Add Airlock Manager workspace

[tanya-borisova]

Resolves #2498

What is being addressed

Add a workspace for Airlock Manager that has access to in-review storage account.
Based on work @guybartal did previously in a private repo

How is this addressed

Base workspace terraform files are downloaded onto the Docker container as a .zip archive. They are then unpacked, and a patch file is applied with the only difference required for the airlock manager workspace.

[github-actions]

Unit Test Results

0 tests   - 17   0 ✔️  - 17   0s ⏱️ -12s
0 suites  -   1   0 💤 ±  0 
0 files    -   1   0 ❌ ±  0 

Results for commit 9744321. ± Comparison against base commit caf6a9c.

♻️ This comment has been updated with latest results.

[tanya-borisova]

/test

[github-actions]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/2932386604 (with refid dcfc096d)

(in response to this comment from @tanya-borisova)

[marrobi]

@tanya-borisova rather than duplicating so many files, can the base template assets be pulled/download from a release as part of the bundle dockerfile? Then build upon it?

I intend to do that with the task for creating a workspace with unrestricted Internet access.

[tanya-borisova]

@marrobi I can give it a try, though wouldn't it introduce a dependency in the order in which base and airlock_manager workspaces will need to be built?
Assuming the airlock_manager would depend on the latest version of the base image

[marrobi]

@tanya-borisova rather than depend on the image, download the terraform, and include in a seperate initial terraform step in the porter.yaml, or add additional TF files and have a single terraform step in the Porter.yaml .

[tanya-borisova]

@marrobi I'm not sure I understand your suggestion. By "download the terraform", you mean terraform files? Where do you suggest to download them from?

[marrobi]

Could download a published release, extract the files, or I was thinking of using sparse checkout so just get the files needed.

[martinpeck]

Changes we want to see in this PR include:

• remove the shared storage
• ideally, we want to prevent VM to VM networking

We may need to deal with the problem that VMs attempt to mount shared storage.

[github-actions]

Destroying PR test environment (RG: rg-tredcfc096d)... (run: https://github.com/microsoft/AzureTRE/actions/runs/3052673745)

[github-actions]

Destroying branch test environment (RG: rg-tre7e5589d2)... (run: https://github.com/microsoft/AzureTRE/actions/runs/3052673745)

[github-actions]

Branch test environment destroy complete (RG: rg-tre7e5589d2)

[github-actions]

PR test environment destroy complete (RG: rg-tredcfc096d)

[tanya-borisova]

/test

[github-actions]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/3058881081 (with refid dcfc096d)

(in response to this comment from @tanya-borisova)

[tamirkamara]

Approving but there're a couple of things I think need addressing.

[marrobi]

@tanya-borisova can we have a docs page for this to go along site the other two workspace templates please.

[tanya-borisova]

/test

[github-actions]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/3061126377 (with refid dcfc096d)

(in response to this comment from @tanya-borisova)