diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 5c7b9540f4..1f9b71d204 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -43,7 +43,7 @@ RUN apt-get update && apt-get install -y ca-certificates curl gnupg lsb-release # Install Certbot RUN if [ "${INTERACTIVE}" = "true" ]; then \ - apt-get update && apt-get install -y python3 python3-venv libaugeas0 --no-install-recommends \ + apt-get update && apt-get install -y libaugeas0 --no-install-recommends \ && python3 -m venv /opt/certbot/ \ && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \ && /opt/certbot/bin/pip install --no-cache-dir certbot \ diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index efc1c149cb..a3bc9914f9 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -206,8 +206,12 @@ jobs: # failure in the first attempt indicates a new ACR, so we need to try again after it's been created if: steps.ci_cache_cr_login.outcome != 'success' run: | - # shellcheck disable=SC2034,SC2015 - for i in {1..3}; do az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && break || sleep 10; done + # shellcheck disable=SC2034,SC2015,SC2125 + for i in {1..3}; do + az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && ec=0 && break || ec=\$? && sleep 10 + done + # shellcheck disable=SC2242 + (exit \$ec) - name: Push cached devcontainer run: docker image push ${{ env.CI_CACHE_ACR_URI }}/tredev:${{ secrets.DEVCONTAINER_TAG }} @@ -359,7 +363,7 @@ jobs: # Although porter publish will build automatically, our makefile build target includes logic that should run COMMAND: >- for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }} - && break || sleep 30; done + && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec) DEVCONTAINER_TAG: ${{ secrets.DEVCONTAINER_TAG }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}} @@ -392,7 +396,7 @@ jobs: # Although porter publish will build automatically, our makefile build target includes logic that should run COMMAND: >- for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }} - && break || sleep 30; done + && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec) DEVCONTAINER_TAG: ${{ secrets.DEVCONTAINER_TAG }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}} diff --git a/Makefile b/Makefile index 2b48a3c474..eec65016c5 100644 --- a/Makefile +++ b/Makefile @@ -210,10 +210,11 @@ bundle-check-params: && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,porter \ && cd ${DIR} \ && if [ ! -f "parameters.json" ]; then echo "Error - please create a parameters.json file."; exit 1; fi \ - && if ! porter explain -ojson > /dev/null; then echo "Error - porter explain issue!"; exit 1; fi \ + && if [ "$$(jq -r '.name' parameters.json)" != "$$(yq eval '.name' porter.yaml)" ]; then echo "Error - ParameterSet name isn't equal to bundle's name."; exit 1; fi \ + && if ! porter explain; then echo "Error - porter explain issue!"; exit 1; fi \ && comm_output=$$(set -o pipefail && comm -3 --output-delimiter=: <(porter explain -ojson | jq -r '.parameters[].name | select (. != "arm_use_msi")' | sort) <(jq -r '.parameters[].name | select(. != "arm_use_msi")' parameters.json | sort)) \ && if [ ! -z "$${comm_output}" ]; \ - then echo -e "*** Add to params ***:*** Remove from params ***\n$$comm_output" | column -t -s ":" -n; exit 1; \ + then echo -e "*** Add to params ***:*** Remove from params ***\n$$comm_output" | column -t -s ":"; exit 1; \ else echo "parameters.json file up-to-date."; fi bundle-uninstall: diff --git a/resource_processor/_version.py b/resource_processor/_version.py index 3d187266f1..dd9b22cccc 100644 --- a/resource_processor/_version.py +++ b/resource_processor/_version.py @@ -1 +1 @@ -__version__ = "0.5.0" +__version__ = "0.5.1" diff --git a/resource_processor/vmss_porter/config.yaml b/resource_processor/vmss_porter/config.yaml index b0c7d068e2..aa5cbccc92 100644 --- a/resource_processor/vmss_porter/config.yaml +++ b/resource_processor/vmss_porter/config.yaml @@ -1,3 +1,4 @@ +--- default-storage: mydb default-secrets: mysecrets diff --git a/templates/shared_services/admin-vm/Dockerfile.tmpl b/templates/shared_services/admin-vm/Dockerfile.tmpl index 709aaecfc4..b65cd5d821 100644 --- a/templates/shared_services/admin-vm/Dockerfile.tmpl +++ b/templates/shared_services/admin-vm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}// diff --git a/templates/shared_services/admin-vm/parameters.json b/templates/shared_services/admin-vm/parameters.json index 0da340c125..6fa9207444 100755 --- a/templates/shared_services/admin-vm/parameters.json +++ b/templates/shared_services/admin-vm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-admin-vm", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/admin-vm/porter.yaml b/templates/shared_services/admin-vm/porter.yaml index e0520fbffb..e7501a8230 100644 --- a/templates/shared_services/admin-vm/porter.yaml +++ b/templates/shared_services/admin-vm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-admin-vm -version: 0.2.0 +version: 0.3.0 description: "An admin vm shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -42,46 +43,43 @@ parameters: mixins: - terraform: - clientVersion: 1.2.9 + clientVersion: 1.3.6 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-admin-vm upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-admin-vm uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - admin_jumpbox_vm_sku: "{{ bundle.parameters.admin_jumpbox_vm_sku }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-admin-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-admin-vm diff --git a/templates/shared_services/airlock_notifier/Dockerfile.tmpl b/templates/shared_services/airlock_notifier/Dockerfile.tmpl index eb79413804..2a1734ee08 100644 --- a/templates/shared_services/airlock_notifier/Dockerfile.tmpl +++ b/templates/shared_services/airlock_notifier/Dockerfile.tmpl @@ -1,28 +1,21 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# PORTER_INIT -ARG BUNDLE_DIR +SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN apt-get update \ - && apt-get install --no-install-recommends -y zip \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y zip --no-install-recommends -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ -WORKDIR $BUNDLE_DIR/app +WORKDIR "${BUNDLE_DIR}/app" RUN zip -r /cnab/app/LogicApp.zip . diff --git a/templates/shared_services/airlock_notifier/parameters.json b/templates/shared_services/airlock_notifier/parameters.json index 59261f21ec..a61b746732 100755 --- a/templates/shared_services/airlock_notifier/parameters.json +++ b/templates/shared_services/airlock_notifier/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-airlock-notifier", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/airlock_notifier/porter.yaml b/templates/shared_services/airlock_notifier/porter.yaml index 68e099c78b..7bd48c034a 100644 --- a/templates/shared_services/airlock_notifier/porter.yaml +++ b/templates/shared_services/airlock_notifier/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-airlock-notifier -version: 0.2.3 +version: 0.3.0 description: "A shared service notifying on Airlock Operations" registry: azuretre dockerfile: Dockerfile.tmpl @@ -56,27 +57,27 @@ parameters: mixins: - exec - - az + - az: + clientVersion: 2.37.0 - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - tre_url: "{{ bundle.parameters.tre_url }}" - smtp_server_address: "{{ bundle.parameters.smtp_server_address }}" - smtp_username: "{{ bundle.parameters.smtp_username }}" - smtp_password: "{{ bundle.parameters.smtp_password }}" - smtp_from_email: "{{ bundle.parameters.smtp_from_email }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + tre_url: ${ bundle.parameters.tre_url } + smtp_server_address: ${ bundle.parameters.smtp_server_address } + smtp_username: ${ bundle.parameters.smtp_username } + smtp_password: ${ bundle.parameters.smtp_password } + smtp_from_email: ${ bundle.parameters.smtp_from_email } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-airlock-notifier" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-airlock-notifier outputs: - name: airlock_notifier_logic_app_name - name: airlock_notifier_logic_app_resource_group_name @@ -87,7 +88,7 @@ install: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Deploy logic app" @@ -97,9 +98,9 @@ install: - source - config-zip flags: - name: "{{ bundle.outputs.airlock_notifier_logic_app_name }}" - resource-group: "{{ bundle.outputs.airlock_notifier_logic_app_resource_group_name }}" - subscription: "{{ bundle.credentials.azure_subscription_id }}" + name: ${ bundle.outputs.airlock_notifier_logic_app_name } + resource-group: ${ bundle.outputs.airlock_notifier_logic_app_resource_group_name } + subscription: ${ bundle.credentials.azure_subscription_id } src: LogicApp.zip @@ -114,17 +115,16 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - tre_url: "{{ bundle.parameters.tre_url }}" - smtp_server_address: "{{ bundle.parameters.smtp_server_address }}" - smtp_username: "{{ bundle.parameters.smtp_username }}" - smtp_password: "{{ bundle.parameters.smtp_password }}" - smtp_from_email: "{{ bundle.parameters.smtp_from_email }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + tre_url: ${ bundle.parameters.tre_url } + smtp_server_address: ${ bundle.parameters.smtp_server_address } + smtp_username: ${ bundle.parameters.smtp_username } + smtp_password: ${ bundle.parameters.smtp_password } + smtp_from_email: ${ bundle.parameters.smtp_from_email } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-airlock-notifier" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-airlock-notifier diff --git a/templates/shared_services/certs/Dockerfile.tmpl b/templates/shared_services/certs/Dockerfile.tmpl index c9d2b82817..b869054494 100644 --- a/templates/shared_services/certs/Dockerfile.tmpl +++ b/templates/shared_services/certs/Dockerfile.tmpl @@ -1,40 +1,22 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM python:3.8-slim-bullseye -ARG BUNDLE_DIR +# PORTER_INIT SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install Azure CLI -# It's useless to specify azcli version since the mixin installs the latest anyway -RUN apt-get update \ - && apt-get install -y --no-install-recommends ca-certificates jq curl apt-transport-https lsb-release gnupg \ - && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \ - && AZ_REPO=$(lsb_release -cs) \ - && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \ - && apt-get update && apt-get -y --no-install-recommends install azure-cli \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache # Install Certbot # Some of the tools' versions seem to depend on the base image so proboably best not to specify them. -RUN apt-get update \ - && apt-get install -y --no-install-recommends python3 python3-venv libaugeas0 \ +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install -y --no-install-recommends libaugeas0 \ && python3 -m venv /opt/certbot/ \ && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \ - && /opt/certbot/bin/pip install --no-cache-dir certbot \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* + && /opt/certbot/bin/pip install --no-cache-dir certbot -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/certs/parameters.json