode 100644 index 0000000000..f10dfa3f95 --- /dev/null +++ b/templates/workspace_services/sql/terraform/mysql.tf @@ -0,0 +1,62 @@ +resource "random_password" "password" { + length = 20 + min_upper = 2 + min_lower = 2 + min_numeric = 2 + min_special = 2 +} + +resource "azurerm_mysql_server" "mysql" { + name = "mysql-${local.service_resource_name_suffix}" + resource_group_name = data.azurerm_resource_group.ws.name + location = data.azurerm_resource_group.ws.location + administrator_login = "mysqladmin" + administrator_login_password = random_password.password.result + sku_name = local.sql_sku[var.sql_sku].value + storage_mb = var.storage_mb + version = "8.0" + auto_grow_enabled = true + backup_retention_days = 7 + geo_redundant_backup_enabled = false + infrastructure_encryption_enabled = false + public_network_access_enabled = false + ssl_enforcement_enabled = true + ssl_minimal_tls_version_enforced = "TLS1_2" + + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_mysql_database" "db" { + name = var.db_name + resource_group_name = data.azurerm_resource_group.ws.name + server_name = azurerm_mysql_server.mysql.name + charset = "utf8" + collation = "utf8_unicode_ci" +} + +resource "azurerm_private_endpoint" "private-endpoint" { + name = "pe-${azurerm_mysql_server.mysql.name}" + location = data.azurerm_resource_group.ws.location + resource_group_name = data.azurerm_resource_group.ws.name + subnet_id = data.azurerm_subnet.services.id + + private_service_connection { + private_connection_resource_id = azurerm_mysql_server.mysql.id + name = "psc-${azurerm_mysql_server.mysql.name}" + subresource_names = ["mysqlServer"] + is_manual_connection = false + } + + private_dns_zone_group { + name = "privatelink.mysql.database.azure.com" + private_dns_zone_ids = [data.azurerm_private_dns_zone.mysql.id] + } + + lifecycle { ignore_changes = [tags] } +} + +resource "azurerm_key_vault_secret" "db_password" { + name = "${azurerm_mysql_server.mysql.name}-administrator-password" + value = random_password.password.result + key_vault_id = data.azurerm_key_vault.ws.id +} diff --git a/templates/workspace_services/sql/terraform/outputs.tf b/templates/workspace_services/sql/terraform/outputs.tf new file mode 100644 index 0000000000..824c5705ab --- /dev/null +++ b/templates/workspace_services/sql/terraform/outputs.tf @@ -0,0 +1,3 @@ +output "mysql_fqdn" { + value = azurerm_mysql_server.mysql.fqdn +} diff --git a/templates/workspace_services/sql/terraform/variables.tf b/templates/workspace_services/sql/terraform/variables.tf new file mode 100644 index 0000000000..e1619147f2 --- /dev/null +++ b/templates/workspace_services/sql/terraform/variables.tf @@ -0,0 +1,12 @@ +variable "workspace_id" {} +variable "tre_id" {} +variable "id" {} +variable "sql_sku" {} +variable "db_name" {} +variable "storage_mb" { + type = number + validation { + condition = var.storage_mb > 5119 && var.storage_mb < 1048577 + error_message = "The storage value is out of range." + } +} From 25b4d578d3a469146a34a1d0481122e60d1961d7 Mon Sep 17 00:00:00 2001 From: Anat Balzam Date: Wed, 17 Aug 2022 17:13:04 +0000 Subject: [PATCH 3/6] add changelog comment --- CHANGELOG.md | 2 +- templates/workspace_services/sql/terraform/main.tf | 8 ++++++++ templates/workspace_services/sql/terraform/mysql.tf | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66556d35a6..4418b1f4ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ FEATURES: -* +* Adding a new MySql workspace service ([#1844](https://github.com/microsoft/AzureTRE/issues/1844)) ENHANCEMENTS: diff --git a/templates/workspace_services/sql/terraform/main.tf b/templates/workspace_services/sql/terraform/main.tf index 9624788824..8709546142 100644 --- a/templates/workspace_services/sql/terraform/main.tf +++ b/templates/workspace_services/sql/terraform/main.tf @@ -5,6 +5,14 @@ terraform { source = "hashicorp/azurerm" version = "=3.5.0" } + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + local = { + source = "hashicorp/local" + version = "~> 2.2.0" + } } backend "azurerm" {} diff --git a/templates/workspace_services/sql/terraform/mysql.tf b/templates/workspace_services/sql/terraform/mysql.tf index f10dfa3f95..5ae41bafd5 100644 --- a/templates/workspace_services/sql/terraform/mysql.tf +++ b/templates/workspace_services/sql/terraform/mysql.tf @@ -34,7 +34,7 @@ resource "azurerm_mysql_database" "db" { collation = "utf8_unicode_ci" } -resource "azurerm_private_endpoint" "private-endpoint" { +resource "azurerm_private_endpoint" "mysql_private_endpoint" { name = "pe-${azurerm_mysql_server.mysql.name}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name From f24c04ed6d0bd749197fc455b458c3f9a7f88bad Mon Sep 17 00:00:00 2001 From: Anat Balzam Date: Wed, 17 Aug 2022 17:30:58 +0000 Subject: [PATCH 4/6] fix provider --- templates/workspace_services/sql/terraform/main.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/templates/workspace_services/sql/terraform/main.tf b/templates/workspace_services/sql/terraform/main.tf index 8709546142..eaf6e222e7 100644 --- a/templates/workspace_services/sql/terraform/main.tf +++ b/templates/workspace_services/sql/terraform/main.tf @@ -9,10 +9,6 @@ terraform { source = "hashicorp/random" version = ">= 3.0" } - local = { - source = "hashicorp/local" - version = "~> 2.2.0" - } } backend "azurerm" {} @@ -35,8 +31,6 @@ provider "azurerm" { } } -data "azurerm_client_config" "current" {} - data "azurerm_resource_group" "ws" { name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" } From 380c8ee90587910a570298634a80af7c449be490 Mon Sep 17 00:00:00 2001 From: Anat Balzam Date: Thu, 18 Aug 2022 09:59:39 +0000 Subject: [PATCH 5/6] cr comments --- CHANGELOG.md | 2 +- templates/workspace_services/sql/porter.yaml | 4 ++-- templates/workspace_services/sql/terraform/locals.tf | 7 ++++++- templates/workspace_services/sql/terraform/main.tf | 2 +- templates/workspace_services/sql/terraform/mysql.tf | 2 ++ templates/workspace_services/sql/terraform/variables.tf | 2 +- 6 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4418b1f4ed..b8b42b89e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ FEATURES: -* Adding a new MySql workspace service ([#1844](https://github.com/microsoft/AzureTRE/issues/1844)) +* MySql workspace service ([#2476](https://github.com/microsoft/AzureTRE/issues/2476)) ENHANCEMENTS: diff --git a/templates/workspace_services/sql/porter.yaml b/templates/workspace_services/sql/porter.yaml index 9d9d11abbc..269203272d 100644 --- a/templates/workspace_services/sql/porter.yaml +++ b/templates/workspace_services/sql/porter.yaml @@ -67,7 +67,7 @@ install: vars: workspace_id: "{{ bundle.parameters.workspace_id }}" tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" + tre_resource_id: "{{ bundle.parameters.id }}" sql_sku: "{{ bundle.parameters.sql_sku }}" storage_mb: "{{ bundle.parameters.storage_mb }}" db_name: "{{ bundle.parameters.db_name }}" @@ -91,7 +91,7 @@ uninstall: vars: workspace_id: "{{ bundle.parameters.workspace_id }}" tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" + tre_resource_id: "{{ bundle.parameters.id }}" sql_sku: "{{ bundle.parameters.sql_sku }}" storage_mb: "{{ bundle.parameters.storage_mb }}" db_name: "{{ bundle.parameters.db_name }}" diff --git a/templates/workspace_services/sql/terraform/locals.tf b/templates/workspace_services/sql/terraform/locals.tf index 71f275b553..d666bfa202 100644 --- a/templates/workspace_services/sql/terraform/locals.tf +++ b/templates/workspace_services/sql/terraform/locals.tf @@ -1,5 +1,5 @@ locals { - short_service_id = substr(var.id, -4, -1) + short_service_id = substr(var.tre_resource_id, -4, -1) short_workspace_id = substr(var.workspace_id, -4, -1) workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}" service_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_service_id}" @@ -11,4 +11,9 @@ locals { "GP | 5GB 6vCores" = { value = "GP_Gen5_6" }, "GP | 5GB 8vCores" = { value = "GP_Gen5_8" } } + workspace_service_tags = { + tre_id = var.tre_id + tre_workspace_id = var.workspace_id + tre_workspace_service_id = var.tre_resource_id + } } diff --git a/templates/workspace_services/sql/terraform/main.tf b/templates/workspace_services/sql/terraform/main.tf index eaf6e222e7..ee82be7950 100644 --- a/templates/workspace_services/sql/terraform/main.tf +++ b/templates/workspace_services/sql/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.5.0" + version = "3.18.0" } random = { source = "hashicorp/random" diff --git a/templates/workspace_services/sql/terraform/mysql.tf b/templates/workspace_services/sql/terraform/mysql.tf index 5ae41bafd5..0fcda7dbbf 100644 --- a/templates/workspace_services/sql/terraform/mysql.tf +++ b/templates/workspace_services/sql/terraform/mysql.tf @@ -22,6 +22,7 @@ resource "azurerm_mysql_server" "mysql" { public_network_access_enabled = false ssl_enforcement_enabled = true ssl_minimal_tls_version_enforced = "TLS1_2" + tags = local.workspace_service_tags lifecycle { ignore_changes = [tags] } } @@ -39,6 +40,7 @@ resource "azurerm_private_endpoint" "mysql_private_endpoint" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name subnet_id = data.azurerm_subnet.services.id + tags = local.workspace_service_tags private_service_connection { private_connection_resource_id = azurerm_mysql_server.mysql.id diff --git a/templates/workspace_services/sql/terraform/variables.tf b/templates/workspace_services/sql/terraform/variables.tf index e1619147f2..a0fab05e1e 100644 --- a/templates/workspace_services/sql/terraform/variables.tf +++ b/templates/workspace_services/sql/terraform/variables.tf @@ -1,6 +1,6 @@ variable "workspace_id" {} variable "tre_id" {} -variable "id" {} +variable "tre_resource_id" {} variable "sql_sku" {} variable "db_name" {} variable "storage_mb" { From ec2462b5cb44faa7e663c40bfa8057d4e01e504d Mon Sep 17 00:00:00 2001 From: Anat Balzam Date: Thu, 18 Aug 2022 12:31:34 +0000 Subject: [PATCH 6/6] change from sql to mysql --- templates/workspace_services/{sql => mysql}/.dockerignore | 0 templates/workspace_services/{sql => mysql}/.env.sample | 0 templates/workspace_services/{sql => mysql}/.gitignore | 0 templates/workspace_services/{sql => mysql}/Dockerfile.tmpl | 0 templates/workspace_services/{sql => mysql}/parameters.json | 0 templates/workspace_services/{sql => mysql}/porter.yaml | 0 templates/workspace_services/{sql => mysql}/template_schema.json | 0 templates/workspace_services/{sql => mysql}/terraform/locals.tf | 0 templates/workspace_services/{sql => mysql}/terraform/main.tf | 0 templates/workspace_services/{sql => mysql}/terraform/mysql.tf | 0 templates/workspace_services/{sql => mysql}/terraform/outputs.tf | 0 .../workspace_services/{sql => mysql}/terraform/variables.tf | 0 12 files changed, 0 insertions(+), 0 deletions(-) rename templates/workspace_services/{sql => mysql}/.dockerignore (100%) rename templates/workspace_services/{sql => mysql}/.env.sample (100%) rename templates/workspace_services/{sql => mysql}/.gitignore (100%) rename templates/workspace_services/{sql => mysql}/Dockerfile.tmpl (100%) rename templates/workspace_services/{sql => mysql}/parameters.json (100%) rename templates/workspace_services/{sql => mysql}/porter.yaml (100%) rename templates/workspace_services/{sql => mysql}/template_schema.json (100%) rename templates/workspace_services/{sql => mysql}/terraform/locals.tf (100%) rename templates/workspace_services/{sql => mysql}/terraform/main.tf (100%) rename templates/workspace_services/{sql => mysql}/terraform/mysql.tf (100%) rename templates/workspace_services/{sql => mysql}/terraform/outputs.tf (100%) rename templates/workspace_services/{sql => mysql}/terraform/variables.tf (100%) diff --git a/templates/workspace_services/sql/.dockerignore b/templates/workspace_services/mysql/.dockerignore similarity index 100% rename from templates/workspace_services/sql/.dockerignore rename to templates/workspace_services/mysql/.dockerignore diff --git a/templates/workspace_services/sql/.env.sample b/templates/workspace_services/mysql/.env.sample similarity index 100% rename from templates/workspace_services/sql/.env.sample rename to templates/workspace_services/mysql/.env.sample diff --git a/templates/workspace_services/sql/.gitignore b/templates/workspace_services/mysql/.gitignore similarity index 100% rename from templates/workspace_services/sql/.gitignore rename to templates/workspace_services/mysql/.gitignore diff --git a/templates/workspace_services/sql/Dockerfile.tmpl b/templates/workspace_services/mysql/Dockerfile.tmpl similarity index 100% rename from templates/workspace_services/sql/Dockerfile.tmpl rename to templates/workspace_services/mysql/Dockerfile.tmpl diff --git a/templates/workspace_services/sql/parameters.json b/templates/workspace_services/mysql/parameters.json similarity index 100% rename from templates/workspace_services/sql/parameters.json rename to templates/workspace_services/mysql/parameters.json diff --git a/templates/workspace_services/sql/porter.yaml b/templates/workspace_services/mysql/porter.yaml similarity index 100% rename from templates/workspace_services/sql/porter.yaml rename to templates/workspace_services/mysql/porter.yaml diff --git a/templates/workspace_services/sql/template_schema.json b/templates/workspace_services/mysql/template_schema.json similarity index 100% rename from templates/workspace_services/sql/template_schema.json rename to templates/workspace_services/mysql/template_schema.json diff --git a/templates/workspace_services/sql/terraform/locals.tf b/templates/workspace_services/mysql/terraform/locals.tf similarity index 100% rename from templates/workspace_services/sql/terraform/locals.tf rename to templates/workspace_services/mysql/terraform/locals.tf diff --git a/templates/workspace_services/sql/terraform/main.tf b/templates/workspace_services/mysql/terraform/main.tf similarity index 100% rename from templates/workspace_services/sql/terraform/main.tf rename to templates/workspace_services/mysql/terraform/main.tf diff --git a/templates/workspace_services/sql/terraform/mysql.tf b/templates/workspace_services/mysql/terraform/mysql.tf similarity index 100% rename from templates/workspace_services/sql/terraform/mysql.tf rename to templates/workspace_services/mysql/terraform/mysql.tf diff --git a/templates/workspace_services/sql/terraform/outputs.tf b/templates/workspace_services/mysql/terraform/outputs.tf similarity index 100% rename from templates/workspace_services/sql/terraform/outputs.tf rename to templates/workspace_services/mysql/terraform/outputs.tf diff --git a/templates/workspace_services/sql/terraform/variables.tf b/templates/workspace_services/mysql/terraform/variables.tf similarity index 100% rename from templates/workspace_services/sql/terraform/variables.tf rename to templates/workspace_services/mysql/terraform/variables.tf