From 37454e1b0dcfe6f88bb3f59a61169352dbc8ce64 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 3 Oct 2022 05:45:28 +0000
Subject: [PATCH 1/5] appservice plan sku in github actions
---
.../actions/devcontainer_run_command/action.yml | 12 ++++++++++++
.github/workflows/deploy_tre.yml | 2 ++
.github/workflows/deploy_tre_branch.yml | 2 ++
.github/workflows/deploy_tre_reusable.yml | 17 +++++++++++++++--
CHANGELOG.md | 1 +
docs/tre-admins/environment-variables.md | 2 ++
docs/tre-admins/setup-instructions/workflows.md | 8 +++++---
e2e_tests/.env.sample | 3 +++
e2e_tests/airlock/request.py | 2 +-
e2e_tests/config.py | 2 +-
e2e_tests/test_airlock.py | 2 +-
templates/core/.env.sample | 7 +++++--
.../core/terraform/airlock/airlock_processor.tf | 2 +-
templates/core/terraform/airlock/variables.tf | 2 +-
templates/core/terraform/api-webapp.tf | 2 +-
templates/core/terraform/main.tf | 2 +-
templates/core/terraform/variables.tf | 2 +-
.../airlock-import-review/parameters.json | 2 +-
templates/workspaces/base/parameters.json | 2 +-
.../workspaces/unrestricted/parameters.json | 2 +-
20 files changed, 58 insertions(+), 18 deletions(-)
diff --git a/.github/actions/devcontainer_run_command/action.yml b/.github/actions/devcontainer_run_command/action.yml
index a00e31b758..21310b5d65 100644
--- a/.github/actions/devcontainer_run_command/action.yml
+++ b/.github/actions/devcontainer_run_command/action.yml
@@ -95,6 +95,14 @@ inputs:
description: "Log level for terraform - values are blank | DEBUG | TRACE"
required: false
default: ""
+ CORE_APP_SERVICE_PLAN_SKU:
+ description: "The AppService plan sku used in core resources"
+ required: false
+ default: ""
+ WORKSPACE_APP_SERVICE_PLAN_SKU:
+ description: "The AppService plan sku used by tests"
+ required: false
+ default: ""
runs:
using: composite
@@ -162,5 +170,9 @@ runs:
-e TF_VAR_stateful_resources_locked=${{ inputs.STATEFUL_RESOURCES_LOCKED }} \
-e TF_VAR_enable_airlock_malware_scanning=${{ inputs.ENABLE_AIRLOCK_MALWARE_SCANNING }} \
-e CI_CACHE_ACR_NAME="${{ inputs.CI_CACHE_ACR_NAME }}" \
+ -e TF_VAR_core_app_service_plan_sku="${{ (inputs.CORE_APP_SERVICE_PLAN_SKU != ''
+ && inputs.CORE_APP_SERVICE_PLAN_SKU) || 'P1v2' }}" \
+ -e WORKSPACE_APP_SERVICE_PLAN_SKU="${{ (inputs.WORKSPACE_APP_SERVICE_PLAN_SKU != ''
+ && inputs.WORKSPACE_APP_SERVICE_PLAN_SKU) || 'P1v2' }}" \
'${{ inputs.CI_CACHE_ACR_NAME }}.azurecr.io/tredev:${{ inputs.DEVCONTAINER_TAG }}' \
bash -c "${{ inputs.COMMAND }}"
diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml
index 2fde84a1a3..c7038c1870 100644
--- a/.github/workflows/deploy_tre.yml
+++ b/.github/workflows/deploy_tre.yml
@@ -50,3 +50,5 @@ jobs:
TRE_ADDRESS_SPACE: ${{ secrets.TRE_ADDRESS_SPACE }}
TRE_ID: ${{ secrets.TRE_ID }}
CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }}
+ CORE_APP_SERVICE_PLAN_SKU: ${{ secrets.CORE_APP_SERVICE_PLAN_SKU }}
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ inputs.WORKSPACE_APP_SERVICE_PLAN_SKU }}
diff --git a/.github/workflows/deploy_tre_branch.yml b/.github/workflows/deploy_tre_branch.yml
index 583753daa4..54684b05ea 100644
--- a/.github/workflows/deploy_tre_branch.yml
+++ b/.github/workflows/deploy_tre_branch.yml
@@ -83,3 +83,5 @@ jobs:
TRE_ID: ${{ format('tre{0}', needs.prepare-not-main.outputs.refid) }}
CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }}
TF_LOG: ${{ secrets.TF_LOG }}
+ CORE_APP_SERVICE_PLAN_SKU: ${{ secrets.CORE_APP_SERVICE_PLAN_SKU }}
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ secrets.WORKSPACE_APP_SERVICE_PLAN_SKU }}
diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml
index 03deef61cb..6723159501 100644
--- a/.github/workflows/deploy_tre_reusable.yml
+++ b/.github/workflows/deploy_tre_reusable.yml
@@ -100,7 +100,12 @@ on: # yamllint disable-line rule:truthy
AZURE_CREDENTIALS:
description: ""
required: true
-
+ CORE_APP_SERVICE_PLAN_SKU:
+ description: ""
+ required: false
+ WORKSPACE_APP_SERVICE_PLAN_SKU:
+ description: ""