b/templates/shared_services/certs/parameters.json index 68a9dd9d66..4243e339d3 100755 --- a/templates/shared_services/certs/parameters.json +++ b/templates/shared_services/certs/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-certs", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/certs/porter.yaml b/templates/shared_services/certs/porter.yaml index 6324e1515b..c8beec1a54 100755 --- a/templates/shared_services/certs/porter.yaml +++ b/templates/shared_services/certs/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-certs -version: 0.2.2 +version: 0.3.0 description: "An Azure TRE shared service to generate certificates for a specified internal domain using Letsencrypt" registry: azuretre dockerfile: Dockerfile.tmpl @@ -46,27 +47,27 @@ parameters: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - domain_prefix: "{{ bundle.parameters.domain_prefix }}" - cert_name: "{{ bundle.parameters.cert_name }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + domain_prefix: ${ bundle.parameters.domain_prefix } + cert_name: ${ bundle.parameters.cert_name } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-certs" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-certs outputs: - name: fqdn - name: application_gateway_name @@ -79,19 +80,19 @@ install: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Generate certificate" command: bash arguments: - ./scripts/letsencrypt.sh flags: - fqdn: "{{ bundle.outputs.fqdn }}" - application_gateway_name: "{{ bundle.outputs.application_gateway_name }}" - storage_account_name: "{{ bundle.outputs.storage_account_name }}" - resource_group_name: "{{ bundle.outputs.resource_group_name }}" - keyvault_name: "{{ bundle.outputs.keyvault_name }}" - cert_name: "{{ bundle.parameters.cert_name }}" + fqdn: ${ bundle.outputs.fqdn } + application_gateway_name: ${ bundle.outputs.application_gateway_name } + storage_account_name: ${ bundle.outputs.storage_account_name } + resource_group_name: ${ bundle.outputs.resource_group_name } + keyvault_name: ${ bundle.outputs.keyvault_name } + cert_name: ${ bundle.parameters.cert_name } upgrade: - exec: @@ -103,33 +104,33 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - domain_prefix: "{{ bundle.parameters.domain_prefix }}" - cert_name: "{{ bundle.parameters.cert_name }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + domain_prefix: ${ bundle.parameters.domain_prefix } + cert_name: ${ bundle.parameters.cert_name } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-certs" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-certs renew: - terraform: arguments: - "output" description: "Get Terraform output variables" + vars: + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-certs" - tre_resource_id: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-certs outputs: - name: fqdn - name: application_gateway_name @@ -142,16 +143,16 @@ renew: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Renew certificate" command: bash arguments: - ./scripts/letsencrypt.sh flags: - fqdn: "{{ bundle.outputs.fqdn }}" - application_gateway_name: "{{ bundle.outputs.application_gateway_name }}" - storage_account_name: "{{ bundle.outputs.storage_account_name }}" - resource_group_name: "{{ bundle.outputs.resource_group_name }}" - keyvault_name: "{{ bundle.outputs.keyvault_name }}" - cert_name: "{{ bundle.parameters.cert_name }}" + fqdn: ${ bundle.outputs.fqdn } + application_gateway_name: ${ bundle.outputs.application_gateway_name } + storage_account_name: ${ bundle.outputs.storage_account_name } + resource_group_name: ${ bundle.outputs.resource_group_name } + keyvault_name: ${ bundle.outputs.keyvault_name } + cert_name: ${ bundle.parameters.cert_name } diff --git a/templates/shared_services/cyclecloud/Dockerfile.tmpl b/templates/shared_services/cyclecloud/Dockerfile.tmpl index 86c7ceedb9..ec7bd78507 100644 --- a/templates/shared_services/cyclecloud/Dockerfile.tmpl +++ b/templates/shared_services/cyclecloud/Dockerfile.tmpl @@ -1,26 +1,16 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache # Install Git -RUN apt-get update \ - && apt-get install --no-install-recommends -y git \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install --no-install-recommends -y git -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/cyclecloud/parameters.json b/templates/shared_services/cyclecloud/parameters.json index 880bf50432..ea839388f5 100755 --- a/templates/shared_services/cyclecloud/parameters.json +++ b/templates/shared_services/cyclecloud/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "cyclecloud", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-cyclecloud", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/cyclecloud/porter.yaml b/templates/shared_services/cyclecloud/porter.yaml index 5a6b20ce76..2e6c043d19 100644 --- a/templates/shared_services/cyclecloud/porter.yaml +++ b/templates/shared_services/cyclecloud/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-cyclecloud -version: 0.3.0 +version: 0.4.0 description: "An Azure TRE Shared Service Template for Azure Cyclecloud" registry: azuretre dockerfile: Dockerfile.tmpl @@ -48,24 +49,25 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Cyclecloud shared service" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: connection_uri @@ -73,17 +75,17 @@ upgrade: - terraform: description: "Update Cyclecloud shared service" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: connection_uri @@ -91,17 +93,17 @@ uninstall: - terraform: description: "Delete the Cyclecloud shared service" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - tre_resource_id: "{{ bundle.parameters.id }}" + tre_id: ${ bundle.parameters.tre_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -109,10 +111,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -121,14 +123,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -136,10 +138,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -148,11 +150,11 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } diff --git a/templates/shared_services/firewall/Dockerfile.tmpl b/templates/shared_services/firewall/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/shared_services/firewall/Dockerfile.tmpl +++ b/templates/shared_services/firewall/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/firewall/parameters.json b/templates/shared_services/firewall/parameters.json index 3314d1fa25..a10b6e1ddb 100755 --- a/templates/shared_services/firewall/parameters.json +++ b/templates/shared_services/firewall/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-firewall", "parameters": [ { "name": "tre_id", @@ -45,12 +45,6 @@ "source": { "env": "NETWORK_RULE_COLLECTIONS" } - }, - { - "name": "stateful_resources_locked", - "source": { - "env": "STATEFUL_RESOURCES_LOCKED" - } } ] } diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index 28b862a7ae..dad7d6d76c 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 0.6.3 +version: 0.7.0 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -44,59 +45,49 @@ parameters: type: string default: "W10=" # b64 for [] description: "Network rule collection array" - - name: stateful_resources_locked - env: STATEFUL_RESOURCES_LOCKED - type: boolean - default: true mixins: - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - api_driven_rule_collections_b64: "{{ bundle.parameters.rule_collections }}" - api_driven_network_rule_collections_b64: "{{ bundle.parameters.network_rule_collections }}" - stateful_resources_locked: "{{ bundle.parameters.stateful_resources_locked }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + api_driven_rule_collections_b64: ${ bundle.parameters.rule_collections } + api_driven_network_rule_collections_b64: ${ bundle.parameters.network_rule_collections } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-firewall" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-firewall upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - api_driven_rule_collections_b64: "{{ bundle.parameters.rule_collections }}" - api_driven_network_rule_collections_b64: "{{ bundle.parameters.network_rule_collections }}" - stateful_resources_locked: "{{ bundle.parameters.stateful_resources_locked }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + api_driven_rule_collections_b64: ${ bundle.parameters.rule_collections } + api_driven_network_rule_collections_b64: ${ bundle.parameters.network_rule_collections } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-firewall" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-firewall uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - api_driven_rule_collections_b64: "{{ bundle.parameters.rule_collections }}" - api_driven_network_rule_collections_b64: "{{ bundle.parameters.network_rule_collections }}" - stateful_resources_locked: "{{ bundle.parameters.stateful_resources_locked }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + api_driven_rule_collections_b64: ${ bundle.parameters.rule_collections } + api_driven_network_rule_collections_b64: ${ bundle.parameters.network_rule_collections } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-firewall" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-firewall diff --git a/templates/shared_services/firewall/terraform/.terraform.lock.hcl b/templates/shared_services/firewall/terraform/.terraform.lock.hcl index 731e74bbab..4be435ce82 100644 --- a/templates/shared_services/firewall/terraform/.terraform.lock.hcl +++ b/templates/shared_services/firewall/terraform/.terraform.lock.hcl @@ -2,21 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.16.0" - constraints = "3.16.0" + version = "3.33.0" + constraints = "3.33.0" hashes = [ - "h1:cBZXnJ4WErrhAzoQ1IMUMkpRlUmr8KQ2a0vLKH6B2a8=", - "zh:02aecc67db3f7cf19bd39ed454824422c43a5dc9f18b44d9547bb79ba66e0beb", - "zh:1775b033e3a29395087d731387efc926251232c4469a6c262f7039669e2f3aed", - "zh:1b955c3134b8fa61486383fee609bc99e46883c9b5148cb8d3bdc3d6d25b1e5e", - "zh:1ca04c35917fcf9f15aa2f24ef52b823575efa213fcb6d241cd189fddb032268", - "zh:20663ca219acc95d1de2129aac941f08eca1093c61cd6775e9c0b239b70a573e", - "zh:28427df342789f106ce500a489c750d7971d67cb58c495274878dc55d52452fe", - "zh:2a2e0755b9ebedbb4dd55de53191ce02e0a5511648610bf816532cd1614f2d7a", - "zh:5cc4c086ff081379070ea8177025a92a53e3c7bec2eabbf8182efa146e05b371", - "zh:5df50ae712c2b6e850b5953d5b89a29aca98ef1ae5fac4cb9225080ac319207c", - "zh:944ec6ceac2a1af58b58c270db90992d5f32614714647f6086ebc42789fa0f15", - "zh:f1e2df2f7db13b234d2cfa5d7c70054df4039532829be6ce8ed11c6f99ba0cf5", + "h1:pXB6SKE4NKdf+LepsQjrLcBnVTL5ejeKvx/kyojai6c=", + "zh:136d9c642746d8d84e62ecd8ab0c7dc015eac504c1f068e06fad438ae222d934", + "zh:266e64b8e32a94ddcc20954ebad1d8ff3921d318addf576e981b1390e5d5ba79", + "zh:3bd84a1e5b3bbe34a5870f271d6a5bf9b35a4c924db32b450a1fb53bc910c37a", + "zh:3c6604041472bb4691b502877cf9d886ed9f973fbadf11389ec9499fdc66045e", + "zh:680c00a73c8054c36a58115a44d02d1ebb675c2ad3afaaab2d74a01f978f16ce", + "zh:6dab47ef64f90e43b75ed240a974c4119f5268be4433f3c1c3e97559e7ef2f38", + "zh:9f73f19fdc340c443693dc03f1a145c6bd0ee5fd425eab7473d06abbe39b99d7", + "zh:9ff008b6737e880f191b4be6dfcef95ff019969dd787c44a58c2d7d6aaf6623b", + "zh:be297f1515e9ac63886e3e092a0bcd10aa8aa2b69c2b0995ce4e069176b07a95", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb29a566e7698cfae477f3efa3bba38526ec8343355763178c6e9c96e51399f3", + "zh:fbc3b625733ce5f0970fa8d9743f6db51064c168d6be5fc7a5e3d1a54af28bb7", ] } diff --git a/templates/shared_services/firewall/terraform/firewall.tf b/templates/shared_services/firewall/terraform/firewall.tf index 15c7c7e927..e5aa50f3a7 100644 --- a/templates/shared_services/firewall/terraform/firewall.tf +++ b/templates/shared_services/firewall/terraform/firewall.tf @@ -26,14 +26,6 @@ resource "azurerm_firewall" "fw" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_management_lock" "fw" { - count = var.stateful_resources_locked ? 