0.4.3

BREAKING CHANGES & MIGRATIONS:

• Remove support for Nexus V1 (#2580). Please migrate to the newer version as described here.

FEATURES:

ENHANCEMENTS:

• Adding Log Analytics & Antimalware VM extensions (#2520)
• Block anonymous access to 2 storage accounts (#2524)
• Gitea shared service support app-service standard SKUs (#2523)
• Keyvault diagnostic settings in base workspace (#2521)
• Airlock requests contain a field with information about the files that were submitted (#2504)
• UI - Operations and notifications stability improvements ([#2530)
• UI - Initial implemetation of Workspace Airlock Request View (#2512)
• Add is_expsed_externally option to Azure ML Workspace Service (#2548)
• Azure ML workspace service assigns Azure ML Data Scientist role to Workspace Researchers (#2539)
• UI is deployed by default (#2554)
• Remove manual/makefile option to install Gitea/Nexus (#2573)
• Exact Terraform provider versions in bundles (#2579)
• Stabilize E2E tests by issuing the access token prior using it, hence, reducing the change of expired token (#2572)

BUG FIXES:

• API health check is also returned by accessing the root path at / (#2469)
• Temporary disable AppInsight's private endpoint in base workspace (#2543)
• Resource Processor execution optimization (porter show) for long-standing services (#2542)
• Move AML Compute deployment to use AzApi Terraform Provider {#2555
• Invalid token exceptions in the API app are catched, throwing 401 instead of 500 Internal server error (#2572)

COMPONENTS:

name	version
devops	0.4.0
core	0.4.23
tre-workspace-base	0.3.28
tre-workspace-unrestricted	0.1.9
tre-service-mlflow	0.3.7
tre-service-innereye	0.3.5
tre-workspace-service-gitea	0.3.8
tre-workspace-service-mysql	0.1.2
tre-service-guacamole-linuxvm	0.4.14
tre-service-guacamole-windowsvm	0.4.8
tre-service-guacamole	0.4.5
tre-user-resource-aml-compute-instance	0.3.2
tre-service-azureml	0.4.8
tre-shared-service-cyclecloud	0.2.6
tre-shared-service-gitea	0.3.14
tre-shared-service-airlock-notifier	0.1.2
tre-shared-service-certs	0.1.3
tre-shared-service-sonatype-nexus	2.1.6
tre-shared-service-firewall	0.4.3

Full Changelog: v0.4.2...v0.4.3

0.4.2

BREAKING CHANGES & MIGRATIONS:

• API identity is only assigned Virtual Machine Contributor on the workspace level (#2398). Review the PR for migration steps.

FEATURES:

• MySql workspace service (#2476)

ENHANCEMENTS:

• 'CreationTime' field was added to Airlock requests (#2432)
• Bundles mirror Terraform plugins when built (#2446)
• 'Get all Airlock requests' endpoint supports filtering (#2433)
• API uses user delagation key when generating SAS token for airlock requests (#2460)
• Longer docker caching in Resource Processor (#2486)
• Remove AppInsights Profiler support in base workspace bundle and deploy with native Terraform resources (#2478)

BUG FIXES:

• Azure monitor resourced provided by Terraform and don't allow ingestion over internet (#2375)
• Enable route table on the Airlock Processor subnet (#2414)
• Support for Standard app service plan SKUs (#2415)
• Fix Azure ML Workspace deletion (#2452)
• Get all pages in MS Graph queries (#2492)

COMPONENTS:

name	version
devops	0.4.0
core	0.4.18
tre-workspace-base	0.3.19
tre-workspace-base	0.3.25
tre-service-mlflow	0.3.5
tre-service-innereye	0.3.3
tre-workspace-service-gitea	0.3.6
tre-workspace-service-mysql	0.1.0
tre-service-guacamole-linuxvm	0.4.11
tre-service-guacamole-windowsvm	0.4.4
tre-service-guacamole	0.4.3
tre-user-resource-aml-compute-instance	0.3.1
tre-service-azureml	0.4.3
tre-shared-service-cyclecloud	0.2.4
tre-shared-service-gitea	0.3.11
tre-shared-service-airlock-notifier	0.1.0
tre-shared-service-certs	0.1.2
tre-shared-service-sonatype-nexus	2.1.4
tre-shared-service-firewall	0.4.2
tre-shared-service-nexus	0.3.6

Full Changelog: v0.4.1...v0.4.2

0.4.1

BREAKING CHANGES & MIGRATIONS:

• Guacamole workspace service configures firewall requirements with deployment pipeline (#2371). Migration is manual - update the templateVersion of tre-shared-service-firewall in Cosmos to 0.4.0 in order to use this capability.
• Workspace now has an AirlockManager role that has the permissions to review airlock requests (#2349).