+ required: false
# This will prevent multiple runs of this entire workflow.
# We should NOT cancel in progress runs as that can destabilize the environment.
@@ -289,6 +294,7 @@ jobs:
APPLICATION_ADMIN_CLIENT_ID: "${{ secrets.APPLICATION_ADMIN_CLIENT_ID }}"
APPLICATION_ADMIN_CLIENT_SECRET: "${{ secrets.APPLICATION_ADMIN_CLIENT_SECRET }}"
STATEFUL_RESOURCES_LOCKED: "${{ github.ref == 'refs/heads/main' && inputs.prRef == '' && true || false }}"
+ CORE_APP_SERVICE_PLAN_SKU: ${{ inputs.CORE_APP_SERVICE_PLAN_SKU }}
- name: API Healthcheck
uses: ./.github/actions/devcontainer_run_command
@@ -611,6 +617,7 @@ jobs:
TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
TRE_ID: "${{ secrets.TRE_ID }}"
IS_API_SECURED: false
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ inputs.WORKSPACE_APP_SERVICE_PLAN_SKU }}
- name: Upload Test Results
if: always()
@@ -658,6 +665,7 @@ jobs:
TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
TRE_ID: "${{ secrets.TRE_ID }}"
IS_API_SECURED: false
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ inputs.WORKSPACE_APP_SERVICE_PLAN_SKU }}
- name: Upload Test Results
if: always()
@@ -697,8 +705,13 @@ jobs:
details_url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- name: Notify teams channel
+ env:
+ MS_TEAMS_WEBHOOK_URI: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
# notify only if failure
- if: env.WORKFLOW_CONCLUSION == 'failure' && (github.ref == 'refs/heads/main' && inputs.prRef == '')
+ if: |
+ env.WORKFLOW_CONCLUSION == 'failure' &&
+ env.MS_TEAMS_WEBHOOK_URI != '' &&
+ (github.ref == 'refs/heads/main' && inputs.prRef == '')
uses: sachinkundu/ms-teams-notification@1.4
with:
github-token: ${{ github.token }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ea419da2c..afb3e0789d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
* Github Actions deployments use a single ACR instead of two. Github secrets might need updating, see PR for details. ([#2654](https://github.com/microsoft/AzureTRE/pull/2654))
* Align Github Action secret names. Existing Github environments must be updated, see PR for details. ([#2655](https://github.com/microsoft/AzureTRE/pull/2655))
* Add workspace creator as an owner of the workspace enterprise application ([#2627](https://github.com/microsoft/AzureTRE/pull/2627)). **Migration** if the `AUTO_WORKSPACE_APP_REGISTRATION` is set, the `Directory.Read.All` MS Graph API permission permission needs granting to the Application Registration identified by `APPLICATION_ADMIN_CLIENT_ID`.