1 : 0 - name = azurerm_firewall.fw.name - scope = azurerm_firewall.fw.id - lock_level = "CanNotDelete" - notes = "Locked to prevent accidental deletion" -} - data "azurerm_monitor_diagnostic_categories" "firewall" { resource_id = azurerm_firewall.fw.id } @@ -45,7 +37,7 @@ resource "azurerm_monitor_diagnostic_setting" "firewall" { log_analytics_destination_type = "AzureDiagnostics" dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.firewall.logs + for_each = data.azurerm_monitor_diagnostic_categories.firewall.log_category_types content { category = log.value enabled = contains(local.firewall_diagnostic_categories_enabled, log.value) ? true : false diff --git a/templates/shared_services/firewall/terraform/providers.tf b/templates/shared_services/firewall/terraform/providers.tf index d5ee42eeda..c395cbf420 100644 --- a/templates/shared_services/firewall/terraform/providers.tf +++ b/templates/shared_services/firewall/terraform/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.16.0" + version = "=3.33.0" } } diff --git a/templates/shared_services/firewall/terraform/variables.tf b/templates/shared_services/firewall/terraform/variables.tf index 1c5e184718..9ac2916b11 100644 --- a/templates/shared_services/firewall/terraform/variables.tf +++ b/templates/shared_services/firewall/terraform/variables.tf @@ -8,12 +8,6 @@ variable "tre_resource_id" { description = "Resource ID" } -variable "stateful_resources_locked" { - type = bool - default = true - description = "Used to add locks on resources with state" -} - variable "api_driven_rule_collections_b64" { type = string default = "W10=" #b64 for [] diff --git a/templates/shared_services/gitea/Dockerfile.tmpl b/templates/shared_services/gitea/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/shared_services/gitea/Dockerfile.tmpl +++ b/templates/shared_services/gitea/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/gitea/parameters.json b/templates/shared_services/gitea/parameters.json index 1dce60b974..afaf29d52f 100755 --- a/templates/shared_services/gitea/parameters.json +++ b/templates/shared_services/gitea/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-gitea", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index 053204e612..04ae38860b 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-gitea -version: 0.4.0 +version: 0.5.0 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -49,7 +50,7 @@ parameters: mixins: - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 outputs: - name: gitea_allowed_fqdns_list @@ -68,17 +69,16 @@ outputs: install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + acr_name: ${ bundle.parameters.mgmt_acr_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-gitea" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-gitea outputs: - name: gitea_allowed_fqdns_list - name: address_prefixes @@ -86,17 +86,16 @@ install: upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + acr_name: ${ bundle.parameters.mgmt_acr_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-gitea" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-gitea outputs: - name: gitea_allowed_fqdns_list - name: address_prefixes @@ -104,14 +103,13 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - acr_name: "{{ bundle.parameters.mgmt_acr_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + acr_name: ${ bundle.parameters.mgmt_acr_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-gitea" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-gitea diff --git a/templates/shared_services/gitea/terraform/.terraform.lock.hcl b/templates/shared_services/gitea/terraform/.terraform.lock.hcl index b6e2cb7fd6..7addb0336b 100644 --- a/templates/shared_services/gitea/terraform/.terraform.lock.hcl +++ b/templates/shared_services/gitea/terraform/.terraform.lock.hcl @@ -2,28 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.20.0" - constraints = "3.20.0" + version = "3.33.0" + constraints = "3.33.0" hashes = [ - "h1:heH/4bYgajEFQ+fwSV9Zduvpyb7eTCQUv+gl201EFg8=", - "zh:0d534bb2fed67b5b58d3adb2b0be7a9986f62b34f40eae450dafc9454fb54db8", - "zh:19f6d5f196a35500e0f1ae9d9baee44f49b90858524338a7b8aaec06d3e3a047", - "zh:1d042648d2eaffde8858a8006b944374599c5e8c2f834ae74b97adedd1468142", - "zh:278ebac38cf3c1e6df4bc5de00e931bfc04298607f428aa84a932bbf26dee421", - "zh:48f29b802e2de7e6dd2452a012c633686fce5d7ad3eadb490a7b8c0967a9ebfa", - "zh:731bf2e97c4a519723682beb2e85e065bf0bf53b2f50e2ff7b15b39ea74e37ff", - "zh:7c8187ebca19ca8f6ef82d3d79a418ccfa6574bb99e63cc930fa46ff938a7921", - "zh:82fdb2052601f6fa925195e77506fb609ce8bb4a6f6e94cf6a5058252ef570d4", - "zh:995ca23bb3765a16c6b3138b468d920acff5742b22492324c836579e3344ea40", - "zh:a970131232ad41203382f6fa3f0014a22767cbfe28cd7562346184ea6e678d63", - "zh:bf5036675a7f0b8691fe393e2782a76c7943ba17eec7255e16a31c7547436a48", + "h1:pXB6SKE4NKdf+LepsQjrLcBnVTL5ejeKvx/kyojai6c=", + "zh:136d9c642746d8d84e62ecd8ab0c7dc015eac504c1f068e06fad438ae222d934", + "zh:266e64b8e32a94ddcc20954ebad1d8ff3921d318addf576e981b1390e5d5ba79", + "zh:3bd84a1e5b3bbe34a5870f271d6a5bf9b35a4c924db32b450a1fb53bc910c37a", + "zh:3c6604041472bb4691b502877cf9d886ed9f973fbadf11389ec9499fdc66045e", + "zh:680c00a73c8054c36a58115a44d02d1ebb675c2ad3afaaab2d74a01f978f16ce", + "zh:6dab47ef64f90e43b75ed240a974c4119f5268be4433f3c1c3e97559e7ef2f38", + "zh:9f73f19fdc340c443693dc03f1a145c6bd0ee5fd425eab7473d06abbe39b99d7", + "zh:9ff008b6737e880f191b4be6dfcef95ff019969dd787c44a58c2d7d6aaf6623b", + "zh:be297f1515e9ac63886e3e092a0bcd10aa8aa2b69c2b0995ce4e069176b07a95", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb29a566e7698cfae477f3efa3bba38526ec8343355763178c6e9c96e51399f3", + "zh:fbc3b625733ce5f0970fa8d9743f6db51064c168d6be5fc7a5e3d1a54af28bb7", ] } provider "registry.terraform.io/hashicorp/local" { version = "2.2.3" - constraints = "~> 2.2.0" + constraints = "2.2.3" hashes = [ "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index a02528ee7d..112dc9f02b 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -128,7 +128,7 @@ resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.webapp.logs + for_each = data.azurerm_monitor_diagnostic_categories.webapp.log_category_types content { category = log.value enabled = contains(local.webapp_diagnostic_categories_enabled, log.value) ? true : false diff --git a/templates/shared_services/gitea/terraform/main.tf b/templates/shared_services/gitea/terraform/main.tf index 5d53db19fd..2a9b6bc7e4 100644 --- a/templates/shared_services/gitea/terraform/main.tf +++ b/templates/shared_services/gitea/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.20.0" + version = "=3.33.0" } local = { source = "hashicorp/local" diff --git a/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl b/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl index 45ef111a50..3452b48f1d 100644 --- a/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl +++ b/templates/shared_services/sonatype-nexus-vm/Dockerfile.tmpl @@ -1,21 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/shared_services/sonatype-nexus-vm/parameters.json b/templates/shared_services/sonatype-nexus-vm/parameters.json index 27ffcae78c..bc13b3e6fc 100755 --- a/templates/shared_services/sonatype-nexus-vm/parameters.json +++ b/templates/shared_services/sonatype-nexus-vm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-shared-service-sonatype-nexus", "parameters": [ { "name": "tre_id", diff --git a/templates/shared_services/sonatype-nexus-vm/porter.yaml b/templates/shared_services/sonatype-nexus-vm/porter.yaml index 079b4a31e4..9288dda720 100644 --- a/templates/shared_services/sonatype-nexus-vm/porter.yaml +++ b/templates/shared_services/sonatype-nexus-vm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-shared-service-sonatype-nexus -version: 2.2.4 +version: 2.3.0 description: "A Sonatype Nexus shared service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -61,22 +62,22 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - ssl_cert_name: "{{ bundle.parameters.ssl_cert_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + ssl_cert_name: ${ bundle.parameters.ssl_cert_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-sonatype-nexus-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-sonatype-nexus-vm outputs: - name: workspace_vm_allowed_fqdns_list - name: nexus_allowed_fqdns_list @@ -85,16 +86,15 @@ install: upgrade: - terraform: description: "Upgrade shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - ssl_cert_name: "{{ bundle.parameters.ssl_cert_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + ssl_cert_name: ${ bundle.parameters.ssl_cert_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-sonatype-nexus-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-sonatype-nexus-vm outputs: - name: workspace_vm_allowed_fqdns_list - name: nexus_allowed_fqdns_list @@ -102,13 +102,12 @@ upgrade: uninstall: - terraform: description: "Tear down shared service" - input: false vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - ssl_cert_name: "{{ bundle.parameters.ssl_cert_name }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + ssl_cert_name: ${ bundle.parameters.ssl_cert_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-shared-service-sonatype-nexus-vm" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-shared-service-sonatype-nexus-vm diff --git a/templates/workspace_services/azureml/Dockerfile.tmpl b/templates/workspace_services/azureml/Dockerfile.tmpl index 01bb786ac0..066447dd2d 100644 --- a/templates/workspace_services/azureml/Dockerfile.tmpl +++ b/templates/workspace_services/azureml/Dockerfile.tmpl @@ -1,33 +1,16 @@ -FROM debian:stretch-slim +# syntax=docker/dockerfile-upstream:1.4.0 +FROM debian:bullseye-slim -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# PORTER_INIT -# Install Azure CLI -RUN apt-get update \ - && apt-get install --no-install-recommends -y ca-certificates jq curl apt-transport-https lsb-release gnupg \ - && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \ - && AZ_REPO=$(lsb_release -cs) \ - && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \ - && apt-get update && apt-get install --no-install-recommends -y azure-cli \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN az extension add --name azure-firewall +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install --no-install-recommends -y jq -ARG BUNDLE_DIR - -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle - -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/azureml/parameters.json b/templates/workspace_services/azureml/parameters.json