ENHANCEMENTS:

• Guacamole logs are sent to Application Insights (#2376)
• make tre-start/stop run in parallel which saves ~5 minutes (#2394)

BUG FIXES:

• Airlock processor creates SAS tokens with user delegated key (#2382)
• Script updates to work with deployment repo structure (#2385)

0.4

What's Changed

• Fix Firewall Logging by @martinpeck in #1870
• Change how access properties in get_scope by @marrobi in #1882
• added missing param for invoke-action by @damoodamoo in #1906
• Add Bicep tools to devcontainer by @SvenAelterman in #1848
• E2E tests: Fix shared service and performance tests by @tanya-borisova in #1860
• Add .terraform in .dockerignore files by @sonali-rajput in #1872
• Add resource id var to shared services by @LizaShak in #1914
• Add TFLint config by @tamirkamara in #1919
• Update httpx package by @martinpeck in #1917
• Improve documentation for Resource Processor by @tanya-borisova in #1827
• Re-host Nexus on vm by @jjgriff93 in #1584
• Mandatory client-secret when creating a workspace by @ross-p-smith in #1924
• Disable app service's ftp by @tamirkamara in #1930
• Airlock resources - tf scripts by @eladiw in #1843
• Make etag required in API documentaiton, remove custom check by @SharonHart in #1932
• Reimage Resource Processor Automatically by @tamirkamara in #1929
• Tag tre core services by @guybartal in #1916
• Setting workspace_owner_object_id when creating workspaces by @ross-p-smith in #1928
• Optimize Guacamole docker image by @tamirkamara in #1933
• Upgrade azurerm provider version to 3.5.0 by @tanya-borisova in #1947
• E2E on main run in sequence by @tamirkamara in #1945
• Fix pr-bot e2eTestsCustomSelector param by @tamirkamara in #1959
• Airlock processor - function app based - Base by @eladiw in #1950
• Cost Report - Tag Gitea shared service by @LizaShak in #1941
• Fix Guacamole firewall rule name by @dusan-ilic-mhra in #1957
• azurerm_app_service_plan is deprecated and we should use azurerm_service_plan by @ross-p-smith in #1958
• Don't migrate Terraform state by @ross-p-smith in #1977
• [cost] Tag firewall and nexus shared services. by @LizaShak in #1979
• Create Application Administrator by @ross-p-smith in #1975
• Cleanup bundle dockerfiles by @tamirkamara in #1969
• Register VM Bundle for E2E tests by @ross-p-smith in #1987
• Publish before Register by @ross-p-smith in #1988
• Registering a user_resource needs the Workspace Service Name by @ross-p-smith in #1989
• add missing dockerfile.tmpl references by @tamirkamara in #1990
• Create user_resource in e2e tests by @ross-p-smith in #1952
• Missing TF_VARS passed into devcontainer by @ross-p-smith in #1993
• Missing TF_VAR_application_admin_client_id Inputs by @ross-p-smith in #1994
• Use different identity to create applications by @ross-p-smith in #1976
• [cost] Tag Guacamole Workspace Service in Terraform by @ciprianmaf in #1971
• PR Bot Condition Fix by @tamirkamara in #2002
• Checking Bundle's parameter.json file by @tamirkamara in #1995
• Fix a pytest error when running only smoke tests in CI by @tamirkamara in #2007
• [cost] add billing reader role to api identity by @guybartal in #2004
• Mandatory Identity with Application.ReadWrite.OwnedBy by @ross-p-smith in #2008
• UI MVP by @damoodamoo in #2001
• Change the build to have a new Identity by @ross-p-smith in #2015
• Block WS Airlock storage acccounts from public network by @eladiw in #2017
• Update tomcat url to download a fixed version by @tamirkamara in #2024
• Remove e2e workflow by @tamirkamara in #2027
• Airlock API (Draft + Submit) by @anatbal in #1949
• Fix missing MAKEFILE_DIR by @tamirkamara in #2020
• Enable purge protection by @tanya-borisova in #1973