+* Add support for setting AppService plan SKU in GitHub Actions. Previous environment variable names of `API_APP_SERVICE_PLAN_SKU_SIZE` and `APP_SERVICE_PLAN_SKU` have been renamed to `CORE_APP_SERVICE_PLAN_SKU` and `WORKSPACE_APP_SERVICE_PLAN_SKU` ([#TBD](https://github.com/microsoft/AzureTRE/pull/TBD))
FEATURES:
diff --git a/docs/tre-admins/environment-variables.md b/docs/tre-admins/environment-variables.md
index 32432d8226..26fec0b364 100644
--- a/docs/tre-admins/environment-variables.md
+++ b/docs/tre-admins/environment-variables.md
@@ -34,3 +34,5 @@
| `ENABLE_LOCAL_DEBUGGING` | Set to `false` by default. Setting this to `true` will ensure that Azure resources are accessible from your local development machine. (e.g. ServiceBus and Cosmos) |
| `PUBLIC_DEPLOYMENT_IP_ADDRESS` | The public IP address of the machine that is deploying TRE. (Your desktop or the build agents). In certain locations a dynamic script to retrieve this from [https://ipecho.net/plain](https://ipecho.net/plain) does not work. If this is the case, then you can 'hardcode' your IP. |
| `RESOURCE_PROCESSOR_VMSS_SKU` | The SKU of the VMMS to use for the resource processing VM. |
+| `CORE_APP_SERVICE_PLAN_SKU` | The SKU of AppService plans created for the core infrastructure. |
+| `WORKSPACE_APP_SERVICE_PLAN_SKU` | Optional. The SKU used for AppService plan used in E2E tests unless otherwise specified. Default value is `P1v2`. |
diff --git a/docs/tre-admins/setup-instructions/workflows.md b/docs/tre-admins/setup-instructions/workflows.md
index 1289477451..298849a10f 100644
--- a/docs/tre-admins/setup-instructions/workflows.md
+++ b/docs/tre-admins/setup-instructions/workflows.md
@@ -6,7 +6,7 @@ Deployment is done using the `/.github/workflows/deploy_tre.yml` workflow. This
## Setup instructions
-Before you can run the `deploy_tre.yml` pipeline there are some one-time configuration steps that we need to do, similar to the Pre-deployment steps for manual deployment.
+Before you can run the `deploy_tre.yml` workflow there are some one-time configuration steps that we need to do, similar to the Pre-deployment steps for manual deployment.
!!! tip
In some of the steps below, you are asked to configure repository secrets. Follow the [GitHub guide](https://docs.github.com/en/actions/security-guides/encrypted-secrets) on creating repository secrets if you are unfamiliar with this step.
@@ -107,7 +107,7 @@ Configure the TEST_WORKSPACE_APP_ID repository secret
The `deploy_tre.yml` workflow sends a notification to a Microsoft Teams channel when it finishes running.
!!! note
- If you don't want to notify a channel, you can also remove the **Notify dedicated teams channel** steps in the pipeline
+ If you don't want to notify a channel, you can also remove the **Notify dedicated teams channel** steps in the workflow
1. Follow the [Microsoft Docs](https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook) to create a webhook for your channel
@@ -119,7 +119,7 @@ The `deploy_tre.yml` workflow sends a notification to a Microsoft Teams channel
