[NWSDE #46] NWSDE Data Engineering & Research Workspaces (updates to …

…Dec-24)

.github/workflows/deploy_tre_reusable.yml

@@ -389,6 +389,12 @@ jobs:
              BUNDLE_DIR: "./templates/workspaces/unrestricted"}
           - {BUNDLE_TYPE: "workspace",
              BUNDLE_DIR: "./templates/workspaces/airlock-import-review"}
+# JR 22-Apr-2014 Add Data Engineering and Research Workspace bundles
+          - {BUNDLE_TYPE: "workspace",
+             BUNDLE_DIR: "./templates/workspaces/nwsde-data-engineering"}
+          - {BUNDLE_TYPE: "workspace",
+             BUNDLE_DIR: "./templates/workspaces/nwsde-research"}
+# End
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/guacamole"}
           - {BUNDLE_TYPE: "workspace_service",
@@ -550,6 +556,12 @@ jobs:
              BUNDLE_DIR: "./templates/workspaces/unrestricted"}
           - {BUNDLE_TYPE: "workspace",
              BUNDLE_DIR: "./templates/workspaces/airlock-import-review"}
+# JR 22-Apr-2014 Add Data Engineering and Research Workspace bundles
+          - {BUNDLE_TYPE: "workspace",
+             BUNDLE_DIR: "./templates/workspaces/nwsde-data-engineering"}
+          - {BUNDLE_TYPE: "workspace",
+             BUNDLE_DIR: "./templates/workspaces/nwsde-research"}
+# End
           - {BUNDLE_TYPE: "workspace_service",
              BUNDLE_DIR: "./templates/workspace_services/guacamole"}
           - {BUNDLE_TYPE: "workspace_service",

templates/workspaces/nwsde-data-engineering/.dockerignore

@@ -0,0 +1,9 @@
+# Local .terraform directories
+**/.terraform/*
+
+# TF backend files
+**/*_backend.tf
+
+Dockerfile.tmpl
+terraform/deploy.sh
+terraform/destroy.sh

templates/workspaces/nwsde-data-engineering/.env.sample

@@ -0,0 +1,33 @@
+ARM_CLIENT_ID="__CHANGE_ME__"
+ARM_CLIENT_SECRET="__CHANGE_ME__"
+ARM_TENANT_ID="__CHANGE_ME__"
+ARM_SUBSCRIPTION_ID="__CHANGE_ME__"
+AUTH_TENANT_ID="__CHANGE_ME__"
+
+# These are passed in if Terraform will create the Workspace Microsoft Entra ID Application
+REGISTER_AAD_APPLICATION=true
+CREATE_AAD_GROUPS=true
+AUTH_CLIENT_ID="__CHANGE_ME__"
+AUTH_CLIENT_SECRET="__CHANGE_ME__"
+WORKSPACE_OWNER_OBJECT_ID="__CHANGE_ME__"
+
+# These are passed in if you register the Workspace Microsoft Entra ID Application before hand
+# REGISTER_AAD_APPLICATION=false
+# CLIENT_ID="__CHANGE_ME__"
+# CLIENT_SECRET="__CHANGE_ME__"
+# WORKSPACE_OWNER_OBJECT_ID=""
+
+# Used by Porter, aka TRE_RESOURCE_ID
+ID="MadeUp123"
+SP_ID=""
+SCOPE_ID="api://ws_0001"
+APP_ROLE_ID_WORKSPACE_OWNER=""
+APP_ROLE_ID_WORKSPACE_RESEARCHER=""
+APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER=""
+# Complex types are base 64 encoded by resource processor
+ADDRESS_SPACES="WyIxMC4xLjEwLjAvMjQiXQ=="
+SHARED_STORAGE_QUOTA=50
+ENABLE_LOCAL_DEBUGGING=true
+
+AAD_REDIRECT_URIS="W10="
+WORKSPACE_APP_SERVICE_PLAN_SKU=S1

