Merge branch 'main' into marrobi/issue1204

devops/scripts/control_tre.sh

@@ -106,7 +106,7 @@ elif [[ "$1" == *"stop"* ]]; then
 
   # deallocating all VMs in workspaces
   # RG is in uppercase here (which is odd). Checking both cases for future compatability.
-  az vm list --query "[?(starts_with(resourceGroup,'${core_rg_name}-ws') || starts_with(resourceGroup,'${core_rg_name^^}-WS')) && powerState=='VM running'][name, resourceGroup]" -o tsv |
+  az vm list -d --query "[?(starts_with(resourceGroup,'${core_rg_name}-ws') || starts_with(resourceGroup,'${core_rg_name^^}-WS')) && powerState=='VM running'][name, resourceGroup]" -o tsv |
   while read -r vm_name rg_name; do
     echo "Deallocating VM ${vm_name} in ${rg_name}"
     az vm deallocate --resource-group "${rg_name}" --name "${vm_name}" &

docs/tre-templates/workspaces/unrestricted.md

@@ -0,0 +1,5 @@
+# Unrestricted workspace
+
+The unrestricted workspace template is a workspace template that allows for unrestricted access to the Internet from inside the workspace virtual network. This is useful for working on open data sets where data exfiltration is not a concern.
+
+This workspace template builds upon the base workspace template by adding additional firewall rules and disabling the airlock.

docs/using-tre/index.md

@@ -27,9 +27,9 @@ To get started with AzureTRE follow the next steps:
 
 1. Follow the steps in this [Github templates guide](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template) to set up the repo.
 1. Having the project setup in your account, follow the next steps and guides to setup and extend AzureTRE in your environment:
-    - [Local development](docs/using-tre/local-development/index.md)
-    - Setup [CI/CD pipelines](docs/using-tre/pipelines/index.md)
-    - Add your [custom templates](docs/using-tre/templates/index.md)
+    - [Local Development](local-development/index.md)
+    - Setup [CI/CD pipelines](pipelines/index.md)
+    - Add your [custom templates](templates/index.md)
 
 ## How to Contribute to our Documentation
 

mkdocs.yml

@@ -64,6 +64,9 @@ nav:
   - Using the TRE for Research: # Documentation for users of the TRE
       - Introduction: using-tre/index.md
       - Terms and Definitions: using-tre/terms-definitions.md
+      - Local Development: using-tre/local-development/index.md
+      - CI/CD pipelines: using-tre/pipelines/index.md
+      - Custom Templates: using-tre/templates/index.md
       - Workspaces:
           - using-tre/wks/index.md # Documentation describing what a workspace is
           - Using Workspaces: using-tre/wks/using-wks.md # Interacting with workspaces (via the UI)
@@ -74,6 +77,7 @@ nav:
       - tre-templates/index.md
       - Workspaces:
           - Base: tre-templates/workspaces/base.md
+          - Unrestricted: tre-templates/workspaces/unrestricted.md
       - Workspace Services:
           - Azure ML: tre-templates/workspace-services/azure-ml.md
           - Gitea: tre-templates/workspace-services/gitea.md

templates/workspaces/README.md

@@ -1,9 +1,5 @@
 # Workspace Templates
 
-Workspace Templates are located in this folder. These Templates are for the Composition Service to make instances of.
-
-| Template name | Description |
-| --- | --- |
-| [base](../../docs/workspace-templates/workspaces/base.md) | A base template that deploys a Resource Group, Virtual network, Subnets ... A good base to extend. |
+Workspace Templates are located in this folder.
 
 To customize or author new Workspace Templates read the [Authoring Workspace Templates](../../docs/tre-workspace-authors/authoring-workspace-templates.md).

templates/workspaces/unrestricted/.dockerignore

@@ -0,0 +1,9 @@
+# Local .terraform directories
+**/.terraform/*
+
+# TF backend files
+**/*_backend.tf
+
+Dockerfile.tmpl
+terraform/deploy.sh
+terraform/destroy.sh

templates/workspaces/unrestricted/.env.sample

@@ -0,0 +1,30 @@
+ARM_CLIENT_ID="__CHANGE_ME__"
+ARM_CLIENT_SECRET="__CHANGE_ME__"
+ARM_TENANT_ID="__CHANGE_ME__"
+ARM_SUBSCRIPTION_ID="__CHANGE_ME__"
+AUTH_TENANT_ID="__CHANGE_ME__"
+
+# These are passed in if Terraform will create the Workspace AAD Application
+REGISTER_AAD_APPLICATION=true
+AUTH_CLIENT_ID="__CHANGE_ME__"
+AUTH_CLIENT_SECRET="__CHANGE_ME__"
+WORKSPACE_OWNER_OBJECT_ID="__CHANGE_ME__"
+
+# These are passed in if you register the Workspace AAD Application before hand
+# REGISTER_AAD_APPLICATION=false
+# CLIENT_ID="__CHANGE_ME__"
+# CLIENT_SECRET="__CHANGE_ME__"
+# WORKSPACE_OWNER_OBJECT_ID=""
+
+# Used by Porter, aka TRE_RESOURCE_ID
+ID="MadeUp123"
+SP_ID=""
+SCOPE_ID="api://ws_0001"
+APP_ROLE_ID_WORKSPACE_OWNER=""
+APP_ROLE_ID_WORKSPACE_RESEARCHER=""
+APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER=""
+ADDRESS_SPACE="10.2.8.0/24"
+SHARED_STORAGE_QUOTA=50
+ENABLE_LOCAL_DEBUGGING=true
+
+AAD_REDIRECT_URIS="W10="