### Configure repository secrets
-Configure additional repository secrets used in the deployment pipeline
+Configure additional repository secrets used in the deployment workflow
| Secret name
| Description |
| ----------- | ----------- |
@@ -129,6 +129,8 @@ Configure additional repository secrets used in the deployment pipeline
| `CORE_ADDRESS_SPACE` | The address space for the Azure TRE core virtual network. E.g. `10.1.0.0/22`. Recommended `/22` or larger. |
| `TRE_ADDRESS_SPACE` | The address space for the whole TRE environment virtual network where workspaces networks will be created (can include the core network as well). E.g. `10.0.0.0/12`|
| `TERRAFORM_STATE_CONTAINER_NAME` | Optional. The name of the blob container to hold the Terraform state. Default value is `tfstate`. |
+| `CORE_APP_SERVICE_PLAN_SKU` | Optional. The SKU used for AppService plan for core infrastructure. Default value is `P1v2`. |
+| `WORKSPACE_APP_SERVICE_PLAN_SKU` | Optional. The SKU used for AppService plan used in E2E tests. Default value is `P1v2`. |
### Deploy the TRE using the workflow
diff --git a/e2e_tests/.env.sample b/e2e_tests/.env.sample
index 6a49ba2a53..bc60083d36 100644
--- a/e2e_tests/.env.sample
+++ b/e2e_tests/.env.sample
@@ -13,3 +13,6 @@ TEST_USER_NAME=
TEST_USER_PASSWORD=
TEST_WORKSPACE_APP_ID=
TEST_WORKSPACE_APP_SECRET=
+
+# TODO: move to RP default with https://github.com/microsoft/AzureTRE/pull/2634
+WORKSPACE_APP_SERVICE_PLAN_SKU="P1v2"
diff --git a/e2e_tests/airlock/request.py b/e2e_tests/airlock/request.py
index 0d25dcbc95..c30b91acd9 100644
--- a/e2e_tests/airlock/request.py
+++ b/e2e_tests/airlock/request.py
@@ -99,7 +99,7 @@ async def wait_for_status(
break
LOGGER.info(f"Waiting for request status: {request_status}, current status is {current_status}")
- await asyncio.sleep(2)
+ await asyncio.sleep(5)
def is_final_status(status):
diff --git a/e2e_tests/config.py b/e2e_tests/config.py
index 7409868799..09a3718302 100644
--- a/e2e_tests/config.py
+++ b/e2e_tests/config.py
@@ -16,7 +16,7 @@
TEST_ACCOUNT_CLIENT_SECRET: str = config("TEST_ACCOUNT_CLIENT_SECRET", default="")
TEST_WORKSPACE_APP_ID: str = config("TEST_WORKSPACE_APP_ID", default="")
TEST_WORKSPACE_APP_SECRET: str = config("TEST_WORKSPACE_APP_SECRET", default="")
-TEST_WORKSPACE_APP_PLAN: str = config("APP_SERVICE_PLAN_SKU", default="")
+TEST_WORKSPACE_APP_PLAN: str = config("WORKSPACE_APP_SERVICE_PLAN_SKU", default="")
# Perf test env vars - set these in private.env if you want to run perf tests and use an existing
# workspace + workspace service for quicker execution. If they're blank the perf test will create + delete them.
diff --git a/e2e_tests/test_airlock.py b/e2e_tests/test_airlock.py
index 0140b79835..f0393ff9dc 100644
--- a/e2e_tests/test_airlock.py
+++ b/e2e_tests/test_airlock.py
@@ -23,7 +23,7 @@
@pytest.mark.airlock
@pytest.mark.extended
-@pytest.mark.timeout(2000)
+@pytest.mark.timeout(30 * 60)
async def test_airlock_import_flow(verify) -> None:
admin_token = await get_admin_token(verify)