templates/workspaces/nwsde-data-engineering/Dockerfile.tmpl

@@ -0,0 +1,33 @@
+# syntax=docker/dockerfile-upstream:1.4.0
+FROM --platform=linux/amd64 debian:bullseye-slim
+
+# PORTER_INIT
+
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+
+# Git is required for terraform_azurerm_environment_configuration
+RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
+  apt-get update && apt-get install -y git jq curl ca-certificates patch --no-install-recommends
+
+ARG AZURE_TRE_VERSION="0.19.1"
+
+WORKDIR ${BUNDLE_DIR}
+
+# Copy all files from base workspace (note: some of them will be overwritten with the following COPY command)
+RUN curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \
+  && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base" --strip-components=4 --skip-old-files \
+  && rm -rf azuretre.tar.gz
+
+# Copy and change the file extension of .terraform file to .tf
+COPY ./terraform/dataengineering-variables.terraform "${BUNDLE_DIR}"/terraform/dataengineering-variables.tf
+COPY ./terraform/dataengineering-workspace.terraform "${BUNDLE_DIR}"/terraform/dataengineering-workspace.tf
+COPY ./terraform/dataengineering-adf/adf.terraform "${BUNDLE_DIR}"/terraform/dataengineering-adf/adf.tf
+COPY ./terraform/dataengineering-adf/locals.terraform "${BUNDLE_DIR}"/terraform/dataengineering-adf/locals.tf
+COPY ./terraform/dataengineering-adf/providers.terraform "${BUNDLE_DIR}"/terraform/dataengineering-adf/providers.tf
+COPY ./terraform/dataengineering-adf/storage.terraform "${BUNDLE_DIR}"/terraform/dataengineering-adf/storage.tf
+COPY ./terraform/dataengineering-adf/variables.terraform "${BUNDLE_DIR}"/terraform/dataengineering-adf/variables.tf
+
+# PORTER_MIXINS
+
+# Use the BUNDLE_DIR build argument to copy files into the bundle
+COPY --link . ${BUNDLE_DIR}/

templates/workspaces/nwsde-data-engineering/parameters.json

@@ -0,0 +1,164 @@
+{
+  "schemaType": "ParameterSet",
+  "schemaVersion": "1.0.1",
+  "namespace": "",
+  "name": "tre-workspace-nwsde-data-engineering",
+  "parameters": [
+    {
+      "name": "address_spaces",
+      "source": {
+        "env": "ADDRESS_SPACES"
+      }
+    },
+    {
+      "name": "azure_location",
+      "source": {
+        "env": "LOCATION"
+      }
+    },
+    {
+      "name": "tre_id",
+      "source": {
+        "env": "TRE_ID"
+      }
+    },
+    {
+      "name": "id",
+      "source": {
+        "env": "ID"
+      }
+    },
+    {
+      "name": "tfstate_container_name",
+      "source": {
+        "env": "TERRAFORM_STATE_CONTAINER_NAME"
+      }
+    },
+    {
+      "name": "tfstate_resource_group_name",
+      "source": {
+        "env": "MGMT_RESOURCE_GROUP_NAME"
+      }
+    },
+    {
+      "name": "tfstate_storage_account_name",
+      "source": {
+        "env": "MGMT_STORAGE_ACCOUNT_NAME"
+      }
+    },
+    {
+      "name": "shared_storage_quota",
+      "source": {
+        "env": "SHARED_STORAGE_QUOTA"
+      }
+    },
+    {
+      "name": "enable_local_debugging",
+      "source": {
+        "env": "ENABLE_LOCAL_DEBUGGING"
+      }
+    },
+    {
+      "name": "register_aad_application",
+      "source": {
+        "env": "REGISTER_AAD_APPLICATION"
+      }
+    },
+    {
+      "name": "create_aad_groups",
+      "source": {
+        "env": "CREATE_AAD_GROUPS"
+      }
+    },
+    {
+      "name": "client_id",
+      "source": {
+        "env": "CLIENT_ID"
+      }
+    },
+    {
+      "name": "client_secret",
+      "source": {
+        "env": "CLIENT_SECRET"
+      }
+    },
+    {
+      "name": "scope_id",
+      "source": {
+        "env": "SCOPE_ID"
+      }
+    },
+    {
+      "name": "workspace_owner_object_id",
+      "source": {
+        "env": "WORKSPACE_OWNER_OBJECT_ID"
+      }
+    },
+    {
+      "name": "sp_id",
+      "source": {
+        "env": "SP_ID"
+      }
+    },
+    {
+      "name": "app_role_id_workspace_owner",
+      "source": {
+        "env": "APP_ROLE_ID_WORKSPACE_OWNER"
+      }
+    },
+    {
+      "name": "app_role_id_workspace_researcher",
+      "source": {
+        "env": "APP_ROLE_ID_WORKSPACE_RESEARCHER"
+      }
+    },
+    {
+      "name": "app_role_id_workspace_airlock_manager",
+      "source": {
+        "env": "APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER"
+      }
+    },
+    {
+      "name": "aad_redirect_uris",
+      "source": {
+        "env": "AAD_REDIRECT_URIS"
+      }
+    },
+    {
+      "name": "app_service_plan_sku",
+      "source": {
+        "env": "WORKSPACE_APP_SERVICE_PLAN_SKU"
+      }
+    },
+    {
+      "name": "enable_airlock",
+      "source": {
+        "env": "ENABLE_AIRLOCK"
+      }
+    },
+    {
+      "name": "arm_environment",
+      "source": {
+        "env": "ARM_ENVIRONMENT"
+      }
+    },
+    {
+      "name": "azure_environment",
+      "source": {
+        "env": "AZURE_ENVIRONMENT"
+      }
+    },
+    {
+      "name": "enable_cmk_encryption",
+      "source": {
+        "env": "enable_cmk_encryption"
+      }
+    },
+    {
+      "name": "key_store_id",
+      "source": {
+        "env": "key_store_id"
+      }
+    }
+  ]
+}