index 60ab5b8ed6..0e77f0980d 100755 --- a/templates/workspace_services/azureml/parameters.json +++ b/templates/workspace_services/azureml/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "azureml", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-azureml", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index b582052d27..ab6acfe35c 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.5.6 +version: 0.6.0 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -95,30 +96,34 @@ outputs: mixins: - terraform: - clientVersion: 1.3.3 + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 + extensions: + - azure-firewall install: - terraform: description: "Deploy Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-azureml-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-azureml-${ bundle.parameters.id } outputs: - name: azureml_workspace_name - name: azureml_acr_id @@ -132,24 +137,24 @@ upgrade: - terraform: description: "Upgrade Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-azureml-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-azureml-${ bundle.parameters.id } outputs: - name: azureml_workspace_name - name: azureml_acr_id @@ -163,21 +168,21 @@ uninstall: - terraform: description: "Delete the Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-azureml-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-azureml-${ bundle.parameters.id } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl b/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl index 86fc334c03..3452b48f1d 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl +++ b/templates/workspace_services/azureml/user_resources/aml_compute/Dockerfile.tmpl @@ -1,9 +1,9 @@ -FROM debian:stretch-slim +# syntax=docker/dockerfile-upstream:1.4.0 +FROM debian:bullseye-slim -ARG BUNDLE_DIR - -COPY . $BUNDLE_DIR +# PORTER_INIT # PORTER_MIXINS -WORKDIR $BUNDLE_DIR +# Use the BUNDLE_DIR build argument to copy files into the bundle +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json b/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json index 5208909e27..afa9df266a 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json +++ b/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "avd-aad", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-user-resource-aml-compute-instance", "parameters": [ { "name": "id", diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml index 54388f216e..7729c4e290 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml +++ b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-user-resource-aml-compute-instance -version: 0.4.1 +version: 0.5.0 description: "Azure Machine Learning Compute Instance" registry: azuretre dockerfile: Dockerfile.tmpl @@ -51,48 +52,56 @@ parameters: mixins: - exec - - az + - az: + clientVersion: 2.37.0 - terraform: - clientVersion: 1.2.8 + clientVersion: 1.3.6 install: - terraform: description: "Deploy service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - vm_size_sku: "{{ bundle.parameters.vm_size }}" - auth_tenant_id: "{{ bundle.parameters.auth_tenant_id }}" - user_object_id: "{{ bundle.parameters.user_object_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + parent_service_id: ${ bundle.parameters.parent_service_id } + vm_size_sku: ${ bundle.parameters.vm_size } + auth_tenant_id: ${ bundle.parameters.auth_tenant_id } + user_object_id: ${ bundle.parameters.user_object_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-user-resource-aml-compute-instance-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-user-resource-aml-compute-instance-${ bundle.parameters.id } + +upgrade: + - exec: + description: "Upgrade shared service" + command: echo + arguments: + - "This shared service does not implement upgrade action" uninstall: - terraform: description: "Uninstall service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - vm_size_sku: "{{ bundle.parameters.vm_size }}" - auth_tenant_id: "{{ bundle.parameters.auth_tenant_id }}" - user_object_id: "{{ bundle.parameters.user_object_id }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + parent_service_id: ${ bundle.parameters.parent_service_id } + vm_size_sku: ${ bundle.parameters.vm_size } + auth_tenant_id: ${ bundle.parameters.auth_tenant_id } + user_object_id: ${ bundle.parameters.user_object_id } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-user-resource-aml-compute-instance-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-user-resource-aml-compute-instance-${ bundle.parameters.id } diff --git a/templates/workspace_services/gitea/Dockerfile.tmpl b/templates/workspace_services/gitea/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/gitea/Dockerfile.tmpl +++ b/templates/workspace_services/gitea/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/gitea/parameters.json b/templates/workspace_services/gitea/parameters.json index 08f1678c99..1f4b1fcd44 100755 --- a/templates/workspace_services/gitea/parameters.json +++ b/templates/workspace_services/gitea/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-service-gitea", "parameters": [ { "name": "id", diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml index 5c6d95bd52..baed865a2b 100644 --- a/templates/workspace_services/gitea/porter.yaml +++ b/templates/workspace_services/gitea/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-service-gitea -version: 0.6.0 +version: 0.7.0 description: "A Gitea workspace service" dockerfile: Dockerfile.tmpl registry: azuretre @@ -59,7 +60,7 @@ parameters: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 outputs: - name: internal_connection_uri @@ -82,16 +83,16 @@ install: - terraform: description: "Deploy Gitea workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-gitea-${ bundle.parameters.id } outputs: - name: internal_connection_uri - name: authentication_callback_uri @@ -101,16 +102,16 @@ upgrade: - terraform: description: "Deploy Gitea workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-gitea-${ bundle.parameters.id } outputs: - name: internal_connection_uri - name: authentication_callback_uri @@ -120,13 +121,13 @@ uninstall: - terraform: description: "Tear down Gitead workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-gitea-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-gitea-${ bundle.parameters.id } diff --git a/templates/workspace_services/guacamole/Dockerfile.tmpl b/templates/workspace_services/guacamole/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/parameters.json b/templates/workspace_services/guacamole/parameters.json index 37f452c75f..0373d4233d 100755 --- a/templates/workspace_services/guacamole/parameters.json +++ b/templates/workspace_services/guacamole/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole", "parameters": [ { "name": "id", diff --git a/templates/workspace_services/guacamole/porter.yaml b/templates/workspace_services/guacamole/porter.yaml index 7bdeb04e6a..75cf11092c 100644 --- a/templates/workspace_services/guacamole/porter.yaml +++ b/templates/workspace_services/guacamole/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole -version: 0.5.2 +version: 0.6.0 description: "An Azure TRE service for Guacamole" dockerfile: Dockerfile.tmpl registry: azuretre @@ -113,31 +114,31 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy Guacamole Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - image_name: "{{ bundle.custom.runtime_image.name }}" - image_tag: "{{ bundle.parameters.image_tag }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - guac_disable_copy: "{{ bundle.parameters.guac_disable_copy }}" - guac_disable_paste: "{{ bundle.parameters.guac_disable_paste }}" - guac_enable_drive: "{{ bundle.parameters.guac_enable_drive }}" - guac_drive_name: "{{ bundle.parameters.guac_drive_name }}" - guac_drive_path: "{{ bundle.parameters.guac_drive_path }}" - guac_disable_download: "{{ bundle.parameters.guac_disable_download }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - tre_resource_id: "{{ bundle.parameters.id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + image_name: ${ bundle.custom.runtime_image.name } + image_tag: ${ bundle.parameters.image_tag } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } + guac_disable_copy: ${ bundle.parameters.guac_disable_copy } + guac_disable_paste: ${ bundle.parameters.guac_disable_paste } + guac_enable_drive: ${ bundle.parameters.guac_enable_drive } + guac_drive_name: ${ bundle.parameters.guac_drive_name } + guac_drive_path: ${ bundle.parameters.guac_drive_path } + guac_disable_download: ${ bundle.parameters.guac_disable_download } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-guacamole-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-guacamole-${ bundle.parameters.id } outputs: - name: connection_uri - name: authentication_callback_uri @@ -147,25 +148,25 @@ upgrade: - terraform: description: "Upgrade Guacamole Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - image_name: "{{ bundle.custom.runtime_image.name }}" - image_tag: "{{ bundle.parameters.image_tag }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - guac_disable_copy: "{{ bundle.parameters.guac_disable_copy }}" - guac_disable_paste: "{{ bundle.parameters.guac_disable_paste }}" - guac_enable_drive: "{{ bundle.parameters.guac_enable_drive }}" - guac_drive_name: "{{ bundle.parameters.guac_drive_name }}" - guac_drive_path: "{{ bundle.parameters.guac_drive_path }}" - guac_disable_download: "{{ bundle.parameters.guac_disable_download }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - tre_resource_id: "{{ bundle.parameters.id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + image_name: ${ bundle.custom.runtime_image.name } + image_tag: ${ bundle.parameters.image_tag } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } + guac_disable_copy: ${ bundle.parameters.guac_disable_copy } + guac_disable_paste: ${ bundle.parameters.guac_disable_paste } + guac_enable_drive: ${ bundle.parameters.guac_enable_drive } + guac_drive_name: ${ bundle.parameters.guac_drive_name } + guac_drive_path: ${ bundle.parameters.guac_drive_path } + guac_disable_download: ${ bundle.parameters.guac_disable_download } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-guacamole-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-guacamole-${ bundle.parameters.id } outputs: - name: connection_uri - name: authentication_callback_uri @@ -176,22 +177,22 @@ uninstall: - terraform: description: "Delete the Guacamole Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - image_name: "{{ bundle.custom.runtime_image.name }}" - image_tag: "{{ bundle.parameters.image_tag }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" - guac_disable_copy: "{{ bundle.parameters.guac_disable_copy }}" - guac_disable_paste: "{{ bundle.parameters.guac_disable_paste }}" - guac_enable_drive: "{{ bundle.parameters.guac_enable_drive }}" - guac_drive_name: "{{ bundle.parameters.guac_drive_name }}" - guac_drive_path: "{{ bundle.parameters.guac_drive_path }}" - guac_disable_download: "{{ bundle.parameters.guac_disable_download }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - tre_resource_id: "{{ bundle.parameters.id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + image_name: ${ bundle.custom.runtime_image.name } + image_tag: ${ bundle.parameters.image_tag } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } + guac_disable_copy: ${ bundle.parameters.guac_disable_copy } + guac_disable_paste: ${ bundle.parameters.guac_disable_paste } + guac_enable_drive: ${ bundle.parameters.guac_enable_drive } + guac_drive_name: ${ bundle.parameters.guac_drive_name } + guac_drive_path: ${ bundle.parameters.guac_drive_path } + guac_disable_download: ${ bundle.parameters.guac_disable_download } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + tre_resource_id: ${ bundle.parameters.id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-guacamole-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-guacamole-${ bundle.parameters.id } diff --git a/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl b/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl index 0fab3fe254..e1f266c4f9 100644 --- a/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/guacamole/terraform/.terraform.lock.hcl @@ -2,28 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.16.0" - constraints = "3.16.0" + version = "3.33.0" + constraints = "3.33.0" hashes = [ - "h1:cBZXnJ4WErrhAzoQ1IMUMkpRlUmr8KQ2a0vLKH6B2a8=", - "zh:02aecc67db3f7cf19bd39ed454824422c43a5dc9f18b44d9547bb79ba66e0beb", - "zh:1775b033e3a29395087d731387efc926251232c4469a6c262f7039669e2f3aed", - "zh:1b955c3134b8fa61486383fee609bc99e46883c9b5148cb8d3bdc3d6d25b1e5e", - "zh:1ca04c35917fcf9f15aa2f24ef52b823575efa213fcb6d241cd189fddb032268", - "zh:20663ca219acc95d1de2129aac941f08eca1093c61cd6775e9c0b239b70a573e", - "zh:28427df342789f106ce500a489c750d7971d67cb58c495274878dc55d52452fe", - "zh:2a2e0755b9ebedbb4dd55de53191ce02e0a5511648610bf816532cd1614f2d7a", - "zh:5cc4c086ff081379070ea8177025a92a53e3c7bec2eabbf8182efa146e05b371", - "zh:5df50ae712c2b6e850b5953d5b89a29aca98ef1ae5fac4cb9225080ac319207c", - "zh:944ec6ceac2a1af58b58c270db90992d5f32614714647f6086ebc42789fa0f15", - "zh:f1e2df2f7db13b234d2cfa5d7c70054df4039532829be6ce8ed11c6f99ba0cf5", + "h1:pXB6SKE4NKdf+LepsQjrLcBnVTL5ejeKvx/kyojai6c=", + "zh:136d9c642746d8d84e62ecd8ab0c7dc015eac504c1f068e06fad438ae222d934", + "zh:266e64b8e32a94ddcc20954ebad1d8ff3921d318addf576e981b1390e5d5ba79", + "zh:3bd84a1e5b3bbe34a5870f271d6a5bf9b35a4c924db32b450a1fb53bc910c37a", + "zh:3c6604041472bb4691b502877cf9d886ed9f973fbadf11389ec9499fdc66045e", + "zh:680c00a73c8054c36a58115a44d02d1ebb675c2ad3afaaab2d74a01f978f16ce", + "zh:6dab47ef64f90e43b75ed240a974c4119f5268be4433f3c1c3e97559e7ef2f38", + "zh:9f73f19fdc340c443693dc03f1a145c6bd0ee5fd425eab7473d06abbe39b99d7", + "zh:9ff008b6737e880f191b4be6dfcef95ff019969dd787c44a58c2d7d6aaf6623b", + "zh:be297f1515e9ac63886e3e092a0bcd10aa8aa2b69c2b0995ce4e069176b07a95", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb29a566e7698cfae477f3efa3bba38526ec8343355763178c6e9c96e51399f3", + "zh:fbc3b625733ce5f0970fa8d9743f6db51064c168d6be5fc7a5e3d1a54af28bb7", ] } provider "registry.terraform.io/hashicorp/local" { version = "2.2.3" - constraints = "~> 2.2.0" + constraints = "2.2.3" hashes = [ "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", diff --git a/templates/workspace_services/guacamole/terraform/providers.tf b/templates/workspace_services/guacamole/terraform/providers.tf index 03b581db15..5bda25b6b4 100644 --- a/templates/workspace_services/guacamole/terraform/providers.tf +++ b/templates/workspace_services/guacamole/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.16.0" + version = "=3.33.0" } local = { source = "hashicorp/local" diff --git a/templates/workspace_services/guacamole/terraform/web_app.tf b/templates/workspace_services/guacamole/terraform/web_app.tf index c441e868a4..3cfe317657 100644 --- a/templates/workspace_services/guacamole/terraform/web_app.tf +++ b/templates/workspace_services/guacamole/terraform/web_app.tf @@ -99,7 +99,7 @@ resource "azurerm_monitor_diagnostic_setting" "guacamole" { log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id dynamic "log" { - for_each = data.azurerm_monitor_diagnostic_categories.guacamole.logs + for_each = data.azurerm_monitor_diagnostic_categories.guacamole.log_category_types content { category = log.value enabled = contains(local.guacamole_diagnostic_categories_enabled, log.value) ? true : false diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json index b343e558a2..9e0d3c1d66 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-win-export-reviewvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-export-reviewvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml index c4a7231873..f36b823797 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-export-reviewvm -version: 0.0.6 +version: 0.1.0 description: "An Azure TRE User Resource Template for reviewing Airlock export requests" dockerfile: Dockerfile.tmpl registry: azuretre @@ -91,25 +92,26 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.8 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - airlock_request_sas_url: "{{ bundle.parameters.airlock_request_sas_url }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + airlock_request_sas_url: ${ bundle.parameters.airlock_request_sas_url } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -120,18 +122,18 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -143,26 +145,26 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -170,10 +172,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -182,14 +184,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -197,10 +199,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -209,14 +211,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -224,10 +226,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -239,13 +241,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json index 8bcba5abee..c530fcd9fc 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-win-import-reviewvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-import-reviewvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml index c2caee1766..e6ed74f1df 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-import-reviewvm -version: 0.1.3 +version: 0.2.0 description: "An Azure TRE User Resource Template for reviewing Airlock import requests" dockerfile: Dockerfile.tmpl registry: azuretre @@ -100,26 +101,27 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.8 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" - airlock_request_sas_url: "{{ bundle.parameters.airlock_request_sas_url }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + image_gallery_id: ${ bundle.parameters.image_gallery_id } + airlock_request_sas_url: ${ bundle.parameters.airlock_request_sas_url } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -130,19 +132,19 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Reviewer VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + image_gallery_id: ${ bundle.parameters.image_gallery_id } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -154,27 +156,27 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + image_gallery_id: ${ bundle.parameters.image_gallery_id } airlock_request_sas_url: "unused" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -182,10 +184,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -194,14 +196,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -209,10 +211,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -221,14 +223,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -236,10 +238,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -251,13 +253,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json index f902d15470..8f7091b643 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-linux-linuxvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-linuxvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml index 70c80f50cd..20c3a39fba 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-linuxvm -version: 0.5.3 +version: 0.6.0 description: "An Azure TRE User Resource Template for Guacamole (Linux)" dockerfile: Dockerfile.tmpl registry: azuretre @@ -117,27 +118,28 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Linux VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -148,20 +150,20 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Linux VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -173,28 +175,28 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -202,10 +204,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -214,14 +216,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -229,10 +231,10 @@ stop: - "output" description: "Get VM resource_id from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -241,14 +243,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -256,10 +258,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -271,13 +273,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json index bb659f0d3f..b228a33945 100755 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "guacamole-win-windowsvm", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-guacamole-windowsvm", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml index 229409eaf6..289d610e47 100644 --- a/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml +++ b/templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-guacamole-windowsvm -version: 0.5.3 +version: 0.6.0 description: "An Azure TRE User Resource Template for Guacamole (Windows 10)" dockerfile: Dockerfile.tmpl registry: azuretre @@ -111,27 +112,28 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.8 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy Guacamole User Resource Service (Windows VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -142,20 +144,20 @@ upgrade: - terraform: description: "Update Guacamole User Resource Service (Windows VM)" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: ip - name: hostname @@ -167,28 +169,28 @@ uninstall: description: "Delete the Extensions from the Terraform state manually" command: ./delete_vm_extensions.sh arguments: - - "{{ bundle.parameters.tfstate_resource_group_name }}" - - "{{ bundle.parameters.tfstate_storage_account_name }}" - - "{{ bundle.parameters.tfstate_container_name }}" - - "{{ bundle.parameters.id }}" + - ${ bundle.parameters.tfstate_resource_group_name } + - ${ bundle.parameters.tfstate_storage_account_name } + - ${ bundle.parameters.tfstate_container_name } + - ${ bundle.parameters.id } - terraform: description: "Delete the Guacamole User Resource Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - parent_service_id: "{{ bundle.parameters.parent_service_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - image: "{{ bundle.parameters.os_image }}" - vm_size: "{{ bundle.parameters.vm_size }}" - shared_storage_access: "{{ bundle.parameters.shared_storage_access }}" - shared_storage_name: "{{ bundle.parameters.shared_storage_name }}" - image_gallery_id: "{{ bundle.parameters.image_gallery_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + parent_service_id: ${ bundle.parameters.parent_service_id } + tre_resource_id: ${ bundle.parameters.id } + image: ${ bundle.parameters.os_image } + vm_size: ${ bundle.parameters.vm_size } + shared_storage_access: ${ bundle.parameters.shared_storage_access } + shared_storage_name: ${ bundle.parameters.shared_storage_name } + image_gallery_id: ${ bundle.parameters.image_gallery_id } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } start: - terraform: @@ -196,10 +198,10 @@ start: - "output" description: "Get resource ID from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -208,14 +210,14 @@ start: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Start the VM" arguments: - vm - start flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } stop: - terraform: @@ -223,10 +225,10 @@ stop: - "output" description: "Get VM hostname and rg from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - az: @@ -235,14 +237,14 @@ stop: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - az: description: "Stop the VM" arguments: - vm - deallocate flags: - ids: "{{ bundle.outputs.azure_resource_id }}" + ids: ${ bundle.outputs.azure_resource_id } reset_password: - terraform: @@ -250,10 +252,10 @@ reset_password: - "output" description: "Get VM details from Terraform outputs" backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.id } outputs: - name: azure_resource_id - name: vm_username @@ -265,13 +267,13 @@ reset_password: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id }}" + username: ${ bundle.credentials.azure_client_id } - exec: description: "Reset password and persist to keyvault" suppress-output: true command: ./reset_password.sh arguments: - - "{{ bundle.outputs.vm_password_secret_name }}" - - "{{ bundle.outputs.keyvault_name }}" - - "{{ bundle.outputs.vm_username }}" - - "{{ bundle.outputs.azure_resource_id }}" + - ${ bundle.outputs.vm_password_secret_name } + - ${ bundle.outputs.keyvault_name } + - ${ bundle.outputs.vm_username } + - ${ bundle.outputs.azure_resource_id } diff --git a/templates/workspace_services/innereye/Dockerfile.tmpl b/templates/workspace_services/innereye/Dockerfile.tmpl index 7b24eb34b8..5c38b6c04b 100644 --- a/templates/workspace_services/innereye/Dockerfile.tmpl +++ b/templates/workspace_services/innereye/Dockerfile.tmpl @@ -1,18 +1,14 @@ -FROM debian:stretch-slim +FROM debian:bullseye-slim + +# PORTER_INIT SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Install Azure CLI -# It's useless to specify azcli version since the mixin installs the latest anyway -RUN apt-get update \ - && apt-get install --no-install-recommends -y ca-certificates jq curl apt-transport-https lsb-release gnupg \ - && curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \ - && AZ_REPO=$(lsb_release -cs) \ - && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list \ - && apt-get update && apt-get --no-install-recommends -y install azure-cli \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN az extension add --name azure-firewall +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update \ + && apt-get install --no-install-recommends -y jq curl ca-certificates RUN export PORTER_HOME=/home/"${USER}"/.porter \ && curl -L https://cdn.porter.sh/latest/install-linux.sh | bash \ @@ -20,21 +16,7 @@ RUN export PORTER_HOME=/home/"${USER}"/.porter \ ENV PATH /home/$USER/.porter/:$PATH -ARG BUNDLE_DIR - -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle - -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/innereye/parameters.json b/templates/workspace_services/innereye/parameters.json index 47b94cb20e..3baa535047 100755 --- a/templates/workspace_services/innereye/parameters.json +++ b/templates/workspace_services/innereye/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "innereye", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-innereye", "parameters": [ { "name": "id", @@ -59,4 +59,4 @@ } } ] -} \ No newline at end of file +} diff --git a/templates/workspace_services/innereye/parameters_service_azureml.json b/templates/workspace_services/innereye/parameters_service_azureml.json index fa249f56d9..5d83055130 100755 --- a/templates/workspace_services/innereye/parameters_service_azureml.json +++ b/templates/workspace_services/innereye/parameters_service_azureml.json @@ -1,5 +1,5 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", + "schemaVersion": "1.0.1", "name": "service-azureml", "created": "2021-06-03T11:54:54.0225968Z", "modified": "2021-06-03T11:54:54.0225968Z", @@ -47,4 +47,4 @@ } } ] -} \ No newline at end of file +} diff --git a/templates/workspace_services/innereye/porter.yaml b/templates/workspace_services/innereye/porter.yaml index b8d7b46b99..c56b686fec 100644 --- a/templates/workspace_services/innereye/porter.yaml +++ b/templates/workspace_services/innereye/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-innereye -version: 0.4.1 +version: 0.5.0 description: "An Azure TRE service for InnerEye Deep Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -49,9 +50,12 @@ parameters: mixins: - exec - - az + - az: + clientVersion: 2.37.0 + extensions: + - azure-firewall - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - az: @@ -60,40 +64,34 @@ install: - login flags: identity: - username: "{{ bundle.credentials.azure_client_id}}" + username: ${ bundle.credentials.azure_client_id} - az: description: "acr login" arguments: - acr - login flags: - name: "{{ bundle.parameters.mgmt_acr_name }}" + name: ${ bundle.parameters.mgmt_acr_name } - exec: description: "Install Azure ML service" command: ./install_service_azureml.sh - terraform: description: "Deploy service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - inference_sp_client_id: - "{{ bundle.parameters.inference_sp_client_id }}" - inference_sp_client_secret: - "{{ bundle.parameters.inference_sp_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: - "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + inference_sp_client_id: ${ bundle.parameters.inference_sp_client_id } + inference_sp_client_secret: ${ bundle.parameters.inference_sp_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: - "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: - "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: - "tre-service-innereye-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-innereye-${ bundle.parameters.id } outputs: - name: azureml_compute_cluster_name @@ -108,21 +106,17 @@ uninstall: - terraform: description: "Tear down workspace" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - inference_sp_client_id: "{{ bundle.parameters.inference_sp_client_id }}" - inference_sp_client_secret: - "{{ bundle.parameters.inference_sp_client_secret }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: - "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + inference_sp_client_id: ${ bundle.parameters.inference_sp_client_id } + inference_sp_client_secret: ${ bundle.parameters.inference_sp_client_secret } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: - resource_group_name: - "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: - "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-innereye-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-innereye-${ bundle.parameters.id } diff --git a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl index 1570913c6a..093801a738 100644 --- a/templates/workspace_services/innereye/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/innereye/terraform/.terraform.lock.hcl @@ -21,21 +21,21 @@ provider "registry.terraform.io/hashicorp/azurerm" { } provider "registry.terraform.io/hashicorp/external" { - version = "2.2.2" + version = "2.2.3" hashes = [ - "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=", - "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca", - "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28", - "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b", - "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39", + "h1:uvOYRWcVIqOZSl8YjjaB18yZFz1AWIt2CnK7O45rckg=", + "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", + "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", + "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", + "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387", + "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a", + "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32", + "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327", - "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955", - "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb", - "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0", - "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a", - "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372", - "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809", + "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353", + "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f", + "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a", + "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a", ] } @@ -59,21 +59,21 @@ provider "registry.terraform.io/hashicorp/local" { } provider "registry.terraform.io/hashicorp/null" { - version = "3.1.1" + version = "3.2.1" hashes = [ - "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=", - "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", - "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", - "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", + "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", - "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", - "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", - "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", - "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", - "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", - "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", - "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", ] } diff --git a/templates/workspace_services/mlflow/Dockerfile.tmpl b/templates/workspace_services/mlflow/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/mlflow/Dockerfile.tmpl +++ b/templates/workspace_services/mlflow/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/mlflow/parameters.json b/templates/workspace_services/mlflow/parameters.json index b4cb27c8c0..13b40e70e5 100644 --- a/templates/workspace_services/mlflow/parameters.json +++ b/templates/workspace_services/mlflow/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "azureml", - "created": "2021-06-03T11:54:54.0225968Z", - "modified": "2021-06-03T11:54:54.0225968Z", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-service-mlflow", "parameters": [ { "name": "workspace_id", diff --git a/templates/workspace_services/mlflow/porter.yaml b/templates/workspace_services/mlflow/porter.yaml index 92c7d3c53a..b23f427bda 100644 --- a/templates/workspace_services/mlflow/porter.yaml +++ b/templates/workspace_services/mlflow/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-service-mlflow -version: 0.5.6 +version: 0.6.0 description: "An Azure TRE service for MLflow machine learning lifecycle" dockerfile: Dockerfile.tmpl registry: azuretre @@ -65,22 +66,22 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 install: - terraform: description: "Deploy workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-mlflow-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-mlflow-${ bundle.parameters.id } outputs: - name: internal_connection_uri @@ -88,16 +89,16 @@ upgrade: - terraform: description: "Deploy workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-mlflow-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-mlflow-${ bundle.parameters.id } outputs: - name: internal_connection_uri @@ -105,13 +106,13 @@ uninstall: - terraform: description: "Tear down workspace service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - mgmt_acr_name: "{{ bundle.parameters.mgmt_acr_name }}" - mgmt_resource_group_name: "{{ bundle.parameters.mgmt_resource_group_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + mgmt_acr_name: ${ bundle.parameters.mgmt_acr_name } + mgmt_resource_group_name: ${ bundle.parameters.mgmt_resource_group_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-service-mlflow-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-service-mlflow-${ bundle.parameters.id } diff --git a/templates/workspace_services/mysql/Dockerfile.tmpl b/templates/workspace_services/mysql/Dockerfile.tmpl index 709aaecfc4..3452b48f1d 100644 --- a/templates/workspace_services/mysql/Dockerfile.tmpl +++ b/templates/workspace_services/mysql/Dockerfile.tmpl @@ -1,19 +1,9 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspace_services/mysql/parameters.json b/templates/workspace_services/mysql/parameters.json index 26cdd530f4..d0be3f15b1 100644 --- a/templates/workspace_services/mysql/parameters.json +++ b/templates/workspace_services/mysql/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-service-mysql", "parameters": [ { "name": "tre_id", @@ -51,6 +51,12 @@ "source": { "env": "DB_NAME" } + }, + { + "name": "workspace_id", + "source": { + "env": "WORKSPACE_ID" + } } ] } diff --git a/templates/workspace_services/mysql/porter.yaml b/templates/workspace_services/mysql/porter.yaml index 510e661021..ce228a3917 100644 --- a/templates/workspace_services/mysql/porter.yaml +++ b/templates/workspace_services/mysql/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-service-mysql -version: 0.2.0 +version: 0.3.0 description: "A MySQL workspace service" registry: azuretre dockerfile: Dockerfile.tmpl @@ -52,7 +53,7 @@ parameters: mixins: - exec - terraform: - clientVersion: 1.2.6 + clientVersion: 1.3.6 outputs: - name: mysql_fqdn @@ -63,19 +64,18 @@ outputs: install: - terraform: description: "Deploy MySQL workspace service" - input: false vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - sql_sku: "{{ bundle.parameters.sql_sku }}" - storage_mb: "{{ bundle.parameters.storage_mb }}" - db_name: "{{ bundle.parameters.db_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + sql_sku: ${ bundle.parameters.sql_sku } + storage_mb: ${ bundle.parameters.storage_mb } + db_name: ${ bundle.parameters.db_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-mysql-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-mysql-${ bundle.parameters.id } outputs: - name: mysql_fqdn upgrade: @@ -87,16 +87,15 @@ upgrade: uninstall: - terraform: description: "Tear down MySQL workspace service" - input: false vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - sql_sku: "{{ bundle.parameters.sql_sku }}" - storage_mb: "{{ bundle.parameters.storage_mb }}" - db_name: "{{ bundle.parameters.db_name }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + sql_sku: ${ bundle.parameters.sql_sku } + storage_mb: ${ bundle.parameters.storage_mb } + db_name: ${ bundle.parameters.db_name } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "tre-workspace-service-mysql-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-workspace-service-mysql-${ bundle.parameters.id } diff --git a/templates/workspaces/airlock-import-review/Dockerfile.tmpl b/templates/workspaces/airlock-import-review/Dockerfile.tmpl index a2bf7a4b68..1894018a3f 100644 --- a/templates/workspaces/airlock-import-review/Dockerfile.tmpl +++ b/templates/workspaces/airlock-import-review/Dockerfile.tmpl @@ -1,35 +1,28 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -ARG AZURE_TRE_VERSION="0.4.3" +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache + +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y jq="1.6-2.1" curl ca-certificates patch --no-install-recommends -RUN apt-get update \ - && apt-get install --no-install-recommends jq ca-certificates curl patch -y \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +ARG AZURE_TRE_VERSION="0.4.3" -WORKDIR $BUNDLE_DIR +WORKDIR ${BUNDLE_DIR} # Copy all files from base workspace (note: some of them will be overwritten with the following COPY command) RUN curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \ - && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ + && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ && rm -rf azuretre.tar.gz -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ # Apply patch with the difference from the base workspace -RUN patch -p0 < $BUNDLE_DIR/workspace_base.diff +RUN patch -p0 < "${BUNDLE_DIR}"/workspace_base.diff diff --git a/templates/workspaces/airlock-import-review/parameters.json b/templates/workspaces/airlock-import-review/parameters.json index b2629fa035..87ae0e99b7 100755 --- a/templates/workspaces/airlock-import-review/parameters.json +++ b/templates/workspaces/airlock-import-review/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "airlock_import_review", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-airlock-import-review", "parameters": [ { "name": "address_space", diff --git a/templates/workspaces/airlock-import-review/porter.yaml b/templates/workspaces/airlock-import-review/porter.yaml index 5815fb5c75..51447e4a75 100644 --- a/templates/workspaces/airlock-import-review/porter.yaml +++ b/templates/workspaces/airlock-import-review/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-airlock-import-review -version: 0.5.0 +version: 0.6.0 description: "A workspace to do Airlock Data Import Reviews for Azure TRE" dockerfile: Dockerfile.tmpl registry: azuretre @@ -132,38 +133,39 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.2.6 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -173,84 +175,86 @@ install: - name: sp_id upgrade: - # TODO: fix with https://github.com/microsoft/AzureTRE/issues/2114 - # - terraform: - # description: "Upgrade workspace" - # vars: - # tre_id: "{{ bundle.parameters.tre_id }}" - # tre_resource_id: "{{ bundle.parameters.id }}" - # location: "{{ bundle.parameters.azure_location }}" - # address_space: "{{ bundle.parameters.address_space }}" - # enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - # register_aad_application: "{{ bundle.parameters.register_aad_application }}" - # auth_client_id: "{{ bundle.credentials.auth_client_id }}" - # auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - # auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - # workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - # client_id: "{{ bundle.parameters.client_id }}" - # client_secret: "{{ bundle.parameters.client_secret }}" - # scope_id: "{{ bundle.parameters.scope_id }}" - # sp_id: "{{ bundle.parameters.sp_id }}" - # app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - # app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - # aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - # backendConfig: - # resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - # storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - # container_name: "{{ bundle.parameters.tfstate_container_name }}" - # key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" - # outputs: - # - name: app_role_id_workspace_owner - # - name: app_role_id_workspace_researcher - # - name: client_id - # - name: scope_id - # - name: sp_id + - terraform: + description: "Deploy workspace" + vars: + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } + outputs: + - name: app_role_id_workspace_owner + - name: app_role_id_workspace_researcher + - name: app_role_id_workspace_airlock_manager + - name: client_id + - name: scope_id + - name: sp_id - az: description: "AAD Application Admin Login" arguments: - login flags: service-principal: "" - username: "'{{bundle.credentials.auth_client_id}}'" - password: "'{{bundle.credentials.auth_client_secret}}'" - tenant: "'{{bundle.credentials.auth_tenant_id}}'" + username: '${ bundle.credentials.auth_client_id }' + password: '${ bundle.credentials.auth_client_secret }' + tenant: '${ bundle.credentials.auth_tenant_id }' allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: "{{ bundle.parameters.client_id }}" - aad-redirect-uris-b64: "{{ bundle.parameters.aad_redirect_uris }}" - # always update with the script since we don't run TF for upgrade - # might need to change when https://github.com/microsoft/AzureTRE/issues/2114 is resolved. - register-aad-application: "false" - # register-aad-application: "{{ bundle.parameters.register_aad_application }}" + workspace-api-client-id: '${ bundle.parameters.client_id }' + aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' + register-aad-application: '${ bundle.parameters.register_aad_application }' uninstall: - terraform: description: "Tear down workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } diff --git a/templates/workspaces/base/.env.sample b/templates/workspaces/base/.env.sample index 0af46d28a2..df96d05cc7 100644 --- a/templates/workspaces/base/.env.sample +++ b/templates/workspaces/base/.env.sample @@ -30,3 +30,4 @@ SHARED_STORAGE_QUOTA=50 ENABLE_LOCAL_DEBUGGING=true AAD_REDIRECT_URIS="W10=" +WORKSPACE_APP_SERVICE_PLAN_SKU=S1 diff --git a/templates/workspaces/base/Dockerfile.tmpl b/templates/workspaces/base/Dockerfile.tmpl index 10bf45f029..cefd0d0448 100644 --- a/templates/workspaces/base/Dockerfile.tmpl +++ b/templates/workspaces/base/Dockerfile.tmpl @@ -1,24 +1,16 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -# Install jq -RUN apt-get update && \ - apt-get install -y jq="1.6-2.1" --no-install-recommends && \ - apt-get clean -y && rm -rf /var/lib/apt/lists/* +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y jq="1.6-2.1" --no-install-recommends -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspaces/base/parameters.json b/templates/workspaces/base/parameters.json index 15f8a61b4d..8228c2b067 100755 --- a/templates/workspaces/base/parameters.json +++ b/templates/workspaces/base/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-base", "parameters": [ { "name": "address_spaces", diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 2c00584a27..bb3b88cff6 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -1,4 +1,5 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-base version: 0.8.0 description: "A base Azure TRE workspace" @@ -139,44 +140,45 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.3.5 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_spaces: "{{ bundle.parameters.address_spaces }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - create_aad_groups: "{{ bundle.parameters.create_aad_groups }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -189,37 +191,37 @@ upgrade: - terraform: description: "Upgrade workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_spaces: "{{ bundle.parameters.address_spaces }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - create_aad_groups: "{{ bundle.parameters.create_aad_groups }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -233,49 +235,49 @@ upgrade: - login flags: service-principal: "" - username: "'{{bundle.credentials.auth_client_id}}'" - password: "'{{bundle.credentials.auth_client_secret}}'" - tenant: "'{{bundle.credentials.auth_tenant_id}}'" + username: '${ bundle.credentials.auth_client_id }' + password: '${ bundle.credentials.auth_client_secret }' + tenant: '${ bundle.credentials.auth_tenant_id }' allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: "{{ bundle.parameters.client_id }}" - aad-redirect-uris-b64: "{{ bundle.parameters.aad_redirect_uris }}" - register-aad-application: "{{ bundle.parameters.register_aad_application }}" + workspace-api-client-id: '${ bundle.parameters.client_id }' + aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' + register-aad-application: '${ bundle.parameters.register_aad_application }' uninstall: - terraform: description: "Tear down workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_spaces: "{{ bundle.parameters.address_spaces }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - create_aad_groups: "{{ bundle.parameters.create_aad_groups }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } diff --git a/templates/workspaces/base/template_schema.json b/templates/workspaces/base/template_schema.json index cf539371e7..2ae9c9d504 100644 --- a/templates/workspaces/base/template_schema.json +++ b/templates/workspaces/base/template_schema.json @@ -3,7 +3,7 @@ "$id": "https://github.com/microsoft/AzureTRE/templates/workspaces/base/template_schema.json", "type": "object", "title": "Base Workspace", - "description": "This workspace template is the foundation for TRE workspaces and workspace services.", + "description": "This workspace template is the foundation for TRE workspaces.", "required": [ "auth_type", "address_space_size" diff --git a/templates/workspaces/unrestricted/Dockerfile.tmpl b/templates/workspaces/unrestricted/Dockerfile.tmpl index 2621da44e2..cad6523486 100644 --- a/templates/workspaces/unrestricted/Dockerfile.tmpl +++ b/templates/workspaces/unrestricted/Dockerfile.tmpl @@ -1,32 +1,25 @@ +# syntax=docker/dockerfile-upstream:1.4.0 FROM debian:bullseye-slim -ARG BUNDLE_DIR +# PORTER_INIT -ARG AZURE_TRE_VERSION="0.4.2" +RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache + +# Install jq +RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y jq="1.6-2.1" curl ca-certificates patch --no-install-recommends -RUN apt-get update \ - && apt-get install --no-install-recommends jq ca-certificates curl -y \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* +ARG AZURE_TRE_VERSION="0.4.2" WORKDIR $BUNDLE_DIR +# Copy all files from base workspace (note: some of them will be overwritten with the following COPY command) RUN curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \ - && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ + && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \ && rm -rf azuretre.tar.gz -# This is a template Dockerfile for the bundle's invocation image -# You can customize it to use different base images, install tools and copy configuration files. -# -# Porter will use it as a template and append lines to it for the mixins -# and to set the CMD appropriately for the CNAB specification. -# -# Add the following line to porter.yaml to instruct Porter to use this template -# dockerfile: Dockerfile.tmpl - -# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line -# another location in this file. If you remove that line, the mixins generated content is appended to this file. # PORTER_MIXINS # Use the BUNDLE_DIR build argument to copy files into the bundle - -COPY . $BUNDLE_DIR +COPY --link . ${BUNDLE_DIR}/ diff --git a/templates/workspaces/unrestricted/parameters.json b/templates/workspaces/unrestricted/parameters.json index 25cab304ae..0edb66fe87 100755 --- a/templates/workspaces/unrestricted/parameters.json +++ b/templates/workspaces/unrestricted/parameters.json @@ -1,8 +1,8 @@ { - "schemaVersion": "1.0.0-DRAFT+TODO", - "name": "base", - "created": "2021-06-04T13:37:29.5071039+03:00", - "modified": "2021-06-04T13:37:29.5071039+03:00", + "schemaType": "ParameterSet", + "schemaVersion": "1.0.1", + "namespace": "", + "name": "tre-workspace-unrestricted", "parameters": [ { "name": "address_space", diff --git a/templates/workspaces/unrestricted/porter.yaml b/templates/workspaces/unrestricted/porter.yaml index a631a74c31..f8ca3735df 100644 --- a/templates/workspaces/unrestricted/porter.yaml +++ b/templates/workspaces/unrestricted/porter.yaml @@ -1,6 +1,7 @@ --- +schemaVersion: 1.0.0 name: tre-workspace-unrestricted -version: 0.5.0 +version: 0.6.0 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre @@ -135,39 +136,40 @@ outputs: mixins: - exec - terraform: - clientVersion: 1.1.7 - - az + clientVersion: 1.3.6 + - az: + clientVersion: 2.37.0 install: - terraform: description: "Deploy workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - client_secret: "{{ bundle.parameters.client_secret }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } outputs: - name: app_role_id_workspace_owner - name: app_role_id_workspace_researcher @@ -177,86 +179,87 @@ install: - name: sp_id upgrade: - # TODO: fix with https://github.com/microsoft/AzureTRE/issues/2114 - # - terraform: - # description: "Upgrade workspace" - # vars: - # tre_id: "{{ bundle.parameters.tre_id }}" - # tre_resource_id: "{{ bundle.parameters.id }}" - # location: "{{ bundle.parameters.azure_location }}" - # address_space: "{{ bundle.parameters.address_space }}" - # shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - # enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - # register_aad_application: "{{ bundle.parameters.register_aad_application }}" - # auth_client_id: "{{ bundle.credentials.auth_client_id }}" - # auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - # auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - # workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - # client_id: "{{ bundle.parameters.client_id }}" - # client_secret: "{{ bundle.parameters.client_secret }}" - # scope_id: "{{ bundle.parameters.scope_id }}" - # sp_id: "{{ bundle.parameters.sp_id }}" - # app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - # app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - # aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - # backendConfig: - # resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - # storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - # container_name: "{{ bundle.parameters.tfstate_container_name }}" - # key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" - # outputs: - # - name: app_role_id_workspace_owner - # - name: app_role_id_workspace_researcher - # - name: client_id - # - name: scope_id - # - name: sp_id + - terraform: + description: "Deploy workspace" + vars: + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_spaces: ${ bundle.parameters.address_spaces } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + create_aad_groups: ${ bundle.parameters.create_aad_groups } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + client_secret: ${ bundle.parameters.client_secret } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id } + outputs: + - name: app_role_id_workspace_owner + - name: app_role_id_workspace_researcher + - name: app_role_id_workspace_airlock_manager + - name: client_id + - name: scope_id + - name: sp_id - az: description: "AAD Application Admin Login" arguments: - login flags: service-principal: "" - username: "'{{bundle.credentials.auth_client_id}}'" - password: "'{{bundle.credentials.auth_client_secret}}'" - tenant: "'{{bundle.credentials.auth_tenant_id}}'" + username: '${ bundle.credentials.auth_client_id }' + password: '${ bundle.credentials.auth_client_secret }' + tenant: '${ bundle.credentials.auth_tenant_id }' allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: "{{ bundle.parameters.client_id }}" - aad-redirect-uris-b64: "{{ bundle.parameters.aad_redirect_uris }}" - # always update with the script since we don't run TF for upgrade - # might need to change when https://github.com/microsoft/AzureTRE/issues/2114 is resolved. - register-aad-application: "false" - # register-aad-application: "{{ bundle.parameters.register_aad_application }}" + workspace-api-client-id: '${ bundle.parameters.client_id }' + aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' + register-aad-application: '${ bundle.parameters.register_aad_application }' uninstall: - terraform: description: "Tear down workspace" vars: - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - location: "{{ bundle.parameters.azure_location }}" - address_space: "{{ bundle.parameters.address_space }}" - shared_storage_quota: "{{ bundle.parameters.shared_storage_quota }}" - enable_local_debugging: "{{ bundle.parameters.enable_local_debugging }}" - register_aad_application: "{{ bundle.parameters.register_aad_application }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" - workspace_owner_object_id: "{{ bundle.parameters.workspace_owner_object_id }}" - client_id: "{{ bundle.parameters.client_id }}" - scope_id: "{{ bundle.parameters.scope_id }}" - sp_id: "{{ bundle.parameters.sp_id }}" - app_role_id_workspace_owner: "{{ bundle.parameters.app_role_id_workspace_owner }}" - app_role_id_workspace_researcher: "{{ bundle.parameters.app_role_id_workspace_researcher }}" - app_role_id_workspace_airlock_manager: "{{ bundle.parameters.app_role_id_workspace_airlock_manager }}" - aad_redirect_uris_b64: "{{ bundle.parameters.aad_redirect_uris }}" - app_service_plan_sku: "{{ bundle.parameters.app_service_plan_sku }}" - enable_airlock: "{{ bundle.parameters.enable_airlock }}" + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + location: ${ bundle.parameters.azure_location } + address_space: ${ bundle.parameters.address_space } + shared_storage_quota: ${ bundle.parameters.shared_storage_quota } + enable_local_debugging: ${ bundle.parameters.enable_local_debugging } + register_aad_application: ${ bundle.parameters.register_aad_application } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_owner_object_id: ${ bundle.parameters.workspace_owner_object_id } + client_id: ${ bundle.parameters.client_id } + scope_id: ${ bundle.parameters.scope_id } + sp_id: ${ bundle.parameters.sp_id } + app_role_id_workspace_owner: ${ bundle.parameters.app_role_id_workspace_owner } + app_role_id_workspace_researcher: ${ bundle.parameters.app_role_id_workspace_researcher } + app_role_id_workspace_airlock_manager: ${ bundle.parameters.app_role_id_workspace_airlock_manager } + aad_redirect_uris_b64: ${ bundle.parameters.aad_redirect_uris } + app_service_plan_sku: ${ bundle.parameters.app_service_plan_sku } + enable_airlock: ${ bundle.parameters.enable_airlock } backendConfig: - resource_group_name: "{{ bundle.parameters.tfstate_resource_group_name }}" - storage_account_name: "{{ bundle.parameters.tfstate_storage_account_name }}" - container_name: "{{ bundle.parameters.tfstate_container_name }}" - key: "{{ bundle.parameters.tre_id }}-ws-{{ bundle.parameters.id }}" + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: ${ bundle.parameters.tre_id }-ws-${ bundle.parameters.id }