diff --git a/templates/core/.env.sample b/templates/core/.env.sample
index e602adbc22..94fe8864b0 100644
--- a/templates/core/.env.sample
+++ b/templates/core/.env.sample
@@ -23,7 +23,7 @@ AUTO_WORKSPACE_GROUP_CREATION=false
# be caused by trying to deploy TRE in an Office environment where
# this website is blocked. This value is the public facing IP
# address of the deploying machine.
-#PUBLIC_DEPLOYMENT_IP_ADDRESS=__CHANGE_ME__
+# PUBLIC_DEPLOYMENT_IP_ADDRESS=__CHANGE_ME__
# Uncomment to disable the UI provided as part of this repo
# DEPLOY_UI=false
@@ -54,6 +54,9 @@ AUTO_WORKSPACE_GROUP_CREATION=false
CORE_ADDRESS_SPACE="10.1.0.0/22"
TRE_ADDRESS_SPACE="10.0.0.0/12"
-APP_SERVICE_PLAN_SKU="P1v2"
+CORE_APP_SERVICE_PLAN_SKU="P1v2"
RESOURCE_PROCESSOR_VMSS_SKU="Standard_B2s"
ENABLE_AIRLOCK_MALWARE_SCANNING=false
+
+# TODO: move to RP default with https://github.com/microsoft/AzureTRE/pull/2634
+WORKSPACE_APP_SERVICE_PLAN_SKU="P1v2"
diff --git a/templates/core/terraform/airlock/airlock_processor.tf b/templates/core/terraform/airlock/airlock_processor.tf
index 957ab8d9a5..839560006e 100644
--- a/templates/core/terraform/airlock/airlock_processor.tf
+++ b/templates/core/terraform/airlock/airlock_processor.tf
@@ -11,7 +11,7 @@ resource "azurerm_service_plan" "airlock_plan" {
resource_group_name = var.resource_group_name
location = var.location
os_type = "Linux"
- sku_name = var.airlock_app_service_plan_sku_size
+ sku_name = var.airlock_app_service_plan_sku
tags = var.tre_core_tags
worker_count = 1
diff --git a/templates/core/terraform/airlock/variables.tf b/templates/core/terraform/airlock/variables.tf
index adfa8f0a08..2b23b44b74 100644
--- a/templates/core/terraform/airlock/variables.tf
+++ b/templates/core/terraform/airlock/variables.tf
@@ -28,7 +28,7 @@ variable "mgmt_acr_name" {
description = "Management ACR name"
}
-variable "airlock_app_service_plan_sku_size" {
+variable "airlock_app_service_plan_sku" {
type = string
default = "P1v3"
}
diff --git a/templates/core/terraform/api-webapp.tf b/templates/core/terraform/api-webapp.tf
index 32b4a4b17c..9c2e54bd50 100644
--- a/templates/core/terraform/api-webapp.tf
+++ b/templates/core/terraform/api-webapp.tf
@@ -11,7 +11,7 @@ resource "azurerm_service_plan" "core" {
resource_group_name = azurerm_resource_group.core.name
location = azurerm_resource_group.core.location
os_type = "Linux"
- sku_name = var.api_app_service_plan_sku_size
+ sku_name = var.core_app_service_plan_sku
tags = local.tre_core_tags
worker_count = 1
lifecycle { ignore_changes = [tags] }
diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf
index 9b88109736..62f43481f5 100644
--- a/templates/core/terraform/main.tf
+++ b/templates/core/terraform/main.tf
@@ -109,7 +109,7 @@ module "airlock_resources" {
mgmt_resource_group_name = var.mgmt_resource_group_name
mgmt_acr_name = var.acr_name
api_principal_id = azurerm_user_assigned_identity.id.principal_id
- airlock_app_service_plan_sku_size = var.api_app_service_plan_sku_size
+ airlock_app_service_plan_sku = var.core_app_service_plan_sku
airlock_processor_subnet_id = module.network.airlock_processor_subnet_id
airlock_servicebus = azurerm_servicebus_namespace.sb
applicationinsights_connection_string = module.azure_monitor.app_insights_connection_string
diff --git a/templates/core/terraform/variables.tf b/templates/core/terraform/variables.tf
index cbf5106e2f..924669fd4d 100644
--- a/templates/core/terraform/variables.tf
+++ b/templates/core/terraform/variables.tf
@@ -33,7 +33,7 @@ variable "api_image_repository" {
default = "microsoft/azuretre/api"
}
-variable "api_app_service_plan_sku_size" {
+variable "core_app_service_plan_sku" {
type = string
default = "P1v3"
}
diff --git a/templates/workspaces/airlock-import-review/parameters.json b/templates/workspaces/airlock-import-review/parameters.json
index 4ae62a8205..b2629fa035 100755
