diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ce72c92f0..a8291ae219 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ ENHANCEMENTS: * Adds extra dns zones and links into core network ([#2828](https://github.com/microsoft/AzureTRE/pull/2828)). * Add UI version to its footer card ([#2849](https://github.com/microsoft/AzureTRE/pull/2849)). * Use `log_category_types` in `azurerm_monitor_diagnostic_categories` to remove deprecation warning ([#2855](https://github.com/microsoft/AzureTRE/pull/2855)). +* Gitea workspace bundle has a number of updates as detailed in PR ([#2862](https://github.com/microsoft/AzureTRE/pull/2862). BUG FIXES: * Show the correct createdBy value for airlock requests in UI and in API queries ([#2779](https://github.com/microsoft/AzureTRE/pull/2779)) diff --git a/docs/tre-templates/workspace-services/gitea.md b/docs/tre-templates/workspace-services/gitea.md index 047e5c6374..b62b9778aa 100644 --- a/docs/tre-templates/workspace-services/gitea.md +++ b/docs/tre-templates/workspace-services/gitea.md @@ -4,7 +4,7 @@ See: [https://gitea.io/](https://gitea.io) ## Firewall Rules -The Gitea worskpace service needs outbound access to: +The Gitea worskpace service opens outbound access to: - AzureActiveDirectory - Azure AD CDN - `https://aadcdn.msftauth.net` @@ -15,23 +15,12 @@ The Gitea worskpace service needs outbound access to: - The Gitea workspace service container image needs building and pushing: - `make build-gitea-workspace-service-image push-gitea-workspace-service-image` - -## Gitea Workspace Service Configuration - -When deploying a Gitea Workspace service the following properties need to be configured. - -| Property | Description | -| -------- | ----------- | -| `openid_client_id` | Valid client ID of the Workspace App Registration. | -| `openid_client_secret` | Valid client secret of the Workspace App Registration. | -| `openid_authority` | Valid authority of the OpenID service, such as `https://login.microsoftonline.com/{tenant_id}/v2.0` | - -Once the service is deployed a redirect URL will need adding to the Azure AD app registration in the format: `https:///user/oauth2/oidc/callback` + `make workspace_service_bundle BUNDLE=gitea` ## Authenticating to Gitea and setting up a local username and password -1. Navigate to the Gitea workspace service and from the menu click the `Sign in` button. -2. Click sign in with OpenID button and sign in with the same credentials used to access the workspace. -3. Once succesfully signed in choose a username. -4. Navigate to the user settings and under the account tab set a password for your account( `https:///user/settings/account` ). This username and passowrd should be used to authenticate against Gitea when carrying out git operations. +1. Navigate to the Gitea workspace service using the connection URI from the details tab. +2. and from the menu click the `Sign in` button. +3. Click sign in with OpenID button and sign in with the same credentials used to access the workspace. +4. Once succesfully signed in choose a username. +5. Navigate to the user settings and under the account tab set a password for your account( `https:///user/settings/account` ). This username and passowrd should be used to authenticate against Gitea when carrying out git operations. diff --git a/templates/workspace_services/gitea/.env.sample b/templates/workspace_services/gitea/.env.sample index 87c268dc83..bd27cfc391 100644 --- a/templates/workspace_services/gitea/.env.sample +++ b/templates/workspace_services/gitea/.env.sample @@ -1,6 +1,3 @@ ID="__CHANGE_ME__" WORKSPACE_ID="__CHANGE_ME__" -OPENID_CLIENT_ID="__CHANGE_ME__" -OPENID_CLIENT_SECRET="__CHANGE_ME__" -OPENID_AUTHORITY="__CHANGE_ME__" MGMT_ACR_NAME="__CHANGE_ME__" diff --git a/templates/workspace_services/gitea/docker/Dockerfile b/templates/workspace_services/gitea/docker/Dockerfile index 9d7cea1bb3..c82267de82 100644 --- a/templates/workspace_services/gitea/docker/Dockerfile +++ b/templates/workspace_services/gitea/docker/Dockerfile @@ -1,10 +1,10 @@ -ARG GITEA_TAG=1.16.3 +ARG GITEA_TAG=1.17.3 ARG CERTIFICATE_URL=https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem FROM gitea/gitea:${GITEA_TAG} # need to pass args to stage ARG CERTIFICATE_URL -RUN wget -O /usr/local/share/ca-certificates/mysql.crt.pem ${CERTIFICATE_URL} && update-ca-certificates +RUN wget -q -O /usr/local/share/ca-certificates/mysql.crt.pem ${CERTIFICATE_URL} && update-ca-certificates COPY . / RUN /usr/sbin/adduser -D -g users gitea diff --git a/templates/workspace_services/gitea/parameters.json b/templates/workspace_services/gitea/parameters.json index a9964f32f5..08f1678c99 100755 --- a/templates/workspace_services/gitea/parameters.json +++ b/templates/workspace_services/gitea/parameters.json @@ -34,24 +34,6 @@ "env": "MGMT_RESOURCE_GROUP_NAME" } }, - { - "name": "openid_client_id", - "source": { - "env": "OPENID_CLIENT_ID" - } - }, - { - "name": "openid_client_secret", - "source": { - "env": "OPENID_CLIENT_SECRET" - } - }, - { - "name": "openid_authority", - "source": { - "env": "OPENID_AUTHORITY" - } - }, { "name": "tfstate_container_name", "source": { diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index 21ab5eb2f7..5c6d95bd52 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,6 +1,6 @@ --- name: tre-workspace-service-gitea -version: 0.5.0 +version: 0.6.0 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -35,18 +35,6 @@ parameters: type: string description: "Resource group containing the devops ACR" env: MGMT_RESOURCE_GROUP_NAME - - name: openid_client_id - type: string - description: "The OpenID client ID" - env: OPENID_CLIENT_ID - - name: openid_client_secret - type: string - description: "The OpenID client secret" - env: OPENID_CLIENT_SECRET - - name: openid_authority - type: string - description: "The OpenID authority" - env: OPENID_AUTHORITY # the following are added automatically by the resource processor - name: id type: string @@ -74,50 +62,69 @@ mixins: clientVersion: 1.2.6 outputs: - - name: connection_uri + - name: internal_connection_uri type: string applyTo: - install + - upgrade + - name: authentication_callback_uri + type: string + applyTo: + - install + - upgrade + - name: workspace_address_space + type: string + applyTo: + - install + - upgrade install: - terraform: description: "Deploy Gitea workspace service" - input: false vars: workspace_id: "{{ bundle.parameters.workspace_id }}" tre_id: "{{ bundle.parameters.tre_id }}" id: "{{ bundle.parameters.id }}" mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - openid_client_id: "{{ bundle.parameters.openid_client_id }}" - openid_client_secret: "{{ bundle.parameters.openid_client_secret }}" - openid_authority: "{{ bundle.parameters.openid_authority }}" backendConfig: resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" container_name: "{{ bundle.parameters.tfstate_container_name }}" key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" outputs: - - name: connection_uri + - name: internal_connection_uri + - name: authentication_callback_uri + - name: workspace_address_space + upgrade: - - exec: - description: "Upgrade shared service" - command: echo - arguments: - - "This shared service does not implement upgrade action" + - terraform: + description: "Deploy Gitea workspace service" + vars: + workspace_id: "{{ bundle.parameters.workspace_id }}" + tre_id: "{{ bundle.parameters.tre_id }}" + id: "{{ bundle.parameters.id }}" + mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + backendConfig: + resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" + storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" + container_name: "{{ bundle.parameters.tfstate_container_name }}" + key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + outputs: + - name: internal_connection_uri + - name: authentication_callback_uri + - name: workspace_address_space + uninstall: - terraform: description: "Tear down Gitead workspace service" - input: false vars: workspace_id: "{{ bundle.parameters.workspace_id }}" tre_id: "{{ bundle.parameters.tre_id }}" id: "{{ bundle.parameters.id }}" mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - openid_client_id: "{{ bundle.parameters.openid_client_id }}" - openid_client_secret: "{{ bundle.parameters.openid_client_secret }}" - openid_authority: "{{ bundle.parameters.openid_authority }}" backendConfig: resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" diff --git a/templates/workspace_services/gitea/template_schema.json b/templates/workspace_services/gitea/template_schema.json index 0e802be4cf..4bc5a777a4 100644 --- a/templates/workspace_services/gitea/template_schema.json +++ b/templates/workspace_services/gitea/template_schema.json @@ -5,28 +5,214 @@ "title": "Gitea Workspace Service", "description": "Provides Git services within the workspace", "required": [ - "openid_client_id", - "openid_client_secret", - "openid_authority" ], "properties": { - "openid_client_id": { - "$id": "#/properties/openid_client_id", - "type": "string", - "title": "OpenID client id", - "description": "The OpenID client ID. This value is typically provided to you by the OpenID service when OpenID credentials are generated for your application." - }, - "openid_client_secret": { - "$id": "#/properties/openid_client_secret", - "type": "string", - "title": "OpenID client secret", - "description": "The OpenID client secret. This value is typically provided to you by the OpenID service when OpenID credentials are generated for your application." - }, - "openid_authority": { - "$id": "#/properties/openid_authority", - "type": "string", - "title": "OpenID authority", - "description": "The OpenID authority. This value is typically provided to you by the OpenID service when OpenID credentials are generated for your application." - } + }, + "pipeline": { + "install": [ + { + "stepId": "main" + }, + { + "stepId": "12ba0dad-ea6c-4d0d-9255-d316212f5ffa", + "stepTitle": "Add Gitea URI as AAD redirect URI", + "resourceType": "workspace", + "resourceAction": "upgrade", + "properties": [ + { + "name": "aad_redirect_uris", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "{{ resource.id }}", + "value": "{{ resource.properties.authentication_callback_uri }}" + } + } + ] + }, + { + "stepId": "260421b3-7308-491f-b531-e007cbh0ff46", + "stepTitle": "Add network firewall rules for gitea", + "resourceTemplateName": "tre-shared-service-firewall", + "resourceType": "shared-service", + "resourceAction": "upgrade", + "properties": [ + { + "name": "network_rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "nrc_svc_{{ resource.id }}_gitea", + "action": "Allow", + "rules": [ + { + "name": "AzureAD", + "description": "AAD access", + "source_addresses": "{{ resource.properties.workspace_address_space }}", + "destination_addresses": ["AzureActiveDirectory"], + "destination_ports": ["*"], + "protocols": ["TCP"] + } + ] + } + }, + { + "name": "rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "arc_svc_{{ resource.id }}_gitea", + "action": "Allow", + "rules": [ + { + "name": "AAD CDN", + "description": "AAD CDN", + "source_addresses": "{{ resource.properties.workspace_address_space }}", + "target_fqdns": [ + "aadcdn.msftauth.net" + ], + "protocols": [ + { + "port": "443", + "type": "Https" + } + ] + } + ] + } + } + ] + } + ], + "upgrade": [ + { + "stepId": "main" + }, + { + "stepId": "260421b3-7308-491f-b531-e007cdc0ff46", + "stepTitle": "Add network firewall rules for gitea", + "resourceTemplateName": "tre-shared-service-firewall", + "resourceType": "shared-service", + "resourceAction": "upgrade", + "properties": [ + { + "name": "network_rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "nrc_svc_{{ resource.id }}_gitea", + "action": "Allow", + "rules": [ + { + "name": "AzureAD", + "description": "AAD access for authNZ", + "source_addresses": "{{ resource.properties.workspace_address_space }}", + "destination_addresses": ["AzureActiveDirectory"], + "destination_ports": ["*"], + "protocols": ["TCP"] + } + ] + } + }, + { + "name": "rule_collections", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "arc_svc_{{ resource.id }}_gitea", + "action": "Allow", + "rules": [ + { + "name": "AAD CDN", + "description": "AAD CDN", + "source_addresses": "{{ resource.properties.workspace_address_space }}", + "target_fqdns": [ + "aadcdn.msftauth.net" + ], + "protocols": [ + { + "port": "443", + "type": "Https" + } + ] + } + ] + } + } + ] + }, + { + "stepId": "741c7ff2-eff5-47b2-bf62-2b410d65c96b", + "stepTitle": "Add Gitea URI as AAD redirect URI", + "resourceType": "workspace", + "resourceAction": "upgrade", + "properties": [ + { + "name": "aad_redirect_uris", + "type": "array", + "arraySubstitutionAction": "replace", + "arrayMatchField": "name", + "value": { + "name": "{{ resource.id }}", + "value": "{{ resource.properties.authentication_callback_uri }}" + } + } + ] + } + ], + "uninstall": [ + { + "stepId": "9a1d6b95-26c8-4165-8890-573dd4e2b45c", + "stepTitle": "Update Gitea URI to AAD redirect URI", + "resourceType": "workspace", + "resourceAction": "upgrade", + "properties": [ + { + "name": "aad_redirect_uris", + "type": "array", + "arraySubstitutionAction": "remove", + "arrayMatchField": "name", + "value": { + "name": "{{ resource.id }}" + } + } + ] + }, + { + "stepId": "260421b3-7388-491f-b531-e007cdc0ff46", + "stepTitle": "Add network firewall rules for gitea", + "resourceTemplateName": "tre-shared-service-firewall", + "resourceType": "shared-service", + "resourceAction": "upgrade", + "properties": [ + { + "name": "network_rule_collections", + "type": "array", + "arraySubstitutionAction": "remove", + "arrayMatchField": "name", + "value": { + "name": "nrc_svc_{{ resource.id }}_gitea" + } + }, + { + "name": "rule_collections", + "type": "array", + "arraySubstitutionAction": "remove", + "arrayMatchField": "name", + "value": { + "name": "arc_svc_{{ resource.id }}_gitea" + } + } + ] + }, + { + "stepId": "main" + } + ] } } diff --git a/templates/workspace_services/gitea/terraform/data.tf b/templates/workspace_services/gitea/terraform/data.tf new file mode 100644 index 0000000000..e6d1fb493f --- /dev/null +++ b/templates/workspace_services/gitea/terraform/data.tf @@ -0,0 +1,76 @@ +data "azurerm_resource_group" "ws" { + name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_virtual_network" "ws" { + name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" + resource_group_name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_subnet" "web_apps" { + name = "WebAppsSubnet" + virtual_network_name = data.azurerm_virtual_network.ws.name + resource_group_name = data.azurerm_virtual_network.ws.resource_group_name +} + +data "azurerm_subnet" "services" { + name = "ServicesSubnet" + virtual_network_name = data.azurerm_virtual_network.ws.name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_private_dns_zone" "azurewebsites" { + name = "privatelink.azurewebsites.net" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_container_registry" "mgmt_acr" { + name = var.mgmt_acr_name + resource_group_name = var.mgmt_resource_group_name +} + +data "azurerm_log_analytics_workspace" "tre" { + name = "log-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_private_dns_zone" "mysql" { + name = "privatelink.mysql.database.azure.com" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_private_dns_zone" "filecore" { + name = "privatelink.file.core.windows.net" + resource_group_name = local.core_resource_group_name +} + +data "local_file" "version" { + filename = "${path.module}/../version.txt" +} + +data "azurerm_key_vault" "ws" { + name = local.keyvault_name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_key_vault_secret" "aad_tenant_id" { + name = "auth-tenant-id" + key_vault_id = data.azurerm_key_vault.ws.id +} + +data "azurerm_key_vault_secret" "client_id" { + name = "workspace-client-id" + key_vault_id = data.azurerm_key_vault.ws.id +} + +data "azurerm_key_vault_secret" "client_secret" { + name = "workspace-client-secret" + key_vault_id = data.azurerm_key_vault.ws.id +} + +data "azurerm_monitor_diagnostic_categories" "gitea" { + resource_id = azurerm_linux_web_app.gitea.id + depends_on = [ + azurerm_linux_web_app.gitea, + ] +} diff --git a/templates/workspace_services/gitea/terraform/gitea-webapp.tf b/templates/workspace_services/gitea/terraform/gitea-webapp.tf index d1019caf6b..968dbdfada 100644 --- a/templates/workspace_services/gitea/terraform/gitea-webapp.tf +++ b/templates/workspace_services/gitea/terraform/gitea-webapp.tf @@ -10,6 +10,7 @@ resource "random_password" "gitea_passwd" { resource "azurerm_user_assigned_identity" "gitea_id" { resource_group_name = data.azurerm_resource_group.ws.name location = data.azurerm_resource_group.ws.location + tags = local.workspace_service_tags name = "id-gitea-${local.service_resource_name_suffix}" @@ -37,17 +38,17 @@ resource "azurerm_linux_web_app" "gitea" { GITEA_USERNAME = "giteaadmin" GITEA_PASSWD = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.gitea_password.id})" GITEA_EMAIL = "giteaadmin@azuretre.com" - GITEA_OPENID_CLIENT_ID = var.openid_client_id - GITEA_OPENID_CLIENT_SECRET = var.openid_client_secret - GITEA_OPENID_AUTHORITY = var.openid_authority + GITEA_OPENID_CLIENT_ID = data.azurerm_key_vault_secret.client_id.value + GITEA_OPENID_CLIENT_SECRET = data.azurerm_key_vault_secret.client_secret.value + GITEA_OPENID_AUTHORITY = "https://login.microsoftonline.com/${data.azurerm_key_vault_secret.aad_tenant_id.value}/v2.0" GITEA__server__ROOT_URL = "https://${local.webapp_name}.azurewebsites.net/" GITEA__server__LFS_START_SERVER = "true" GITEA__server__OFFLINE_MODE = true GITEA__lfs__PATH = "/data/gitea/lfs" GITEA__lfs__STORAGE_TYPE = "local" GITEA__log_0x2E_console__COLORIZE = "false" # Azure monitor doens't show colors, so this is easier to read. - GITEA__openid__ENALBLE_OPENID_SIGNIN = "false" - GITEA__openid__ENABLE_OPENID_SIGNUP = "true" + GITEA__openid__ENABLE_OPENID_SIGNIN = "true" + GITEA__openid__ENABLE_OPENID_SIGNUP = "false" GITEA__picture__DISABLE_GRAVATAR = "true" # external avaters are not available due to network restrictions GITEA__security__INSTALL_LOCK = true GITEA__service__DISABLE_REGISTRATION = false @@ -130,89 +131,21 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" { lifecycle { ignore_changes = [tags] } } - -resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { +resource "azurerm_monitor_diagnostic_setting" "gitea" { name = "diag-${local.service_resource_name_suffix}" target_resource_id = azurerm_linux_web_app.gitea.id log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id - log { - category = "AppServiceHTTPLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServiceConsoleLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServiceAppLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServiceFileAuditLogs" - enabled = true + dynamic "log" { + for_each = data.azurerm_monitor_diagnostic_categories.gitea.log_category_types + content { + category = log.value + enabled = contains(local.web_app_diagnostic_categories_enabled, log.value) ? true : false - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServiceAuditLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServiceIPSecAuditLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServicePlatformLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false - } - } - - log { - category = "AppServiceAntivirusScanAuditLogs" - enabled = true - - retention_policy { - days = 1 - enabled = false + retention_policy { + enabled = contains(local.web_app_diagnostic_categories_enabled, log.value) ? true : false + days = 365 + } } } @@ -238,6 +171,7 @@ resource "azurerm_key_vault_secret" "gitea_password" { name = "${local.webapp_name}-administrator-password" value = random_password.gitea_passwd.result key_vault_id = data.azurerm_key_vault.ws.id + tags = local.workspace_service_tags depends_on = [ azurerm_key_vault_access_policy.gitea_policy diff --git a/templates/workspace_services/gitea/terraform/locals.tf