• Event Grid uses managed identity instead of access key by @anatbal in #2032
• [cost] Create Cost Reporting API stubs by @guybartal in #2003
• [cost] Tag Gitea workspace service in Terraform by @ciprianmaf in #2005
• Add stateful_resources_locked to firewall bundle by @tamirkamara in #2029
• Build airlock_processor image in CI by @tamirkamara in #2022
• Configure docker hub proxy by @jjgriff93 in #2026
• Airlock processor handles request Submission by @eladiw in #1978
• Tests for User Resources by @ross-p-smith in #2035
• [cost] Cost Management ARM REST API call methods by @guybartal in #2030
• Disable API health check of downstream services by @tamirkamara in #2049
• Split user resource registration in CI workflow by @tamirkamara in #2051
• Airlock processor networking (vnet integration and airlock subnet) by @eladiw in #2040
• Airlock - API - approve/reject a request by @anatbal in #2044
• Update create_aad_assets.sh for switch changes in aad-app-reg.sh by @stuartleeks in #2039
• [cost] Tagging Base workspace by @pedro-pelegrin-nttdata in #1970
• Give AML dedicated storage by @marrobi in #2043
• Increase e2e timeouts by @tamirkamara in #2054
• Disable ftp in airlock app by @tamirkamara in #2059
• Pipeline Property Substitution by @damoodamoo in #2052
• Fixing Airlock API bugs when integrating to airlock processor by @anatbal in #2067
• Added auth docs for Application Admin by @ross-p-smith in #2068
• [cost] Tag innereye Workspace Service in Terraform by @pedro-pelegrin-nttdata in #1998
• Redact secrets before saving resources in Cosmos by @tanya-borisova in #2066
• make db-migrate now uses API by @ross-p-smith in #2075
• Database Migrate doesn't work in main by @ross-p-smith in #2088
• TRE costs API endpoint (/api/costs) by @guybartal in #2057
• Update parent workspace in pipeline (and set Guac redirect URI after install) by @damoodamoo in #2083
• Doc Site Updates to Move Docs and Fix Broken Links by @martinpeck in #2090
• make linting easier by @martinpeck in #2094
• Adding networking changes (Eventgrid to SB enablement) by @eladiw in #2055
• Run extended-aad tests only on main by @tamirkamara in #2102
• fix broken airlock upgrades by @eladiw in #2107
• Add curl retry by @tamirkamara in #2046
• Update workspace redirect uris when auto-aad is disabled by @tamirkamara in #2100
• Guacamole user resource templates tagging by @pedro-pelegrin-nttdata in #2061
• Workspace app service SKU as top level parameter by @tamirkamara in #2117
• Rename event grid topics to force recreate by @tamirkamara in #2120
• Fix Guacamole's authentication URI to support auto update in workspace app by @tamirkamara in #2118
• Stop running Terraform in base workspace upgrade (temp fix) by @tamirkamara in https://gi...

0.3

v0.3

update all versions to 0.3 (#1754)

0.2

This release marks a working version of the solution accelerator Azure Trusted Research Environment (TRE)

The high-level features for this release are:

• Composition Service to manage and deploy Workspaces, Workspace Service and User Resources.
• Source code read-only mirror. Researchers can get source code from external git-based repositories via internal mirror.
• App package read-only mirror. Researchers can get NPM, NuGet, PyPi etc. packages via internal mirror.
• Virtual Desktop Workspace Service (Guacamole) enabling Researchers to access data and Azure services within a Workspace without being able to exfiltrate data.
• InnerEye Azure Machine Learning Workspace template enabling provisioning of InnerEye Deeplearning research environments.
• Documentation on GitHub Pages based on MkDocs. With easy to follow setup instructions and extensibility through authoring new Workspaces, Workspace Services or User Resources.