--- a/templates/workspaces/airlock-import-review/parameters.json
+++ b/templates/workspaces/airlock-import-review/parameters.json
@@ -115,7 +115,7 @@
{
"name": "app_service_plan_sku",
"source": {
- "env": "APP_SERVICE_PLAN_SKU"
+ "env": "WORKSPACE_APP_SERVICE_PLAN_SKU"
}
},
{
diff --git a/templates/workspaces/base/parameters.json b/templates/workspaces/base/parameters.json
index ccaf94536d..c722629d0b 100755
--- a/templates/workspaces/base/parameters.json
+++ b/templates/workspaces/base/parameters.json
@@ -127,7 +127,7 @@
{
"name": "app_service_plan_sku",
"source": {
- "env": "APP_SERVICE_PLAN_SKU"
+ "env": "WORKSPACE_APP_SERVICE_PLAN_SKU"
}
},
{
diff --git a/templates/workspaces/unrestricted/parameters.json b/templates/workspaces/unrestricted/parameters.json
index 42329886b4..25cab304ae 100755
--- a/templates/workspaces/unrestricted/parameters.json
+++ b/templates/workspaces/unrestricted/parameters.json
@@ -121,7 +121,7 @@
{
"name": "app_service_plan_sku",
"source": {
- "env": "APP_SERVICE_PLAN_SKU"
+ "env": "WORKSPACE_APP_SERVICE_PLAN_SKU"
}
},
{
From 49105d84d67b8cd06339a284b89f10e039dd3955 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 3 Oct 2022 05:54:30 +0000
Subject: [PATCH 2/5] updates
---
CHANGELOG.md | 2 +-
templates/core/version.txt | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index afb3e0789d..87183fbce6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@
* Github Actions deployments use a single ACR instead of two. Github secrets might need updating, see PR for details. ([#2654](https://github.com/microsoft/AzureTRE/pull/2654))
* Align Github Action secret names. Existing Github environments must be updated, see PR for details. ([#2655](https://github.com/microsoft/AzureTRE/pull/2655))
* Add workspace creator as an owner of the workspace enterprise application ([#2627](https://github.com/microsoft/AzureTRE/pull/2627)). **Migration** if the `AUTO_WORKSPACE_APP_REGISTRATION` is set, the `Directory.Read.All` MS Graph API permission permission needs granting to the Application Registration identified by `APPLICATION_ADMIN_CLIENT_ID`.
-* Add support for setting AppService plan SKU in GitHub Actions. Previous environment variable names of `API_APP_SERVICE_PLAN_SKU_SIZE` and `APP_SERVICE_PLAN_SKU` have been renamed to `CORE_APP_SERVICE_PLAN_SKU` and `WORKSPACE_APP_SERVICE_PLAN_SKU` ([#TBD](https://github.com/microsoft/AzureTRE/pull/TBD))
+* Add support for setting AppService plan SKU in GitHub Actions. Previous environment variable names of `API_APP_SERVICE_PLAN_SKU_SIZE` and `APP_SERVICE_PLAN_SKU` have been renamed to `CORE_APP_SERVICE_PLAN_SKU` and `WORKSPACE_APP_SERVICE_PLAN_SKU` ([#2684](https://github.com/microsoft/AzureTRE/pull/2684))
FEATURES:
diff --git a/templates/core/version.txt b/templates/core/version.txt
index e2b01a98c0..905119c354 100644
--- a/templates/core/version.txt
+++ b/templates/core/version.txt
@@ -1 +1 @@
-__version__ = "0.4.31"
+__version__ = "0.4.32"
From df2217f62ee2c902995c6286a465fde657d31561 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 3 Oct 2022 06:00:52 +0000
Subject: [PATCH 3/5] fix
---
.github/workflows/deploy_tre.yml | 2 +-
.github/workflows/deploy_tre_reusable.yml | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml
index c7038c1870..e325fc53b2 100644
--- a/.github/workflows/deploy_tre.yml
+++ b/.github/workflows/deploy_tre.yml
@@ -51,4 +51,4 @@ jobs:
TRE_ID: ${{ secrets.TRE_ID }}
CI_CACHE_ACR_NAME: ${{ secrets.ACR_NAME }}
CORE_APP_SERVICE_PLAN_SKU: ${{ secrets.CORE_APP_SERVICE_PLAN_SKU }}
- WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ inputs.WORKSPACE_APP_SERVICE_PLAN_SKU }}
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ secrets.WORKSPACE_APP_SERVICE_PLAN_SKU }}
diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml
index 6723159501..6050726865 100644
--- a/.github/workflows/deploy_tre_reusable.yml