b/templates/workspace_services/gitea/terraform/locals.tf index 33e2f7b838..efdc201d0d 100644 --- a/templates/workspace_services/gitea/terraform/locals.tf +++ b/templates/workspace_services/gitea/terraform/locals.tf @@ -13,4 +13,8 @@ locals { tre_workspace_id = var.workspace_id tre_workspace_service_id = var.id } + web_app_diagnostic_categories_enabled = [ + "AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs", "AppServiceFileAuditLogs", + "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs" + ] } diff --git a/templates/workspace_services/gitea/terraform/main.tf b/templates/workspace_services/gitea/terraform/main.tf index a9a66e4869..de5cac5164 100644 --- a/templates/workspace_services/gitea/terraform/main.tf +++ b/templates/workspace_services/gitea/terraform/main.tf @@ -34,63 +34,3 @@ provider "azurerm" { } } } - -data "azurerm_resource_group" "ws" { - name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" -} - -data "azurerm_virtual_network" "ws" { - name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" - resource_group_name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" -} - -data "azurerm_key_vault" "ws" { - name = local.keyvault_name - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_key_vault_secret" "aad_tenant_id" { - name = "auth-tenant-id" - key_vault_id = data.azurerm_key_vault.ws.id -} - -data "azurerm_subnet" "web_apps" { - name = "WebAppsSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} - -data "azurerm_subnet" "services" { - name = "ServicesSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_private_dns_zone" "azurewebsites" { - name = "privatelink.azurewebsites.net" - resource_group_name = local.core_resource_group_name -} - -data "azurerm_container_registry" "mgmt_acr" { - name = var.mgmt_acr_name - resource_group_name = var.mgmt_resource_group_name -} - -data "azurerm_log_analytics_workspace" "tre" { - name = "log-${var.tre_id}" - resource_group_name = local.core_resource_group_name -} - -data "azurerm_private_dns_zone" "mysql" { - name = "privatelink.mysql.database.azure.com" - resource_group_name = local.core_resource_group_name -} - -data "azurerm_private_dns_zone" "filecore" { - name = "privatelink.file.core.windows.net" - resource_group_name = local.core_resource_group_name -} - -data "local_file" "version" { - filename = "${path.module}/../version.txt" -} diff --git a/templates/workspace_services/gitea/terraform/outputs.tf b/templates/workspace_services/gitea/terraform/outputs.tf index cee94c7734..524d23843c 100644 --- a/templates/workspace_services/gitea/terraform/outputs.tf +++ b/templates/workspace_services/gitea/terraform/outputs.tf @@ -2,6 +2,14 @@ output "gitea_fqdn" { value = azurerm_linux_web_app.gitea.default_hostname } -output "connection_uri" { +output "authentication_callback_uri" { + value = "https://${azurerm_linux_web_app.gitea.default_hostname}/user/oauth2/oidc/callback" +} + +output "internal_connection_uri" { value = "https://${azurerm_linux_web_app.gitea.default_hostname}/" } + +output "workspace_address_space" { + value = jsonencode(data.azurerm_virtual_network.ws.address_space) +} diff --git a/templates/workspace_services/gitea/terraform/variables.tf b/templates/workspace_services/gitea/terraform/variables.tf index fe91522f5c..92e02ee44c 100644 --- a/templates/workspace_services/gitea/terraform/variables.tf +++ b/templates/workspace_services/gitea/terraform/variables.tf @@ -8,6 +8,4 @@ variable "gitea_storage_limit" { description = "Space allocated in GB for the Gitea data in Azure Files Share" default = 100 } -variable "openid_client_id" {} -variable "openid_client_secret" {} -variable "openid_authority" {} + diff --git a/templates/workspace_services/gitea/version.txt b/templates/workspace_services/gitea/version.txt index f9aa3e1109..906d362f7d 100644 --- a/templates/workspace_services/gitea/version.txt +++ b/templates/workspace_services/gitea/version.txt @@ -1 +1 @@ -__version__ = "0.3.2" +__version__ = "0.6.0"