templates/workspaces/unrestricted/Dockerfile.tmpl

@@ -0,0 +1,40 @@
+# We need azurecli 2.37+ which doesn't exist for strech so the minimum is buster
+FROM debian:buster-slim
+
+ARG BUNDLE_DIR
+
+ARG AZURE_TRE_VERSION="0.4.2"
+
+RUN  apt-get update \
+  && apt-get install --no-install-recommends jq ca-certificates curl -y \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+
+WORKDIR $BUNDLE_DIR
+
+RUN  curl -o azuretre.tar.gz -L "https://github.com/microsoft/AzureTRE/archive/refs/tags/v${AZURE_TRE_VERSION}.tar.gz" \
+  && tar -xzf azuretre.tar.gz "AzureTRE-${AZURE_TRE_VERSION}/templates/workspaces/base"  --strip-components=4 --skip-old-files \
+  && rm -rf azuretre.tar.gz
+
+# This is a template Dockerfile for the bundle's invocation image
+# You can customize it to use different base images, install tools and copy configuration files.
+#
+# Porter will use it as a template and append lines to it for the mixins
+# and to set the CMD appropriately for the CNAB specification.
+#
+# Add the following line to porter.yaml to instruct Porter to use this template
+# dockerfile: Dockerfile.tmpl
+
+# You can control where the mixin's Dockerfile lines are inserted into this file by moving "# PORTER_MIXINS" line
+# another location in this file. If you remove that line, the mixins generated content is appended to this file.
+# PORTER_MIXINS
+
+# Use the BUNDLE_DIR build argument to copy files into the bundle
+
+COPY . $BUNDLE_DIR
+
+# Mirror plugins to prevent network access at runtime
+# Remove when available from https://github.com/getporter/terraform-mixin/issues/90
+WORKDIR $BUNDLE_DIR/terraform
+RUN terraform init -backend=false \
+  && terraform providers mirror /usr/local/share/terraform/plugins
+

templates/workspaces/unrestricted/parameters.json

@@ -0,0 +1,134 @@
+{
+  "schemaVersion": "1.0.0-DRAFT+TODO",
+  "name": "base",
+  "created": "2021-06-04T13:37:29.5071039+03:00",
+  "modified": "2021-06-04T13:37:29.5071039+03:00",
+  "parameters": [
+    {
+      "name": "address_space",
+      "source": {
+        "env": "ADDRESS_SPACE"
+      }
+    },
+    {
+      "name": "azure_location",
+      "source": {
+        "env": "LOCATION"
+      }
+    },
+    {
+      "name": "tre_id",
+      "source": {
+        "env": "TRE_ID"
+      }
+    },
+    {
+      "name": "id",
+      "source": {
+        "env": "ID"
+      }
+    },
+    {
+      "name": "tfstate_container_name",
+      "source": {
+        "env": "TERRAFORM_STATE_CONTAINER_NAME"
+      }
+    },
+    {
+      "name": "tfstate_resource_group_name",
+      "source": {
+        "env": "MGMT_RESOURCE_GROUP_NAME"
+      }
+    },
+    {
+      "name": "tfstate_storage_account_name",
+      "source": {
+        "env": "MGMT_STORAGE_ACCOUNT_NAME"
+      }
+    },
+    {
+      "name": "shared_storage_quota",
+      "source": {
+        "env": "SHARED_STORAGE_QUOTA"
+      }
+    },
+    {
+      "name": "enable_local_debugging",
+      "source": {
+        "env": "ENABLE_LOCAL_DEBUGGING"
+      }
+    },
+    {
+      "name": "register_aad_application",
+      "source": {
+        "env": "REGISTER_AAD_APPLICATION"
+      }
+    },
+    {
+      "name": "client_id",
+      "source": {
+        "env": "CLIENT_ID"
+      }
+    },
+    {
+      "name": "client_secret",
+      "source": {
+        "env": "CLIENT_SECRET"
+      }
+    },
+    {
+      "name": "scope_id",
+      "source": {
+        "env": "SCOPE_ID"
+      }
+    },
+    {
+      "name": "workspace_owner_object_id",
+      "source": {
+        "env": "WORKSPACE_OWNER_OBJECT_ID"
+      }
+    },
+    {
+      "name": "sp_id",
+      "source": {
+        "env": "SP_ID"
+      }
+    },
+    {
+      "name": "app_role_id_workspace_owner",
+      "source": {
+        "env": "APP_ROLE_ID_WORKSPACE_OWNER"
+      }
+    },
+    {
+      "name": "app_role_id_workspace_researcher",
+      "source": {
+        "env": "APP_ROLE_ID_WORKSPACE_RESEARCHER"
+      }
+    },
+    {
+      "name": "app_role_id_workspace_airlock_manager",
+      "source": {
+        "env": "APP_ROLE_ID_WORKSPACE_AIRLOCK_MANAGER"
+      }
+    },
+    {
+      "name": "aad_redirect_uris",
+      "source": {
+        "env": "AAD_REDIRECT_URIS"
+      }
+    },
+    {
+      "name": "app_service_plan_sku",
+      "source": {
+        "env": "APP_SERVICE_PLAN_SKU"
+      }
+    },
+    {
+      "name": "enable_airlock",
+      "source": {
+        "env": "ENABLE_AIRLOCK"
+      }
+    }
+  ]
+}