+++ b/.github/workflows/deploy_tre_reusable.yml
@@ -294,7 +294,7 @@ jobs:
APPLICATION_ADMIN_CLIENT_ID: "${{ secrets.APPLICATION_ADMIN_CLIENT_ID }}"
APPLICATION_ADMIN_CLIENT_SECRET: "${{ secrets.APPLICATION_ADMIN_CLIENT_SECRET }}"
STATEFUL_RESOURCES_LOCKED: "${{ github.ref == 'refs/heads/main' && inputs.prRef == '' && true || false }}"
- CORE_APP_SERVICE_PLAN_SKU: ${{ inputs.CORE_APP_SERVICE_PLAN_SKU }}
+ CORE_APP_SERVICE_PLAN_SKU: ${{ secrets.CORE_APP_SERVICE_PLAN_SKU }}
- name: API Healthcheck
uses: ./.github/actions/devcontainer_run_command
@@ -617,7 +617,7 @@ jobs:
TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
TRE_ID: "${{ secrets.TRE_ID }}"
IS_API_SECURED: false
- WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ inputs.WORKSPACE_APP_SERVICE_PLAN_SKU }}
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ secrets.WORKSPACE_APP_SERVICE_PLAN_SKU }}
- name: Upload Test Results
if: always()
@@ -665,7 +665,7 @@ jobs:
TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
TRE_ID: "${{ secrets.TRE_ID }}"
IS_API_SECURED: false
- WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ inputs.WORKSPACE_APP_SERVICE_PLAN_SKU }}
+ WORKSPACE_APP_SERVICE_PLAN_SKU: ${{ secrets.WORKSPACE_APP_SERVICE_PLAN_SKU }}
- name: Upload Test Results
if: always()
From 8abadfac6b4901f7023f52b0d4f369df9d143f87 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 3 Oct 2022 06:41:34 +0000
Subject: [PATCH 4/5] docs fix
---
docs/azure-tre-overview/architecture.md | 3 ---
docs/azure-tre-overview/user-roles.md | 3 +++
docs/using-tre/index.md | 4 ++--
docs/using-tre/templates/index.md | 2 +-
mkdocs.yml | 2 +-
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/azure-tre-overview/architecture.md b/docs/azure-tre-overview/architecture.md
index 5dbfa2ca26..75d4f95606 100644
--- a/docs/azure-tre-overview/architecture.md
+++ b/docs/azure-tre-overview/architecture.md
@@ -15,9 +15,6 @@ The Azure TRE core plane consists of two groups of components:
- API & Composition Service
- Shared Services
-!!! todo
- The Shared Services [#23](https://github.com/microsoft/AzureTRE/issues/23) and Firewall Shared Service [#882](https://github.com/microsoft/AzureTRE/issues/882) are still work in progress.
-
The TRE API is a service that users can interact with to request changes to workspaces e.g., to create, update, delete workspaces and workspace services inside each workspace. The Composition Service is doing the actual work of mutating the state of each Workspace including the Workspace Services.
Ingress/egress components governs all inbound and outbound traffic from the public Internet to and from Azure TRE including the Workspaces. The Firewall Service is managing the egress rules of the Firewall.
diff --git a/docs/azure-tre-overview/user-roles.md b/docs/azure-tre-overview/user-roles.md
index 24ce6bb2ac..aafa25a971 100644
--- a/docs/azure-tre-overview/user-roles.md
+++ b/docs/azure-tre-overview/user-roles.md
@@ -20,6 +20,9 @@ While we have defined 8 different user roles for the Azure TRE solution, not all
| Data engineer | Move data to and potentially from the TRE | |
| Information security officer | Validate and sign-off TRE deployment | |
+!!! info
+ More granular RBAC information is available [here](../tre-developers/api-permissions-map.md).
+
## Azure administrator
Provisions the Azure TRE solution in an Azure subscription and performs tasks that require knowledge of Azure operations and has access to the Azure subscription.
diff --git a/docs/using-tre/index.md b/docs/using-tre/index.md
index 0de97c9638..406074924c 100644
--- a/docs/using-tre/index.md
+++ b/docs/using-tre/index.md
@@ -27,8 +27,8 @@ To get started with AzureTRE follow the next steps:
1. Follow the steps in this [Github templates guide](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template) to set up the repo.
1. Having the project setup in your account, follow the next steps and guides to setup and extend AzureTRE in your environment:
- - [Local Development](local-development/index.md)
- - Setup [CI/CD pipelines](pipelines/index.md)
+ - [Local Development](local-development/local-development.md)
+ - Setup [CI/CD pipelines](pipelines/pipelines.md)
- Add your [custom templates](templates/index.md)
## How to Contribute to our Documentation
diff --git a/docs/using-tre/templates/index.md b/docs/using-tre/templates/index.md
index 97f4bdaf19..268c9adceb 100644
--- a/docs/using-tre/templates/index.md
+++ b/docs/using-tre/templates/index.md
@@ -30,7 +30,7 @@ See [template authoring guide](../../tre-workspace-authors/authoring-workspace-t
## Publish and Register Custom templates in the CI/CD
-See the [pipelines documentation](../pipelines/index.md) to learn more about publishing and registering your custom templates as part of the CI/CD/
+See the [pipelines documentation](../pipelines/pipelines.md) to learn more about publishing and registering your custom templates as part of the CI/CD/
## How to Contribute to our Documentation
If you have any comments or suggestions about our documentation then you can visit our GitHub project and either raise a new issue, or comment on one of the existing ones.
diff --git a/mkdocs.yml b/mkdocs.yml
index 2a77743349..5c651ff60a 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -108,7 +108,7 @@ nav:
- Registring Templates: tre-admins/registering-templates.md
- Development: # Docs related to the developing code for the AzureTRE
- - Local Development: using-tre/local-development/index.md
+ - Local Development: using-tre/local-development/local-development.md
- Contributing to AzureTRE: # Docs aimed at OSS developers, committing code to the AzureTRE repo
- Introduction: tre-developers/index.md
- API: tre-developers/api.md
From dda404a4291ecdc002e0e65d4a713c1d46d5851c Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 3 Oct 2022 06:45:50 +0000
Subject: [PATCH 5/5] update start-stop
---
docs/tre-admins/start-stop.md | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/docs/tre-admins/start-stop.md b/docs/tre-admins/start-stop.md
index e0ed56b0d0..d3bc77289a 100644
--- a/docs/tre-admins/start-stop.md
+++ b/docs/tre-admins/start-stop.md
@@ -96,20 +96,14 @@ foreach ($Group in $ResourceGroups)
foreach ($item in $VMSS)
{
Write-Output "Stopping $($item.Name)"
- # Native command will generate an error when run in automation
- # Stop-AzVmss -ResourceGroupName $item.ResourceGroupName -VMScaleSetName $item.Name
- $restUri='https://management.azure.com/subscriptions/'+$azContext.Subscription.Id+'/resourceGroups/'+$Group.ResourceGroupName+'/providers/Microsoft.Compute/virtualMachineScaleSets/'+$item.Name+'/deallocate?api-version=2022-03-01'
- $response = Invoke-RestMethod -Uri $restUri -Method POST -Headers $authHeader
+ Stop-AzVmss -ResourceGroupName $item.ResourceGroupName -VMScaleSetName $item.Name -Force
}
$VM = Get-AzVM -ResourceGroupName $Group.ResourceGroupName
foreach ($item in $VM)
{
Write-Output "Stopping $($item.Name)"
- # Native command will generate an error when run in automation
- # Stop-AzVm -ResourceGroupName $item.ResourceGroupName -Name $item.Name
- $restUri='https://management.azure.com/subscriptions/'+$azContext.Subscription.Id+'/resourceGroups/'+$Group.ResourceGroupName+'/providers/Microsoft.Compute/virtualMachines/'+$item.Name+'/deallocate?api-version=2022-03-01'
- $response = Invoke-RestMethod -Uri $restUri -Method POST -Headers $authHeader
+ Stop-AzVm -ResourceGroupName $item.ResourceGroupName -Name $item.Name -Force
}
$WorkspaceResourceGroups = Get-AzResourceGroup -Name "$($Group.ResourceGroupName)-ws-*"
@@ -119,10 +113,7 @@ foreach ($Group in $ResourceGroups)
foreach ($item in $VM)
{
Write-Output "Stopping $($item.Name)"
- # Native command will generate an error when run in automation
- # Stop-AzVm -ResourceGroupName $item.ResourceGroupName -Name $item.Name
- $restUri='https://management.azure.com/subscriptions/'+$azContext.Subscription.Id+'/resourceGroups/'+$Group.ResourceGroupName+'/providers/Microsoft.Compute/virtualMachines/'+$item.Name+'/deallocate?api-version=2022-03-01'
- $response = Invoke-RestMethod -Uri $restUri -Method POST -Headers $authHeader
+ Stop-AzVm -ResourceGroupName $item.ResourceGroupName -Name $item.Name -Force
}
}
}